SUMMARY:

• A well detailed individual as an Information Security Analyst/Security Assessor, Privacy and Data Security Management & Operations, Vulnerability Scanning, Certification and Accreditation (A&A), Project Management, NIST 800 - 53 Rev1 and rev4 and NIST SP 800-37 rev 1, 800-18, 800-53 rev3 and 800-34,FIPS, FISMA Security Content Automation Protocol, NIST Family of Security Control, POA&M, Incident and Contingency Planning. Used Splunk for monitoring logs, alerts, and aggregations.

WORK EXPERIENCE:

Customer Value Partners

Confidential, Fairfax, VA

• Risk Management Framework (RMF) Using NIST 800-37 as a guide, assessments and Continuous Monitoring: Performed RMF assessment included initiating meetings with various System Owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls, and documenting findings of assessment.
• Expertise in National Institute of Standards and Technology Special Publication (NIST SP) documentation: Performed assessments, POAM Remediation, and document creation using NIST SP 800-53 Rev.1 and NIST SP 800-53 rev.4.
• Worked with ISSO and Security team to Access Security Controls selected, in Updating SAP, ROE where Vulnerability scanning and penetration testing procedures are included in the assessment, conduct assessment meeting kickoff and security Control meeting with ISSO and System Owner .Assessment finding result be reflexed on the (RTM) or Test case and all weakness noted be reported in our SAR report. Knowledge of SAN-20 and ISO 27001 Security controls and Mapping with NIST.
• Security Documentation: Perform updates to System Security Plans (SSP) Using NIST 800-18 as a guide to develop SSP, Risk Assessments, and Incident Response Plans, create Change Control procedures, and draft, review, update Plans of Action and Milestones (POAMs).
• Developed and implemented online security procedures.
• Worked with management to update security manuals and address current concerns.
• Updated security software to prevent database and security threats.
• Implemented system recovery procedures to minimize loss should an attack occur.

Confidential, Richmond, VA

Cyber Research Analyst

• Expert in conducting cyber, and cyber security research to assist other analysts with most current and valuable information to assist them carryout their day to day cyber security projects. Research on latest versions of NIST Publications in order to apply most current FISMA and NIST standards for federal systems.
• Expert in Dark and Deep Web search using TOR Search Engine. Researching

