IT Security Professional with experience in data communication, network security traffic analyses, IDS and resolving technical problems in a multi-user versatile environment. Demonstrated ability to recognize, isolate, and resolve mission critical issues. Quickly learn new applications and communicate technical knowledge to end users at all levels. Specialties: NIDS (Soucefire Defence Center & Riverbed Cascade), ArcSight/Intellitactics SIEM (Security Incident Event Monitor), TCP/IP, web-content filtering, Remedy, Memory Analysis, HB Gary Responder Pro, EnCase, FTK Imager, IBM ISS Proventia SiteProtector, Active Directory, Microsoft Office Suite.

Network Security Analyst @ Worked as a Network Security Analyst for CME Group’s Global Information Security group at their Global Command Center. Duties and Responsibilities: * Operated as a technical resource and communicated security exposures while also provided recommendations to address or lessen associated risk. * Being a member of incident response team, participated in research, investigation and analysis of an incident to determine if company’s security was compromised or if company’s policy was violated and took the necessary action and provided recommendations to the management. The process of incident response included going through Preparation, Identification, Validation, Communication, Containment, Eradication, Restoration and Lessons Learned phases. * Performed forensic investigation that included analyzing any malicious activity reported by any of the security alerting devices and pulled memory of infected host using HB Gary Responder PRO and EnCase if needed, and recommended necessary remediation steps to have the host cleaned up. * Monitored network traffic off of IDS and ArcSight SIEM tool for any suspicious activity. * Ran search queries in ArcSight Logger to look for traffic log of any networking devices such as firewall logs (CheckPoint and BlueCoat), logs of endpoint protection devices, etc. * Responded to any malicious activity detected off of ArcSight SIEM, Riverbed Profiler, SourceFire IDS, Symantec DLP and any suspicious activity escalated by Dell SecureWorks SOC and CME’s TOCC (Technology Operations Command Center). * Communicated and drove information security awareness within the organization. From September 2011 to June 2013 (1 year 10 months) Chicago, ILNetwork Security Analyst @ Worked as Senior Network Security Analyst for Network Defense Operations (NDO) team at Veterans Affairs Hospital’s 24/7 Network Security Operations Center. Duties and Responsibilities: * Provided support to Tier I and II help staff for resolving information security issues. * Monitored and Analyzed network traffic recorded by IBM’s ISS Site Protector NIPS/HIPS, NetScout/WireShark. Correlated firewall logs using Splunk data repository and activities logged by NIPS, McAfee ePO agent. * Investigated and responded to any real or false positive alerts generated by NIPS/HIPS for any possible compromise to the organizational assets. * Scanned network hosts for any malware and virus infection using McAfee’s EPO (ePolicy Orchestrator) Agent. * Monitored, researched and analyzed alerts generated by US-CERT (United States Computer Emergency Response Team.) * Responded and escalated requests received thru Remedy to regional ISOs (Information Security Officers.) * Coordinated with Incident Response Teams and provided them with all the necessary information about an incident to assist them with an investigation. From September 2009 to August 2011 (2 years) Hines, IllinoisGlobal Security Analyst @ * Monitored global NIDS and firewall logs for potential threats using SIEM (Intellitactics) and SourceFire and generated/analyzed report for any possible threats. * Generated network activity report using firewall log IPs via Intellitactics (SIEM). * Prepared Symantec Antivirus Threat report using the SAV Reporter to highlight all systems infected with any virus. * Identified systems and client workstations that were either infected or were potentially vulnerable to virus threat using Symantec Antivirus Threat report. * Collected, analyzed, investigated and escalated security incidents to regional response teams. * Initiated escalation procedure to counteract potential threats/vulnerabilities. * Prepared daily shift report to document every incident. * Provided research and logistical support to level 2 incident response teams. * Documented and conformed to processes related to Security Monitoring. * Verifiedy that processes and procedures are in place for maintenance, operations, and compliance of supported GSM services. From August 2007 to July 2009 (2 years) Chicago, IllinoisData Security Administrator @ * Processed daily security requests generated thru DSACC, Remedy system and Global Service Desk (Unicenter). * Setup user provisioning on various platforms including LAN, mainframe, DEC/VAX , Citrix Metaframe (web portal) and various banking application. * Setup user account on ACE server for remote access and configured RSA secure token card. * Granted user access based on RBAC (role based access control). * Defined access permissions dataset rule using ACF2 and RACF on mainframe running OS/390. * Used Cisco VPN Client to create and configure remote access for users to utilize public communications networks to conduct private data communications. * Used Exceed to login to Linux machine to view user account profile and activities. * Generated weekly turnover report for discussion at weekly team meeting. * Interacted with other business units to discuss issues related to security in terms of user access. * Granted, changed, and revoked user access to production datasets. * Updated daily excel spreadsheet matrix to include daily outstanding requests from repositories. * Applied standard security procedures associated with company policies and strategies. * Maintained security compliance to ensure appropriate security controls are achieved. From July 2005 to June 2007 (2 years) Chicago, IllinoisNetwork Technician @ * Provided technical support for data communications that included the transmission of data flowing from the end user (around 5,000 Trans Unions subscribers) to our Remote Annex 4000 and 2000 terminal servers via UNIX boxes to the mainframe. * Used software emulation to telnet into the UNIX machines in order to monitor and log transmission of data flow on terminal servers and view customer account profile and documented the daily activity of Trans Union’s subscribers. * Setup user account using Cisco VPN Client to allow end users to establish end-to-end, encrypted VPN connections for secure connectivity to organization’s resources. * Encrypted/decrypted files using PGP key and transferred files to client using the FTP utility. * Administered user account and member group on mainframe OS/390 using RACF. * Scoped the line for customers to monitor and troubleshoot the transmission of data communication. * Trouble shooted issues related to downloading of digital certificate. * Generated and prepared monthly marketing survey report to analyze Trans Union’s customer focus quality. * Created and compiled documentation for TUDesktop support. * Trained other associates to get them ready to provide a back up support for TUDesktop. * Provided hardware support to end-users. * Replaced and installed all the hardware on Dell desktops and laptops systems. * Administered end users login access on Active Directory. From September 2000 to May 2005 (4 years 9 months) Chicago, IllinoisNetwork Operations Support @ * Monitored network traffic using tools like Net Ranger and Tivoli. * Performed online test transactions to verify the functionality of web servers. * Monitored user activity for online banking customers to verify that web servers are up and running. * Daily responsibilities included the recycling of web servers. * Generated a detailed technical report and analysis of scheduled and non-scheduled changes that occur. * Coordinated all the changes (including scheduled and non-scheduled outage) with level three support group to resolve issues such as the server unavailability, MQ channels outage, user getting stuck in the core controller, starting of MQ channels and its components, etc. From June 1998 to September 1999 (1 year 4 months) Schaumburg, Illinois

BS, Marketing @ Northeastern Illinois University From 1993 to 1998 Sofian Ansarie is skilled in: ArcSight, IDS, Remedy, McAfee ePO, Sourcefire, IPS, ISS, Intellitactics (SIEM), Incident Analysis, Network Security, TCP/IP, Malware Analysis, Forensic Analysis, Bluecoat Proxy Firewall, Riverbed Profiler, HB Gary Responder Pro, Memory Analysis, Wireshark, EnCase, BMC Remedy, Firewalls, McAfee, Computer Forensics, Security Incident..., Incident Handling, Incident Investigation, VPN, Information Security, Disaster Recovery, Computer Security, Vulnerability Assessment, Technical Support, Security