SUMMARY

• 8 Years hands - on experience in field of Application Security, Data Warehousing and Web Services.
• Strong Knowledge of Software Development Life Cycle (SDLC) including Waterfall, Agile/Scrum and RUP methodologies.
• Familiar with Defense, ISO, and IEEE standards along with NIST .
• Experienced in Managing vulnerabilities with the aid of Wireshark, Retina, Kali-Linux and Nessus to detect potential risks on a single or multiple assets across the enterprise network.
• Involved with developing, reviewing, maintaining, and ensuring all Assessments and Authorizations (A&A) documentation are included in systemsecuritypackage.
• Involved with developing, reviewing and updating policies and procedures, audit and compliance with but not limited to Fed RAMP, NIST and FISMA.
• Managed analytical tasks for Operational Security such as Incident Handling with DLP and SIEM.
• Analyze day to day data activity to ensure best security practices across the network.
• Experienced working on intrusion detection system (IDS) monitoring to identifysecurityissues for remediation, incident response, information assurance, informationsecuritybest practices, system hardening, vulnerability assessment, vulnerability management, antivirus, firewalls, and techniques for analyzing TCP/IP network traffic and event logs.
• Knowledge of ITsecurityarchitecture and design (firewalls, Intrusion Detection Systems (IDS), Virtual Private Networking (VPN),SecurityMonitoring Tools and Intrusion Prevention Systems (IPS).
• Supported in addressing OWASP Top Ten & ApplicationSecurityvulnerabilities.
• Involved in comprehensive set of Security Tests, Security vulnerabilities analysis, security assurance practices, emerging threats and processes to validate possible security flaws
• Good Understanding of Vulnerability Scan, Vulnerability Assessment, Penetration Testing, Fuzzing, Security Audit, OS Security, Confidentiality, Authentication, Availability & Information Security
• Create informationsecurityawareness though on sensitive information such as PHI and PII identification and protection.
• Supported the Information Assurance (IA) team to conduct risk assessments, documentation for SecurityControl Assessment, vulnerability testing and scanning.

TECHNICAL SKILLS

Methodologies: Agile/Scrum, Waterfall, Rational Unified Process

Modelling and Design Tools: Rational Rose, Requisite Pro, Clear Quest and UML

Scripting: JavaScript, CSS3, XML, and HTML5.

Programming Languages: C, C++, C#.Net (Framework 4.0), Python.

Database: SQL Server 2008/2012, MY SQL, MS Access

Operating Systems: Windows 98/2000/XP/7/8/10, Linux, Unix, Ubuntu.

Networking Tools: Nagios,Capsa Free, The Dude, Angry Ip Scanner, AppScan, Webinspect, nmap.

Tools: Microsoft Office 2013, MS Project 2013 and MS Excel 2013,MS SharePoint, JIRA, Rally, MS Visio, Wireshark, Source Fire.

PROFESSIONAL EXPERIENCE

Sr Security Analyst

Confidential, Houston, TX

Responsibilities:

• Responsible to communicate with business users to identify information security needs and details of functional and non-functional requirements related to the CATAMARAN software for managing Inventory of medical supplies.
• Support Veterans Affairs Hospitals in addressing OWASP Top Ten & ApplicationSecurityvulnerabilities.
• Utilize Nessus, Burp to scan, identify, and remediate existing and future vulnerabilities.
• Identify IT related deficiencies, implement ITsecuritypolicies, procedures, Update and generate reports of all actions and vulnerabilities.
• Responding tosecurityrelated tickets escalated from clients, and works collaboratively with the client to assist in resolvingsecurityevents.
• Working closely with the stakeholders, SMEs, and staff to understand the business requirements, and design specification for new Inventory management software which replaces GIP Vista/IFCAP module in VAMC.
• Responsible to gather confidential national data from secured servers for past years to track the usage of supplies based on sales data using fund control point (FCP), cost centers (CC), validation and mapping.
• Holding a lead position to review the bill of materials (BOM) to send further in the process of approval by national VA using Deltek Procurement module.
• Experienced in conducting User acceptance test (UAT) and verifying performance, reliability and fault tolerance issues related to the Software.
• Composed and embedded unifying governance standards and applicable elements of HIPPA at work place.
• Drafted plan on HIPPA to support technology team to plan, implement, document, and train staff on meeting departments electronics HIPPA transmission policies, procedures, and security.

