Wasi Hussain

E: wasicyhussain@gmail.com | P: (571) 399-5095 | Visa: USC

Cyber Security Engineer
https://www.linkedin.com/in/wasi-hussain-699874198/

Professional Summary: -

• Experienced Professional as an IT Security Professional in IT Infrastructure, Risk Management, SOC Analyst,

SIEM, Vulnerability Management, Penetration Testing, Validation, Information Security, and Cyber Security.
• Cyber Security and Administration Professional with expertise in Information Security Management, Firewalls,
IDS, Penetration Testing, Threat Detection and APT, DLP, and industry security standards e.g. ISO 27001:2013,
NIST 800 series, NISPOM.
• System Security and Administration Professional with expertise in Information Security Management, Firewalls,
IDS, SIEM, Penetration Testing, DLP, and industry security standards e.g. ISO 27001:2013, NIST 800 series,
NISPOM, COBIT, HIPAA, SOC, SOX, etc.
• Used Splunk SIEM threat analyst in a managed service security operation center (SOC), triaging cyber threats
utilizing Splunk and various Cloud security tools.
• Strong knowledge under Imperva web application firewall for monitoring for in-depth analysis of attacks and
SIEM tools such as Splunk, HP ArcSight for analysis and log monitoring.
• Design and Implementation experience with SailPoint IIQ 5.x,6.x,7.x and knowledge on Identity now
• Collaborated with other entities within the Confidential to include the Confidential Duty Officer, ICS-Alerts and
CERTS, MS-ISAC, Watch and Warning and Incident Handlers on incidents cyber and otherwise which may affect
the critical infrastructure of the United States and its foreign and commercial partners.
• Provided immediate onsite and remote support for digital forensics and worked closely with incident response
team in collecting the evidence.
• Strong experience with cloud security strategy, cloud provider ecosystems Microsoft Azure & migrating
Enterprise from traditional data center Infrastructure, Application and Data designs to hybrid or fully-cloud
enabled practices
• Develop a horizontal view of risk posture across Cloud Security Domain using Azure.
• Monitored and escalated potential brute force attempts to client Red Hat servers in Azure cloud by analyzing
SSH logs in Splunk ESM and Logger.
• Deployed and maintained GCP Security Command Center (SCC) for continuous monitoring, threat detection, and
security posture management.
• Worked using McAfee best practice standards for OWASP top 10 CIS CSC, DLP, Data classification, and
Encryption standards for Contractors and employees.
• Utilized Security Information and Event Management (SIEM) and Advanced Persistent Threat (APT) hunting,
Intrusion Detection & Prevention (IDS / IPS) FireEye, and malware analysis tools.
• Utilized Digital Guardian to protect most valuable assets with an on-premises deployment or an outsourced
managed security program (MSP).
• System Security and administrator Professional, Facility Security Officer (FSO), Information Systems Security
Officer (ISSO), Information Security Management, Firewalls, IDS, Penetration Testing, and industry security
standards e.g. ISO 27001:2013, NIST 800 series, HITRUST, HIPPA, GDPR and CCPA, and NISPOM regulations.
• Resolved vulnerabilities in the WebEx and FedRAMP GRC environments, POA&M & NIST, using automated
scripts created in Python, PowerShell, Bash.
• Worked on GRC policies like - ISO Standards - Planning, Implementation and Management of ISO 27001:2013
Information Security Management System (ISMS) and ISO 20000-1:2011 Service Management System (SMS).
• Experience in Splunk friendly regex expressions and optimising Splunk search queries with optimal performance.
• Getting different log sources to send data to Splunk along with creating and tuning Technical Add-Ons for proper
field extractions using regex
• Efficiently performed web application, vulnerability assessment using Burp Suite, MetaSploit, HP Web Inspect,
Nexpose and IBM AppScan.
 • Operated with Splunk professional services to make the best practices that can be followed by everyone to
maintain the performance of Splunk Enterprise Security.
• Conducted security assessments and vulnerability scans on GCP environments, identifying and mitigating risks to
enhance overall security.
• Develops positive relationships with other business and IT functions involved in security and privacy matters.
Digital Forensics research, Malware Analysis, Cyber Threat Intelligence.
• Experience with various Endpoint tools like McAfee EPO, Carbon Black, BigFix, Symantec EPO (IDS/IPS)
• Hands on Experience with Security frameworks such as NIST, OWASP Top 10
• Develop approaches for industry-specific threat analysis, application-specific penetration tests and the
generation of vulnerability reports.
• Imperva WAF (Web Application Firewall) - Work in conjunction with vulnerability management team to take
dynamic scans they produce to upload to the Imperva WAF for immediate protection from web application
attacks.
• Experience with identity and access management solutions such as LDAP, Active Directory, XAML, SAML and
multi factor authentication
• Excellent understanding of computing environments Linux: RHEL-7/DEB-KALI, Windows 7/10, Server 2012/2016
and Unix Operating systems.
• Perform Risk Assessment, Penetration Testing, Validation, GRC, Gap analysis & create Risk Mitigation plan.
• Excellent knowledge of FISMA, HIPAA and ISO 27001/27002, NIST, COBIT, and OWASP Compliance usage, rules
and regulations
• Information protection solutions including Monitoring, DLP and Security Auditing solutions from Symantec.

