SUMMARY:

• 9+ years of extensive experience in IT, 5 years as an Information Security Analyst on various Cyber Security platforms and 4 years as a Quality Assurance Engineer.
• Experienced in installation, configuration, maintenance, troubleshooting, developing reports, and analyzing results of Tripwire Enterprise and IP 360.
• Skilled in Splunk, HP Arcsight, and Retina Scanner.
• Expert in using security tools as MacAfee, Norton Anti - Virus.
• Experienced implementing Linux (Red Hat), UNIX (Solaris), Unisys mainframe, and Windows Server.
• Experienced in monitoring and remediating the security of critical systems (e.g., e-mail servers, database servers, web servers, etc.) and changes to highly sensitive computer security controls.
• Implemented Penetration Testing using SOAP UI for Web services and application security.
• Experience in Fuzzing software testing technique to discover coding errors and security loopholes in software, operating systems or networks by inputting massive amounts of random data.
• Deep knowledge of network exploitation, attack strategies and methods, current IT security technology, software and cyber-threat mitigation tools.
• Skilled developing artifacts for FISMA and NIST compliances.
• Identified vulnerabilities, recommend corrective measures and ensure the adequacy of existing information security controls
• Researched new developments in IT security and tools in order to recommend, develop and implement new procedures across a major global enterprise.

TECHNICAL SKILLS:

Security Software: Tripwire Enterprise, Tripwire IP360, Big Brother, Little Brother, Orion, Netbackup, RiverBed, Tectia-SSH Terminal, Hummingbird, Solar Winds, Websense, Source fire, Fire Eye, Retina Scanner, Splunk, HP Arcsight Logger

Product Methodology: SDLC, Agile, UML, Prototyping, Waterfall.

Databases: Oracle, MS Access, MS SQL Server, PL/SQL

Operating Systems: Linux, UNIX, Windows

Others: Microsoft Word, Excel, Outlook, Visio, LDAP Administration, Remedy

RELEVANT WORK EXPERIENCE:

Confidential, Ft Meade, MD

Information Assurance Analyst

• Manage Vulnerability and SCAP patching reporting and compliance.
• Maintain system security in compliance with Confidential (DoD) and supporting vendor requirements.
• Analyze Windows/UNIX Systems, check processes and log files, and retrieve and review information contained within logs for troubleshooting. Apply OS patches and upgrades on a regular basis, and upgrade administrative tools and utilities. Configure / add new services as necessary.
• Working knowledge of Confidential Information Assurance Certification and Accreditation
• Process (DIACAP), Risk Management Framework (RMF), and Plans of Actions and Milestones (POA&M).
• Will be responsible for analyzing scans and remediating system vulnerabilities.
• Work with the CIO/Cybersecurity branch to complete patching of vulnerabilities, and testing of system/server images.
• Compiling vulnerability scan results against asset host and Internet Protocol (IP)s
• Managing/Updating POA&M and mitigating vulnerability risks abased on categories I, II, II
• Security and systems administration integration.
• Recommend schedule registry modifications, Operation Systems (OS) hardening, patching and updates, to Sys Admin staff

Confidential, Quantico, VA

Cyber Security Specialist

• Monitored syslog, alerts, file management, system changes and retrieved data from Tripwire for investigation purposes.
• Created policies and procedures for Tripwire.
• Operated and managed all aspects of Information Systems, data availability, integrity, authentication, confidentiality.
• Implemented and monitored security measures for communication systems, networks.
• Provided advice that systems and personnel adhere to established security standards and Governmental requirements for security on these systems.
• Developed and execute security policies, plans, and procedures.
• Designed and implemented data network security measures.
• Operated Network Intrusion Detection and Forensics.
• Conducted performance analysis of the Information Systems security incidents.
• Supervised operation of Electronic Key Management System, other information security duties, and Public Key Infrastructure.
• Operated Host Based Security System (HBSS), firewalls, Intrusion Prevention Systems, Intrusion Detection Systems, other point of presence security tools, Virtual Private Networks, and related security operations.

