SUMMARY:

• Highly innovative and self - motivated Information Systems security professional with a passion and talent for aligning security architecture, plans, controls, policies and procedures with security standards and operational goals.
• Extensive experience in Privacy and Data Security Management & Operations, Vulnerability Scan, Assessment and Authorization Process, Use of NIST Publications, FISMA Compliance for systems, FedRAMP Security Assessment Framework, POA&M Management, Incident and Contingency Planning and use of Splunk to monitor logs and alerts
• Experience in administering different versions of Oracle Databases on different operating system platforms Like Red-Hat Linux, Unix, Windows

TECHNICAL SKILLS:

• CSAM
• NESSUS
• TAF
• Xacta
• CFACTS
• VMWARE. SPLUNK
• JIRAH

WORK EXPERIENCE:

Confidential, MD

Information System Security Officer

• Used NIST 800-37 Risk Management Framework (RMF) as a guide to implement security Assessments and Authorization and Continuous Monitoring
• Developed solutions to security weaknesses in the Requirement Traceable Matrix (RTM) and SAR, while working on POA&M remediation and Corrective Action Plan (CAP)
• Updated and reviewed Project Plan for FedRAMP Documentation.
• Performed FedRAMP, Government-wide program that provides a standardized approach for security assessment, authorization, and continuous monitoring for cloud products
• Used NIST 800-18 as a guide to develop System security plan, Risk Assessments, and Incident Response Plans.
• Created Change Control procedures, drafted, reviewed and updated Plans of Action and Milestones (POA&Ms).
• Reviewed and updated policies, procedures, security scan results and system settings in order to address controls that were deemed insufficient during Assessment and Authorization (A&A), RMF, continuous monitoring, and FISMA audits.
• Worked alongside team members to create documentation for the FedRAMP Program Management Office (PMO): SSP, CP, CMP, IRP, Policies & Procedures, PTA/PIA, FedRAMP User Guide, CIS Template, and Control Tailoring Worksheet
• Handled internal communications within Office of Information Security and external communications with several different divisions on a daily basis. Maintained excellent working relationships with both internal and external customers using communication skills.
• Analyzed threats to information security and systems including security findings and data. Published reports and kept metrics for client systems.
• Worked with Security Operation Center Analysts to ensure Intrusion detection and prevention systems (IDS/IPS) such as SNORT are used to analyze and detect Worms, viruses other Vulnerability exploit attempts.
• Monitored and managed Information detection and prevention systems using Security Information and event management (SIEM) to collect and analyze logs, network traffic and alerts. Used this information to assess, prioritize and differentiate between potential intrusion attempts and false alarms.
• Identified trends and root causes of system failures or vulnerabilities using NESSUS Vulnerability Scanner, Nmap to scan ports, weak configuration and missing patches.
• Ensured that the Information Systems Security department's policies, procedures, and practices as well as other systems, user groups are in compliance with FISMA, NIST, and general agency standards.
• Worked with Security team to assess selected security controls for assigned systems and to update SAP, RTM and SAR.
• Participated in assessment kickoff and interview meetings with Assessors and System Owners.
• Developed, documented and updated all required artifacts for the security Assessment and Authorization package documents using NIST publications as guide.
• Facilitated all phases of Assessment and Authorization for various software systems and networks using NIST 800-37 Risk Management Framework, security tools/software and planned with all the stakeholders involved to ensure the process is completed on time.
• Maintained an enterprise security stance through policy, architecture and training processes, including the selection of appropriate security solutions and conducting vulnerability audits and assessments.

