I am an IT security professional with over 10 years of aggregate experience, areas including security operation center and compliance, with extensive knowledge in the risk management framework. I have developed, reviewed ATO packages and remain FISMA compliant by applying Confidential framework as a guide. Performed remediation of failed security controls/vulnerabilities via Plan of Action & Milestones (POA&Ms). Completed task in software engineering. I am able to work perfectly and effectively under conditions where speed and accuracy matters.
- Use Confidential, Nmap scan tool for scanning for vulnerabilities.
- Log management tool such as Splunk for investigation and data presentation
- Analyzed logs utilizing tools like Wireshark, IDS/IPS and firewalls
- Tableau for presentation of data visualization.
- Understanding of different operating system, such as windows, Linux, Unix (AIX).
- Understanding of security baseline specifications (CIS, USGCB, HIPPA).
- Knowledgeable with TCP/IP routing protocol and the OSI model.
- Tracked the workflow of POA&Ms on GRC
- Utilizes the TRM for software submission.
- Utilizes SEIM tool such as alien vault for analysis of network.
Confidential, Chantilly, VA
Cyber Security Analyst/Security Control Assessor
- Maintains the Security Authorization Certification and Accreditation for assigned systems and remain FISMA compliant applying Confidential Risk Management Framework (RMF) as a guide.
- Ensure that artifacts are maintained and updated in accordance with Confidential guidelines and organizational policies.
- Perform security controls assessments and baseline validations of accredited systems to identify vulnerabilities and control deficiencies as part of continuous monitoring program.
- Performs security/privacy control assessment using Confidential r4a and VA Handbook 6500.
- Coordinate and track remediation of security weaknesses as uncovered via the Plan of Actions and Milestones (POA&M).
- Use FIPS 200 as a guide for minimum security requirements for federal and information systems.
- Supported the review of FedRAMP packages for Cloud Service Providers (CSP).
- Use scanning tools like Confidential and Nmap for vulnerability assessment.
- Utilize the GRC to manage the workflow in POAM management tracking.
- Work with the ASD team to managed the unmanaged software in the VA environment.
- We realized a remarkable drop of unmanaged software which was not accounted at the end of the project.
- Utilizes the BDNA as resource to research for software’s which are not licensed in the VA environment but might be of important.
- Track network/enterprise changes to determine what software programs are running on the network against an approved list (TRM).
Confidential, Beltsville, MD
Cyber Security Analyst
- Performs onsite security testing using vulnerability scanning tools such as Confidential and Nmap.
- Ensuring security policies, procedures, and recommendations comply with Confidential, FISMA, organizational guidelines, and technical best practices.
- Responsible for ensuring that Security Authorization documents, such as the System Security Plan, Security Assessment Plan, Plan of Action and Milestones (POA&M), Contingency Planning and artifacts are maintained and updated in accordance with Confidential guidelines.
- Utilizes the Cyber Security Assessments and Management (CSAM) to record, manage, and assess and remediate vulnerabilities.
Confidential, Dallas, TX
- Reviewed log generated from IDS and IPS to investigate suspicious traffic.
- Utilizes Log management tool such as Splunk to investigate failed logins
- Performed vulnerability scanning using tools such as Confidential and Nmap
- Analyzed pcap files using Wireshark tool.
- Support the risk and compliance teams with standards - based approach to vulnerability anticipation and remediation.
- Use ticketing system such as ServiceNow to respond to tickets.
- Utilized Tableau application to display data in different visualization for clarity.
- Perform continuous monitoring using SIEM tools such as alien vault to analyze and detect Malwares
Confidential, Dallas, TX
- Provided onsite support to review documentation for password guides lines
- Expanded awareness on current attack trends and protection against attacks
- Reviewed logs to make sure proper documentation of related securities baseline are met.
- Reviewed to make sure users were actually working within their role-based privileges’
- Assisted in monitoring system-controlled areas to make sure only assigned or authorized personnel to get access to.
Communications and Network Security Engineer
- Coordinated with team in internal compliance review and monitored activities for Network Operations, including periodic reviews of departments within the Network Operations functional unit and collaborated with Internal Audit
- Assisted in planning and monitoring networks, systems and controlled areas
- Conducted vulnerability assessments and audits of network devices
- Specified, installed, configured and used hardware and software diagnostic tools required to determine the adequacy and/or operational capabilities of network security processes
- Assigned group policy to users on the network. Ensured that user privileges are in accordance to the company’s security policy.