SUMMARY:

• Identifying and implement security solutions as well as perform computers, system and/or network security vulnerability assessments and scans to identify, evaluate and mitigate security risks. Also responsibility for day to day system and data security.
• Performs all procedures necessary to ensure the safety of information systems assets and to protect
• Security Events monitoring using SIEM tools & identifying vulnerabilities by using vulnerability scanners such as Qualys, VMS Enterprise, McAfe ( MVM ), IBM endpoint manger scanner (IEM).
• Recommend corrective measures and ensure the adequacy of existing information security controls.
• Identifying control breaks and vulnerabilities with application & platform support teams.
• Maintains security systems and administers security policies to control access to systems.
• Identifies opportunities and executes plans to improve workflow and understands and quantifies business impacts of those improvements for communication to management.
• Performing quarterly basis QEV, CBN, PR, SHC’s. If any deviations raising noncompliance records to appropriate platform team for action.
• Communicating with ITAO’s with respective to testing and requirements.
• Capable in handling test request, quotes and SOW.
• Interfaces with user community to understand security needs and implements procedures to accommodate them. Ensures that user community understands and adheres to necessary procedures to
• Ensures finalized APs / NCI’s appropriately included / updated in risk systems and metrics.
• Relevant and sufficient evidence are reviewed for the purpose of closure of any APs / NCI’s and regular reporting of open APs and NCI’s
• Escalating issues associated with lead IRMs as needed.
• Provides status reports on security matters to develop security risk analysis scenarios and response procedures.
• Prepares weekly/Monthly decks & presenting to account team.
• Experience on scanning tools like Appscan and fortify
• Service Management Exposure: IPC Knowledge.
• Audit & Compliance management.
• Exposure on Project Transition & Transformations.
• Driving Internal and external governance calls with team and customer.
• Responsible, sociable, accurate, adaptable, self - sufficient, self-directed, detail and results oriented
• Ability to learn new technologies in short time of period and able to understand areas unfamiliar to me independently.
• Easily adaptable to new systems and tools. Proactively identify areas to reduce outages.
• Always opened for constructive dialogue and suggestions.
• Ability to operate effectively in a stress environment with conflicting priorities.
• Flexible for any shift and to work on holidays.

PROFESSIONAL EXPERIENCE:

Confidential, Jacksonville, FL

IT Security analyst

Responsibilities:

• Works with the other members of the information assurance team to plan and conduct meetings with system owners where information about the systems and security is gathered and reviewed in accordance to the Risk Management Framework (RMF) authorization process.
• Monitors, identifies and report on security incidents, and work with appropriate personnel to develop corrective action plans to resolve the incidents.
• Performs Security Categorization using FIPS 199 and Privacy Threshold Analysis with business owners and selected stakeholders.
• Performs comprehensive Security Control Assessment (SCA) and prepare report on management, operational and technical security controls for audited applications and information systems.
• Runs vulnerability scans on system infrastructure and applications using Nessus.
• Identify security control weaknesses; compile them in a POAM document and track their remediation with system owners using TAF.
• Oversees the preparation of comprehensive and Executive & Accreditation (C&A) packages for submission to the Information Assurance Program Office for approval of an Authorization to Operate (ATO).

Confidential, San Mateo, CA

Compliance focal/IT Security analyst

Responsibilities:

• Conducted Security Assessment and Authorization (SA&A) activities in accordance with
• NIST and departmental policies.
• Developed and maintained security test plans and results
• Developed POA&M to address identified vulnerabilities and track POA&Ms for remediation
• Developed and documented security related processes/procedures
• Contribute to initiating FISMA metrics such as Annual Testing, POA&M Management, and

  Program Management .