Confidential, Warrenton, VA

Information Security Analyst (SOC)

• Responsible for the security posture of all servers and networks within the multiple datacenters.
• Performed installation, monitoring, troubleshooting, administration, reporting, and report analysis of Tripwire Enterprise and Tripwire IP360 to monitor all server and network systems.
• Installed Tripwire agents on Linux, UNIX, and Windows systems. Worked with Production group and system owners on agent best practices and troubleshooting issues (system or network related).
• Developed Tripwire reports and dashboards. Analyzed reports to ensure completeness and accuracy.
• Performed daily administration of the Tripwire, rules, reports, and server alerts for the datacenter activities.
• Performed administration of Tripwire database (upgrades, backup/restore)
• Designed technical documentation for Tripwire maintenance and troubleshooting.
• Developed, implemented, and documented formal security programs and policies for Tripwire and others.
• Performed Computer Security Incident Response activities for a large organization, coordinates with other government agencies to record and report incidents.
• Monitor and analyze Intrusion Detection Systems (IDS) to identify security issues for remediation.
• Recognized potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
• Communicates Tripwire alerts to agencies regarding intrusions and compromises to their network infrastructure, applications and operating systems.
• Assisted with implementation of counter-measures or mitigating controls.
• Monitored events responded to incidents and reported findings.
• Experienced in Splunk investigation the Security threats and Server Alerts.
• Experienced in HP Arcsight to verify the event through different protocols.

Confidential, Washington, DC

Quality Assurance Engineer

• Responsible for the automated test framework for DoL.
• Created scripts for E2E scenarios and executed the scenarios.
• Wrote Regression and Functional test plan and migrate all in Quality Center.
• Created script to pull the metrics from QC like elapsed time for defect cycle.
• Involved in Back-end testing using SQL queries and reported defects in Quality Center.
• Developed script and scheduled to integrate Outlook mails information with Quality Center through Quality Center API.
• Involved in developing scripts using descriptive programming in Quick test Pro (QTP).
• Involved in integrating WPBN with QC through API programming.
• Created custom functions, modular tests, dictionary objects, keyword driven frameworks using VB Scripts for QTP.
• Conducted load testing using Load Runner by creating Virtual users.
• Conducted performance and stress testing using Load Runner.

Confidential, Columbus, OH

Software Test Engineer

• Extensively worked on testing of FIX protocol messages used for the communication of trade related data on UNIX systems.
• Performed Backend Testing to ensure the authentic retrieval of the data from the database using SQL Queries.
• Performed database tests of objects and data using PL/SQL.
• Automated Test scenarios for GUI Functionality, Regression Testing using Quick Test Professional (QTP).
• Used Actions and Re-usable Actions in Quick Test Pro, for designing the Automation test scripts and Parameterized key elements to verify the Database Integrity.
• Reviewed manual methods to design, develop, validate and execute automated test scripts using Quick Test Pro.
• Developed Load Runner scripts, wrote programs to support the load testing efforts.
• Identified bottlenecks, data errors and integration problems and revised application to enhance performance before Application Launch.
• Participated in the development and support of the testing program aimed at supporting multiple testing efforts simultaneously.
• Provide regular contributions to the test management reporting pack.
• Responsible for updating Quality Center and keeping testing status current.

Confidential, Columbus, OH

Software Tester

• Prepared Test plans, Test Scripts and Test cases based on the functional specifications.
• Analyzed and reviewed the software requirements, functional specifications and design documents.
• Reviewed test cases of other team members and provides coaching and feedback.
• Executed Backend testing of the application by writing SQL queries.
• Validated the backend integrity and reports accuracy.
• Tested the modules on the application by Manual Testing and data validation using SQL queries.
• Conducted Data Driven testing using parameterization in Quick Test Pro to test the application with different sets of data.
• Verified that the result of execution of test cases was as expected and according to specifications; followed up with users, analysts, developers on resolution of defects; wrote test reports.
• Executed Test Procedures and documented Test Results.
• Coordinated with beta client team for application configuration issues, defect analysis and timely release of test versions of application.