SUMMARY:

Highly motivated information technology professional with experience and knowledge of information security and networking and a record of significant accomplishments in previous employment shall be of added value.

SKILLS OVERVIEW:

Intrusion Detection Systems: ArcSight 6.0 ESM, SNORT, SourceFire, IBM Proventia Site Protector

Firewall: Netscreen, CheckPoint, Barracuda Firewall - Web Filter, BlueCoat, Palo Alto, FireEye NX, EX, FX, AX

Network Analyzer: BlueCoat SAP, Netwitness, Carbon Black, WireShark, Network Miner, Splunk, Kibana

Vulnerability Assessment: Xacta, Nessus, eEye Retina, Nmap. (NIST-RMF NIST 800-53, NIST 800-53A)

Forensics: Forensic ToolKit (FTK), Encase, Helix, Sleuthkit, SIFT, Mandiant Intelligent Response (MIR), Autopsy.

Mobile Device Forensics: Cellebrite UFED (Touch), XRY

HBSS: McAfee ePolicy Orchestrator 4.0 - HIPS, PA, MA, ABM, RSD, AV

Intel Analytic tools: i2 Analyst’s Notebook, Palantir, HOTR, Intelink, M3, IC databases

EXPERTISE:

Expert Security Control Assessor with thorough understanding of NIST-RMF and Xacta IA Manager.

PROFESSIONAL EXPERIENCE:

Confidential, Chantilly, VA

Information Assurance/Security Policy Engineer

Responsibilities:

• Act as the representative of the Information System Security Manager ensuring compliance with IS security procedures.
• Support efforts to operate, maintain, and dispose of information system materials in accordance with security directives, policies and practices and as annotated in Systems Security Plans.
• Generate and implementation of requisite security training ensuring user security awareness of responsibilities prior to system access.
• Initiate protective and corrective measures when incident or vulnerabilities are discovered.
• Ensure IA hardware and software complies with security configuration guides.
• Implement and enforce IA policies and procedures as defined by A&A documentation.
• Develop and assist in development of Plan of Action and Milestones (POA&M) containing corrective actions required for unacceptable risks.
• The ability to work on multiple projects/tasks Confidential once and operate in a dynamic, fast-paced, team-oriented environment.
• Execute remediation process to implement technical solutions to address vulnerability findings via ACAS security scan.
• Identifying security vulnerabilities and providing guidance on risk mitigation.
• Review and analysis of applications, systems, network and sites.
• Works with team on technical incident response and remediation activities for client environments.

Confidential, Springfield, VA

Information Security Specialist, Lead

Responsibilities:

• Conduct all-source research on cyber threats (i.e. APTs); evaluate both technical and Intel reporting for cyber threat activities of interest
• Performs keyword searches and produce results.
• Investigates electronic data, including internet use history, word processing documents, images, emails, and malicious files.
• Investigate network intrusions to determine the cause and extent of the breach
• Analyze and vet cyber threat indicators, and input these indicators into custom databases for additional processing
• Collaborate with other technical personnel (e.g. forensic analysts, network analysts) to gain better understanding and knowledge of APTs
• Assist in the development and maintenance of analytical procedures and processes in support of changing operational requirements
• Develop and lead execution of stakeholder analyst-to-analyst feedback processes to understand the needs of the constituency
• Develop and maintain cooperative relationships with sponsors and collaborators, and assist them in strengthening their analysis and cyber defense capabilities, providing on-site support as necessary

Confidential, Fort Belvoir, VA

Senior Incident Response Analyst

Responsibilities:

• Investigated electronic data, including internet use history, word processing documents, images, emails, and malicious files.
• Decrypt password protected data. Detect and recover deleted files.
• Dynamic malware analysis with open source and review threat data from various sources, including appropriate Intelligence databases.
• Prepared clear and comprehensive notes and reports on findings.
• Recommended courses of action based on analysis of both general and specific threats.
• Performed keyword searches and produce results.
• Reviewed and analyzed audit logs, router logs, firewall logs, IDS and IPS logs.
• Maintained proper chain of custody of evidence and associated documentation.
• General understanding of all source intelligence collection methods and ability to fuse collected information into usable products.
• Correlates threat data from various sources to monitor hackers’ activities; all-source intelligence with specific emphasis on network operations and cyber warfare tactics, techniques, and procedures.
• Communicates alerts to agencies regarding intrusions and compromise to their network infrastructure, applications, and operating systems.
• Assisted in training incoming Tier 1 analysts in roles and responsibilities.
• Interface with Intelligence Community(IC) partners on matters pertaining to nation state cyber threats via DCO Chat Online and classified TASKORDERS
• Perform analysis on IC reports using, SIPR for recent cyber threat activity from nation state actors tracked actors
• Experience in Cyber Kill Chain and Intelligence-Driven Defense concepts.
• Perform Open Source Intelligence ( Confidential ) analysis on unclassified threat indicators to understanding of Tactics, Techniques, and Procedures (TTPs)
• Review various Intelligence Community products to assess new cyber indicator activity
• Process Intelligence reports across various threat actors and implement technical blocks on indicators
• Process IC reports and document indicators based on various actors with a focus to identify any change in TTPs

