SUMMARY

• I’m an Information Technology professional with over 12 years of experience, with a focus on related Information Assurance disciplines.
• Seeking to support opportunities that can take advantage of my workexperience and skill set while leveraging my academic and professional background in Cyber Security to grow as an Information Technology Professional. Highly skilled and driven Information Technology
• Specialist self - driven proactive security initiatives in a variety of organizations. Coordinate and detected fraud analysis utilizing open source and classified research on emerging and or trending threats and vulnerabilities. Demonstrate knowledge and experience in planning and developing strategies to enhance overall confidentiality, integrity, and availability or cybersecurity programs. Strong knowledge of network forensics and security management. Advanced cyber intrusion analysis and detection using various tools such as Splunk, ArcSight, McAfee ePO, FTK, Encase, Mandiant, Solar Winds, and Web
• Inspect. I have excellent communication skill both verbal and written, exceptional troubleshooting skill, and driven to succeed and an excellent team player.
• Create alternate courses of action (Disaster Recovery or Business Continuation Plans for data innovation frameworks) and working in systemic excess to guarantee accessibility and availability of system assets.
• Thorough data analysis, including system and network performance to identify issues, threats, and complexities; as well as to make thorough recommendation on necessary action.
• Knowledge in modifying potential risk through identification of required changes on IT security based on new technologies or threats and execution of measures to ensures IT security awareness/compliance.

PROFESSIONAL EXPERIENCE

Cyber Fraud Analyst/IRS

Confidential, VA

Responsibilities:

• Part of IRS Cyber Fraud Analytics & Monitoring (CFAM) team which is dedicated to the prevention of wholesale and retail personally identifiable information (PII) from IRS Intergraded Enterprise Portal (IEP) Resources.
• Perform a comprehensive forensic analysis of application logs in search of signs or patterns that may indicate unauthorized activity.
• Discover, identify, mitigate and report intentional or unintentional unauthorized use of customer information and information systems.
• Monitor for fraud, misuse and abuse, including content identity leakage Personally Identifiable information (PII).
• Utilize various tools on a daily basis such as: Splunk and ArcSight.
• Reviews and respond to real-time technical information security events and manage incidents.
• Collaborates with the watch floor to ensure continuity of Operations. Performs Daily Shift Hand down for their perspective shift, capturing and significant activity that occurred during tour of duty.
• Recommend new signature triggers to be implement in an effort to continually improve a wide range of detection mechanism.
• Sift and Analyze through RAW data logs via ArcSight, run utilities against various data sets and annotate event cases with the finding of my analysis
• Escalating to Watch Commander or Government personnel in the event of suspected breach or leak of PII to fraudsters.
• Manipulate data within Excel by creating pivot table to further evaluate the details.
• Triage and interpret system logs
• Detect fraud through analytic methodologies
• Collaborate with the Cyber Fraud Watch and Monitoring Tool Developers
• Utilize tools script to perform administrative action in UNIX/LINUX environment to gather data for analyzing RAW data within ArcSight.
• Recommend improvements for the detection of fraudulent behavior through the analysis of data from many disparate sources
• Develop visualization dashboards and indicators that identify anomalous activities
• Understand business processes and synthesize potential fraud scenarios and risk indicators
• Interact directly with client project team members and operational staff
• Contribute to the continuous monitoring capability and offer groundbreaking methods to combat emerging fraudulent activity.
• Perform all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction. Performing near real-time and real-time monitoring of events, across multiple platforms, to include the IEP, which hosts several online IRS Services.
• Serve as an enterprise incident commander with national level implications in response to security events and associated mitigation of risks, recommend mitigation or countermeasures, and resolve issues associated with major events within the information technology infrastructure that have IRS-wide impact.
• Develops the ability of others to perform and contribute to the organization by providing ongoing feedback and by providing opportunities to learn through formal and informal methods.
• Support cyber fraud examiners in coaching them in the identification of patterns to detect approximate IP classes, clusters, or patterns of suspicious behavior either automatically or matching known indicator inputs.
• Collaborate between IRS and external governmental elements as necessary during incident detection and response stages.
• Identify and analyze important factors and conditions related to interrelationships among different IT functions and activities.
• Briefs leadership on emerging threats, high profile incidents, and upcoming events to influence the direction of the cyber fraud threat landscape.

