SUMMARY:

Information Security Practitioner whose qualifications include a bachelors degree in computer information systems, a masters degree in information security, a public trust (NACI) security clearance, and detailed knowledge of security tools, technologies and best practices. Over seven years of experience protecting confidentiality, integrity, and availability of information systems for diverse companies.

TECHNICAL SKILLS:

Applications & Tools: AppScan, Weblnspect, Qualys, Nessus, RSA Security Analytics, RSA Archer SecOps, Splunk, Tripwire, Algosec, Bluecoat, FireEye, Wireshark, Nmap, Metasploit

Operating Systems: Windows 2003/2008/2012// XP/7, MacOS, Kali Linux (Debian)

EXPERIENCE:

Lead Security Engineer

Confidential, Atlanta, GA

Responsibilities:

• Act as a team lead to the Cyber Defense department overseeing the monitoring of security threats and risks, provide in - depth incident analysis, evaluate security incidents, and provide proactive threat research.
• Monitor open source information feeds and threat actor activity to identify activity levels and indicators for cyber threats and cyber-attacks.
• Analyzing and researching known indicators, correlating events, identifying malicious activity, and discovering new sources to provide early warnings related to a variety of cyber threats.
• Creates threat reports for global Chief Information Security Officer (CISO). Maintain the logging platform.
• Assist with consulting on IT Security projects, problems and requests.

Senior Security Analyst

Confidential, Alpharetta, GA

Responsibilities:

• Developed, maintained, documented, and communicated processes that ensure delivery of Security Assurance services.
• Provided investigative support for malware detection and analysis, digital forensics, network and individual PC based events.
• Investigated IDS and log management alerts.
• Reviewed netflow data for anomaly detection.
• Developed and calculated metrics for use by management to report to various levels of the business.
• Coordinated the development of new signatures and enhancements to existing rules and alerts structure of the log management solution to better respond to security incidents.
• Maintained and enhanced the SIEM, policy compliance and vulnerability management solutions.
• Assessed security control requirements with the different business units.
• Stayed informed of current events in the security industry including the latest exploits and threats, as well as, preventative measures and remediation.

Information Security Analyst

Confidential, Norcross, GA

Responsibilities:

• Managed the event logging, monitoring, alerting of audit logs through RSA Envision/Splunk.
• Investigate, Analyze and Responds to Events that may be unusual or suspicious.
• Conducts Forensics Analysis, Incident Response and other Security related investigations.
• Investigate intrusion detection alerts and respond accordingly.
• Review firewall change request before implementation.
• Perform External and Internal Network/Application vulnerability assessments.
• Support Internal Audit department for SOX/SSAE 16 IT Audits.
• Perform quarterly SOX/SSAE 16 testing of IT controls.
• Help Official Payments met PCI DSS level 1 merchant requirements.
• Works directly with IRS to assist Official Payments in meeting IRS IV&V requirements.
• Work with Technical Writer to update Policy and Procedures.
• Communicating and interacting with vendor service providers, government entities, and functional peer groups verbally and through electronic correspondence.
• Provide guidance on vulnerability remediation.
• Monitor system changes to critical systems with Tripwire.
• Perform POC (proof of concept) of security solutions.
• Manage employee security awareness program.

Lead Security Engineer (Consultant)

Confidential, Smyrna, GA

Responsibilities:

• Utilize solid business knowledge and expert technical experience of IT security to collaborate with other teams and leaders to provide a secure information environment and facilitate business enablement.
• Provide the knowledge of security industry best practices to ensure the protection of Confidential information assets and the capability of using hands on assessment technologies to assess risk.
• Work as a Security Liaison between the Information Assurance organization and the IT Business Portfolios. Perform security assessments of systems and applications utilizing Web Inspect, AppScan, Qualys and nmap.
• Help internal and external business partners understand any security risks and recommend remediation actions.

Security Analyst

Confidential, Sandy Springs, GA

Responsibilities:

• Use open source and commercial tools to perform vulnerability assessment services through a comprehensive testing process.
• Analyze test results, performing data validation, tracking defects and providing regular status to management.
• Performed testing of the overall security of applications and critical infrastructure devices, which include ensuring compliance of internal policies and industry standards.
• Perform network and application vulnerability assessments utilizing AppScan, Qualys, Nessus, nmap and numerous other security tools on Backtrack.
• Assist in documenting information security policies, procedures and standards.