SUMMARY:

• Skilled Information Security Analyst with expertise in risk management unauthorized access viruses and a wide range of vulnerabilities and threats.
• Well - versed in direct and remote analysis with strong critical thinking communication and people skills.
• Able to thrive in fast-paced and challenging environments where accuracy and efficiency matter.
• Ability to establish and maintain effective working relationships with clients and co-workers
• Skills in interviewing users to help analyze and resolve issues
• Strong organizational, analytical and planning skills
• Ability to read and interpret system security policies, rules and regulations
• Ability to communicate security and risk-related concepts to both non-technical and technical audiences
• Strong communication (verbal & written) and presentation skills
• Assessment and Authorization (A&A)
• Certification and Accreditation (C&A)
• IT Security Compliance
• Vulnerability Assessment
• Vulnerability Scanning
• Database Administration
• Information gathering
• Information Assurance
• Risk Assessment
• Systems Development Life Cycle
• Technical Writing
• Project Management and Support
• Project evaluations
• Analysis and reporting

TECHNICAL SKILLS:

• Nessus Vulnerability Scanner,
• Oracle Database 10g; 11g; 12c,
• Microsoft SQL,
• LINUX/UNIX OS,
• Mac,
• Microsoft Windows,
• Excel,
• Word,
• PowerPoint,
• Access,
• People Soft,
• MS Project,
• MS Visio,
• VMware,
• Oracle virtual box,
• CSAM,
• Accellion/WatchDox secure file solution,
• Microsoft SQL Server,
• Management Studio,
• Xactimate,
• NextGen

PROFESSIONAL EXPERIENCE:

Cyber Security Analyst

Confidential, Beltsville, MD

• Supported client Security policies and activities for networks, systems and applications including Vulnerability Management, Incident Reporting, Mitigation, and Continuous Monitoring
• Supported all Assessment and Authorization (A&A) phases and processes
• Proven ability to support the full life-cycle of the Assessment and Authorization (A&A) process
• Developed, reviewed, and updated Information Security System Policies, System Security Plans, and Security baselines in accordance with NIST, FISMA, OMB App. III A-130 and industry best security practices
• Applied appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53, FIPS 199, FIPS 200 and OMB A-130 Appendix III
• Direct experience with formatting, customizing, and providing feedback for documentation relating to Information Assurance & IT Security Vulnerability
• Provided security expertise and guidance in support of security assessments.
• Supported A&A (C&A) activities according to the A&A project plan
• Review, analyze and evaluate business system and user needs, specifically in Authorization and Accreditation (A&A)
• Perform internal audits of the systems prior to third party audits
• Reviewed authorization documentation for completeness and accuracy for compliance
• Facilitated Security Control Assessment (SCA) and Continuous Monitoring Activities 
• Executed examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4
• Ensured cyber security policies are adhered to and that required controls are implemented
• Validated information system security plans to ensure NIST control requirements are met
• Developed resultant SCA documentation, including but not limited to the Security Assessment Report (SAR)
• Authored recommendations associated with findings on how to improve the customer’s security posture in accordance with NIST controls
• Assisted team members with proper artifact collection and detail to clients examples of artifacts that will satisfy assessment requirements
• Reviewed security logs to ensure compliance with policies and procedures and identifies potential anomalies
• Updated and reviewed A&A Packages to include Core Docs, Policy & Procedures, Operations and Maintenance Artifacts, SSP, SAR, FIPS 200, FIPS 199, POA&M, CPTPR, BIA, PTA, PIA, and more
• Collected Operation and Maintenance artifacts on an ongoing basis so that Security Control Assessment (SCA) is seamless
• Uploaded supporting docs in the System’s Artifact Libraries, Google Docs, and CSAM
• Updated, reviewed, and aligned SSP to the requirements in NIST 800-53, rev4; so that assessments can be done against the actual requirements and not ambiguous statements
• Managed vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple assets across the enterprise network
• Reviewed SAR post assessment; created and completed POAM’s milestones to remediate findings and vulnerabilities
• Monitored security controls post authorization to ensure continuous compliance with the security requirements

IT Security Analyst

Confidential, Silver Spring, MD

• Investigate use and configuration organizationally of multiple business process tools, and create gap analysis on current solution vs. ideal solution
• Communicate analysis, design, and specifications both functional and technical to all supporting organizations
• Collaborate and direct efforts within Quality Assurance to ensure desired results
• Develop innovative solutions to meet the needs of the business that can be reused across the enterprise creating the environment for consolidation of tools to robust, customizable solutions
• Supported client Security policies and activities for networks, systems and applications including Vulnerability Management, Incident Reporting, Mitigation, and Continuous Monitoring
• Supported all Assessment and Authorization (A&A) phases and processes
• Proven ability to support the full life-cycle of the Assessment and Authorization (A&A) process
• Developed, reviewed, and updated Information Security System Policies, System Security Plans, and Security baselines in accordance with NIST, FISMA, OMB App. III A-130 and industry best security practices
• Solve unique and complex problems with broad impact on the business
• Provide time estimates at various levels of confidence for tasks from initiation through development
• Identify dependencies across programs, milestones, systems, and solutions
• Coordinate effort across business, technical, and program teams

Oracle Database Administrator

Confidential, Cockeysville, MD

• Manage Oracle production and test databases running on Linux and windows
• Troubleshoot and resolve various Oracle connectivity problems.
• Provide network troubleshooting and administrative support for the development staff
• Analyzing the Tables and Indexes on performance base regularly
• Performed hot and cold backup and recovery using RMAN and Linux Scripts
• Export and Import of database objects to copy from one database to another database.
• Performed bulk load to database using sql loader
• Improved vital processing jobs by reducing process duration by 60%
• Regular Monitoring Alert log Files and trace files on Day to Day Basis
• Experienced with SRVCTL, OCR, Voting Disk of 11g RAC
• Created and maintain Oracle DataGuard configuration, also Managed Data Guard using Data Guard broker.
• Implemented Dataguard(Standby) for high availability disaster recovery purpose
• Experience in performance tuning using cost based optimization (CBO)
• Performed database tuning using explain plan and enterprise manager
• Implemented disaster recovery system, using RMAN and custom written shell scripts.
• Optimized database by monitoring the statspack, AWR and ADDM report generated from snapshots taken at peak business.
• Rebuilding indexes when needed to avoid fragmentation and improve performance, monitoring index usage and removing unused indexes