Education: Bachelor’s Degree in Computer Science from University of Agriculture, Faisalabad in 2015.

Certification:
 CompTIA Security+
 CompTIA A+

Technical Skills
• Antivirus: McAfee Virus Scan Enterprise, Symantec, Endpoint Protection Suite
• DLP: Websense, Symantec & McAfee
• SIEM: Splunk ES, McAfee, Arcsight, Qradar, LogRhythm
• PEN TESTING TOOL: BurpSuite, CheckMarx SAST, Red Team, HP Fortify, IBM AppScan, Contrast Security, OWASP
Zap, Nmap, Kali Linux, Postman, Rapid7 Nexpose, ReconNG
• End Point Security: McAfee Suits (VSE, HIPS & HDLP), McAfee MOVE AV, Safeboot
• IPS/IDS: McAfee IPS, HP Tipping Point, Cisco IDS, SecureWorks IDS/IPS
• SIEM: RSA Envision, Arcsight, Splunk security manager, IBM Qradar
• Cloud Security: AWS, Azure, OpenStack, Docker, Ansible, Chef, Ansible, CI/CD, Terraform
• Proxies/Sniffers Tools: Burp Suite, Web scarab, Wireshark, DirBuster
• Vulnerability Management Tools: Foundstone, QualysGuard, Nessus, Nmap, Nexpose, Wireshark
• Security Tools: Splunk ES, McAfee Vulnerability management solutions, Burpsuite, OpenVAS, Nessus, Qualys,
SolarWinds, ForeScout, IBM - ICS

