We provide IT Staff Augmentation Services!

Sr. Security Analyst Resume

3.00 Rating

Richmond, VA


  • To obtain a Mainframe/Network Security position utilizing my extensive computer skills, background, and expertise to contribute to the efficiency and security of an organization.


Mainframes: IBM/MVS/ESA, IBM/MVS/XA, IBM9672, IBM9121, IBM9221, IBM390, Unisys2200, Unisys4800, RS6000, AS/400, Dec Alpha, SUN5000, SUN6000, and UNIX (AIX)

Software: RACF, Top - Secret, CA-ACF2, CA-Examine, CA-Scheduler, Candle, CA-ROSCOE, ChangeMan, MQ Series, WebSphere 6.0, EASYTRIEVE, IMS/DB/DC/DL1/MFS, JOBSCAN, OMEGAMON, SMF, SYNCSORT, VPS, XPEDITER, BMC Products, Endevor, Rhumba, Vanguard Utilities, Consol, Windows XP/Vista, Lotus Notes R-8.5.1, Microsoft Office 6.0, Retina, AppDectective, AppScanOperating SystemsDBMS, DOS, IMS, JES2, JES3, MS-DOS, VM/ESA, MVS/XA, MVS/ESA, OS/390, z/OS, TSO, SDSF and ISPF



Protocols: LDAP, Asynchronous, Bisynchronous, HASP, IBM3270, LANs, RJE, VTAM and TCP/IP


Networking: ACF, NCP, NDM, Sterling Connect Direct, PDF and FTP


Confidential, Richmond, VA

Sr. Security Analyst


  • Utilized BMC Control-SA Product to schedule production batch jobs on z/OS and UNIX platforms.
  • Responsible for the re- of mainframe applications, mainframe systems, and networks in compliance with Internal Audit, Risk Management and Sarbanes-Oxley Act and GLBA.
  • Testing Sterling Connect Direct connectivity to provide access to over 3000 UNIX servers and 41 LPARs.
  • Ensured that Connect Direct was secured between both organizations for data moving.
  • Worked closely with the DB2 group testing and resetting connections to secondary auth IDs.
  • Verifying Bulk Data connections to meet the new requirements of the Connect Direct connections.
  • Create and test RACF and ACF2 logons, access tables, translate tables, and DB2 Secondary Auth connections to meet all DB2 criteria.
  • Monitor and maintain all accesses, resources, and applications on the mainframe and UNIX systems, as required by Sarbanes-Oxley.
  • Perform programming to enhance the third party software, OEM Products, and the job scheduler, including writing batch JCL using REXX, COBOL, and Assembler programs to enhance their performance.
  • Maintain production JCL by executing batch programs in MVS-TSO and Client-Server environments.
  • Consult with different project teams on COSO and other administrative issues, problems, and procedures relating to any application.
  • Adhere to the security measures that apply to the security of all accesses and highly protected information.
  • Supported ACF2, RACF, z/OS, Control-SA, Connect Direct, MQ Series, JES2, SMP/E, NDM protocol

Confidential, Richmond, VA

Sr. Audit Compliance & Assurance Analyst


  • Employed by Confidential Inc., contracted by IBM; member of the Americas Audit Compliance & Assurance Integrated Technology Delivery Team. Responsible for validating Security logs for Network devices and Event logs for Window Servers for IBM’s Financial Clients.
  • Responsible for the re- of mainframe applications, mainframe systems, window devices, domain controllers and networks in compliance with Internal Audit, Risk Management and Sarbanes-Oxley Act and GLBA.
  • Monthly I would send out Initial Data Request (IDR’s) requesting all Security logs for Network Devices and all Event logs for Window Servers. Request would consist of devices per month.
  • Data would be reviewed and test would be ran checking for Login, Management and Security updates and those changes would be validated to ensure proper Change Management under the GSD331 and ITCS104 guidelines, guidelines are based on IBM and U.S. Federal Government Policies
  • Past Due notices would be issued if requested information was not given by the deadline. During testing of the data, Follow-Ups would be issued if additional information was needed or questioned.
  • Data Sheets would be created if there was suspicious activity, data logs not received or incomplete.
  • Weekly conference calls with Team Manager were performed every Monday, Wednesday & Friday.
  • Position was a remote position, worked from home, performed all tasks & responsibilities via Home office, conference calls. Data request, Data management was created and documented using IBM Lotus Notes and Same Time application.
  • Weekly status reports, created and updated and sent to team Manager.
  • Adhere to the security measures that apply to the security of all accesses and highly protected information.


