- Driven IT professional with over 5 years of experience as a Cyber Security Analyst, demonstrated success in resolving problems and issues in high pressure, deadline environments. Possess a solid background in a dynamic range of cybersecurity and network defense, I thrive under pressure in a fast paced environment while providing critical business strategy and working to prevent cyber - attacks especially in business and corporate settings. Willing to relocate if need be.
- Experienced in the development of System Security Plans (SSP), Contingency Plans, Business Impact Analysis, and Configuration Management Plans, System Security Checklists, Privacy Impact Assessments, POA&M,
- Familiar with VMware and other Virtual Machine Applications.
- Experienced working with NIST SP 800-53 rev 4
- Team player mentality experience with Data visualization tools like tableau
- Experience in assessment of security control using NIST SP 800-53A
- Microsoft word, Excel, Outlook, Rapid7, Carbon black, Logrthym, ServiceNow, ArcSight, Wireshark, cyber triage.
- Firewall, Ethernet, Internet, HTTP,HTTPS, NIS, DNS, FTP, NFS, TCP/IP, SSH, SMTP,
- Windows, LAN/WAN, TCP/IP, DMZ, IPS/IDS.
Cyber Security Analyst
- Maintain proper functioning of hardware, software and network devices such as switches, routers, and hubs.
- Monitor network intrusion detection systems (IDS), intrusion prevention systems (IPS) and host-based intrusion prevention/detection systems (IPS/HIPS).
- Continuously monitoring Security Incident & Event Management (SIEM) alert queue for intrusions & violations to the company's policy.
- Maintains records of security events investigated and incident response activities, utilizing case management and ticketing systems with the use of ServiceNow.
- Operate and support various third party and open source security tools.(IDS, Anti-malware).
- Review/analyze all organization information related to security with the use of Mimecast.
- Perform hunting exercises using threat intelligence, analysis of various log data and results of historical events, and response to threats with the use of LogRhythm.
- Assist with the development of processes and procedures to improve security operation functions, incident response time, analyze all incidents.
- Provide technical issues on Windows systems & various network devices.
- Real time triage and analysis of security alerts also prioritization and escalation of alerts and incidents that exceed the SOC threshold.
- Manage vulnerabilities with the aid of InsightVM by rapid7 and Microsoft Baseline Security Analyzer (MBSA 2.3) Vulnerability Scanners to detect potential risks on a single or multiple assets across the enterprise network.
Cyber Security Analyst
- Risk Management Framework (RMF) assessments and Continuous Monitoring: Performed RMF assessment on several different environments using both scanning tools and manual assessment. The assessment included initiating meetings with various System Owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls, and documenting findings of the assessment.
- Assists in monitoring and analyzing attempted efforts to compromise security protocols. Identify issues, conducts analyses and escalates initial results.
- Reviewed and updated some of the system categorization using FIPS 199, Initial Risk Assessment, E-authentication, PTA, PIA, SAR, SSP, SAP& POA&M.
- Provided technical support in the evaluation of security products and developed information system security studies and reports that address areas of information system security concerns.
- Hold kick-off meeting with CISO and systems stakeholders prior to the assessment engagement.
- Manage vulnerabilities with the aid of Nexpose and Microsoft Baseline Security Analyzer (MBSA 2.3) Vulnerability Scanners to detect potential risks on a single or multiple assets across the enterprise network.
- Conduct risk assessments regularly; ensure measures raised in assessments were implemented in accordance with risk profile, and root-causes of risks were fully addressed following NIST 800-30 and NIST 800-37.
- Communicates alerts to clients regarding intrusions and compromises to their network infrastructure, applications and operating systems.