Systems Security Analyst Resume
4.00/5 (Submit Your Rating)
Ashburn, VA
SUMMARY:
- At GMU, I am trained to lead, solve problems and to contribute to mission - critical assignments in the Information Security.
- I am capable of troubleshooting network performance, maintaining and enforcing security policies.
TECHNICAL SKILLS:
- Familiar with Wireshark, ArcSight, SourceFire, Fireeye and other Security Tools
- Knowledge of Virtual Machine and Virtual Application systems
- Triage analysis using open source tools to prepare reports and implement mitigation
- Basic understanding of vulnerability assessment tools such Tenable Nessus as vulnerability scanners and exploitation frameworks
- Experience working in a Security Operations Center (SOC) or enterprise network environment
- Understanding of contemporary security architectures/devices such as firewalls, routers, switches, load balancers, remote access technologies, anti-malware, SIEM and AV
- Ability to read and interpret PCAP data
- Experience with SIEM platforms (Arcsight, Splunk, Securiy Center) including creating channels and reports
- Familiarity with web based attacks, attack vectors and exploitation and common mitigation controls and system hardening
PROFESSIONAL EXPERIENCE:
Confidential, Ashburn VA
Systems Security Analyst
Responsibilities:
- Validate systems compliance with the security controls as defined in the SSP
- Perform a Security Controls Assessment (SCA)
- Review all SA&A related documentation for each information system listed in CSAM to ensure compliance, quality, completeness, and validity related documentation (Privacy Threshold Analysis, Privacy Impact Assessment, General Tab information …), to include: System Mission/Purpose System Characteristics Role Based Access Control matrix
- Process Flow Diagram, Network Diagram, Technical Description review, Appendices information Point of Contact information Status Tab information and POA&M activities
- Analyze the findings from the SCA and quantify results
- Perform validation testing in CSAM Generate residual risk reports in CSAM
- Forward residual risk report to Information Systems Security Program Manager (ISSPM)
- Have solid experience in developing solutions that satisfy Federal, legal, and regulatory requirements (FISMA, GISRA, OMB and NIST guidance and regulations)
- Have strong technical skills and understand: information systems, network protocols, firewalls, IDS systems, vulnerability scan reports, etc.
- Work with end users to define identify business procedures and establish documentation needs for hardware and software.
- Analyze IT project requirements to determine types of documents needed.
- Collaborate with systems and development staff to collect and interpret technical information.
- Research, evaluate, and recommend new documentation tools and methods in support of documentation improvement effort as needed.
SOC Analyst, General Dynamics
Responsibilities:
- Information Technology Infrastructure Library (ITIL) incident, problem, change, and availability management.
- Monitor the Arcsight High Confidence Channel and identify alerts that are prospective security incidents. Create Tickets and provide further information as required for further investigations.
- Monitor Phishing/SPAM mailboxes and identify E-mails that require further evaluation and escalate if necessary.
- Monitor Sourcefire for IDS alerts of interest.
- Utilized SIEM analysis tools such as ArcSight, McAfee ePO, SourceFire, FireEye, Fidelis, etc.
- Process Block Requests.
- Analyze malware on Out-of-Band (OOB) system to identify host and network-based characteristics useful in identifying infected systems and/or block future malicious activity.
- Analyze e-mails identified as possible security issues. Analyze e-mail characteristics, make security recommendations to block or re-direct Coordinate with SOC Leads and/or managers.
- Review Open Source Intelligence Sites, authorized government intelligence sources, and identify information that can be utilized to increase monitoring capability or increase Situational Awareness.
- Based on monitoring and analysis activities, take necessary action such as Tickets creation, firewall/proxy blocklist recommendation, E-mail block/re-direct recommendation, monitoring content recommendation, or other similar actions.
- Perform host-based analysis on workstations.
- Investigates potential incidents/intrusions, follows up on post incident actions.
- Ensuring integrity and confidentiality of sensitive data
IT Systems Analyst
Responsibilities:
- Active monitoring of servers and daily performance of computer systems.
- Worked as part of a team to provide NOC support to the customer on a 24x7 schedule.
- Analyze, investigate, and document any unusual network traffic between multiple sites with the use of SIEM tools and other software tools to pinpoint issues.
- Proactively administer Electronic Access and Monitoring tools (management, development, implementation of enhancements as well as testing software upgrades of the tools).
- Monitor the system for security related events and escalates notifications to Asset Owners to resolve alerts.
- Conduct investigations to understand the root cause of the incident and recommend appropriate remediation plan
- Utilized SIEM tools such as SolarWinds and firewall/proxy logs for intelligence gathering
- Research, analyze and troubleshoot compliance and security issues.
- Escalate any abnormal activity to security, upper management, DISA and Government contacts.
- Protect network and device configurations, and defend against malicious activities.
- Ability to recognize the common surveillance, exploit, and techniques used in the incident.
- Experience with any of the following: Anti-Virus, HIPS, ID/PS, Full Packet Capture (Wireshark), Host-based security, Network security.
- Incident Response and Handling.
- Apply firmware and software updates to network and transport components
- Support of incident reports by troubleshooting, repairing, and/or reconfiguring network and transport services
IT Specialist
Responsibilities:
- Recommend a course of action on each incident. Creates, manages, and records all actions taken and serve as initial POC for Events of Interest reported both internally and externally
- Investigates potential incidents/intrusions, follows up on post incident actions
- Consults with investigative/enforcement entities on declared incidents
- Utilizes software and hardware tools and identifies and diagnoses complex problems
- Experience working with logging systems and SIEM platforms (Splunk), IDS monitoring/analysis with tools such as Sourcefire and Snort
- Anti-Virus (AV) and Host Based Intrusion Prevention (HIPS)
IT Specialist
Responsibilities:
- Provided technical support, including identifying problem incidents with their subsequent resolutions.
- Assisted company personnel with desktop operation, including both hardware and software
- Provided employee training and instructions regarding basic operation of software and hardware, technical support and quality standards.
- Experience working with vulnerability assessment tools such Tenable Nessus as vulnerability scanners and exploitation frameworks
- Anti-Virus (AV) software