Professional Experience
Maxim Healthcare, Columbia, MD May 2021 to present
Sr. Cyber Security Engineer
• Worked on Splunk (ES) in building the real time monitoring to get a clear visual picture of organization's security
posture, easily customize views and drill down to the raw events for Incident Response Team (CIRT) and Cyber
Security Operations Center (CSOC).
• Design, build, upgrade and operate multiple cloud environments. Hands on installation and configuration within
the AWS/Azure clouds.
• Conduct proactive threat hunting a related threat research.
• Actively involved in the implementation of SailPoint Identity IQ.
• Hands-on with database security/vulnerability scanner using Imperva Scuba.
• Responsible for implementing, and managing Identity Directory and Identity Governance, including IAM
architecture and integrations, Azure Cloud, AWS Cloud, and GCP migrations
• Review security events that are populated in a Security Information and Event Management (SIEM) system
• Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to
determine the correct remediation actions and escalation paths for each incident.
• Identify recommendations in Azure Security Center and GCP Security Command Center and Implement as
required.
• Configured ForgeRockDirectories services integration for Azure Cloud platform configurations, Azure AD
Clustering, and Site reliability reporting.
• Performing risk assessments throughout cloud DevSecOps / CICD pipelines including automated & manual
source code reviews and OWASP manual penetration testing of mobile & web applications on AWS/Azure.
• Independently follow procedures to contain analyze and eradicate malicious activity.
• Provide information regarding intrusion events, security incidents, and other threat indications and warning
information to the client.
• Assist with the development of processes and procedures to improve incident response times, analysis of
incident, and overall SOC functions
• Utilized Agile, Waterfall, SCRUM and Zachman as the main PM theories and frameworks for clients
• Extensive Experience with Symantec DLP and RSA DLP architecture and implementation for enterprise level.
• Perform research, analysis, and understanding of log sources utilized for security monitoring focusing on
networking devices.
• Managed client requirements and configured SailPoint IIQconnectors.
• Hands on experience with the Deployment of Imperva Web Application Firewall (WAF) installing, configuring
including the administration of SecureShpere portal.
• Configured multi account architecture, identity and access management, governance, data security, network
design and logging within provisioned AWS landing zones using AWS cloud formation.
• Use JSON polices to create Identity-based polices, resource-based policies and Permission Boundaries within the
AWS environment.
• Designed an Operational Technology (OT) network security solution based on the required template in place of
an existing Company Network (CN) addressing risk and availability of SCADA-ICS in a client’s organization
• Experience with Risk assessment using Industry standards like NIST 800-53 Rev3 and Rev4, HIPPA, PCI/DSS and
develop Security policy as per these standards.
• Conducted comprehensive incident response and investigations, utilizing digital forensic tools to analyze security
breaches and data exfiltration incidents.
• Review risk assessments completed by security team based on the National Institute of Standard and
Technology (NIST) and International Standard Organization (ISO) by using its methodology is based on the PDCA
cycle, which builds the management system that plans, implements cybersecurity, maintains, and improve the
whole system.
• Monitoring using Splunk/ Wily Introscope and setting up WebSphere Global Security for access to the admin
console. Configuring the HTTP Server for various clustered application servers using virtual hosting and enabling
SSL security.
• Developed and integrated an unprotected website to fully functional access management solution using
ForgeRock Open AM.
• Create Sailpoint Connectors, Build Applications with Correlation
• Leverage AWS Cloud Endure to migrate 100s of VMWare on-prem VMs to Cloud.
• Installing, administering and troubleshooting various IAM solutions (Sailpoint IIQ, Thychotic, and ISIM)
• Implementation and migration of Sailpoint IIQ from IBM ISIM
• Hands-on experience using AWS cloud monitoring tools (Cloud watch, Cloud trail)
• Consult clients on automating business processes & risk management activities in the RSA Archer GRC.
 • Prepared risk-based test plans and perform the security testing (tool-based testing, manual penetration testing,
source code review, etc.) on the different layers of those information systems in support of the Certification &
Accreditation;
• Performed regular review and recertification of DLP Policies, TLS Domain whitelisting, SOP for enhancement
with ITRM (Information Technology Risk Management) and Risk assessment.
• Perform all cloud engineering and DevSecOps services.
• Utilized Threat Intelligence Platform and other OSINT sources such as news articles and research papers to pull
IOCs and conducted searches in LogRhythm.
• Worked to improve logging in our SIEM and helped create better visibility across our network through
LogRhythm.
• Utilized McAfee Threat Intelligence Platform and other OSINT sources such as news articles and research papers
to pull IOCs and conducted searches in LogRhythm.
• Security Engineer for the deployed SIEM tool (LogRhythm) including troubleshooting, updating/patching,
configuration and availability of the SIEM.
• Implementing and managing the threat detections tools and solutions to support the team’s mission
• Analyzing potential threats against the client’s computing environment
• Performed cyber security threat engineering activities with specific focus on countermeasure Tactics,
Techniques and Procedures (TTPs).
• Manage enterprise security systems, identifying key security risks, reporting risks to management with
recommendations for corrective action utilizing NIST frameworks.
• Work experience with IT policies, procedures and standards are related to doing security review using the NIST
standard specifically with NIST 800-53 and NIST 800-66 for HIPAA security rules. Review the Logs for malicious
user activities
• Worked on FedRAMP / WebEx Infrastructure vulnerability, POA&M remediation / compliance and general
maintenance of Linux environments, VMware, RSA Archer, Qualys, including customer requests and break-fix
situations.
• Performing physical to virtual servers (P2V) migration without Risk Management.
• Internal External Vulnerability Assessments as required for various regulatory compliance. Mitigated any
identified audit items and worked on modules like AML, BSA, OFAC, and participate in fraud investigations.
• Own all aspects of cloud security product definition including vendor integration, platform integration and
monitoring for cloud platforms including but not limited to Microsoft Azure.