Confidential, Salt Lake City, UT

Cyber Security Analyst

• Risk Management Framework (RMF) Using NIST 800-37 as a guide, assessments and Continuous Monitoring: Performed RMF assessment included initiating meetings with various System Owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls, and documenting findings of assessment.
• Knowledge of Several Computer Environments: Performed Update, Install, Configure, evaluation and guidance on security control implementation on multiple environments include Windows server, Windows 7, Windows XP, Red Hat 6/7 and Centos 6/7.
• Security Documentation: Perform updates to System Security Plans (SSP) Using NIST 800-18 as a guide to develop SSP, Risk Assessments, and Incident Response Plans, create Change Control procedures, and draft, review, update Plans of Action and Milestones (POAMs).
• POA&M Remediation: Performed evaluation of policies, procedures, security scan results, and system settings in order to address controls that were deemed insufficient during Certification and Accreditation (C&A), RMF, continuous monitoring, and FISCAM audits.
• Expertise in National Institute of Standards and Technology Special Publication (NIST SP) documentation: Performed assessments, POAM Remediation, and document creation using NIST SP 800-53 Rev.1 and NIST SP 800-53 rev.4.
• Developed Solution to Security weaknesses: Developed solutions to security weaknesses in the Requirement Traceable Matrix (RTM) and SAR, while working on POA&M remediation and Corrective Action Plan (CAP. Assisted ISSOs create solutions to weaknesses based on system functionality and pre-existing architecture and an Audit liaison officer with respect to respond to auditor.
• Communications between multiple clients to perform POA&M remediation for CAP remediation. Handled internal communications within Office of Information Security and external communications with several different divisions on a daily basis. Maintain excellent working relationships with both internal and external customers using communication skills.
• Provided services as security controls assessors (SCAs) and perform as an integral part of the Assessments and Authorizations process to include A&A scanning, documentation, reporting and analysis requirements. Analyzed current threats to information security and systems. Analyze security findings and data. Published reports and keeps metrics for client systems.
• Worked with Security Operation Center Analyst in making sure Intrusion detection and prevention systems (IDS/IPS) such as SNORT to analyze and detect Worms, Vulnerabilities exploits attempts and IDS monitoring and management using Security Information and event management (SIEM-SECURITYCENTER BY TENABLE), to collect and Analyze large volumes of logs and network traffic and alerts to assess, prioritize and differentiate between potential intrusion attempts and false alarms. Identified trends and root causes of system failures or vulnerabilities using NESSUS Vulnerability Scanner, Nmap to scan ports, weak configuration and missing patches. Assured that the Information Systems Security department's policies, procedures, and practices as well as other systems user groups are in compliance with FISMA, NIST, and general agency standards.
• Worked with ISSO and Security team to Access Security Controls selected, in Updating SAP, ROE where Vulnerability scanning and penetration testing procedures are included in the assessment, conduct assessment meeting kickoff and security Control meeting with ISSO and System Owner .Assessment finding result be reflexed on the (RTM) or Test case and all weakness noted be reported in our SAR report. Knowledge of SAN-20 and ISO 27001 Security controls and Mapping with NIST.
• Reviewed documentation to include System Security Plan NIST 800-18 as a guide, Authorization to Operate (ATO),Security Assessment report(SAR) using NIST800-30 as a guide, FIPPS 199 System Categorization using NIST 800-60 Vol1/Vol2 based on confidentiality, integrity and availability (CIA), policy and procedures, e-authentication, privacy threshold analysis (PTA), privacy impact analysis (PIA), contingency plan (CP) and interconnection security agreement as per NIST 800-47, certification and accreditation (C&A) packages and system standard operating procedures.