Sr. Mainframe Security SME /Manager


  • Responsible for the and Accreditation of mainframe applications, mainframe systems, and networks in compliancewith DoDI 5200.40 DoDI 8500.2, and other applicable directives.
  • Create and update SSAA, SDD and Test Plan documents for DITSCAP and DIACAP efforts in accordance with HIPAA,DoD and NIST requirements.
  • Conduct Periodic Review of accredited applications, systems, or networks to ensure configuration stability and continuedcompliance with Information Assurance and security requirements.
  • Served as the overall IT platform owner and single point of contact for the ACF2 and RACF Mainframe system application andresources.
  • Review and control all RACF, Top Secret, and ACF2 reports for compliance with DISA & DIACAP STIGS and DoD policies.
  • Work closely with CIRT and CERT teams in case of incidents of mainframe or network outages.
  • Execute and Accreditation (C&A) Plans against a negotiated timeline.
  • Prepare comprehensive Risk Assessment Reports to support interim Accreditation and Accreditation Reports to supportFull accreditation.
  • Facilitating DISA’s Security Technical Implements Guides (STIGs) and Security Readiness Reviews (SRRs) to preparemainframes and networks for an IATO and or ATO.
  • Supported RACF, ACF2, Top Secret, MVS/OS/390 v2.10, z/OS, IBM3270, LANs, NCP, IBM3494, MQ Series, CA-Examine,

Confidential - Salem, NC

Sr. Mainframe Security Engineer


  • As a Security Engineer, I was responsible for maintaining and applying Sarbanes-Oxley policies across the entire Corporate infrastructure.
  • Responsible for the evaluating access on out-dated mainframe applications, midrange systems, and networks to be compliantwith the new mainframe and midrange applications.
  • Responsible for the re- of mainframe applications, mainframe systems, and networks in compliance withInternal Audit, Risk Management and Sarbanes-Oxley Act.
  • Ensure Privacy of all applications and provide guidance to applications, systems, or networks owners as needed.
  • Review and control all RACF and Top-Secret reports for compliance with Internal Audit and Risk Management polices.
  • Securing WebSphere applications from internal and external threats.
  • Utilized Sterling Connect Direct to provide access to over 2000 UNIX & Oracle servers and 14 LPARs.
  • Monitoring IT infrastructure including operating systems, databases and servers distributed and host environments using Tivoli Monitoring software.
  • Control and create access models and User Groups structure to ensure access for the Sarbanes-Oxley project.
  • Created reports to monitor activity of the RACF database and to track any unauthorized access to all Critical Applications.
  • Supported RACF, MVS/OS/390 v2.10, z/OS, Control-SA, IBM3270, MQ Series, JES2, OMEGAMON, PDF, FTP protocol

Confidential, Louisville, KY

Sr. Project Lead RACF / ACF2


  • Served as the overall IT platform owner and single point of contact for the ACF2 and RACF Mainframe system application and resources.
  • Ensuring that project teams adhere to HIPPA program level change control processes.
  • Resolving issues or escalating to HIPPA Security Core Team as needed.
  • Help all application stewards and business owners with different problems with ACF2, RACF and or System issues questions in-house or over the phone.
  • Reset passwords on the RACF, ACF2 and on the NT platform also checking user accesses across all platforms and help prevent any system violations that may occur.
  • Supported RACF, ACF2, MVS/OS/390 v2.10, HCF, IBM3270, LANs, NCP, PBXs, IBM3494, DOS/VSE, OMEGAMON, PDF, RJE, SNA, TCP/IP and VT102 protocols.

We'd love your feedback!