Environment: Nmap, Wireshark, Linux, MS Project, MS Visio, MS Access, MS SQL, Microsoft Excel, Microsoft SharePoint, CATAMARAN 3.3, Deltek procurement module, UML, Agile, Waterfall.

Information Security Analyst

Confidential, New York NY

Responsibilities:

• Participate in client interviews to determine thesecurityposture of the System.
• Collaborate with Corporate & Risk Services and EIS & Threat Management/Incident Response Services to develop, update and measure effectiveness of Corporate and EIS policies and standards.
• Prepared workstations for image capture: setting local policies, updating all software and add-ons, disabled and enabled key settings to increase efficient productivity.
• Analyzed systems and network vulnerability with tools such as Tenable Nessus and HP Web Inspectsecurityscanners to identify/detect potential risks on information systems and across the enterprise network.
• Assisted corporate investigations with possible fraud cases. Performed research to determine policy and procedure violations.
• Identifying, researching, validating and exploiting various different known and unknown security vulnerabilities on application.

Environment: Linux, Appscan, Wireshark, Nessus, HP Web, Rational Rose, MS Visio, MS Office, SQL Server, JIRA, HTML, Network Security.

Network Security Analyst

Confidential, Alpharetta GA

Responsibilities:

• Plan, implement, monitor, and troubleshoot internal information technologysecuritypolicies, applicationsecurity, access control, and corporate data safeguards.
• Experience in creating ITsecurityarchitecture and design (firewalls, Intrusion Detection Systems (IDS), Virtual Private Networking (VPN),SecurityMonitoring Tools and Intrusion Prevention Systems (IPS).
• Redesigned company Wireless network increasingsecurityand overall functionality.
• Responsible for the Implementation, design and switch out of company firewalls, Intrusion Prevention Systems, and web filtering technology utilizing Check Point firewalls and software blades
• Providing infrastructure and application vulnerability assessment and penetration testing services.
• Provide technical advice on access control,securitymodels, disaster recovery, business continuity planning, andsecurityawareness .
• Closed tickets employees opened via FootPrints.
• Automated scanning using Burp Proxy, Appscan and WebInspect.

Environment: Appscan, WebInspect, data safeguard, FootPrints, Windows XP/2000, Linux, Rational suite (Requisite pro, Rational Rose, Rational Clear Quest), MS Office suite (Word, Excel, Access, Power Point, Outlook).

Security Analyst II

Confidential

Responsibilities:

• Comprehensive testing process including dynamic and static assessment, as well as identifying weaknesses and vulnerabilities within the system and countermeasures.
• Perform vulnerability assessment and penetration testing of web and desktop based applications and mobile interfaces for company's global businesses and technology teams.
• Ensure the integrity and protection of computer network, systems and applications.
• Exposed to monitoring NOC server condition program SCOM.
• Technical enforcement of security policies through monitoring of vulnerability scanning devices.
• Perform periodic and on-demand system audits and vulnerability assessments.
• Captured and imaged workstations and servers using Ghost.
• Deployed images via network to workstations using the Windows Deployment Service Server.
• Perform analysis of business needs and translate into secure, viable technical solutions.
• Work with Information Security Architect, Network Infrastructure Team and other business units to implement security infrastructure and technical controls.

Cyber Security Analyst

Confidential

Responsibilities:

• Involved in all phases of Software development life cycle (SDLC) using Agile Scrum methodology.
• Configured network devices: switches and routers (wired and wireless).
• Enforce and track the Third Party Compliance with the Payment Card Industry DataSecurity Standard (PCI DSS)
• Developing and implementing new applications to handle asset management and reporting in order to reduce time needed to identify devices and their ownership.
• Researching asset discovery using all tools available in order to identify them and assign them to their required security plan.
• Perform network scanning and vulnerability assessments.
• Analyze and definesecurityrequirements for local and wide area networks.
• Update secure configurations by routinely reviewing vendor sites, bulletins, and notifications for securityinformation.
• Responsible for configuration, administration, andsecurityof Cisco Routers, Switches, ASA Firewalls, VLANs, and wireless access points.
• Developing scripts and macros to streamline creation of Excel spreadsheets in order to reduce time required by coworkers to create necessary reports as requested.

Environment: ASA Firewall, Cisco Protocols, WAP, MS Visio, MS Excel, MS PowerPoint, Rational Requisite Pro, MS Visual SourceSafe, Test Director, Agile methodologies.