SUMMARY:

Seeking a position utilizing my technical and analytical skills in the field of Cyber Security. Seeking an opportunity to further my knowledge and experience in cyber security functions including vulnerability management and SOC/CIRT.

TECHNICAL SKILLS:

Cyber Security Tools: Snort, Sourcefire, FireEye, ArcSight, NetWitness, EnCase, WireShark

Vulnerability Testing Tools: Security Center, Nessus, Retina, AppScan, Guardium, TripWire, HP WebInspect, NCC Auditor

AV: McAfee, Symantec

Proxy: Blue Coat, Cisco IronPort

Security Standards: FISMA, DIACAP, NIST 800 - 18, 800-30, 800-37, 800-53, 800-53A, FIPS 199, 200.Experience

PROFESSIONAL EXPERIENCE:

Scan Team Lead

Confidential

• Managing and leading a team to accomplish vulnerability and compliance scan across entire Confidential network, including going offsite to remote location to complete scans.
• Responsible for configuring, customizing, updating, and troubleshooting database, and Application vulnerability scanning tools that include, Nessus, HPWebInspect, NCC Auditor database scanners.
• Preformed vulnerability scans on AWS systems.
• After completion of the scans, I analyzed the scans results to determine if the scans ran successfully and reviewed all critical, high, and medium findings and imported them into a detailed report and sent the results to customer to provide guidance on how to remediate the findings.
• Trained and mentored new scan team members on the process and procedures of the Confidential Cyber Security Division. Training also included on how to use all the security tools at their disposal, and how to interact with the customer.
• I worked closely with customer and technical lead to help troubleshoot issues that arise from scanning including credential issues to firewall.
• I updated and maintained SOP to with the latest information and procedures.
• Scheduled and conducted meeting with stakeholders in order to coordinate on scanning, and trouble shoot any issues we ran into or that might occur.
• Coordinated and assisted OIG and other third party auditors to scans and investigations of possible vulnerable systems.

Lead Vulnerability Analyst

Confidential

• Provide high level functional and IT analysis, design, development, integration, documentation, and implementation assistance on problems that require a thorough knowledge of the related technical subject matter for effective system deployment.
• Participates in all phases of systems development.
• Applies principles and methods of the functional area to difficult problems in technical areas to arrive at automated solutions.
• Designs and prepares technical reports and related documentation.
• Prepares and deliver presentations and briefings.
• Performed tasks focused on the development of security test plans, conduct security testing, analyze test results, and develop risk assessment reports that document vulnerabilities, threats, impacts, and recommended mitigations.
• Support documenting updated processes and procedures, includes integration of the scanning tools into the rapid development process.
• Support documenting Configuration and Operations guide for present, and future system administrators in the operations and maintenance of the Test Environment.
• Assist in helping the application project development teams to understand how to utilize scanning tools during the development process to help them meet security requirements in a rapid development environment.
• Strong understanding of SANS Top 20 and OWASP Top 10 vulnerabilities.
• Familiarity with various scanning technologies including vulnerability and Application tools.

Lead CIRT Analyst

Confidential

• Performing, analyzing, and summarizing vulnerability scan data.
• Performing vulnerability scans on web applications looking for cross site scripting, SQL injections, blind SQL injections, and ext.
• Responding to, and tracking security incident, and investigation activity that have happened in the network.
• Identifying threats and notifying the management of vulnerabilities and threats facing the network.
• Presenting vulnerability and threat statuses at weekly IT Operations security meetings with management and vendors.
• Supporting technical modifications to the IT enterprise infrastructure by reviewing and commenting on the security aspects of change packages and vendor proposals.
• Reviewed IDS and McAfee data logs on a daily basis for malicious files.
• Creating, maintaining, and updating SOP (Standard Operating Procedures) with the latest information, and procedures.
• Also preforming monthly patch scanning to see with workstations were missing critical patches.
• With the monthly patch scanning I would also run MBSA (Microsoft Baseline Security Analyzer) against the work stations that had missing patches to make sure all the missing patch information was correct.
• Ran daily Malware scans to identify workstations with malicious files on them.

Sr. Cyber Security Analyst

Confidential

• Responsible for supporting the 24/7/365 Security Operations Center (SOC) as a cyber security analyst focused on incident handling and response.
• Performed network monitoring to identify cyber threats using various tools.
• Monitored security tools for Malware related activities.
• Performed computer forensic to identify dropped malware, discover malicious files, collect user information for investigation, and other computer forensic related uses.
• Performed threat monitoring for industry resources and observe new technical developments, intruder activities and related trends to help identify threats to the organization.
• Performed and participate in incident handling process, incident discovery, analysis and verification, incident tracking, containment and recovery, incident response coordination and notification.
• Developed and documented standard operating procedures (SOP) and compile reports.

Cyber Security Analyst

Confidential

• Provided FISMA support by performing certification (security assessments) of system using NIST 800-37,800-18, 800-30, 800-53, 800-53A, FIPS 199/200.
• Provided support of continuous monitoring by performing vulnerability assessment using Tenable Nessus, Retina, auditing Microsoft server manually and through tools (CIS Benchmark)
• Provided incident response for cyber security incidents. Monitored IDS (Snort/Snorby) for policy violations, cyber intrusions, malware, and other events.
• Used ArcSight to view and create channels for the various security tools (IDS, Firewall, system logs, etc.) on the network.
• Utilized NetWitness for analyzing network traffic related to cyber incidents, utilized NetWitness META to look for suspicious events, and proactively used NetWitness to look for Malware & APT emails.
• Monitored FireEye for malware discovered through web traffic and email.
• Created and monitored tickets to resolve cyber issues discovered (e.g. reimage machine infected with malware, remove APT emails from inbox, remove P2P applications from workstations, and more)
• Provided incident response identification, escalation procedures, and reduction of false positives.
• Also provided network security monitoring, event escalation, cyber threat, and vulnerability analysis.
• Experience with applications in establishing security controls to protect information systems consistent within industry standards.