SUMMARY

• Skilled and highly motivated cyber security professional proficient in providing cyber analysis as well as incident response to small to enterprise level organizations.
• Extensive experience with a plethora of tools used to maintain the confidentiality, integrity, and availability of an organization.
• Consistently recognized for attention to detail and diligence while providing support to clients.
• Efficient at creating effective resolution methods to complex technical issues.
• Excellent writing, communication, and organizational skills to effectively provide services to technical and non - technical users in client-vendor environments.

TECHNICAL SKILLS

• Macafee SIEM
• FireEye HX
• BlueCoat Security Analytics
• Symantec Endpoint Protection Manager
• WireShark
• VirusTotal
• InfoSniper
• CounterACT
• MX Toolbox
• Imperva Secure Sphere
• Absolute/ Computrace
• Forescout
• Remedy
• CSAM
• FedRAMP
• Splunk
• Cisco Fire Power
• Citrix
• SCCM
• IBM BigFix
• Microsoft Office 365
• Mobile Iron
• Symantec Management Center
• Python
• Nessus

PROFESSIONAL EXPERIENCE

Confidential

Cyber Security Systems Engineer

Responsibilities:

• Serve as FAS representative for meetings on CDM collaboration.
• Serve as FAS representative on USDA Tiger Team, which was designed to to assess, design, and deploy solutions for the OIG Audit Report.
• Train team on proper usage of CDM tools (Splunk, IBM BigFix, ForeScout, Tenable Security Center)
• Design and implement Cyber Policies such as the Incident Response Policy, Rules of Behavior, Account Management, Application Scanning, and Vulnerability Scanning policies.
• Analyze network for security gaps. Research different vendors and recommend cyber tools tools bridge security gaps.
• Pull vulnerability reports via IBMs BigFix & Tenable Security Center. Analyze report and send recommendations to ISSO.
• Utilize IBM’s BigFix for DISA STIG compliance scans.
• Utilize ForeScout CounterACT as NAC.
• Tasked with building FAS instance of Splunk from the ground up. This includes the following: Coordinating with many different teams to have data forwarded from devices into Splunk. Creating alerts, dashboards, and reports from the data forwarded to Splunk from tools. Researching specialized apps in an attempt to get more out of data. The configuration of Splunk Server.
• Utilize Veracode to monitor changes in web applications. If a change is proposed, the FAS security team is required to review and either approve the change, request more information from the developer, or deny change and give reason.
• Attend weekly CCB (Change Control Board) meetings.
• Utilize ForeScout CounterACT as NAC.
• Acted as a liaison between various departmental groups on information security related topics in order to audit systems based on security standards.
• Collaborated in teams of technical and non-technical experts providing results that are beneficial to the organization.
• Developed detailed recommendations for mitigating findings and process improvement projects through the use of high security scanning systems.
• Developed, reviewed and updated Information Security System Policies, System Security Plans (SSP), and Security baselines in accordance with NIST, FISMA, NIST SP and Monitored the overall Secured Health of the department.
• Develop policy and procedural controls relating to Management, Operational, and Technical Controls.
• Put together Authorization packages (SSP, PO&Ms & SAR) for Information Authorization Officer.
• Track and document key milestones and deliverables including planning, change management and quality management.
• Responsible for tracking and reporting project status to Information Security leadership and partners.
• Attending weekly project status calls with clients and taking meeting minutes
• Identify/track project delays and ensure staff are keeping customers notified of any schedule impacting issues
• Provide RMF process training to new assessment staff and NIST training to new engineers
• Plan projects, meet objectives, develop contingencies, and manage tasks within budget.
• Serve as secondary point of contact for the sponsor on all contract and contractor issues, inform contracting office and staff management of all issues.

Confidential

Cyber Security Systems Engineer

Responsibilities:

• Utilize Tenable Security Center to conduct various security scans, reports, and assessments on servers, workstations and network devices (e.g., Patch Analysis, Port Analysis, Malicious Code Analysis, and CERT Vulnerability Analysis,) Results are documented in Certification Reports, Residual Risk Assessment Reports, and Standing Operating Procedures.
• Install Apps, Create Dashboards, Alerts, in Splunk in order to simplify data and proactively monitor network for security incidents and anomalies.
• Made recommendations to high ranking government officials on how to mitigate the remaining residual risks by implementing various information security technologies, such as Security Awareness Training strategies, IDSs, Firewalls, Tier'ed Network Infrastructures, and advanced auditing technologies.
• Administered Symantec Antivirus and Symantec Endpoint Protection across the entire FSIS network to include removal of viruses, update of definitions, pushing upgrades, managing accounts and configuring policy settings.
• Monitor and administer Symantec Management Center, Blue Coat web proxy, and CAS system to block malicious sites/unapproved sites, discover inappropriate browsing, and content analysis. Responsible for updating software, creating rules in VPM, as well as maintaining local database file.
• Responsible for configuring and managing Firepower Management Center, and Cisco Firepower IDS/IPS (, 21 sensors). Responsibilities include updating definitions, managing policies and rules, and monitoring intrusion events.
• Create SOP’s for various SOC duties including Nessus vulnerability scanning, RFC Review, SEP Application and Device Control, and incident handling procedures.
• Generate summary and status reports for management which provide details about monthly totals, status of remediation, status of upgrade, and complete summaries of security incident investigations.

