SUMMARY:

• Results - driven Information Security Analyst/Security Assessor, Privacy and Data Security Management & Operations, Vulnerability Scanning, Certification and Accreditation (A&A), Project Management, NIST 800-53 Rev1 and rev4 and NIST SP 800-37 rev 1, 800-18, 800-53 rev3 and 800-34 FIPS, FISMA Security Content Automation Protocol, NIST Family of Security Control, FedRAMP Security Assessment Framework, POA&M, Incident and Contingency Planning.
• Good exposure in Configuring Single instance, Oracle Real Application Clusters (RAC) and Automatic Storage Management (ASM).
• Experience in installing and patching Oracle RAC with ASM on Linux platforms.
• Expertise in setting up Data Guard Fail-Over/Switch-Over/Read-Only scenarios.
• Good exposure of Oracle DBA tasks like Installation, Patching, Cloning and Upgrade of Oracle Databases.

Technology: NESSUS, TAF, Xacta, CFACTS and CSAM

TECHNICAL SKILLS:

Database Admin: Oracle 12c/11g/10g/9i/ SQL Server 2008/2005, mysql

OS: Linux - Windows 2000 Server, Windows XP, Windows 2003 Server, Red Hat Linux 5.4

Virtualization: VMware and Oracle Virtual Box

Languages: Oracle SQL, PL/SQLBackup: RMAN, Hot and Cold backup

PROFESSIONAL EXPERIENCE:

Information System Security Officer

Confidential, Mclean, VA

Responsibilities:

• Cyber security consultant in the Intelligence Community (IC) specializing in safeguarding Information systems and networks.
• Performed periodic network and workstation risk assessments for current and potential vulnerabilities and attack vectors, to build baselines, clarify the risks and engineer necessary changes to proactively eliminate incidents from becoming recurring events, then when needed provide risk mitigations.
• Maintained a continuous monitoring approach on affiliated networks and system security controls including system audit logs, ACL's, vulnerability scanning and A/V scans, updated software/hardware inventory, OS and software patching, Encryption standards.
• Being a focal point for handling various IT security incidents, disaster response and recovery for critical information systems nationwide.
• Lead over 100 audits of Information systems, networks (physical, VM and cloud) to ensure compliance with FISMA, FedRAMP, NIST, PII, NISPOM, DIACAP, ICD 503, ISO and other IT compliance frameworks.
• Subject matter expert in creating and analyzing security documentation such as System Security Plans, Vulnerability Scans, Risk Assessment Plans/Reports, Visio diagrams, SOP's, Body of evidence, ATO's, POAM's, and other supporting IT documents to help make critical business decisions.
• Facilitated all phases of certification & accreditation for various software, systems and networks using an IT Risk Management Framework, security tools/software and planning with all the stakeholders involved.
• Ensuring secure data migrations from different sources without losing integrity of data and keeping the data for the stakeholders.
• Trained employees and customers on Risk Management and testing Security controls in enterprise environments.
• Work directly with GSA-appointed ISSP to create documentation with the level of detail required by FedRAMP Program Management Office (PMO): SSP, CP, CMP, IRP, Policies & Procedures, PTA/PIA, FedRAMP User Guide, CIS Template, and Control Tailoring Worksheet
• Create Project Plan for FedRAMP Documentation,
• Developed Solution to Security weaknesses: Developed solutions to security weaknesses in the Requirement Traceable Matrix (RTM) and SAR, while working on POA&M remediation and Corrective Action Plan (CAP. Assisted ISSOs create solutions to weaknesses based on system functionality and pre-existing architecture and an Audit liaison officer with respect to respond to auditor.
• Work directly with GSA-appointed ISSP to create documentation with the level of detail required by FedRAMP Program Management Office (PMO): SSP, CP, CMP, IRP, Policies & Procedures, PTA/PIA, FedRAMP User Guide, CIS Template, and Control Tailoring Worksheet
• Create Project Plan for FedRAMP Documentation,

Information System Security Officer (ISSO)

Confidential, MD

Responsibilities:

• Primary cyber security point of contact between Senior Management and the technical staff within the DHS Passengers Systems Program Directorate (PSPD).
• Major responsibilities included achieving ATO and continuous monitoring throughout system lifecycle.
• Other activities include Vulnerability. Patch, and POA&M management, defining system security requirements, Nessus and HP WebInspect scan reviews, change request reviews, and writing Interconnection Security Agreements (ISA).
• Other security engineering activities include designing system security requirements and auditing requirements for HP Fortify and Splunk.
• Risk Management Framework (RMF) Using NIST 800-37 as a guide, assessments and Continuous Monitoring: Performed RMF assessment included initiating meetings with various System Owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls, and documenting findings of assessment.
• Knowledge of Several Computer Environments: Performed Update, Install, Configure, evaluation and guidance on security control implementation on multiple environments include Windows server, Windows 7, Windows XP, Red Hat 6/7 and Centos 6/7.
• Perform FedRAMP Government-wide program that provides a standardized approach for security assessment, authorization, and continuous monitoring for cloud products
• Security Documentation: Perform updates to System Security Plans (SSP) Using NIST 800-18 as a guide to develop SSP, Risk Assessments, and Incident Response Plans, create Change Control procedures, and draft, review, update Plans of Action and Milestones (POAMs).
• POA&M Remediation: Performed evaluation of policies, procedures, security scan results, and system settings in order to address controls that were deemed insufficient during Certification and Accreditation (C&A), RMF, continuous monitoring, and FISCAM audits.
• Communicate and enforce security policies, procedures and safeguards for all systems and staff, based upon NIST and/or DIACAP.
• Work with the client, SaaS providers and internal development team to identify security gaps and resolve them to protect client data
• Responsible for assessing compliance to established data protection controls and standards for client data protection and reduce business risk
• Expertise in National Institute of Standards and Technology Special Publication (NIST SP) documentation: Performed assessments, POAM Remediation, and document creation using NIST SP 800-53 Rev.1 and NIST SP 800-53 rev.4.
• Developed Solution to Security weaknesses: Developed solutions to security weaknesses in the Requirement Traceable Matrix (RTM) and SAR, while working on POA&M remediation and Corrective Action Plan (CAP. Assisted ISSOs create solutions to weaknesses based on system functionality and pre-existing architecture and an Audit liaison officer with respect to respond to auditor.

ORACLE DBA

Confidential -Washington, DC

Responsibilities:

• Performed Migration and Upgrade of databases to 12c and 11g.
• Extensive experience on Oracle 12c/11g/ASM/RAC and upgrade of standalone databases to 11g RAC environment
• Perform database health check using OEM 12C
• Maintain Oracle Applications 11g DBA skills for complex 24×7 environments
• Provides user management and database security using DISA STIGS strategies Backups, exports and imports, archiving old records and verification of processes, create and maintain database through,
• DDL/DML, back-up/restore strategy, replication strategy.
• Developed Recovery Manager (RMAN) scripts for database backup and recovery including hot and cold backup options for both RAC and standalone instances
• Responsible for a variety of DB2 database administration duties in support of a customer tracking system conversion from DB2/TELON-based applications to DB2/Visual Basic.
• Responsible for performing DB2 DBA duties in a DB2 z/OS environment, using DB2 V10. The utilities of choice at this installation are the BMC DB2 utility suite. Am proficient with BMC DASD Manager, BMC Catalog Manager, BMC Change Manager, BMC Unload Plus, BMC Load Plus, BMC Reorg, BMC Copy and DB2 Utilities