Technology: NESSUS, TAF, Xacta, CFACTS and CSAM, VMWARE. SPLUNK, NAGIOS

Confidential, Dayton, Ohio

Oracle Database Administrator

• Support development teams for all the database-related issues and help to manage the ASM diskgroups.
• Performed Replication using materialized views with a complete refresh/Fast refresh.
• Development of policy and procedures as they relate to database maintenance, security and archiving.
• Installed and configured MySQL on Linux and Windows environments.
• Managing/Troubleshooting MySQL 5.0.22 and 5.1.24 in production and developer environments on both Linux (5.0, 5.1) and Mac OS X.
• Increased database performance by utilizing MySQL config changes, multiple instances and by upgrading hardware.
• Developed stored procedures, triggers in MySQL for lowering traffic between servers & clients.
• Monitoring and maintaining 2/3 node RAC database on Red Hat Linux. Providing support to the development team and handling release schedules.
• Maintaining sound backup and recovery policies and procedures using RMAN. Monitoring the scheduled backup procedures for daily basis using crontab.
• Database refreshes using export /import and datapump. Used RDA, ADDM and AWR reports to monitor the database performance.
• Creating, granting and monitoring user access rights and privileges through roles and profiles.
• Providing instance level performance monitoring and tuning for Event Waits, Sessions, Physical and Logical IO and Memory Usage with the help of AWR and ADDM Reports.
• Automatic Shared Memory Management (ASMM) for Performance diagnosis/tuning and Automatic Segment Space Management (ASSM)
• Supported development effort by providing SQL statement tuning and optimizing ETL procedures and removing load and query performance bottlenecks by using tools Explain Plan, SQL Trace, TKPROF, TOAD and Oracle Enterprise Manager.
• Applying upgrade patch, maintenance and interim (opatch) patches on all the databases.
• Refreshing Dev and Test instances with data from Production on a regular basis.
• Developed PL/SQL packages, DML, DDL, Oracle tables, Stored Procedures, functions, cursors, triggers and UNIX shell scripts.
• Configure and Install Oracle Exadata Databases Machine, performing Initial Elastic Configuration of Oracle Exadata Database Machine.
• Experience in Oracle supplied packages,Dynamic SQL, Records and PL/SQL Tables.
• Developed Complex database objects like Stored Procedures, Functions, Packages and Triggers using SQL and PL/SQL.
• Experience in Oracle supplied packages,Dynamic SQL, Records and PL/SQL Tables.
• Setting the Subnet Manager Master on Oracle Exadata Database Machine Full and Half Rack
• Generated and automated Statspack/AWR reports from Oracle database and analyzed the reports for Oracle wait events, time consuming SQL queries, table space growth, and database growth.
• Involved in SQL Query tuning and provided tuning recommendations to ERP jobs, time/CPU consuming queries.
• Used Explain Plan, Oracle hints and creation of new indexes, identifying the join methods (Nested/Hash/Merge join/Sort merge join) between the row sources for tables, to improve the performance of SQL statements.
• Addressed developers/testers requests to clone production databases for the purposes of testing using RMAN.
• Applied PSU Patches (10.2.0.3, 10.2.0.4) as a part of maintenance activity.
• Extensively used Datapump, conventional export/import utilities for loading data to & from databases, logical backups and migration of databases.
• Monitoring and optimizing the performance of the database/application using OEM along with homespun scripts.
• Capacity planning: Allocate system storage and plan future storage requirements.
• Worked on SQL tuning using SQL Tuning Advisor, SQL Access Advisor, SQL Profiler and SQL Optimizer, Foglight.
• Monitoring rollback segment and temporary table space use.
• Performing housekeeping tasks like checking log and trace files.
• Performing database refreshes, migration and performance tuning of PeopleSoft application environments.
• Setup and maintenance of Physical Standby Database using Data Guard Broker and active Data Guard for faster Disaster Recovery.
• Installed and Configured OEM grid control for maintenance administering the databases.
• Worked on Oracle Golden Gate. Involved in environment setup and Installation of Oracle Golden database and Oracle Golden Gate.
• Successfully worked on the data replication between operational and analytical enterprise using Golden Gate.
• Daily Health Checkup of all the Databases using Oracle Enterprise Manager 12c.
• Used Database Configuration Assistant (DBCA), Database Upgrade Assistant (DBUA) for upgrading Oracle10gR2 to the latest Oracle 11gR2 and applied patches as required.
• Performed full and incremental backups using RMAN for development and production databases.
• Database cloning from Production to Test and Development environments.
• Extensively worked on applying patches (CPU&PSU) whenever required.
• Schema Refreshing of databases using normal copy method and exp/imp utility.
• Cloning database and schemas using Data pump for 10g and 11g versions.
• Cloning 10g and 11g databases using RMAN duplication (with and without backup).
• ASM Disk storage and user Management
• Monitoring the Hit Ratios and tuning the System Global Area (SGA) accordingly.
• Performance tuning for optimized results using tools like EXPLAIN PLAN, SQL*Trace, TKPROF, STATSPACK, AWR, ADDM.
• Troubleshooting of various database performances by proper diagnosis at all levels like SQL, PL/SQL, database design, database tables, indexes, Instance, memory, operating system and java calls.
• Knowledge in Oracle Data warehouse DBA skills relating to administration and management of VLDB environments, Oracle OLTP.
• Experience in writing UNIX/SHELL scripts for providing the reports.
• Installed and configured Oracle 11g database on a test server using Oracle standard procedures and OFA, for performance testing and future 10g production implementation.

Environment: Oracle 10g/11g/12c RAC/10g, VMS, Sun Solaris, Windows Server 2003, Red Hat Linux, TOAD, RMAN, SQL server, OEM.