Confidential

Cyber Security Analyst

Responsibilities:

• Use SIEM technologies and other native tools to perform the monitoring of security events on a 24x7 basis
• Perform analysis on logs produced by network devices utilized within the OCC such as firewalls, content filtering, syslog from various sources/devices, assorted Intrusion Detection capabilities, substantiating vulnerability scanner results, directory services, DHCP logs, Secure Email Gateway logs, and approved OCC applications
• Use the Intel McAfee SIEM to monitor the network and perform analysis, while integrating the results and information needed to provide incident response and proactively protect the OCC enterprise. This includes developing customized signatures, enterprise content filtering, or firewall ACL change recommendations.
• Provide security events analysis and support to include identifying potential threat, anomalies, and infections, documenting findings, providing recommendations within the OCC’s incident management system, performing triage of incoming security events, performing preliminary and secondary analysis of those events, and validating the events
• Perform technical analyses, such as analysis of malicious code, network traffic, web log data, cyber intelligence, hard drives, and other storage and forensics media, to control exploitative activity.
• Manage inbound requests via the OCC ticketing system (Service Now), as well as via telephone calls, and provide security notifications via three methods: logging incident tickets, sending emails, and placing telephone calls
• Monitor MacAfee Security Manager (IPS) for intrusion. If intrusion appears to occur analyst are to follow up on incident to assure that server(s) in question have been contained, and to determine origin and potential damage
• Perform vulnerability scans (Qualys)
• Monitor traffic on WAF (Imperva Secure Sphere)
• Monitor CIRC mailbox and respond to potential phishing email reports.
• Utilize BlueCoat Security Analytics for packet capture and firewall monitoring.
• Contain infected and/ or suspicious nodes (FireEye HX)

Confidential

Tier II Desktop Support

Responsibilities:

• Provide top quality customer service to each user
• Push out biweekly patches via IBM’s Big FIX
• Handle unblock request for websites that are not on agencies approval list.
• Handle lost/ stolen issues via IBM’s Big Fix
• Monitor all VIP queues so that no VIP ticket breaks the SLA of being in the assigned status for over one hour. Assign tickets to colleagues at remote sites. Assist VIP local users with technical issues.
• Supports 4 agencies, and 25 sub-agencies, users within the US Department of Labor Enterprise Service Desk Environment under OCIO. A total of 20k+ end users
• Respond to customers queries either in person, via email and phone. Notify users about planned maintenance windows and outages. Assists with a number of tasks including PC imaging, Install, modify, troubleshoot, and repair computer hardware and software
• Troubleshoot iPhone, Android, and Blackberry devices via BES & Maas360
• Create, delete, modify, and transfer AD accounts
• Use Remedy to create, resolve, and escalate tickets based on expertise and appropriate group membership

Confidential

Technical Support Analyst/ Jr. Systems Administrator

Responsibilities:

• Provide a blend of phone-based and onsite technical support on Windows & Mac operating systems and a wide variety of HW/SW issues. 250+ end-users in small to medium sized businesses in the DC metro area
• Log all issues accurately in the ticket tracking systems (SpiceWorks)
• Edit local group policies for user and area specification
• Encrypt nodes using Windows BitLocker
• Push monthly patches and software via SCCM
• Use SIEM technologies and other native tools to perform the monitoring of security events daily
• Provide security event analysis and support
• Provide highest quality of customer service personalizing each users experience accordingly
• Help migrate company to Exchange Server 2010 from Exchange Server 2007
• Complete vulnerability scans via OpenVAS
• Configure and manage Exchange Online Archive
• Perform analysis on logs produced by network devices utilized within the firewall vis SIEM & Symantec Endpoint Protection
• Review, maintain and perform upgrades to existing PC systems
• Perform PC refresh and migration from Windows XP to Windows 7
• Assist with the management and maintenance of hardware and software inventory
• Provide post-migration end user support to users with new OS issues
• Install, configure, and troubleshoot COTS applications