Infosys, Hartford, CT Oct 2019 – Apr 2021

Cyber Security Engineer
• Performed Vulnerability Assessments and took the required counteractions and measurements to ensure the
security of the IT infrastructure/systems.
• Deployed several out-of-box SailPoint connectors to connect various client Systems (JDBC, LDAP, AD etc.)
• Manage a CI/CD (LAMBDA) methodology for server-based technologies within AWS.
• Cross trained engineers so they could build their technical knowledge faster, and with more focus being placed
on Agile technologies
• Designed, tested, and implemented security infrastructure including centralized logging, IDS, HIDS
• Analyzed network traffic PCAP and TCPdump with Wireshark.
• Sailpoint IIQ migration Demo, Validation and troubleshooting
• Understand LSM (Life Cycle Management) as it pertains to SailPoint IIQ
• Conducted security assessments on networks and Industrial Control System (ICS), design cyber security
solutions, supported implementation of those solutions, and identify security trends and practices.
• Worked on the OWASP top 10, CIS CSC, DLP, Data classification, and Encryption standards for Contractors and
employees and experience with object-oriented programming (OOP) concepts using Python, C++, C#, and PHP.
• Responsible for incident response work including analyzing security events, identifying false positives vs. real
threats, identifying host involvement, comparing scan results, analyzing Splunk logs, and prioritizing
incidents/events.
• Hands on experience with IAM products(Aveksa, Sailpoint, Oracle IDM, IBM identity manager, ForgeRock, Ping
identity, Courion, CA Identity)- Design and engineering experience, handling updates & patches
• Responsible for Malware Analytics & Vulnerability Assessments (Nessus) by investigating events similar in
complexity to Bash attempts and SQL injections.
• Hands-on with database security / Vulnerability scanner using Imperva Scuba.
• This includes all associated M365 security controls, firewalls, anti-malware, sharing protection, data protections,
and management flows
• Proficient with a range of digital forensic tools and technologies, including EnCase, FTK, Autopsy, Volatility,
Wireshark, and various SIEM solutions.
• Implemented all aspects of Google Cloud (GCP) Security including IAM Roles, User and Group Management,
2SV/MFA, Securing VPC's, Firewall Rules, Encryption, Vulnerability scanning.
• Work with Forensic Support working with remote contractor sites to extract data requested by our government
SOC counterparts.
• Investigated and researched events using LogRhythm SIEM (Security Information and Event Management),
correlating with FW, IPS/IDS, Symantec Proxies’, Proofpoint, WAF, and Web logs.
• Created connections with Tanium in to Splunk to track software removals, vulnerabilities, IOC and various
hardware
• Collaborated with other security teams working on Tanium to optimum threat detection and EDR settings for the
environment.
• Experience with the ForgeRock suite of IAM products
• Extensive knowledge in migrating applications from on-premise hosting to AWS Web Services
• Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP, Dir-Buster, HP Fortify, Qualys-guard, Nessus, SQL
Map for web application penetration tests and infrastructure testing.
• Helped in automating the DDP report in McAfee to see the machines that are out of Risk compliance ITRM.
• Helped the SOC team and Cyber security team to see what are the Vulnerabilities and Risks that are hitting the
environment and see what are machines that have vulnerabilities.
• Monitor performance of network and servers (Microsoft and Linux) to identify potential problems and
bottleneck.
• Narrow down anomaly traffic with Wireshark for hostile string or Domain.
• Monitored controls post authorization to ensure continuous compliance with the security requirements.
• Performed Risk compliance checks against industry standard and regulatory mandates such as FISMA, DISA,
HIPAA, SCAP.
• Updated the controls changes from NIST-800 53 rev 3 to NIST-800 53 rev 4 and control assessment changes
from NIST-800 53A to NIST 53A rev4
• Strong understanding of enterprise, network, system/endpoint, and application-level security issues and risks
• Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP, DirBuster for web application Penetration tests.
• Performed Risk Management and analysis using State approved Risk analysis methodology based on NIST SP
800-30 and ISO IEC 17799 methodologies.
• Utilized digital forensic methods to validate and respond to security incidents, ensuring timely and accurate
identification of threats.
• Contributed to the tuning and development of security information and event monitoring systems (SIEM) use
cases and other security control configurations to enhance threat detection capabilities
• Worked on APT threat modeling, development of attack plans, performing manual & automated Ethical Hacking,
& develop a proof-of-concept exploits