Incident Response Analyst/DHS HQ

Confidential, Washington, DC

Responsibilities:

• Perform triage on all security escalations/detections to determine scope, severity, prioritization, and if immediately possible identify root cause.
• Responsible for confirming security events associated with US-CERT and DHS HQ incident categories and handle per the ISB Incident Response SOP and the DHS MD 4300A core document.
• Practiced industry best practices to gather and assess all relevant available/observable event/incident data as evidence.
• Ensures chain of custody and control procedures, documents procedures and findings in a manner suitable for courtroom presentation and prepares comprehensive written notes and reports.
• Remediation of classified evidence from computers, printers/scanners, cell phones, network drives, and web servers.
• Conduct forensic analysis of computer hard drives and external drives within EnCase and FTK while utilizing the software’s built in utility to produce a detailed report.
• Administer incident response procedures, triage victim systems, review log data to find potential intrusions and apply remediation guidance.
• Displayed flexibility and adaptability with On-call schedule, part of a 24/7 Incident Response team
• Take the necessary steps to reduce risk exposure and limit damage from intrusions and maintain continuity of operations
• Provide guidance to clients and fellow personnel throughout entirety of incident.
• Utilize specific security applications to monitor internal and external-facing environments.
• Work closely to answer and provide information regularly to manager and vendors in a timely manner.
• Research COTS products, schedule meetings and trainings with vendors on industry leading tools to enhance the mission’s goals for possible acquisition.
• Utilize various tools such Splunk, Tanium, Mandiant (FireEye), Redline, McAfee ePO, Trace, EnCase, FTK, Autopsy, Magnet IEF (analyzing data)

Senior System Engineer/DISA

Confidential, Reston, VA

Responsibilities:

• Displayed Analytical thinking by Co-Leading in support of joint efforts in stabilizing the Remote Desktop Server Protocol (RDSP) services for NIPR and SIPR networks.
• Communicated via briefing in person and remotely to senior management and stake holders as a project manager for the RDSP project.
• Used Critical thinking problem solving and judgement skill to overcome technical issued in the field.
• Assistant lead in engineering the new terminal service RDSP infrastructure for the DISA Enterprise.
• Lead engineer for problem management in identifying and resolving the root cause of VPN issue within the organization.
• Conduct systematic Risk Assessment, Impact Statements, and Release Plan.
• Engineer for the Problem Management team using ITILs industry best practice to identify root cause analysis for problem tickets.
• HBSS admin for our EVIF lab environment where I manage and update the ePO server as well as deploy McAfee agents and modify policies.
• Experience with trouble ticketing system Remedy.
• To provide either a temporary fix or workaround to a problem.
• Perform user account administration, group administration, and group policy administration.
• Manage DNS entries and Active Directory Suites and Tools.

Systems Administrator/DISA

Confidential, Reston, VA

Responsibilities:

• Building and provisioning servers to specification based on recommendation provide by customer via the Engineering Action Request (EAR) process.
• Initiated Security Content Automation Protocol (SCAP) scans on servers to enable automated vulnerability management, measurement, and policy compliance.
• Security Technical Implementation Guide (STIG) servers to remove inherent vulnerabilities by performing maintenance processes, such as software updates, editing registry keys, and vulnerability patching.
• Performed daily and route health checks of servers, Virtual Machines (VM), and Domain Controllers.
• Proficient use with Active Directory User and Computers, DNS, Sites and Services, and Group Policy Manager
• Assisted in the engineering and configuration of implementing the use of smartcards (CAC) within the lab environment to accommodate for upcoming Authority to Operate (ATO) audit.
• Thin Client deployment and management.
• Provide technical support for the RDSP infrastructure on NIPR and SIPR networks.
• The ability to multitask and to balance priorities

Systems Engineer/DHS TSA

Confidential, Falls Church, VA

Responsibilities:

• Configure virtual servers for production.
• As Wintel lead technician I attended bi-weekly Telecom to present request for changes on mission critical system to a Change Control Board with a backout plan.
• Configure DFS relationship to allow file sharing and replication of data between multiple locations.
• Engineer and support all Windows Servers on a secured Enterprise network to maintain organizational confidentiality, integrity, and availability.
• Assisted in creating and revising SOP for everyday procedures.
• Monitor server event logs to troubleshoot system security issues.
• Monitor Enterprise wide network via “Solar Winds” act a as first responder to system owners to maintain SLA of availability.
• Assist in the submission of Wintel’s weekly and monthly reporting.
• Maintain and protect the confidentiality, integrity, and availability of mission critical assets.
• Use IBM’s Site Protector Console to monitor logs files of passive HIDS on client machines.
• Collaborate with multiple departments to perform daily assignments.
• Provides professional customer service to clients.
• Conduct systematic Risk Assessment, Impact Statements, and Release Plan.
• Created object groups and assigned them to access list within the ASA firewall.