Amaleswar Botla

Experience

• 

  ORGANIZATION - WIPRO TECHNOLOGIES

  Jun 2007 - Jul 2010

  Tripwire Specialist

  Environment: Tripwire Enterprise Version 7.7, RSA Envision 3.7, Symantec Endpoint Security, Check PointResponsibility:Involved in Installation process of Tripwire Enterprise Version 7.7Involved in Installation of TW agents in Windows, AIX and Linux and Solaris platforms.Created Instances for Database, Active directory and Network Nodes.Maintaining APAC, EMEA, NA regional group devices.Interact with the appropriate group clients for the better process improvement analysis in a Daily basis.Generating remediation reports for PCI v1.2 auditing purpose.Based on the requests from the various server teams remediation reports created and send it to Client support on time.Collect and review security logs and reports of all operational devices.Created various check tasks and report tasks for better Integrity monitoring purpose. Show less

• 

  WIPRO

  Jun 2007 - Jul 2010

  Responsibility : Analyst - Security event management using ArcSight, Vulnerability assessment using Qualys Guard, File integrity management using Tripwire, Network intrusion detection using ISS, Host intrusion Detection System using SCSP and Qualy guard for Vulnerability ManagementService Improvement activities - Planning and executing service improvement activities and providing feedback as well.Managing KM activities in the team - Introduced Shift handover reports and discussing issues with onsite for further development of project.Environment : MS Office, Windows Operating System : Windows Vista, Windows-XP.; Offshore ( Poona) Show less A analyzing Global Security Operations from offshore center in Pune, Chennai and Bangalore India. Analyzing major Corporate and retail security events using SIEM tool such as ArcSight remotely. Identification, investigation and resolution of security breaches detected by those systems. Participate in the creation of security documents and operation Management. Collect and review security logs and reports of all operational devices. Perform trend analysis where there is a benefit to do so and suggest improvements to the security measures. Understanding and applying PCI compliance using FIM tool such as Trip Wire for corporate and retail file integrity management. Scheduling vulnerability scan on corporate and retail assets for vulnerability testing and then analyzing the report based on the severity. Analyzing events for network intrusion detection & intrusion prevention on corporate and retail assets using ISS Site Protector. Creating Rules and filter for the events that are generated in Arcsight Console on the basis of severity and priority of the events. Creation of New Dashboard as the requirement for the priority events. Creation of Rules for firewall events in Deep Security (HIDS). Analysis of Logs generated in DB manager.Creating new process documents which would help the Analyst in analyzing events. Vulnerability Reporting and vulnerability scan scheduling using.Qualys Guard in line with PCI requirementsSchedule and analyze vulnerability scans on various business critical assetsFollow-ups with asset owners for remediation of vulnerabilities either at OS or Application level.Tracking, validation and closure of critical and high vulnerabilities.Working on Ticketing tools like IMPACT,ESC and Business Verizon Totality. Show less Security Monitoring. Project Description Dealing with remote connectivity (VPN Client) issues and AT & T Global dialer. Supporting User Access Management (Creating e Guest accounts), Checking the Status of Cisco routers and switches by logging in and updating logs. Monitoring the Firewall logs, generating the firewall utilization reports and updating same to the client. Involved in Technical Change Control activities for maintaining the DMZ devices. Interacting with the clients and understanding the user requirements. Troubleshooting and escalating the issues. Received many appreciations from the clients for timely support. Preparation of Technical Specifications Documents. Responsibility : Dealing with remote connectivity (VPN Client) issues and AT & T Global dialer.Checking the Status of Cisco routers and switches by logging in and updating logs.Monitoring the Firewall logs, generating the firewall utilization reports and updating same to the client.Involved in Technical Change Control activities for maintaining the DMZ devices.Interacting with the clients and understanding the user requirements.Troubleshooting and escalating the issues. Received many appreciations from the clients. Preparation of Technical Specifications Documents Environment : SOC Operating System : Windows-XP. Show less