Confidential, NEW YORK

INFORMATION ASSURANCE OFFICER

• Conducted SCA activities and tasks and obtained Authorization to Operate (ATO) in line with NIST and client guidance and directives.
• Determined the baseline IT Security requirements for IT Systems, identified system boundaries, and determined information categorization using NIST 800-60 and FIPS-199.
• Ensured that IT Systems are operated, used, maintained, and disposed of in accordance with internal security policies and practices.
• Ensured users and system support personnel have the required authorization and training and are familiar with internal security practices before having access to the IT System.
• Selected baseline controls and documented the implementation of these controls.
• Implemented security controls using NIST Publications and FIPS categorization.
• Conducted Security Assessment and Authorization for assigned systems
• Documented risk assessment for systems as per clients’ directives and requirements.
• Developed and documented all required artifacts for the security Assessment and Authorization package.
• Developed and maintained Plan of Actions and Milestones (POA&Ms) for IT systems to mitigate weaknesses
• Reviewed Assessment and Authorization package documentation and artifacts on a regular basis to ensure systems remain FISMA compliant
• Created and Analyzed security documentation such as System Security Plans, Vulnerability Scans, Risk Assessment Plans/Reports, Visio diagrams, SOP's, ATO's, POA&M's, and other supporting IT documents to help make critical business decisions.
• Scheduled kick off and interview meetings with ISSOs, system owners and other stake holders to assess security controls for assigned systems and to ensure that these controls are well implemented.
• Developed test plans and assessment reports to document audit findings and to support system authorization.
• Provided guidance and support to development of Plan of Action and Milestones (POA&M) as well as validation testing of POA&Ms.
• Assessed systems for compliance ensuring appropriate data protection controls and standards for client’s data protection are well implemented
• Developed a detailed project schedule for A&A/SCA task and milestones, task dependencies, and personnel resources

Confidential, CA

Oracle Database Administrator

• Involved with OLTP relational databases system analysis, design, implementation and management.
• Setup and configured replication using Data Guard in physical and logical mode.
• Created users, granted roles and privilege. Managed user accounts and privileges to maintain application security.
• Cloning databases using scripts as well as RMAN. Installation, setup and configuration of Data guard.
• Analysis on SQL and Services with high CPU, Memory usage, AWR analysis, ADDM (Automatic Database diagnostic Monitor report), Active Session History (ASH).
• Monitoring production database and provide detailed analysis on Long running, Resource consuming SQLs, Wait events, Locks and Alert log file.
• Providing suggestions and workaround to Tune the Bad Performing SQL by giving Index and Stats fix with the help of Execution plan and Predications.
• Provide assistance and technical support to all database end-users and addressing all OEM, BMC PE Alerts for Sev2, Sev3, and Sev4 etc.
• Database schema Migration activities using oracle golden gate, data pump (Expdp/Impdp).
• Database housekeeping activities that can reclaim space at both OS & DB Level.
• Responsible for tuning applications by capturing and tuning database performance metrics, System metrics and resolving issues like deadlocks, Locking, slow performing queries using SQL Advisor, Baselines and other tools (SQLT).
• Installation, configuration, maintenance and tuning of Oracle RDBMS 10g -12c in Production, QA, and Test environments.
• Oracle Database Upgrades 10g to 11g, 11g and 11gr2 to 12c.
• Migrating and consolidation of 10g databases into 11g in both QA and Production environments.
• Troubleshooting Space Management & User accounts and privilege issues while coordinating with UNIX and application teams.
• Performed proactive database maintenance procedures to ensure optimal performance and uptime and implemented shell scripts for automation of day to day activities.
• Identify Top SQL that are consuming heavy resources and provide support to the development team in identifying SQL queries that are consuming high resources and interact with the development team to see if these queries can be fine-tuned further.
• Regular Security Patching and Critical patch Updates (CPU) and Patch set updates (PSU) on Oracle databases and interim patches for various bug fixes on database enhancements.
• Production support for Oracle database 10g/11g RAC.
• Monitoring the session waits for the database performance and resolving the performance issues.
• Monitoring the database for growth and added space to the table spaces as per demand.
• Generating AWR reports on regular basis to identify the database performance at peak load.
• Tuning the SQL statement by analyzing the explain plan and ADDM reports
• Implemented scripts to monitor and get information on free space, alert log errors provided maintenance of user accounts, privileges, profiles and roles.
• Upgrades, patching, and off-hours maintenance and change control execution in production 24/7 environments and hosting facilities using Remote desktop connection or Putty in conjunction with RSA -VPN.
• Documented the Standard Processes for peers to follow.
• Refreshing Dev and Test instances with data from Production on a regular basis.
• Developed PL/SQL packages, DML, DDL, Oracle tables, Stored Procedures, functions, cursors, triggers and UNIX shell scripts..
• Used Data Pump for export and import. Wrote scripts for Backup of databases, maintenance of archive logs for databases. Streamlined backup procedures and implemented RMAN for backup and disaster recovery.

ENVIROMENT: Oracle 10g/11g RAC, Sun Solaris, Windows Server 2003, Red Hat Linux, TOAD, RMAN, SQL server, and OEM.