SUMMARY:

• Expertise providing information technology with over 10 years of experience in information systems support, conducting security awareness programs, configure, manage and secure mobile devices (MDM), digital forensics, malware analysis, IT Audits and Compliance security projects to ensure objectives are met, ensures compliance with IT control requirements (e.g. Sarbanes - Oxley, HIPAA, PCI, FEDRAMP, FISMA) policies and operational procedures, configuration standards, contributes to the success of the organizations’ best practices and standards.

TECHNICAL SKILLS:

Platforms: Microsoft Windows, Linux.

Networking: LAN/WAN, TCP/IP, FTP, DNS, SMTP, HTTP, Cisco Routers & Switches, Linksys Hubs.

Languages: HTML, SQL Server Management Studio 2005

Appliances & Products: Symantec Endpoint Anti-virus Protection, Remedy Ticketing System, CitrixSystems, Script logic Active Directory Management, Nexpose Vulnerability Management & Penetration Testing, Courion Identity Management, Idera SQL Compliance Manager, RSA Envision, RSA SecurID, Guardium, Guidance Encase Software, Windows Forensic Tool Kit (FTK), ePolicy Orchestrator, SolarWinds LEM, McAfee Network Security Manager, Websense, Maas360, Cisco IronPort, Palo Alto, Juniper STRM, Nessus/SecurityCenter, Splunk.

PROFESSIONAL EXPERIENCE:

Confidential, Woodlawn, MD

Information System Security Officer/Information System Security Engineer

Responsibilities:

• Perform security monitoring and analysis of systems, networks and security logs as part of the continuous monitoring and incident response requirements for CMS/HHS/Maricom systems and services to report on possible risks to or violations of security.
• Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives.
• Experience operating Palo Alto firewall and systems and appliances to include intrusion detection, enterprise anti-virus systems and software deployment tools.
• Provides complex engineering analysis and support for firewalls, routers, networks and operating systems.
• Experience performing and evaluating vulnerability scans using Nessus/SecurityCenter within a multi-platform, large enterprise environment.
• Performs complex product evaluations, recommends and implements products/services for network security.
• Review patch deployment, investigate malware alerts; recommends and oversees the installation, modification or replacement of hardware or software components and any configuration change(s) that affects security.
• Evaluate SIEM vendor products such as Splunk, Tenable LCE & PVS.
• Conducts security awareness training; incident response test plans and after actions.
• Conducts phishing exercises for the organization.

Information Systems Security Engineer

Responsibilities:

• Engineer Information Security Solutions
• Evaluate, configure, deploy and operate malware/APT detection tools Sourcefire, FireEye for Advanced Threat Defense.
• Analyze, troubleshoot and investigate security related, information systems’ anomalies based on information security platform reporting, network traffic, log files and automated security alerts.
• Experience implementing Mobile Device management for android, ios and windows mobile devices.
• Conduct high level computer forensics, malware analysis, and reverse engineering as part of the organizations Computer Incident Response Program.
• Ensures the integrity of host computers, servers, databases, laptops, firewalls and other devices for secure data transfer.
• Maintain existing capabilities, make recommendations and implement appropriate up to date security technologies such as encryption, anti-virus software as needed.
• Configure existing technologies in an effort to solve operational issues.
• Assist efforts to demonstrate that Inovalon information systems are compliant with appropriate corporate policies, industry standards, government regulations, and contractual requirements.

Information Systems Security Analyst

Responsibilities:

• Conducts computer forensics to identify and investigate network traffic, malware analysis, and reverse engineering as part of the organizations Computer Incident Response Program.
• Monitor and report security incidents, vulnerabilities and administer a diverse suite of information security countermeasures.
• Proficient in using intrusion detection such as PSEXEC tools.
• Maintain existing capabilities, make recommendations and implement appropriate up to date security technologies such as Encryption, Antivirus software and Data Loss Prevention.
• Management of Cloud-based Web Filtering service
• Troubleshoot, diagnose, document, and resolve technical issues related to IDS/IPS tools.
• Implemented Mobile Device Management (MDM) solution by replacing the current Microsoft Active sync for Maas360 by Fiberlink.
• As part of Security Operations, identify the need for security technology solutions, implement new technologies and security solutions in alignment with industry best practice and commonly accepted principles of secure design.
• Assist Senior Engineer with upgrades, maintenance and building an effective Proof of Concept with appliances such as FireEye, Sourcefire etc.

Confidential, Coral Gables, FL

Information Security & Assurance Analyst I

Responsibilities:

• Conducts and coordinates information security risk analysis and risk assessments on existing and proposed systems, documents findings, and recommends risk mitigation strategies.
• Request for RFP’s and present to audit committee.
• Assists in the development of information system security standard configurations using variations of the NIST, DISA STIGS, and SSAE 16 checklist.
• Experience with IT security domains such as Authentication, Audit Controls, Compliance, Forensics and Incident Response.
• Familiar with tools such as Tripwire to conduct security forensic investigations.
• Directs root cause analysis efforts to determine improvement opportunities when failures occur. Maintains a database of security incidents and provides reports to management and external regulatory agencies.
• Monitor scans by the Security Incident Event Monitoring application and investigate anomalies to ensure all activities are in compliance with policies and procedures.
• Experience with auditing processes, including Network Security, SDLC/Change Management, and IT related functions.
• Drafts policies and procedures and makes recommendations to ensure the security of information assets against unauthorized or accidental modification, destruction, or disclosure.
• Assist in remedial measures for security events, incident and vulnerabilities.
• Manage, distribute, and encrypt portable drives to business partners and customers.
• Assist team in working with federal examiners (e.g. SEC, OCC, SOX, FDIC, etc.)
• Good working knowledge of requirements for SOX, PCI.

Information Security Analyst / Technical Services Analyst

Responsibilities:

• Work with Courion Identity Manager Software for Role Management, Compliance Management, User Provisioning and Password Management.
• Monitor and audit user activity and trends to insure proper use in detecting security violations.
• Responsible for all aspects of UNIX security, including performing UNIX security audit and ensuring compliance to security standards.
• Recommend, test requirements, success criteria and verification, and implement security hardware and software.
• Conducts routine network scans, log file analysis to ensure network security firewalls is enabled to identify and control content, threats, users, IP addresses, packets and ports.
• Collaborate with IT management, the legal department, safety and security, and law enforcement agencies to manage security vulnerabilities.
• Ensures SOX and HIPAA compliance are consistently maintained together with all other security policies.
• Provide network access control, account management and security Windows XP/2007, Server 2003.
• Performs user account administration, maintenance, monitoring, user terminations, and risk assessments.
• Maintains proactive, consistent communications with Security and Information Systems Management team on system or network security issues, status and projects.
• Developed and conducted security awareness training for new hires.