PROFILE:

Highly accomplished, technically inclined professional, offering extensive knowledge on system analysis, technical operations, regulatory compliance, as well as client relations and support within IT Industry. Knowledgeable in providing real - time security event analysis, along with response to internal and external threats using packet analysis techniques requiring a thorough understanding of current vulnerabilities, exploit techniques, and emerging threats. Skilled at integrating or operating global endpoint security products. Recognized for strong awareness of recent security threats and technologies to support research with recommendations. Multilingual: fluent in English with working knowledge in German and Spanish.

TECHNICAL ACUMEN:

Microsoft Office Suite: Word, Excel, PowerPoint, and Outlook

Computer Software: eMASS, ACAS, HBSS, Security Center, Wireshark, Nessus, SCAP Compliance Checker

Microsoft Server: 2008,2012,2016

Anti-virus tools: McAfee (EPO Orchestrator) Norton, and Symantec.

Networking: Local Area Network (LANs), Wide Area Network (WANs), Virtual Private Network (VPNs), Routers, Firewalls, Transmission Control Protocol (TCP)/ Internet Protocol

PROFESSIONAL EXPERIENCE:

Confidential, Fairfax, VA

Cyber Security Analyst/System Engineer

Responsibilities:

• Configure and maintain McAfee ePolicy Orchestrator 5.3 and 5.9 on HBSS servers in 3 environments for the Department of Defense Pentagon Force Protection Agency.
• Built HBSS server using a DISA provided iso and configured according to the DISA ePO build from image guide, as well as the DISA HBSS configuration guide using VMWare vSphere.
• Install McAfee module extensions, and check-in client module packages onto each ePO as they are released to the DISA patch repository (McAfee Agent, HIPS, Policy Auditor, DLP, ACCM, and Virus Scan Enterprise)
• Configure the DoD Source Repository and the Daily/Incremental Repository Replication scheduled server Task for ePO master repositories to reflect DISA’s Content Staging Server.
• Monitor for rogue systems and create exceptions for any system unable to receive McAfee Agents such as printers, VOIP phones and network devices.
• Ensure that all policies for each module is in accordance with DISA STIGs.
• Create queries and run daily compliance reports as requested.

Confidential, Arizona

Information Assurance Specialist

Responsibilities:

• Provided key government personnel with policy coordination and interpretation support, general information security support, and assisting with the development and implementation of a defensive security program that protects information systems and documents.
• Ensured and documented that all systems are regularly scanned and audited in accordance with applicable DOD policy and procedures, and that incidents are documented and accounted for as necessary through leadership.
• Maintains a database to track trends, unauthorized activities, and common practice procedures and remedies to be followed by subordinate units in correcting deficiencies identified during information assurance vulnerability compliance visits.
• Employs network scanning tools i.e. ACAS (Assured Compliance Assessment Solution), and SCCM (System Center Configuration Manager), to detect system and network vulnerabilities/deficiencies as part of a proactive network security policy.
• Provides 24/7 Anti-Virus and Information Assurance Vulnerability Alert reporting, to include review of logs, open tickets, and recommended process for remediation.
• Provides daily status on findings and recommendations and provides follow-on written technical analyses and reports.
• Prepares, distributes, and maintains plans, instructions, guidance, and standard operational procedures concerning Information Security.
• Participates in Information Assurance risk assessments during the Certification and Accreditation process.
• Prepares, reviews, and evaluates documentation of compliance.
• Prepares recommendations for the Authorizing Official.
• Reviews Information Assurance and Information Assurance enabled software, hardware, and firmware for compliance with appropriate security configuration guidelines, policies, and procedures.
• Reviews Information Assurance security plans.
• Identifies alternative functional Information Assurance security strategies to address organizational security concerns.

Confidential

Cyber Security Specialist

Responsibilities:

• Perform Confidential RMF security assessments for Standalone Information Systems and Closed Restricted Networks.
• Obtain and maintain access to eMASS and perform all required RMF functions in eMASS.
• Enforce Federal Information Security Management Act (FISMA) requirements.
• Review system configuration to ensure compliance with security requirements and ensured compliance with established standards.
• Develop Cybersecurity reports in response to queries.
• Deploy upgrades, patches and general security measures to secure and mitigate threats.
• Integrate security programs across disciplines.
• Define the scope and level of detail for security plans and policies.
• Assess new systems design methodologies to improve software quality; implementation activities.
• Identifies need for changes based on new security technologies or threats.
• Develops long-range plans for IT security systems that anticipate, identify, evaluate, mitigate, and minimize risks associated with IT systems vulnerabilities.
• Review proposed new systems, networks, and software designs 'for potential security risks.
• Conduct risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs.
• Perform systems security evaluations, audits, and reviews.
• Participate in network and systems design to ensure implementation of appropriate systems security policies.
• Assess security events to determine impact and implementing corrective actions.

