Waseem Sattar US Citizen

Contact No. 201 613 7632

Email ID: - waseem.23CEH@gmail.com
Location: - Plano, Texas

PROFESSIONAL PROFILE
Threat and Vulnerability Management | Risk Management |Identity Access Management| Incident Management |
Secure Configuration Management | Cyber Security Management Strategic Planning and Implementation | SIEM |
Regulatory Compliance | Cloud Computing | Encryptions Implementation |MFA | PKI | SSO |KPI | Mean Time |
Change Management | Software Development Life Cycle Management Deployments and Migrations | Security
Implementation Administration |Web Penetration Testing.

QUALIFICATIONS PROFILE

▪ A multifaceted professional, extensive experience and skills in threat and vulnerability management,
information security analysis, information security architecture, information security policy design, risk
assessment, security incident response, and security solution implementation and administration.
▪ Skilled at designing and implementing cyber security solutions for global financial organizations that
consistently reduce security costs while elevating the security status of the environment.
▪ Partner with teammates and other IT groups to research, assess, and recommend improvements of control
environments through data analytics
▪ Excellent verbal & written communication skills with an ability to adapt communication style to intended
audience
▪ Experience working with data analytics tools such as Cognos & Power BI
▪ Monitoring of security events using SIEM tools such as SPLUNK and MCAFEE EPO , looking for significant
events and processing reports of unexpected network activity
▪ Knowledge of Vulnerability Management and Assessment Process with NESSUS and QUALYS.
Used NESSUS for scanning network & host, writing Policies, generating and analyzing report.
▪ Knowledge in implementing various EDR Tools such as CROWD STRIKE and CHECK POINT to stop
breaches and various malware and malware free attacks in the cloud environment
▪ Experience working with and implementing various Firewalls such as PALO ALTO and CISCO
▪ Understands user authentication including Remote Authentication Dial-In User Services (RADIUS) and
Terminal Access Controller Access Control System(TACACS+)
▪ Experience with architecting Symantec DLP Platforms.
▪ Expert in installing SPLUNK logging application for distributed environment.
▪ Monitored and researched Cyber Threats with a direct & indirect impact to the organization internally
▪ In-depth knowledge of the most common cyber attacks and understanding of taking the preventative
measures in order to minimize, stop, or decrease the severity of the attacks
▪ Expertise in Microsoft AZURE cloud services( PaaS & IaaS), Application Insights, Document DB, Internet of
Things (lot), Azure Monitoring, Key Vault, Visual Studio Online (VSO) and SQL Azure
▪ Manage different AZURE environment for provisioning of Linux servers and services executed by the
providers
▪ Good at Managing hosting plans for Azure Infrastructure, implementing & deploying workloads on Azure
Virtual Machines (VMs)
▪ Familiar with implementing various SSO services such as SAML, OAUTH 2.0, OIDC, LDAP, PingFederate
▪ Provide token support to MFA and PKI Authentication
▪ Assisted in setting up various Authentication Methods including MFA, 2FA, SSO, EAP, CHAP
▪ On-boarding of Privilege Accounts to CyberArk, Configured CyberArk to MySQL, Oracle databases. 
▪ Perform Risk Assessment, Gap analysis & create Risk Mitigation plan
▪ Configured and involved to set up architecture of WAF(web application firewall) to inspect http traffic with
content filtering feature to prevent against SQL injection, cross-site scripting, buffer overflow, cookie
poisoning and security misconfiguration
▪ Hands on experience in Active Directory and scripting language such as Python, Shell Script, XML and Perl
TECHNICAL ACUMEN

SIEM:, Splunk, Qualys, LogRhythm, Solar Winds, Datadog, MacAfee EPO

Vulnerability Management Tools : Nessus, Qualys, IBM QRadar, Rapid7
EndPoint Security Tools : Bitdefender, Crowd Strike, Check Point, Carbon Black, Fire Eye
Cloud Platforms : Windows Azure, Windows Server, Microsoft Defender
IDS/IPS: Ossec, Solar Winds (SEM) , Snort, Bro, Suricata, Zeek
Packet capture: Solar Winds (NPM), Wire Shark, tcpdump, WinDump
Authenticatoin Methods : MFA, PKI, SSO, EAP, CHAP
SSO Services: SAML, OAuth 2.0, OpenID Connect, Okta, Ping Federate
Event Management: RSA Archer, ArcSight, Blue Coat Proxy
PenTest Tools: Metasploit, NMAP, Wireshark and Kali
Security Software: Nessus, NMap, Metasploit, Snort
Frameworks: HIPPA, HITRUST CSF, PCI DSS.
Security Technologies: WhiteHat Web Security, iDefence, NTT Security, LogRhythm, McAfee Nitro (SIEM),
McAfee ePO, McAfee Endpoint Protection Suite
Firewalls: Palo Alto, CISCO, CrowdStrike, Carbon Black
Databases: Oracle, MS SQL, Sybase
Data Analytics: Power BI, Cognos, Tableau
Networking: Conversant in LAN, WAN, Wi-Fi, DNS, WINS, DHCP, TCP/IP, ISCSI, Fiber, Firewalls/IPS/IDS
Routing: OSPF, EIGRP, BGP, RIP-2, PBR, Route Filtering, Redistribution, Summarization, Static Routing
Switching: VLAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switching, Multicast operations,
Layer 3 Switches, Ether channels, Transparent Bridging.
Protocols: TCP/IP, UDP, HTTP, FTP, STP, IPSEC, ICMP, SSL, SSH, SFTP, DHCP, DNS, ARP
PROFESSIONAL EXPERIENCE