Confidential, Dahlgren, VA

Information Assurance Security Engineer

Responsibilities:

• Reviewed the Security Information Management (SIM) tool interface, as the tool correlates and aggregates alert data sensors along with additional security devices.
• Ensure Component security authorization boundaries are properly defined and captured in the system security plans, and that all interconnection agreements are in place and current.
• Ensured Component hardware and software inventory and documentation is accurate and current
• Performed activities in compliance with current guidance for administrators and users relating to the policies, procedures and controls required by Navy standards for C&A processes.
• Provided validation services for C&A documentation and processes, to include IA Controls, in accordance with the Department of Navy standards for Certification and Accreditation processes.
• Ensured each assigned IA control is implemented according to the applicable guidelines.
• Conducted, analyzed, and managed system vulnerability scan assessments.
• Reviewed and analyze audit logs, router logs, firewall logs, IDS and IPS logs.
• Support the preparation of C&A data packages utilizing the appropriate DoD Accreditation standards, policies, and directives; and facilitate the accreditation decision from the appropriate approval authority to obtain interim and final IA approvals for operations
• Ensured Component systems have secure configuration baselines set and documented, and any deviations approved by the authorizing official.

Confidential, Herndon, VA

Senior Cyber Intel Analyst

Responsibilities:

• Frontline incident analysis, Handling, and Remediation.
• Interpreted and prioritized threats through use of intrusion detection systems, firewalls and other boundary protection devices, and any security incident management products deployed.
• Reviewed the Security Information Management (SIM) tool interface, as the tool correlates and aggregates alert data sensors along with additional security devices.
• Created and implemented snort rules and sourcefire DNS rules for various threats.
• Dynamic malware analysis with open source and review threat data from various sources, including appropriate Intelligence databases.
• Recommended courses of action based on analysis of both general and specific threats.
• Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation.
• Prepared end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty.
• Executed firewall and web filter change requests as required.
• Reviewed and analyzed audit logs, router logs, firewall logs, IDS and IPS logs.
• Performed preliminary forensic evaluations of internal systems, hard drive wipe and system re-image.
• Assisted in training incoming Tier 1 analysts in roles and responsibilities.

Confidential, Vienna, VA

Cyber Security /HBSS Analyst

Responsibilities:

• Continuously monitored levels of service as well as interprets and prioritizes threats through use of intrusion detection systems, firewalls and other boundary protection devices, and any security incident management products deployed.
• Communicated alerts to agencies regarding actual intrusions and potential intrusions and compromises to their network infrastructure, applications and operating systems. Implements counter-measures or mitigating controls.
• Worked with people from various agencies and compiles information for the purpose of understanding agency's mission, goals, and needs.
• Recognized potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
• Ensured the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices
• Managed HBSS network operations and coordinate with JTF-GNO to maintain situation awareness of changes to policy, waivers and exceptions Confidential all DoD HBSS Tiers; maintain log of pertinent information identifying the details of network policy changes; net policy change, HBSS application affected, date disseminated to INOSCs. Protected Site Configuration in accordance with FRAGO 13 JTF-GNO.
• Proficient with DoD hardening, STIG guidelines, and implementing them within DoD environment.

Confidential, McLean, VA

Insider Threat Analyst

Responsibilities:

• Monitored various security devices and report suspicious security events. Analyzed network traffic and IDS alerts to assess, prioritize, and differentiate between potential intrusion attempts and false alarms.
• Collaborated with a team of analysts in efforts to analyze the IDS and remediate security issues in addition to maintaining IDS alerts databases by reporting incidents and executing appropriate countermeasures.
• Prepared daily, weekly, and monthly reports of all incidents and maintained documentation of all policy and rule changes to include justification and reason for the change.
• Examined and interpreted security event activity; identified security vulnerabilities; initiated incident response when applicable.
• Researched, analyzed, and compiled all-source intelligence content
• Open source and commercial analysis tools used for incident analysis, both network and host based.
• Conduct research on emerging security threats
• Maintained situational awareness reports for advanced threats such as Advanced Persistent Threat (APT) and Focused Operations (FO) incidents .
• General understanding of all source intelligence collection methods and ability to fuse collected information into usable products.

Confidential, Durham, NC

Network Operations Analyst

Responsibilities:

• Provided network engineering support in a NOC environment to large corporate clients with more than 100 of the world’s largest data and voice networks.
• Served as primary support of network operations by managing customer devices and end-to-end services, identifying sources of problems, and resolving configuration issues.
• Remotely monitored WAN using Simple Network Management Protocol (SNMP).
• Managed equipment and service vendors for break-fixes (including dispatch, collaborative troubleshooting and problem resolution); verify fixes successful.
• Interfaced with customers while on installation and break-fix trouble calls. Monitored customers’ devices, troubleshoot, and identify source of problems. Provided performance monitoring, management, and reporting of customers’ network.
• Monitored the ticket queue for incoming tickets. Updated tickets in accordance to Service Level Agreement requirement and, if necessary, escalate based on severity levels.
• Managed queue and prepare executive reports.
• Performed installation and modification of network hardware and software as required.
• Opened/Resolved T1 trouble tickets using Remedy ticketing system