Confidential, Silver Spring, MD

Security Analyst

Responsibilities:

• Utilize Intrusion Detection Systems (IDS), and Intrusion Protection Systems (IPS) to monitor, detect, and mitigate unusual activities and utilize a wide variety of computer software, such as Wireshark, and Nessus.
• Conduct inspections on compromised machines that might contain malicious software running without the knowledge of the system holder.
• Administer security holes patching to protect the system from possible attackers.
• Execute network scans and vulnerability scans for the entire system; review and define every security violations that arise during internal investigations.
• Oversee inappropriate utilization of computer resource, as well as evaluate reported security threats and weaknesses.
• Supervise security investigations and forensic investigation of computers upon incident.
• Review IT security policies, procedures, standards and guidelines according to department and federal requirements.
• Provide Risk Management Framework documentation review and security assessment services in support of Assessment and Authorization) A&A.
• Review System Security Plan (SSP) and convert the SPP to the latest templates for the assessment.
• Develop assessment plans, assessment reports and post-assessment out brief.
• Provide valuable assistance in the preparation, coordination, distribution, and maintenance of various plans, policies, and instructions; guide on the relevant operating policies and procedures that need to be adhered by.
• Evaluate security-significant changes to accredited information systems on an ongoing basis and recommend safeguards or enhancements that maintain or improve the security posture.
• Report anomalies or abuse of the system access to management.
• Update policies, procedures, standards, and guidelines according to Department and Federal Specifications.
• Develop policy and procedural controls relating to management, operational, and technical controls for the organization.
• Define backup policies and monitor backups for completion and viability.
• Investigate and monitor alleged breaches and provide formal reports to the Information Systems Security Manager.
• Complete audit assessments; assist other entities with gathering necessary documentation to address auditors' interests and concerns.
• Maintain compliance information regarding various accreditation packages in appropriate data systems.
• Continuously innovates new methods to develop and evolve new infrastructure and participates in the technical research.
• Knowledgeable with system vulnerability scans utilizing Retina and SCAP scanning tools; assess the implementation of Information Assurance Controls.
• Ensure secure, robust infrastructure systems, including DNS, email, wireless networks, firewalls, and enterprise authentication, by performing efficient troubleshooting.
• Submit well-written and comprehensive reports setting forth facts of complaints, observations, and actions taken and investigative findings.
• Schedule and facilitate ad-hoc discovery sessions with applicable stakeholders.
• Consolidate weekly status reports.
• Conduct in-depth technical reviews of new and existing systems to identify the precise mitigation strategies required to bring such systems into compliance with established policy and industry guidelines.

Confidential, Baltimore, MD

Cyber Security Engineer

Responsibilities:

• Executed examine, interview, and test procedures in accordance with NIST SP 800-53a revision 4. Ensured cyber security policies are adhered to and that required controls are implemented.
• Assisted team members with proper artifact collection and detail to clients' examples of artifacts that will satisfy assessment requirements.
• Reviewed security logs to ensure compliance with policies and procedures and identifies potential anomalies.
• Made input in data calls to ensure it security projects are on track. Worked with systems and network administrators to develop implementation statement for security controls.
• Coordinated with development team to ensure closure of reported vulnerabilities by explaining the ease of exploitation and impact of the issue.
• Prepared reports with security breaches and the extent of the damage caused by the breaches to brief higher management and clients.
• Performed vulnerability assessment of various online applications to identify the vulnerabilities in input data validation, session management, authentication, authorization, auditing and logging.
• Performed security assessment on the applications, web sites, and web applications to determine the security posture.

Confidential, Largo, MD

Desktop Support Technician, Help Desk

Responsibilities:

• Assisted Respond to requests for technical assistance in via phone or electronic mail.
• Handled and addressed all customer’s demands associated with program issues or computer operations through telephone or email.
• Ensured proper maintenance of Local Area Network (LAN) and Wide Area Network (WAN) records.
• Took part leading the installation, configuration, and ongoing usability of desktop computers.
• Mentored staff on hardware and software equipment; capitalized on industry expertise in enhancing staff tools, including blackberries, tablets, and computers operating systems.
• Fixed compromised machines through troubleshooting and scanning to indicate whether the machine was undergoing a hacker attack.
• Encoded all necessary information in ticketing system.
• Used antivirus tools, such as Norton and Ghost to protect the security of files and information that might be assaulted by the hackers, as well as conducted security scans and desktop troubleshooting.
• Installed and configured desktop and notebook computers. Resolved problems on computers running Windows XP, Windows Vista and Windows 7 Operating Systems for users. Rebuilt computers with new operating systems. Managed company IT asset inventory. Responded to user requests for system and applications issues. Utilized Remote Desktop to solve user oriented problems.
• Created user accounts for the various company wide applications, domain access. Assigned security and distribution group access and privileges based on employee role and job functions. Created email accounts in Microsoft Exchange Server, configured and managed client access on computers, tablet devices and mobile devices. Balanced new user training demands with user requests.
• Maintained Windows 2003 and 2008 domain controllers, monitored systems logs.
• Installed and configured antivirus software on computers, managed updates from the McAfee ePO server.
• Created and updated user training documents. Supplied answers to frequently asked questions.
• Installed and connect printers, workstations to the network.
• Performed memory hard drive and Microsoft Operating System upgrades.