- I am Insightful IT Security Analyst professional with 8 years of experience in IT in general and 5 years of experience in a broad range of cyber security and Information technology.
- Bulletproof experience in Analyzing Security Incidents, Vulnerability and Penetration Testing, Network Monitoring, Information Security & Network Security functions.
- Experience with industry recognized SIEM (Security Information and Event Management) solutions such as confidential etc.
- Experience in Managing and Protecting large Enterprise data and Network Systems.
- Experience in identifying, assessing and providing recommendations to mitigate organizational risk using cyber security frameworks and controls such as ISO 27001/2, and Confidential SP 800 - 37, SP 800-53 Rev.4, SP 800-18 Rev.1, SP 800-60. Skillful in preparing Authorization Package - SSP, SAR and POA&M. I am an excellent collaborative team player who can hit the ground running.
- Customer service skills, good communication skills, good analytical skillsLeadership skills, relation management skill - window 7,8,10, 12; Mac os x; Nessus; Splunk fundamental I; Wireshark; Nexpose Nmap; OpenVas; TCP/IP; basic understanding of Linux
Cyber Security Analyst
Confidential, Bethesda MD
- Managing third party penetration testing activities and drives remediation efforts across the organization.
- Developing baseline Technical Security Requirements (TSRs) / Security Technical Implementation Guide (STIG) for hardening infrastructure networks, servers, computers, and logical designs to enhance overall security.
- Performing a review of security documents updated by ISSO to confirm they are Confidential compliant, review and certifying/validation of items uploaded into POA&M tracking tool in support of remediated/closed findings
- Performing vulnerability scanning as part of the Assessment and Continuous monitoring, with Nessus and provided remediation to system and application administrators.
- Analyzing and updating System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M).
- Designates systems and categorize its C.I.A using FIPS 199 and Confidential SP 800-60
- Develops policy and procedural controls relating to Management, Operational and Technical Controls for the Organization.
- Conducts Security Control Assessment on General Support Systems (GSS), Major Applications and Systems to ensure that such Information Systems are operating within a strong security posture.
- Updates IT security policies, procedures, standards, and guidelines according to department and federal requirements.
Information Security Analyst
Confidential, Gaithersburg, MD
- Collaborated with IT, Engineering, and Internal Audit teams to actively improve the security policies and controls of the organization using technical documentation and research.
- Advised and consult with internal customers on risk assessment, threat modeling, and vulnerability management
- Monitored and analyzed network traffic, Intrusion Detection Systems (IDS) and Instruction Prevention Systems (IPS), security events and logs.
- Provide analysis and trending of security log data from various security devices
- Maintain up - to-date knowledge of the IT security industry, including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors
- Provide information security reporting, including security metrics as required