Diverse IT experience in Information Security Vulnerability Management, Security Assessment and Authorization A&A, Software Quality Assurance, Secure File Transfer, System Support, Analysis and Software Development Lifecycle (SDLC).
Vulnerability scan and analysis,FISMA NIST SP 800s, Information Security, Risk Management, Policy and Procedures, Security Assessment & Authorization (A&A), Continuous Monitoring, Requirement Analysis, Developing System Test plans, Defining Test cases and Developing Test scripts.
Cyber Security Analyst
Confidential, Vienna, VA
- Perform vulnerability scans (using Tenable Security Center, Scuba, DBProtect and Web Inspect) and compliance scans (using Tripwire) for all systems in Confidential TESS environment.
- Classify and prioritize the risk of new vulnerabilities according to the specifics of our unique environment’s risk level, mitigating factors, and assessment of the impacts of internal and external threats.
- Facilitate proactive remediation of new vulnerabilities by collecting information from threat and vulnerability feeds, analyzing the impact/applicability to our environment and communicating applicable vulnerabilities and recommended remediation actions to the impacted teams.
- Work closely with both business - oriented executives and leads as well as technology-oriented personnel to ensure adequate processes are in place and actions are being taken to mitigate identified risks proactively.
- Provide technical support to system owners to propose mitigation and remediation solutions to identified issues.
- Assist departments across the organization in understanding and implementing security policy objectives in ways that are cost effective, and align with business objectives.
Sr Cyber Security Analyst
Confidential, Reston, VA
- Performed Security Categorization using FIPS-199 on multiple systems.
- Performed Security Control Assessment (SCA) using NIST Rev4 and NIST A
- Performed updates to System Security Plans (SSP), Risk Assessments, Incident Response Plans, created Change Control procedures, and drafted Plans of Action and Milestones (POAMs).
- Developed Security Control Assessment Report (SAR) in compliance with NIST SP Rev.4, and A Rev.4.
- Performed vulnerability scanning using NESSUS.
- Prepared and reviewed Security Authorization packages for multiple systems in compliance with Risk Management Framework (RMF), NIST .
- Developed and maintained POA&M for all accepted risks.
- Monitored controls post authorization to ensure continuous compliance with the security requirement.
Cyber Security Engineer
Confidential, Washington DC
- Performed vulnerability and compliance scans using NESSUS and analyze the report.
- Monitored and analyzed network traffic on IDS/IPS system SNORT
- Risk Management Framework (RMF) assessments and Continuous Monitoring
- Reviewed and analyzed logs from SIEM tool Splunk
- Performed evaluation and guidance on security control implementation on multiple environments include Windows OS, LINUX, Solaris, and web applications.
- Performed updates to System Security Plans (SSP), Risk Assessments, Incident Response Plans, and Plans of Action and Milestones (POAMs).
- POAM Remediation: Performed evaluation of policies, procedures, security scan results, and system settings in order to address controls that were deemed insufficient during and Accreditation (C&A), RMF, continuous monitoring, and FISCAM audits.
- Expertise in National Institute of Standards and Technology Special Publication (NIST SP) documentation: Performed assessments, POAM Remediation, and document creation using NIST SP Rev.2 and NIST SP Rev.3.
Software Test and Support Engineer
Confidential, Washington, DC
- Worked on reported support Incident tickets for Campus Pack.
- Consulted with clients to configure and manage Campus Pack building blocks on Blackboard Academic Suite and collaborate with them to troubleshoot difficult issues.
- Coordinated and communicated with clients in solving issues arise in their Production and testing environments.
- Created Virtual Machine test beds for different instances of Blackboard and Campus Pack.
- Installed and tested different blackboard versions on AWS cloud environment.
- Analyzed business requirements and wrote Test Plans and Test Cases for Campus Pack applications.
- Created Test cases, new bugs, New feature requests and Support tasks in Jira.
- Designed and created selenium automation framework to support regression testing as patches and upgrades were made to Campus Pack building blocks.
- Performed manual testing of Campus Pack tools.
- Created SQL Queries to generate Usage Stats for various schools.
- Bug tracking and reporting using the customized Jira.
- Conducted Functionality, Performance and Regression testing during the various phases of Campus Pack Fusion using Selenium.
- Performed back end testing by executing SQL queries to extract data from MSQL Server database.
Secure File Transfer Engineer
Confidential, Minneapolis, MN
- Implemented new file transfer connections using Synchrony Gateway Interchange, End to End Activator and CFT.
- Upgrading End to End Activators and CFTs.
- Provided rotational On-call Production support (second level, via pager).
- Worked on reported Incident tickets on Remedy and creating change requests.
- Created Scope Assessment documents for new file transfer setups.
- Performed End-to-End testing for both inbound and outbound transfer between the application teams and external Trading Partners.
- Coordinating and Communicating with Trading Partners in solving issues arise during End-to-end testing.
- Developed automation test scripts to support regression testing as patches and upgrades are made to AXWAY.
- Documented Test Cases, Test Results and Test Procedures and attended weekly status meetings.
- Consulted with internal groups and external clients to configure and manage Synchrony on Linux, Wintel as well as on Mainframe and collaborate with them to troubleshoot difficult issues.
- Created PGP keys for each outbound transfer for each Trading Partner and link them in the cluster.