A highly motivated IT Security professional with over 7years of experience providing IT services to business professionals and consumers from diverse business arenas while maintaining organizational Service Level Agreement. Seeking a position that will allow me to gain the necessary experience and grow as a key player in the development of an organization.
- Customer service oriented, able to manage quality control and provide quality service
- Outstanding communication and interpersonal skills
- Analytical thinker with strong problem solving and conflict resolution skills
- Possess excellent time management skills and ability to work in a team environment
- Record management and document control
Hardware/systems: PC - installation, application, configuration, repair, troubleshooting, and optimization; Windows 7-8, Window 10, Unix, Microsoft Windows Server 2008-2016, VMware Mirage, Active Directory, ESET Endpoint Antivirus, Altiris, Web Inspect, Symantec PCAnywhere, System Center Configuration Manager, Global Protect VPN, Remote Desktop Connection, Nmap, Cisco NAC/ISE, BMC Remedy, Microsoft Office 2003 -2016, Microsoft Outlook 365, McAfee, Service-Now, Nimsoft, Nessus, SolarWinds, Barracuda Email Security, Mainframe, PeopleSoft, Oracle 11i, SQL Server, Cisco IDS, Linux, FedRAMP, AppDetective, AIX, Confidential -800-37, 53, 53Ar4, 60 Volumes 1&2, 137, 30, 18, 34, 92,60, FIPS 199/200, FISMA, PCI, HIPAA, OMB A-130, SOX, DIACAP, ZenApps, Palo Alto Networks, Bomgar
PROFESSIONAL EXPERIENCE:Information Security Analyst, Annapolis, MD
- Develop Assessment & Authorization (formerly known as Certification and Accreditation C&A) package for compliance with Confidential guidance, including System Security Plans (SSP), System Categorization documents, FIPS 199 Security Categorizations, and Risk Assessments, Security Assessment Plan (SAP), Security Assessment Report (SAR), Plan of Action and Milestones (POA&M), maintained and updated in accordance with ( Confidential 800 Series); SP 800-60/FIPS 199, SP 800-53/FIPS 200, SP 800-30, SP 800-18, SP 800-53A, SP 800-37-RMF and Contingency Plans.
- Developed skills to clearly articulate complex issues for customer and management review.
- Reviewed authorization documentation for completeness and accuracy for compliance
- Executed examine, interview, and test procedures in accordance with Confidential SP 800-53A Revision 4
- Validated information system security plans to ensure Confidential control requirements are met
- Reviewed security logs to ensure compliance with policies and procedures and identifies potential anomalies
- Conduct Security Technical Implementation Guide (STIG) assessments on behalf of ATA for JIS
- Facilitated Security Control Assessment (SCA) and Continuous Monitoring Activities on asset vulnerabilities
- Developed Disaster Recovery Plans, Incident Response Plans/Training, Memorandum of understanding and Configuration Management
- Authored recommendations associated with findings on how to improve the customer's security posture in accordance with Confidential controls
- Assisted team members responsible for monitoring of multiple tools, portals, processes, and environments for email based threats, Web Filtering and End point protection of Malware.
- Reviewed Mainframe and Active Directory logins security logs to ensure compliance with policies and procedures and identifies potential abnormalities
- Prepare Information Security Assessment and Authorization Documents for General Support System (GSS) and Major Applications (MA)
- Uploaded supporting docs in the System's Artifact Libraries, and CSAM
- Updated, reviewed, and aligned SSP to the requirements in Confidential 800-53, rev4; so that assessments can be done against the actual requirements and not ambiguous statements
- Managed vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple assets across the enterprise network
- Reviewed SAR post assessment; created and completed POAM's milestones to remediate findings and vulnerabilities
- Monitored security controls post authorization to ensure continuous compliance with the security requirements
Information Security Analyst, Vienna, Virginia
- Responsible for ensuring that Security Authorization packages such as System Security Plan (SSP), Plan of Action and Milestones (POA&M), Security Assessment Report (SAR) are maintained reviewed and updated in accordance to Confidential guidelines.
- Performed Federal Information Security Modernization Act (FISMA) audit reviews using Confidential 800- 37 rev 4
- Participate in client interviews to determine the security posture of the System.
- Supported the Information Assurance (IA) team to conduct risk assessments, documentation for Security Control Assessment, vulnerability testing and scanning.
- Prepare and submit Security Assessment Plan (SAP) for approval.
- Develop and update Security Plan, Plan of Action and Milestones (POA&M).
- Monitor controls post authorization to ensure continuous compliance with the security requirements.
- Prepare and update the Security Assessment Report (SAR)
- Analyze and perform technical and non-technical security risk assessments of computer and network systems via network scans, interviews, documentation review and walk-through of both new and existing federal information systems for FISMA compliance using Confidential guidelines and controls.
- Knowledge of IT security architecture and design (firewalls, Intrusion Detection Systems (IDS), Virtual Private Networking (VPN), Security Monitoring Tools and Intrusion Prevention Systems (IPS).
- Conduct Risk Assessment on all mission critical systems for changes.
- Conduct policy development research and analyze information system issues.
- Re-assess remediated controls for effectiveness.
Service Desk Analyst, Alexandra, Virginia
- Utilize remote computer control technologies such as Symantec PCAnywhere/ System Center Configuration Manager/Bomgar to effectively troubleshoot and resolve problems.
- Monitor Remedy/Service-Now queue for new call tickets to resolve them
- Install software and drivers using Altiris Quick Delivery/VMware Mirage Console and other remote access tools
- Provided feedback to the management on the performance of Tier 1 analysts
- Keep track of individual ticket assignments and ensure that customer issues have been addressed and resolved to their satisfaction.
- Acquire and maintain a competent level of knowledge on relevant products, current support policies, and methods of support delivery
- Create, troubleshoot, document, and escalate incidents and service requests within the specified timeframes as explained in the workflow
- Advanced ability to troubleshoot and resolve reported technical problems
- Frequent contributor to the knowledge base by creating new articles and maintaining existing articles.
Technical Support Specialist, Gaithersburg, MD
- Support all D.O.C employees using Bizflow e-Approval Application.
- Assists off-site users with desktop application and provide user training.
- Troubleshoot hardware and software issue with application.
- Create and modify all government forms using SharePoint.
- Log all service desk interactions and follow standard service desk procedures.
- Instruct users on changes from Bizflow 11.5 to 12.2
- Conduct training class for new e-Approval users
- Perform daily monitoring checks
- Perform windows patch testing for Test and Production Environments
- Experience with daily monitoring and response to security alerts using Nimsoft