NEU GEN HEALTH, MADISON, WI August 2021 to March 2022

Cyber Security Analyst
Responsibilities

▪ Migrated organizations existing DLP Polices from Microsoft Exchange Center to Microsoft Compliance
Center
▪ Configured new DLP Policies and Rules to ensure organization was under HIPPA Compliance
▪ Tested and fine tuned newly configured DLP Polices and Rules up to company standards
▪ Enabled DLP Alerts and Policy Tips within O365 Compliance Center
▪ Educated entire company on the newly implemented DLP Policies pertaining to sensitive data
▪ Educated employees on types of sensitive information that should not be shared externally
▪ Documented changes to the organizations DLP Police as well as how to handle Service Tickets related to
DLP alerts
▪ Enabled two-way encryption on all outgoing and incoming data being shared from Exchange Online,
OneDrive, SharePoint and Microsoft Teams
▪ Monitored Phishing Emails on a daily basis
▪ Analyzed malicious phishing emails with tools such as Microsoft Defender, Joes Sandbox, and Rapid7
▪ Educated employees on the different types of malicious phishing emails and various clues to examine
while opening up a potentially malicious email
▪ Responsible for monitoring, detecting and investigating various SOC Alerts such as Risky Sign Ins with tools
like Microsoft Azure and Rapid7
▪ Worked with Neu Gen Health’s SOC team to improve organization’s security posture while preventing,
detecting, analyzing, and responding to cybersecurity incidents.
SUBWAY, MILFORD, CT July 2018 to March 2021
Cyber Security Engineer
Responsibilities

▪ Worked on tools like Active Directory and Group Policy, Symantec Data Loss Prevention, Symantec End-
Point Protection Manager, Symantec Endpoint Encryption, and Windows Server Update service
▪ Performed real-time proactive Security monitoring and reporting on various Security enforcement
systems, such as SPLUNK & LogRhythm (SIEM)
▪ Provide Level 2 Operations support for end user resolution investigating RSA SIEM events to determine
any true intrusions
▪ Involved in design and implementation of Data Center Migration, worked on implementation strategies for
the expansion of the MPLS VPN networks
▪ Identifying and remediating any threats and vulnerabilities as a Security Monitoring (SOC), Triage and
Escalation to T2
▪ Analyzed available security information, to included results of configuration compliance verification,
vulnerability scans, database assessments, security and system patch
▪ Involved in working on Data Monitoring Tool IBM Guardium 
▪ Conceptualize and implement DLP Program and policies
▪ Executed on-demand security scans through vulnerability management software tools like Nexpose,
Nessus
▪ Install and manage Symantec DLP for testing in the environment for security compliance
▪ Creation, development, and/or restructuring of DLP programs from conception to fully operational state
▪ Responsible for Privileged Account Management using Ping Identity Software
▪ Performed Monthly and quarterly Scans using Symantec DLP and done the escalation of critical data found
on Share devices and Shared drives. Created and managed DLP policies
▪ Information protection solutions including Monitoring, DLP and Security Auditing solutions from Symante
▪ Deployed and utilized vulnerability detection tools (Nessus, Nexpose, Qualys) to help estimate security
posture of environment
▪ Upgrade, Patching, and Configuration, Security planning, review and auditing logs
▪ Implementing QVM (QRadar Vulnerability Manager) and QRM (QRadar Risk Manager) with
IBM QRadar and performing Scan Policies, Profiles, device configurations etc.
▪ Provided leadership in architecting and implementing security solutions towards Qualys and SIEM tools
like Splunk, Solutionary and LogRhythm
▪ Documenting incident results and reporting details through ticketing system
▪ Researching, analyzing and understanding log sources from security and networking devices such as
firewalls, routers, anti-virus products, and operating systems
▪ Provided guidance for equipment checks and supported processing of security requests
▪ Utilize Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS),
Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools
▪ Upgrading and Troubleshooting of Linux based QRadar servers and managing them through server
management consoles and jump boxes
▪ Vulnerability assessment, penetration testing, Risk assessment, Threat management, Security advisories,
compliance audits, IT security assessment
▪ Worked with IBM QRadar SIEM Integration and responsible for integrating the log sources with IBM
QRadar
▪ Monitor and investigate SOC incidents and alerts with McAfee EPO
▪ Monitor their organization’s networks for security breaches and investigate a violation when one occurs
▪ Prepare reports that document security breaches and the extent of the damage caused by the breaches
▪ Establish a strong GRC (Governance, Risk and Compliance) practice to ensure adherence to best practice,
regulatory requirements and ISO 27001.

