SUMMARY:

• Over 10 years of network management experience focusing on Risk Management, Information Assurance (IA) and Computer Network Defense (CND)
• Partnering with Legal for compliance with GDPR
• Confidential 8570 IAT Level III
• Confidential 8570 IAM Level II
• Prior experience working in a Security Operations Center; working with Endpoint Detection & Response (EDR) products
• Active Directory administration
• Familiarity with ISO27000 standards and ISO27002 controls standards in particular
• Expertise in IA policy implementation, assessment, analysis and remediation
• Highly developed research and analytical skills
• Expertise in enhanced threat detection and mitigation
• Experience with information security devices (e. g. Snort Intrusion Detection and McAfee Prevention
• Detection Systems), secure enterprise information management, correlation, and collaboration tools/applications such as Wireshark, Netwitness, Splunk, ArcSight ESM, Palo Alto FireWall, Lancope Stealthwatch, Fire Eye.
• Extensive use of Vulnerability Detection Tools such as e - Eye Retina and currently on Assured Compliance Assessment Solution (ACAS).
• Strong interpersonal skills—including conducting and orientations to various employees

TECHNICAL SKILLS:

• Splunk 6.6 Fundamentals 1 and 2
• ArcSight ESM Security Analyst (AESA)
• RSA Security Analytics for Analysts
• IBM Security QRadar SIEM
• Nessus, Foundscan, Nmap, Retina, GFI Languard
• Digital Guardian Encase, FireEye, and NetWitness

EXPERIENCE:

Confidential

Information Security Supervisor

Responsibilities:

• Inventory and document known regulatory compliance requirements
• Inventory current risk and compliance policies and procedures
• Research and identify applicable regulations pertinent to our industry and global presence
• Inventory and document known regulatory compliance requirements
• Inventory current risk and compliance policies and procedures
• Research and identify applicable regulations pertinent to our industry and global presence
• Inventory and document known regulatory compliance requirements
• Inventory current risk and compliance policies and procedures
• Research and identify applicable regulations pertinent to our industry and global presence
• Inventory and document known regulatory compliance requirements
• Inventory current risk and compliance policies and procedures
• Research and identify applicable regulations pertinent to our industry and global presence
• Inventory and document known regulatory compliance requirements
• Inventory current risk and compliance policies and procedures
• Research and identify applicable regulations pertinent to our industry and global presence
• Assist and document are known as regulatory compliance requirements i.e. NYC RR500
• Develop current risk and compliance policies and procedures for incident response plan
• Contribute to architecture security reviews and consult on creating compliance processes that improve the security of Key’s products, platforms, and services
• Investigate, analyze, and evaluate new technologies and risks
• Has current working knowledge of various security tools, including firewalls, web proxies, DLP, IDS/IPS, WAF, etc
• Provides direct administration of SIEM to include configuration, access control, tuning, integration, and continuous improvement activities
• Act as a point of escalation for SIEM and provide guidance and mentoring to associate security engineers/analyst
• Research and identify applicable regulations pertaining to our industry and global presence
• Perform a full company and functional level risk assessment: to included Gardium Event logging Monitoring.
• Identify gaps in our risk and compliance environment Disaster Recovery plans and Change Controls process.
• GDPR compliance regulation knowledge, responding to requests and ensuring compliance.
• Assist in the continuous development, implementation, and ongoing maintenance of the security and awareness program.
• Identifies, monitors and tracks high-risk applications.
• Strong knowledge and understanding of information security legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard.
• Responsible for monitoring vendor risk and following vendor risk management policy.

Confidential

Information Assurance Analyst

Responsibilities:

• Responsible for providing key government personnel with policy coordination and interpretation support, general information security support, and assisting with the development and implementation of a defensive security program that protects information systems and documents.
• Responsible for ensuring and documenting that all systems are regularly scanned and audited in accordance with applicable Confidential policy and procedures and that incidents are documented and accounted for as necessary through leadership.
• Maintains a database to track trends, unauthorized activities, and common practice procedures and remedies to be followed by subordinate units in correcting deficiencies identified during information assurance vulnerability compliance visits.
• Employs network scanning tools such as ACAS, QTIP, and SCCM etc., to detect system and network vulnerabilities/deficiencies as part of a proactive network security policy.
• Provides daily status on findings and recommendations and provides follow-on written
• Technical analyses and reports.
• Provides 24/7 Anti-Virus and IAVA reporting, to include a review of logs, open tickets, and recommended process for remediation.

Confidential

Information Security Risk Analyst

Responsibilities:

• Execute tasks and help mature threat monitoring and vulnerability management capabilities and processes, including, but not limited to the following:
• Endpoint Protection and Data Loss Prevention (DLP) with Digital Guardian alert monitoring and risk mitigation planning
• Patch management process planning and task execution oversight
• Penetration Testing and Application Vulnerability Scanning remediation planning
• Review results from internal and external vulnerability scans and drives risk remediation planning
• Analyze security-related incident tickets submitted by IT, business, and field stakeholders and propose appropriate risk mitigation solutions
• Assist with the execution of the Security Incident Response Process and recurring incident response exercises
• Participate in the IT change management meetings and provide subject matter expertise on security-related IT change requests
• Discover and classify sensitive data by context and content to gain visibility into how it is used.
• Monitor data access and usage by users and processes
• Implement automated policy driven information protection
• Alert, block and record high risk behavior ultimately preventing costly and damaging data loss incidents
• Develop and maintain the implementation life-cycle of information security policies and supporting documentation (i.e. standards, guidelines, etc.) Perform recurring policy refresh to ensure control requirements and policy guidance remains current and applicable
• Assist in the continuous development, implementation, and ongoing maintenance of the security and awareness program. Help create and deliver security and data protection awareness content to end users
• Assist with the planning and execution of the employee phishing defense campaigns

Confidential

Sr. Security Engineer - Sr. Security Engineer/Analyst

Responsibilities:

• Develop and present information technology management development/implementation plan for security solutions;
• Provide technical direction to analysts and contractors; develop information security policies and standards; automate access provisioning across supported systems and applications with documentation; direct the disaster recovery and business continuity strategy.
• Utilize Splunk for monitoring, correlating, analyzing security events from appliances including Blue Coat Proxy, FireEye, SourceFire, Symantec, Juniper SRX, Fortigate, and others.
• Development of SPLUNK Queries to generate the Report and Dashboard Creation.
• Configure and tune customized Splunk Enterprise Security alerts, adhering to the requirements of the Confidential Environment.
• Create custom documentation for internal and external needs.
• Work closely with Digital Forensics to conduct deep dive investigations and digital discovery on endpoints.
• Analyze, and triage remediation of threats detected across all Confidential endpoints, including exploit kits, viruses, Trojans, adware, & spyware.

Confidential

Security Analyst - Information Security Professional

Responsibilities:

• Investigate internal alerts and incidents
• Examine malicious software (bots, worms, Trojans) to analyze the nature of threat; use malware (APT) analysis to develop IDS signatures (Snort), FW rules, AV signatures, NetWitness Meta and create ArcSight channels/reports for APT specific threats; conduct data exfiltration/leakage assessment; create and execute common queries and reports within the RiskVision, ArcSight, NetWitness, and Tipping Point family of tools
• Analyze log data using indicators of compromise (IOC) and interesting events (IE) in order to identify potential malicious activity and correlate events that cross operational divisions
• Perform real-time web application protection against SQL injection attacks, malicious bots, zero-day attacks, data loss and defacement protection and any other Web Application attacks;
• Research and maintains proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, exploits, IDS evasion, data hiding, network security, and encryption