PROFESSIONAL SUMMARY:

• Information technology professional with excellent experience in Cybersecurity compliance, information security risk management, vulnerability and security controls assessments and network administration. Familiar with a wide range of IT and security tools and processes to include Spunk and ForeScout, as well as iterative and agile development.
• Have experience working in Government and commercial environments including IRS. Great communicator and team player.
• Highly familiar with IRS Cybersecurity processes and IRS security/IRM requirements
• Thorough understanding of security landscape to attain FISMA compliance
• Highly familiar with IRS Enterprise Life Cycle
• Experience with implementing and assessing security controls
• Experience with evaluating infrastructure vulnerabilities and working to mitigate teh risks
• Experience conducting penetration tests
• Thorough understanding of networking technology and security
• Experience in network administration and support of LAN switching, routing, VPN, and WAN technologies
• Able to identify and validate weaknesses in networks and information systems
• Extensive experience with Cisco Command Line Interface (CLI)
• Experience with Windows, Linux, and VMware - starting, configuring, and maintaining
• Extensive work on Linux Command Line
• Experience with Powershell for Windows
• Experience setting up and maintaining hardware and software systems
• Self-motivated, hardworking, and dependable a problem solver

TECHNICAL SKILLS:

• NMap, Big Fix, NetSparker, Metasploit, AppScan Source/Enterprise, Eclipse Luna, Visual Studio
• Splunk, Forescout/ CounterACT
• Tenable Security Center, Tenable Nessus, Kali Linux, Wireshark
• RSA Archer, VMware Workstation

PROFESSIONAL EXPERIENCE:

Confidential, Severn, MD

Data Loss Prevention FISMA Lead

Responsibilities:

• Lead Annual Security Controls Assessment (ASCA)
• Create, manage, and complete Plan of Action Milestones (POA&Ms)
• Monitor Tripwire findings within Splunk and coordinate patches to remediate findings
• Lead creation and maintenance of System Security Plans (SSP)
• Create and update all technical documentation including but not limited to Server inventory and ticket documentation
• Provide support for DLP PM and Technical team

Security Engineer

Confidential

Responsibilities:

• Define teh technical security requirements for organization information systems as related to FISMA, to include policies, procedures, standards, and guidelines
• Support teh development of use cases, and their validation
• Support teh implementation of IRS security requirements as defined in teh Internal Revenue Manuals (IRMs) to include 10.8.1, 10.8.6, and 10.8.24
• Collaborate with implementers in Applications Development, and Enterprise Operations to oversee teh implementation of security-related requirements/controls
• Conduct, review, evaluate, assess, document and communicate teh results of technical security assessments, (e.g., vulnerability assessments, source code analysis, penetration tests; system or application assessments, etc.) to Confidential customers and IRS stakeholders
• Assure that all Enterprise Life Cycle (ELC), to include security-related documentation, is in a current state
• Support teh updates of System Security Plans, Information Technology Contingency Plans, and design documents
• Leverage industry technologies to include Splunk Enterprise for ingesting vulnerability-related data
• Perform penetration testing, static code analysis, and dynamic code analysis for teh IRS’s Penetration Testing and Code Analysis (PTCA) team
• Identify and validate vulnerabilities to IRS information systems through manual and automated ethical hacking and penetration testing techniques
• Eliminate vulnerabilities in teh development process with thorough and accurate code reviews for security vulnerabilities
• Use AppScan Source and AppScan Enterprise to identify weaknesses in IRS web applications, use Guardium for IRS databases, and use Tripwire for teh IRS infrastructure
• Attempt to validate or identify as false positives using manual or automated hacking techniques
• Conduct penetration testing activities in a manner that simulates a malicious actor engaged in targeted attacks against identified vulnerabilities with teh goals of determining whether computer and network systems are properly configured to prevent access by unauthorized persons from both external and internal points of attack
• Penetration testing is performed as an insider with and without specific information about teh internal network and vulnerabilities, and with access to IRS facilities
• Teh testing is conducted in accordance with recommendations outlined in teh National Institute of Standards and Technology (NIST), Special Publication, Technical Guide to Information Security Testing and Assessment, and teh Open Web Application Security Project (OWASP) security testing guidelines
• Support teh development process with code analysis
• This consists of manual code reviews to identify weaknesses early in teh development process, so they can be mitigated/remediated prior to deployment
• Teh reviews are conducted in conjunction with developers and in accordance with teh IRS ELC

Information Technology Security Specialist

Confidential 

Responsibilities:

• Implemented and configured various technologies to include Splunk (extensive) and Forescout (basic)
• Served as network administrator in Windows and Linux environment
• Performed basic configuration and installation
• Performed system monitoring and availability management, as well as basic troubleshooting
• Responded to network trouble tickets, to include problem identification and resolution
• Supported network technologies to include testing and evaluation of environment as changes are being made, such as to Cisco firewalls and routers
• Performed Linux administration, including Debian and RedHat distribution variants/derivatives
• Performed security risk assessments, to include security controls assessments, on commercial information systems
• Analyzed results and provide recommendations for security enhancement/improvement
• Conducted vulnerability assessments to include vulnerability scanning and penetration testing of vulnerable web applications and network devices
• Performed penetration testing to evaluate external and internal security posture
• Conducted Security Controls Assessments using National Institute of Standards and Technology (NIST) guidance, to include NIST Rev. 4, and .
• Conducted physical and environmental security controls assessments on customer data centers, to include building access and internal systems, such as HVAC
• Developed Plan of Action & Milestones (POA&Ms) for customers that cannot remediate risks within 30 days of identification
• Collaborated with customers on mitigation for validated weaknesses
• Supported teh development of teh System Security Plans (SSPs) for customer information systems
• Via Confidential internship, conducted vulnerability scanning and monitoring of Confidential ’s external presence