• Conducted data loss prevention with and implemented appropriate measures.
• Experience in risk control and assessing third-party critical assets for any potential vulnerabilities and threats.
• Analyzed potential privacy violations to identify false positives and policy violations with immediate
remediation.
• Configured, troubleshoot, and upgraded Next-Generation Firewalls solutions for Managed clients, which
included network and/or resource access, software, or hardware problems.
• In-depth understanding of various Data compliance regulations such as PII, GDPR, HIPAA and PCI-DSS.
• Provide technical engineering support and research in the area of advanced persistent threats (APT), software
assurance (SwA) and threat replication and hunting.
Bank of America, Jersey City, NJ June 2016 – Sept
2019
Security Analyst
• Answered pre-sales technical and security questionnaires regarding SDLC, ISO 27001, SOC 2/3 audit, FedRamp,
PCI, and HIPAA, NIST, PCI, and other GRC.
• Worked on configuring Cross-Account deployments using AWS Code Pipeline, Code Build and Code Deploy by
creating Cross-Account Policies & Roles on IAM.
• Worked in an agile development environment to write java scripts for automated testing using Selenium and
Sikuli.
• Registered customer orders, answer store phone calls, help employees with Azure cloud log in
• Involved in Cloud Security Infrastructure and design for client’s in-house Azure Applications
• Perform cloud security risk assessment for cloud applications already in Azure.
• Setup GCP Firewall rules to allow or deny traffic to and from the VM39’s instances based on specified
configuration and used GCP cloud CDN.
• Worked on Splunk Phantom SOAR Proof of Value (POV) for testing the out-of-the-box use cases.
• Setup CI/CD with Code Pipeline to automate with Azure Active Directory and focused on cloud strategy
(Microsoft Azure), product marketing, competitive research, customer journey analysis, and strategic
partnerships.
• Responsible for source code and binary repository management tools. Implemented their secure automated
CI/CD pipeline in adherence to the latest DevSecOps initiatives.
• Extensively used Imperva Scuba for database security / Vulnerability scanning.
• Built automated and flexible detection and response programs using tools like CloudWatch, Cloud, Trail, and
AWS Lambda.
• Led multiple training courses in Azure, M365, MS Endpoint Manager, Windows 10 etc. through New Horizons,
ProTech Training, Alliance Micro, TechSherpas, Fast Lane Canada, and Techno training.
• Created case for the suspicious issue and forwarded it to Onsite SOC team for further investigation.
• Conducted Vulnerability assessment for network using Tenable Nessus
• Utilized LogRhythm Logger as an additional tool to drill deeper into network traffic from LogRhythm.
• Duties include Incident Response for Classified and Unclassified Spills (containment, eradication and recovery).
• Utilized LogRhythm SIEM to solve active threats and alarms for over 40 client accounts
• Tested various threat vectors and present evidence of intent to create signatures/rules to mitigate specific
threats.
• Migration of user mailboxes from Exchange 2007 to 2010, Exchange 2010 to Office 365, Open Xchange/Linux
based mail solution/Google Apps/Notes to Office 365.
• Installation, integration and deployment of SailPoint Identity IQ in client environments
• Managed Cyber Security threat hunting through prevention, detection, response, escalation and reporting in an
effort to protect Enterprise IT Assets through Computer Security Incident Response Team (CSIRT) and Process
Risk Control Implementation (PRCI) Teams.
• ForgeRock Open AM, OpenID and OpenJDK from hosted datacenter to Amazon Cloud (AWS).
• Assisted in the development and enforcement of digital forensic policies and procedures to ensure compliance
with legal and regulatory requirements.
• Worked on Carbon Black technologies and concepts, along with the technological framework for asset
management, security operations, incident investigations and response, threat hunting, vulnerability awareness,
and security configuration management.
• Developed Cyber Security Standards on NIST Frameworks and insured their proper implementation to reduce
the risk of vulnerability to IT assets.
• Collaborates with APT Detection technical and threat intelligence analysts to provide indications and warnings,
and contributed to predictive analysis of malicious activity
• Installed, patched and maintained McAfee EPO 5.X and DLP, utilizing McAfee Orchestrator, and able to deploy
DLP and reporting and working knowledge in ENS 10
• Own all aspects of cloud security product definition including vendor integration, platform integration and
monitoring for cloud platforms including but not limited to Microsoft Azure
• Expert knowledge of Public Cloud security architectures and Azure infrastructure
• Experience deploying and configuring Firewall Appliances (Barracuda, Palo Alto, Fortinet) to secure Azure Cloud