NIKE, HILLSBORO, OR Dec 2015 to June 2018

Cyber security Engineer
Responsibilities
 ▪ Oversight of security assessments to ensure compliance with FISMA requirements (FIPS, NIST, etc.)
▪ Implemented Site-to-Site VPNs over the internet utilizing 3DES, AES/AES-256 with PIX Firewalls, SSL,
Virtual Clouding & Virtual Desktop Infrastructure, AWS IAAS, PAAS, SaaS, XaaS
▪ Handled the security patching and vulnerability fixes for unsupported UNIX systems across the
environment, including compiling and configuring unsupported software
▪ Designing architecture, implementation and Troubleshooting Cyber Security solutions like Mcafee, HP ARC
SIGHT SIEM, IBM Q Radar and Splunk Solution  
▪ Monitored Okta reports and respond to failed password verification alerts and work with system account
owners to resolve failure alerts
▪ Data Loss Prevention suit, Symantec DLP Product - Implementation and deployment as the champion team
▪ Deployment of Data loss prevention across the network - Data in motion, Data in Use & data at Rest servers
▪ Gained experience with Symantec DLP Software: DLP Cloud Prevent for Microsoft Office 365, DLP
▪ Analyzed the Network Attack, blocks, detects and regular Health Checkups in the real environment
▪ System penetration testing utilizing Nessus, NMap, Wireshark, VMWare, Kali Linux
▪ Lead for the Vulnerability Management Program to ensure timely remediation
▪ Technical writing of policies, SOP’s and guidelines
▪ Ensure that all Okta accounts communicate with Servers and correct any discrepancies or errors that are
found. 
▪ Perform daily duties supporting and trouble-shooting digital rights management on a Windows and Linux
Platform, while defining and implementing patching
▪ Use Splunk Enterprise Security to configure correlation search, key indicators and risk scoring framework
▪ Produce efficient DLP policies to ensure necessary in/outbound emails are logged
▪ Conducted IT-Security standards/compliance audits and assessments
▪ Performed tuning of Symantec DLP to reduce false positives and improving detection rates
▪ Wrote and enhanced the processes and procedures to apprehend the Network anomaly behavior in QRadar
Network Anomaly Detection Manager
▪ Provide informative and high-level report to the research project sponsor and board executives
▪ Established weekly security reports and trend analysis. Oversaw continuous operation for all cyber
incidents alerts
▪ Use Splunk Enterprise Security to configure correlation search, key indicators and risk scoring framework
▪ Successful migration of the development team into Microsoft Azure Infrastructure as a Service (IaaS)
platform
▪ Performed updates and patches to maintain the security of the systems
▪ Experience with industry recognized SIEM (Security Information and Event Management) solutions such as
SNORT, Splunk, Log Rhythm and many other tools
▪ Deployed in the cloud and on-premises using Amazon Web Services (AWS) and Single- Server Support
▪ Created Reports based on log sources integrated with QRadar for the Customer requirement
▪ Analysis of Offenses created based on vulnerability management tools such as: Rapid7

MERCK SHARP & DOHME CORP, WEST POINT, PA Sept 2013 to Nov 2015
Cyber Security engineer
Responsibilities

▪ Analyze Vulnerabilities reports from various scans and assessments by acting on high risk / critical
Vulnerabilities
▪ Management of system security and file system security policies and analyzing systems to determine ways
of improving performance
▪ Conducting routine checks, warranty claims, hardware failure, replacement, software up-gradation,
download patches and hotfixes.
▪ Coordinate and manage team activities during assessment engagements
▪ Establish schedules and deadlines for assessment activities
▪ Prioritize vulnerabilities/assets that should be patched during maintenance cycles
▪ Used automated Vulnerability assessment tools such as Nessus and Nexpose
 ▪ Monitored and remediated daily security alerts generated by end users with the tools like Intel/McAfee
SIEM, Force Points Websense, and Intel/McAfee EPO and also responsible for effectiveness of tools and
scans, as well as assessing and tracking risk of exposure
▪ Worked on SIEM, Threat and Vulnerability management
▪ Assist management in authorizing the IT Systems for operation on the basis of whether the residual risk is
at an acceptable level or whether additional compensating controls should be implemented
▪ Created the reports based on operating systems and vulnerabilities provide the reports to concern
technical team
▪ Performed Nexpose and Nessus scans of new and existing servers and PC’s to determine what
vulnerabilities present a threat to the network and require remediation.
▪ Ensured system vulnerabilities were corrected, patched and updated
▪ Involved and responsible for deep packet inspection with experience of Wireshark, SolarWinds and
Tcpdump
▪ Comprehensive knowledge in ITSM ticketing tools such as ServiceNow and JIRA Service Desk
▪ Analyzed information systems to meet Department of Defense (DoD) security requirements
▪ Managed Cyber Security threats through prevention, detection, response, escalation and reporting in effort
to protect Enterprise IT Assets through Computer Security Incident Response Team (CSIRT)

Education details: University of Texas at Dallas Masters of Science

Certifications: CompTIA CNIP, CompTIA Security+, CompTIA Network+, CompTIA Sever+, MTA Networking,
MTA Security, LINUX