SUMMARY:

• Information Technology professional with demonstrated experience in a variety of areas including networking, security, IT Audit & Compliance, user management and hardware/software troubleshooting.
• Works well independently or as team member with excellent management and interpersonal communication skills.
• Assist with the Certification and Accreditation (C&A) process in evaluating, describing, testing and authorizing systems prior to or after a system is in operation
• Analyze Nessus vulnerability scan reports to assess patch management integration, and vulnerability analysis of the information systems security posture
• Assist with evaluating known vulnerabilities and execute a Plan of Action and Milestones (POA&M), in order to remedy or mitigate any known weaknesses.
• Ensured all critical security patches and upgrades were implemented as required.
• Performed risk assessments of the IT infrastructure to identify and correct vulnerabilities.
• Provide Security Monitoring and incident response to information security alert events
• Analyze network traffic and IDS alerts to assess, prioritize and differentiate between potential attempts and false alarms.

TECHNICAL SKILLS:

Networking: Pre - installation, planning, design and implementation of LAN/WAN s. pfSense and Sonicwall ( firewalls/routers), PaloAlto, Cisco, Netgear switches, Novell NetWare and Windows Server family, network performance and management, diagnostic and troubleshooting of HW/SW issues, remote system management, and implementation of network copiers and printers (Sharp, Nauticon, Richo)

Operating Systems: Windows Server family 20xx, Windows 7, Vista, XP, Linux Redhat, Ubuntu

Software: Netskope, Nessus, FireEye, Lancope, SOLTORA, McAfee ePO, WireShark, IBM BigFix, Splunk ES, BlueCoat, HPSM, SCOM, NetWitness, Websense TRITON, NMAP, BackupExec, Egnyte, Bomgar, Symantec Nav, Ghost, PuTTY, MS Office Suite 20xx, Google full suite solution, Adobe, AllwaySync, MS Exchange, Lotus Mail and Organizer 2.1, ProComm PLUS, Archer, Remedy, Cisco VPN, VNC and Lenel security system

PROFESSIONAL EXPERIENCE:

Confidential

Responsibilities:

• Cloud access security broker (CASB) monitoring and policy enforcement
• In Charge of providing monthly reports to LOB ISO’s and engineers in assisting with enforcing cloud service risks, security policies, and compliance with regulations.
• Provide mitigation guidance based on analysis
• Conduct configuration changes in whitelisting / blacklisting sites
• Compose documentation on policies and procedures in conducting reports for the different LOB

Confidential

Senior Security Analyst

Responsibilities:

• Assist in developing processes and procedures associated with SIEM log management(using Splunk and Karbana )
• Monitoring multiple tools, conducting investigations, escalated through corporate chain of command to mitigate any findings.
• Investigating AWS alerts to mitigate findings
• Provide mentoring for department interns
• Lead team discussions in whitelisting false positives with other department points of contact

Confidential

Security Analyst

Responsibilities:

• Assist in developing processes and procedures associated with log management
• Network Log Management using Splunk
• Oracle Audit Vault ( Log alert management )
• SCOM (System Center Operations Manager) Log management and alert setup
• IBM Bigfix ( compliance and vulnerability management )
• PaloAlto networks monitoring, investigate security alerts
• Determine compliance with security controls and address control deficiencies including Plan of Action and Milestones (POA&M), Corrective Action Plans, Scheduling, and Resource Requirements
• Perform network security scans, analysis and risk management using Nessus
• Assess/calculate risk based on threats, vulnerabilities and shortfalls uncovered in testing
• Briefs management on the status of action items
• Skilled in working in line with security policies to perform network discovery and prioritization, vulnerability assessment, risk rating, threat correlation, asset-based remediation management, and measurement and reporting

Confidential

Security Analyst

Responsibilities:

• Providing technical skill and knowledge, reassessment in support of Authorization and Accreditation (A&A).
• Participate in the creation of enterprise security documents (Security plans and Risk Assessments)
• Review system documentation, technical scans and other documentation pertaining to government systems in order to identify and create System Analysis Reports, POA&Ms and other documentation in support of the information systems.
• Key contributor to compliance and risk mitigation efforts, to include POA&M management and continuous monitoring efforts in support of the client

Confidential

Information Security Specialist

Responsibilities:

• Use TAF ( Trusted Agent FISMA ) in performing Security assessments and developing System Security Plans (SSPs).
• Work with Information System owners to assist with achieving an ATO (Authorization To Operate).
• Identifying and assessing risk, using NIST 800 Special Publication, FIPS publications and (FISMA) guidelines to assess and reduce risk to acceptable measures.
• Responsible for the management of Plan of Action and Milestones (POA&M), to identify, assess, prioritize, and monitor the progress of corrective actions pertaining to information security weaknesses found within programs and systems.
• Work closely with Information System owners to perform annual assessment.
• Protecting systems and resources from unauthorized access by determining the level of authorization needed to system and network resources
• Perform Ad-HOC Nessus scans to confirm mitigation actions.

Confidential

System Administrator

Responsibilities:

• Participated as a member of the North American Leadership team which entailed giving weekly updates to the CEO and the Senior Department Heads, as well as participation in daily discussions regarding corporate operations and long-term strategic planning.
• Worked directly with HR Department to ensure proper procedures were in place and updated for onboarding and offloading of employees, plus asset recovery.
• Worked directly with general counsel supporting contract reviews in order to adhere to clients’ contractual guidelines and to assist with investigations and data recovery during litigation.
• Designed and executed security guidelines for physical access and monitoring at headquarter and all satellite offices.
• Assisted with drafting Sarbanes Oxley (SOX) IT internal controls and implemented processes corporate-wide to meet SOX requirements.
• Implement NIST guidelines in controlling software development and security controls
• Ensured that access to corporate resources was controlled by an approval process on an as-needed basis.
• Provided training and guidance to IT staff regarding corporate policies and procedures.
• Ensured all critical security patches and upgrades were implemented as required.
• Implemented server backup and disaster recovery procedures to ensure full data recovery.
• Tested and implemented company-wide PC data backup and recovery solution.
• Performed risk assessments of the IT infrastructure to identify and correct vulnerabilities.
• Analyzed Nessus reports assessing the security vulnerability of the infrastructure.
• Responsible for all aspects of system security including log management.
• Implemented secure cloud files server solution for data sharing with vendors and clients.
• Designed and set up project offices for Samsung, Sprint and Confidential to adhere to clients’ corporate guidelines and compliance demands.
• Assisted Facilities department with client (AT&T) inventory, access and security monitoring.
• Managed and maintained Avaya phone system.
• Served as the vendor point of contact for IT issues, contract negotiation and troubleshooting
• Implemented Bomgar solution to provide remote end user support, server management and online training and presentations.
• Managed all corporate mobile devices including ordering, activation and troubleshooting.
• Managed BES server, including account setup / deactivation and wipe of lost or stolen devices.
• Managed offsite hosting solution (DBSi), planed scheduled maintenance and troubleshooting.
• Managed daily helpdesk operations, helpdesk queue, and staff productivity.

Confidential

Network Engineer

Responsibilities:

• Maintained weekly network status updates for senior staff.
• Volunteered to help launch the commercial IT support division at UTA.
• Installed, configured and managed servers, routers and switches.
• Designed and installed air gap solution with swappable drives for optimal LAN security.
• Involved with the design and infrastructure upgrade (token ring to CAT 5 Ethernet).
• Migrated client from Novell to Microsoft servers’ platform.
• Maintained corporate hardware and software inventory.
• Responsible for data backup and recovery procedures.
• Designed and implemented satellite offices, setup and closures.