SUMMARY:

I am an IT security professional with over 10 years of aggregate experience, areas including security operation center and compliance, with extensive knowledge in the risk management framework. I have developed, reviewed ATO packages and remain FISMA compliant by applying NIST framework as a guide. Performed remediation of failed security controls/vulnerabilities via Plan of Action & Milestones (POA&Ms). Completed task in software engineering. I am able to work perfectly and effectively under conditions where speed and accuracy matters.

TECHNICAL SKILLS:

• Use NESSUS, Nmap scan tool for scanning for vulnerabilities.
• Log management tool such as Splunk for investigation and data presentation
• Analyzed logs utilizing tools like Wireshark, IDS/IPS and firewalls
• Tableau for presentation of data visualization.
• Understanding of different operating system, such as windows, Linux, Unix (AIX).
• Understanding of security baseline specifications (CIS, USGCB, HIPPA).
• Knowledgeable with TCP/IP routing protocol and the OSI model.
• Tracked the workflow of POA&Ms on GRC
• Utilizes the TRM for software submission.
• Utilizes SEIM tool such as alien vault for analysis of network.

PROFESSIONAL EXPERIENCE:

Confidential, Chantilly, VA

Cyber Security Analyst/Security Control Assessor

Responsibilities:

• Maintains the Security Authorization and Accreditation for assigned systems and remain FISMA compliant applying NIST Risk Management Framework (RMF) as a guide.
• Ensure that artifacts are maintained and updated in accordance with NIST guidelines and organizational policies.
• Perform security controls assessments and baseline validations of accredited systems to identify vulnerabilities and control deficiencies as part of continuous monitoring program.
• Performs security/privacy control assessment using NIST r4a and VA Handbook 6500.
• Coordinate and track remediation of security weaknesses as uncovered via the Plan of Actions and Milestones (POA&M).
• Use FIPS 200 as a guide for minimum security requirements for federal and information systems.
• Supported the review of FedRAMP packages for Cloud Service Providers (CSP).
• Use scanning tools like Nessus and Nmap for vulnerability assessment.
• Utilize the GRC to manage the workflow in POAM management tracking.
• Work with the ASD team to managed the unmanaged software in the VA environment.
• We realized a remarkable drop of unmanaged software which was not accounted at the end of the project.
• Utilizes the BDNA as resource to research for software’s which are not licensed in the VA environment but might be of important.
• Track network/enterprise changes to determine what software programs are running on the network against an approved list (TRM).

Confidential, Beltsville, MD

Cyber Security Analyst

Responsibilities:

• Performs onsite security testing using vulnerability scanning tools such as NESSUS and Nmap.
• Ensuring security policies, procedures, and recommendations comply with NIST, FISMA, organizational guidelines, and technical best practices.
• Responsible for ensuring that Security Authorization documents, such as the System Security Plan, Security Assessment Plan, Plan of Action and Milestones (POA&M), Contingency Planning and artifacts are maintained and updated in accordance with NIST guidelines.
• Utilizes the Cyber Security Assessments and Management (CSAM) to record, manage, and assess and remediate vulnerabilities.

Confidential, Dallas, TX

SOC Analyst

Responsibilities:

• Reviewed log generated from IDS and IPS to investigate suspicious traffic.
• Utilizes Log management tool such as Splunk to investigate failed logins
• Performed vulnerability scanning using tools such as Nessus and Nmap
• Analyzed pcap files using Wireshark tool.
• Support the risk and compliance teams with standards - based approach to vulnerability anticipation and remediation.
• Use ticketing system such as ServiceNow to respond to tickets.
• Utilized Tableau application to display data in different visualization for clarity.
• Perform continuous monitoring using SIEM tools such as alien vault to analyze and detect Malwares

Confidential, Dallas, TX

System analyst

Responsibilities:

• Provided onsite support to review documentation for password guides lines
• Expanded awareness on current attack trends and protection against attacks
• Reviewed logs to make sure proper documentation of related securities baseline are met.
• Reviewed to make sure users were actually working within their role-based privileges’
• Assisted in monitoring system-controlled areas to make sure only assigned or authorized personnel to get access to.

Confidential

Communications and Network Security Engineer

Responsibilities:

• Coordinated with team in internal compliance review and monitored activities for Network Operations, including periodic reviews of departments within the Network Operations functional unit and collaborated with Internal Audit
• Assisted in planning and monitoring networks, systems and controlled areas
• Conducted vulnerability assessments and audits of network devices
• Specified, installed, configured and used hardware and software diagnostic tools required to determine the adequacy and/or operational capabilities of network security processes
• Assigned group policy to users on the network. Ensured that user privileges are in accordance to the company’s security policy.