• Assist with review of policy, security alerts guidance, regulations and technical advances in
• IT Security Management.
• Perform ST&E according to NIST SP A and recommended solutions
• Perform vulnerability scanning with Nessus
• Review artifacts and removed any PII (Personal Identifiable Information) for audit re quests

Confidential, San Jose, CA

Vulnerability analyst/ IT Security analyst

Responsibilities:

• Update and Review standard templates for required security assessment and authorization

  documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages

• Evaluate threats and vulnerabilities of each system and ensure proper safeguards are in
• Place to protect information systems
• Document and/or reviewed System Security Plan (SSP), finalized Security Assessment Report (SAR), Security Plan of Action and Milestones (POA&M) and Authorization letter Memorandum (ATO).
• Hands on experience on SOM PSP & NIST controls.
• Working knowledge of the Information Systems Security Authorization process, performing Security Authorization activities using National Institute of Standards and Technology (NIST) Special Publication 800-Series guidelines and processes, as well as DoD Information Assurance and Accreditation Process (DIACAP) DoD 8510.01, and FISMA policies and guidelines
• Communicate effectively through written and verbal means to co-workers, subordinates, clients, and leads

Confidential

Technical Analyst/ IT Security analyst

Responsibilities:

• Develop and Accreditation documentation in compliance with NIST and organizational standards.
• Develop, review and evaluate System Security Plans (SSP) and Information System Contingency Plans (ISCP) based on NIST Special Publications
• Perform comprehensive assessments and write reviews of management, operational and technical security controls for audited applications and information systems
• Develop and conduct Security Test and Evaluation (ST&E) according to NIST SP ACompile data to complete Residual Risk Report and to insert contents into the POA&M
• Ability to multi-task, work independently and as part of a team
• Strong analytical and quantitative skills
• Effective interpersonal and verbal/written communication skills
• Identify deficiencies in accordance with OMB Circular A-123, Appendix A

Confidential

Windows system administrator.

Responsibilities:

• Over 4 years of Working experience as a VMware Administrator in Data Center Environment running vSphere 4, VMware ESX 3.5 and 3.0
• Experience with HP servers (C7000 Enclosure, BL 460c G7, DL 580, DL160 G6), IBM servers and Dell Power Edge Servers.
• Implementation Maintenance & Administration of Windows Server 2003/2008/2012 Active Directory environment.
• Proficient in configuring DNS, DHCP and Active directory services in Windows based server environment.
• Worked with Active Directory issues such as: logon failures, account lockouts, network connectivity, DNS and WINS name resolution, authentication problems, file and printer permissions etc.
• Experience in performing System Integration/Administration for VMware ESX 3.0/3.5/4.0 and Virtual Center Server 2.0/2.5/3.0.
• Experience in creating virtual machines, templates, clones on hosts, Extensive experience in P2V,V2V conversions using VMware Standalone converter and Vizioncore Vconverter, Configured SAN storage and Network connections to the converted Physical machine.
• Configured ESX hosts with DRS, HA and VMotion enabled for Load balancing, Configured memory, processors, switches, San Storage to virtual Machines on ESX hosts, Configured virtual networks between the virtual machines through virtual switches.
• Working on Ticket process in receiving Incident tickets in Remedy Tool, IBM Maximo in 24x7 environments.
• Involved in managing multiple domains in active directory integrated organization.
• Building the Servers through Altiris Tool and installing the Application as required by the regions.
• Expertise in building Windows 2000, W2k3, 2008 and 2012 servers using HP Smart Start, Array configurations, Diagnosing, server, Updating Firmware and installing PSP.
• Installing the Applications on Desktops through Marimba Channel and Alitris Tools.
• Installing Citrix Meta frame presentation server 4.0/ XenApp and manage the farm through Presentation Management Console.Strong understanding of VMware Networking concepts like creation of VSwitches, different types ofport groups, NIC Teaming and VLAN
• Creating Virtual farm in Citrix or VM Ware environments to deploy applications.
• Publishing applications and providing access to the users using PS console.
• Experience in Core build engineering, standard desktop/servers build, groups policies, active directory administration, BartPE/WinPE, PXE boots and imaging terminology.
• Hardworking, determined and a good team player, Strong verbal and written communication skills, Ability to interact with all levels of an organization in a professional manner.