- 7+ years aggregate IT experience with strong troubleshooting skills, extensive knowledge and proficiency in SPLUNK, system and database administration. Worked extensively across windows/Unix and Linux platforms. Proficient in Cyber Security Analysis using RMF and FISMA compliance. Have excellent communication skills, great team player with a fast learning curve. Work perfectly and effectively under stressful conditions where speed and accuracy are necessary
AREAS OF EXPERTISE
- Splunk implementation and management
- System Monitoring and Performance tuning
- Database/system Upgrade and Migration
- Data integrity and security
- Splunk Enterprise Security
- Dashboard creation and monitor
- Hardware and software support and troubleshooting
- REGEX and Applications
- SIEM(SPLUNK ES)
- Active directory
- NIST 800 Series publications
- FISMA Compliance
- Installation of Splunk and components such as forwarder, search head, and indexer
- Management of the Splunk Deployment server in a cluster environment.
- Create apps to manage deployment clients on the deployment server
- Management of Splunk in medium to large environments including distributed forwarders, indexers and search heads.
- Perform data onboarding of new data into Splunk, and performance tuning and monitoring
- Managing Splunk License quota
- Create custom Apps and Add - ons for various components of Splunk including Universal forwarders, search heads to interact with 3rd party software/hardware.
- Splunk administration experience with installation, configuration, clustering and monitoring of system logs.
- Writing REGEX to map client sensitive data.
- Have experience working with the Linux environment, editing and maintaining Splunk configuration files and apps.
- Building dashboards, and data models, highlighting the key trends of the data.
- Work with end users to gather requirements, perform troubleshooting, and provide assistance with the creation of Splunk search queries and dashboards.
- Develop dashboards with visual metrics and data normalization using CIM for stakeholders
- Maintain and manage Splunk, frontend and backend
- Manage SPLUNK user accounts (create, delete, modify, etc.)
- Utilize AWS cloud administration, create EC2 Instances and IAM
- Share point, Remedy, and ServiceNow administration
- Scripting using Shell, Bash, writing and modifying complex SPL queries for reporting purposes.
- Standardize and implement Splunk Universal Forwarder deployment, configuration and maintenance in Linux and Windows platforms
INFORMATION SECURITY ANALYST
- Assist the ISSO with daily tasks including reviewing the RMF using NIST 800-37 in various assessment and authorization projects.
- Perform detail Security Assessment on HUBZone, DataPipe, Salesforce and MS Azure cloud systems by ensuring that costumer responsibility statement and FedRAMP packages are well implemented.
- Perform continuous monitoring on the HUBZone, DataPipe, Salesforce and MS Azure
- Create Security Assessment Plan (SAP) for assessment schedule, tools, and personnel documentation
- Conduct the assessment kickoff meetings and security controls interview meeting with the ISSOs, system owners, and other system stakeholders
- Conduct Security Control Assessment (SCA) using NIST SP 800-53A as a guide for determining assessment methods/test guide
- Create Requirement Traceability Matrix (RTM)/Test cases to document assessment works/results
- Develop and update System Security Plan (SSP) to provide an overview of the system security control requirements using NIST 800-18 as guide.
- Assist with POA&M management by ensuring the systems’ POA&M items have been closed or updates provided where necessary in the CSAM
- Conduct IT Security Risk Assessment and review security controls for any deficiencies and report to the ISSO for appropriate mitigation actions
- Summarize final System Risk in the Security Assessment Report (SAR)
- Assist in preparation of authorization letter, assembly and submission of Authorization package to the Authorizing Official (AO) for signature
- Perform vulnerability assessment using Tenable Nessus vulnerability scanning tool
- Review security documents such as System Security Plan, and the A&A package.
INFORMATION SECURITY ANALYST
- Security Control Assessment, determining the Security Controls (Management, Operational, and Technical) effectiveness, documenting findings and providing recommendations for addressing weaknesses or vulnerabilities in a Security Assessment Report (SAR) and populate it in CSAM.
- Developed solutions to security weaknesses in the Requirement Traceable Matrix (RTM) and SAR, while working on POA&M remediation and Corrective Action Plan (CAP).
- Reviewed and updated policies, procedures, security scan results and system settings in order to address controls that were deemed insufficient during Assessment and Authorization (A&A), RMF, continuous monitoring, and FISMA audits.
- Coordinate and track remediation of security weaknesses as they are discovered, via the Plan of Actions and Milestones (POA&M).
- Facilitated all phases of Assessment and Authorization for various software systems and networks using NIST 800-37 Risk Management Framework, security tools/software and planning with all the stakeholders involved to ensure the process is completed on time.
- Achieve FISMA compliance and Authority to Operate (ATO) for systems based on guidance from the NIST SP 800-37 Risk Management Framework (RMF).