  • Sr. Project Engineer/Team Leader

    Oct 2008 - Jul 2010

  • Senior Security Analyst

    Oct 2008 - Jul 2010

  • Senior Security Analyst

    Oct 2008 - Jul 2010

  • Senior Security Analyst

    Oct 2008 - Jul 2010

  • Network Security Engineer

    Jun 2007 - Sept 2008
• 

  Wipro Technologies

  Oct 2008 - Jul 2010

  Senior Security Analyst - GSOC

  GSOC- Security Monitoring. ====================Project involves analyzing events that are suspicious. Monitoring the events that are generated on the console. Looking into Security event management using ArcSight. Vulnerability Management using QualysGuard. File integrity management using Tripwire. Network intrusion detection using ISS. Host intrusion Detection System using SCSP, Deep Security (HIDS), Source Fire.A analyzing Global Security Operations from offshore center in Pune, Chennai and Bangalore India. Analyzing major Corporate and retail security events using SIEM tool such as ArcSight remotely. Identification, investigation and resolution of security breaches detected by those systems. Participate in the creation of security documents and operation Management. Collect and review security logs and reports of all operational devices. Perform trend analysis where there is a benefit to do so and suggest improvements to the security measures. Understanding and applying PCI compliance using FIM tool such as Trip Wire for corporate and retail file integrity management. Scheduling vulnerability scan on corporate and retail assets for vulnerability testing and then analyzing the report based on the severity. Analyzing events for network intrusion detection & intrusion prevention on corporate and retail assets using ISS Site Protector. Creating Rules and filter for the events that are generated in Arcsight Console on the basis of severity and priority of the events. Creation of New Dashboard as the requirement for the priority events. Creation of Rules for firewall events in Deep Security (HIDS). Analysis of Logs generated in DB manager.Creating new process documents which would help the Analyst in analyzing events. Vulnerability Reporting and vulnerability scan scheduling using.Qualys Guard in line with PCI requirementsSchedule and analyze vulnerability scans on various business critical assets Show less

• 

  Tata Consultancy Services

  Jan 2010 - May 2014

  --> Managing End to End Solutions for Total Arcsight Environment.--> Upgrading ESM to the latest version (ESM 6.0 - ESM 6.5)--> Integrated Splunk with Arcsight--> Configuring Remote File Systems to Export logs from loggers to Remote Destination--> Analyzing and modifying filters in Arcsight Connectos based on best practices.  Managing and maintain the Health of Security Information and Event Management – ArcSight infrastructure. Troubleshooting the issues within ArcSight and keeping up all the components healthy Installation and Configuring the ArcSight agents and adding the devices under regulatory requirements for event log collection. Managing ArcSight Loggers – Creating, deleting receivers, forwarders and configuring ESM destinations. Troubleshooting ESM(Enterprise Security Manager) problems – Following up with vendor for issues. Upgrading ArcSight agents to latest code released.--> Arcsight Content Updates on all connectors and actively participated in latest connector upgradation Managing all the IPS appliances through ISS Site Protector.  Pushing new updates/signatures to all the IPS appliances on monthly basis. Monitoring ISS site protector for any false positives’ and adding them as an exception to the policy. Managing policy and adding exceptions to the traffic as per the infrastructure requests Contacting vendor for time to time and following up on the issues with the IPS Infrastructure Creating process documents and giving KT to the team. Show less

  • IT Analyst

    Oct 2010 - May 2014

  • Systems Engineer

    Oct 2010 - May 2014

  • Systems Engineer

    Jan 2010 - Jan 2011
• 

  Travelex

  Jul 2010 - Sept 2010

  Tripwire Specialist
• 

  Mphasis

  Jun 2014 - Feb 2016

  Principle Infrastructure Engineer

  Project involves end to end taking care of IPS and Arcsight platforms. Analyzing events that are suspicious. Monitoring the events that are generated on the console. Looking into Security event management using ArcSight. Network intrusion detection using ISS.

• 

  Target

  Feb 2016 - now

  > End to End Implementation of ArcSight platform. It includes ESM, Logger, ArcMC and Smart Connector upgrades. Test in Dev Env and implement in Prod without any outages.> ESM upgrades and patch installs (latest 6.11 Patch2)> ESM health monitoring and maintenance.> Utilizing ArcMC for managing multiple connectors and loggers.> On-board multiple applications to ArcSight for PCI, SOX, HIPAA and GLBA compliance requirement.> Developing flex connectors for customized applications and non vendor supported platforms. Show less

  • Lead Engineer

    Apr 2020 - now

  • Cyber Security Engineer

    Feb 2016 - Apr 2020