SUMMARY

• 7+ years of experience as a disciplined and goal - oriented information security analyst with extensive experience in security management, system installation, software implementation, network troubleshooting and support.
• Extensive experience in Internet research, remote support, user access rights permission, application implementation,basic networking components, protocols and server configurations, security and virus protection, project management, server backup and tape rotation.
• Extensive experience supporting internal and external clients and leverage my use of specialized security, provisioning and reporting tools.
• Provided Security Analyst support to Government affiliated personnel (me.e.: NGA, various Contractors, Military personnel) to ensure safety measures and quality of service exceed expectations.
• Working noledge of teh NISPOM, Intelligence Community Directives and associated Industrial Security regulations, policies and laws.
• Strong understanding of FISMA, Continuous Monitoring, FEDRAMP, and other specific government security requirements.
• Solid comprehension of cyber security including vulnerability & compliance management, data loss protection (DLP), emerging threats and attacks
• Developed plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs and review violations of computer security procedures and discuss procedures with violators to ensure violations are not repeated.
• Knowledge includes computer forensic techniques, risk assessments, disaster recovery, business continuity planning, and policy implementation in accordance to FISMA, NIST, and ISO information security standards.
• Used Agile software development methodology in defining teh problem, gathering requirements, development iterations, business modeling and communicating with teh technical team for development of teh security system.
• Advised clients of our information security policy and discuss issues relating to teh systems and workflow to ensure teh internal security controls operate as intended.
• Created of training materials specifically for project management and security requirements as it relates to SDLC.Maintained and investigated security incidents relating to assigned projects.
• Managed and led day-to-day operations of system upgrade to comply with new federal reporting requirements and security protocols.
• Provided security oversight and best practices advice for ongoing support of assigned application.Act as a security evangelist for teh company and provide guidance on information security topics.
• Conducted security assessments and provided complete White Hat hacker services to quickly identify all security exposures in their network, server and Oracle environment .
• Provided teh Oracle audit services by identifying teh following Oracle security exposures and identified all Net8 exposures: identified all users with external passwords.
• Conducted walkthroughs, formulated test plans, and documented gaps.Developed remediation plans for each area of testing,performed teh General Computer Controls testing of Information Security.
• Conducted quality control of personnel security investigations, conduct National Agency and other security checks, and manage and track investigations from initiation through final completion of teh clearance phase
• Extensive work with Software Vendors to configure and implement security requirements, testing and implementation approval.
• Supported teh preparation of teh Security Assessment Report (SAR).Reviewed, coordinated, and responded to IS security issues as requested.
• Gained experience with controlling, labeling, virus scanning, and appropriately transferring data (uploading/downloading) between information systems at varying classification levels.
• Implemented applicable IC policies, procedures and operating instructions related to Information Technology, Information Assurance, Information Management (IT/IA/IM).

TECHNICAL SKILLS

• Information Security Auditing
• IT Security/Testing
• Network Plus (net+)
• Network Manager Security
• CCNA
• Security+
• CISSP
• Virus and Malware tools
• Security Monitoring analysis
• Password Vaulting
• Vulnerability Management Security
• Baseline Configurations
• Windows Vista
• Windows 7
• Server 2008
• Linux
• Unix
• Solaris
• Backtrack
• Security Assessment Plans
• Security Assessment Reports
• Troubleshooting
• PC Security systems
• BMC Remedy
• Plumtree
• RSA Security Console
• Contingency Plans
• Privacy Threshold Analysis z/OS
• USS
• ISPF
• TSO
• SMP/E
• IBM Utilities
• JES2 commands
• JCL
• SDSF
• Mainframe multiple user software interfaces(IMS
• DB2
• CICS)
• SAS
• MS Office Products
• RACF
• Top Secret some ACF2
• Beta88
• Vanguard zSecure
• Sort packages
• Lotus Notes
• Microsoft Office Suite (Excel
• Word
• Powerpoint
• Access)
• Word Perfect7.0.
• Microsoft Windows OS
• Microsoft Visio
• Proficient with Imagenow (Perceptive Software Products)
• SCT SunGard Products
• FOCUS
• SAS Report Writing.

PROFESSIONAL EXPERIENCE

Confidential, Overland Park, KS

Sr. Security Analyst

Responsibilities:

• Responsible for information security policy development and maintenance; coordinating responses to information security incidents; design of security policy education and training; monitoring compliance with business IT security policy; and coordinating investigation and reporting of security incidents.
• Responsible for data gathering, documentation review, development of System Security Plans (SSP) and Security Control Assessments (SCA) risk assessments, certification documentation, contingency planning, Vulnerability scanning & management.
• Ensuring compliance with IT security policies set by obtaining software authorization, correcting customer account privileges when needed and ID verification (when changing customer information).
• Generated teh Risk Assessment Results (RAR). Created and updated teh System security Plan based on SAR, RAR, and system boundaries.
• Conduct security control assessment interviews with Systems/Network engineers and IT Security staff for auditing.Attend daily conference bridge calls with teh IT security team for organizational compliance security program.
• Updating Security Groups with new users, removal, change in ownership, administer passwords and password protocols.Maintaining and providing access through Security Groups, inboxes and distribution lists through (AD).
• Provided Security System and ID management in card creation and printing for existing and new employees, ID card activation in door system.
• Coordinated and established preventive maintenance schedules for equipment and facilities.Ensured compliance with directives governing physical, operational, computer, and communications security.
• Proactively test access during various stages of client web registration and engage internal security administration team on identified issues.
• Responsible for 'eyes on glass' monitoring and resolution of real-time security events.Provides security compliance administration and oversight for firms security polices.
• Apply OS security patches and upgrades to machines on a regular basis, and configure/add new services as necessary.Performed periodic hardware maintenance and upgrades-Memory,Hard Drives.
• Implemented common information system security practices, policies, and technologies. Understanding of issues such as malicious code eradication, configuration management, certification, and accreditation of current and future systems.
• Managed cross functional HR Services team to develop security standards and procedure requirements for all departments of teh company supporting all active users.
• Developed uniformity of how IT Security is administered, granted and maintained,Performed security analysis, reviews, and audits on a regular basis,training sessions on updated security regulations.
• Prepare reports of security weaknesses or violations and recommend corrective actions to ensure continuing effectiveness for protective measures and safeguarding information.
• Assisting with Government officials on personnel status, facilities compliance and security requirements.Assist and maintain Open Storage areas as required.
• Managed teh functionality and efficiency of a 400+ node (Unix/Linux) infrastructure while maintaining teh integrity and security of servers and systems.
• Performed IV&V on Security Assessment Package (SSP, SAR, RAR) Scans and POAM.Conducted teh IT risk assessment and document teh results.
• Identified and removed old security resources and users defined to teh security files.Provided Technical Support and off hour support as necessary to application areas to complete teh conversion.
• Mentored team members on security system installation, system maintenance, security administration procedures and practices.
• Designed and implemented teh security infrastructure for MQSeries, Web-Server, OEM Gateways, Coupling Facility exploitation, and security interface for magnetic tape

Confidential, Falls Church, VA

Sr. Security Analyst

Responsibilities:

• Responsible for security monitoring security change information for Top Secret, CitiSFT, AS400 sever activity, RACF as well as other remote access application and mainframe security changes.
• Performed user account and object level security administration for all platforms and applications including SaaS (Software as a Service), Cloud infrastructure, and mobility solutions .
• Provides creation, maintenance, and deletion of accounts for security activities related to account provisioning and access management within mainframe and open systems security software solutions.
• Functions as a data security resource and backup support for teh IT Customer Service department and Wire Department for issues with users' access and password issues, and SOX testing.
• Attend meetings as department liaison, working closely with Project Managers on planning, user testing and implementation of projects related to Data Security.
• Performs automated Account Provisioning and Password Self-Service functions. Works with lead analyst to implement and utilize new templates and connectors to other security systems in use.
• Receive/coordinate teh distribution and management of all requests and forms associated with account administration for Data Security Department.
• Developed/Coordinated written correspondence to include but not limited to, Test Plans, Transportation Plans, Deployment Plans, System Security Plans, Treaty Plans, OPSEC Plans, and SOPs.
• Conducted multiple site surveys; prepared security plans, and develop risk mitigation for overseas deployments. Processed Visit Access Requests both Incoming/Outgoing with various DoD and Defense Contractor organizations.
• Distribute security briefing daily to leadership Review/track all incident information via teh security incident report database.Working noledge of Information Assurance (IA) requirements, processes, and methodologies.
• Managed security for Enterprise Resource Planning software dat provided teh company with efficient management of Products, Manufacturing, Financial records, Suppliers, Projects and Business Intelligence.
• Interface with client personnel to gather information, clarify scope and investigate security controls.Use creative approaches to identify vulnerabilities dat are commonly missed in automated assessments
• Exploit vulnerabilities and evaluate risk exposure. Identify and communicate remediation guidance to clients based on industry best practices
• Execute opportunistic, blended and chained attack scenarios dat combine multiple weaknesses to compromise client environments.
• Provide support in teh ongoing development of Application Security offerings through tool creation and process improvement, perform other duties as assigned.
• Applies information system security principals, policies and procedures to ensure information systems reliability and accessibility to prevent and defend against unauthorized access to systems, data and networks.
• Maintains enterprise integrity through recurring analysis of Symantec anti-virus server alerts, scanning for anomalies, taking actions to log, manage, and report security events.
• Conducts real-time monitoring of McAfee IntruShield Intrusion Protection and Symantec Network Security Intrusion Detection Systems to detect abnormal network behavior.
• Ensured effective protection on teh NMCI enterprise by conducting realtime security monitoring, effective detection, proactive analysis and timely response of all security related events.
• Encompassed several security monitoring tools to include Symantec anti-virus and Etrust, Cisco IDS(CIDS), Symantec Network Security Console, and McAfee Host Based Intrusion System (HBSS).
• Ensured daily updates were pushed to all machines on teh enterprise and conducted reviews of anti-virus and security websites for new product definition files, and exploit details.

Confidential, New York, NY

Security Analyst

Responsibilities:

• Responsible for reporting to all network outages, disruptions, malicious logic events, HAZCON events, equipment/software alarms, and pertinent Classified (Secret) information to teh appropriate section (network, system, security, management).
• Monitored and reported events and poor security practices as identified by teh IPS, IDS as well as ArcSight console for correlation.
• Implement security improvements across a wide range of devices and operating systems.Scan for active threats and review patterns of attack using Tenable SecurityCenter and Nessus scanners.
• Used switch port security to halp ensure network compliance.Set up load balancing across multiple transmission paths, set up McAfee Host Based Security System Agent and packages.
• Modify Rules and channels in existing tools used for detection and integration of multiple products together for security functions (ArcSight, Sourcefire). Prioritizing and differentiating between potential intrusion attempts and false alarms.
• Conduct monitoring and analysis of network security events via IPS, Antivirus, Proxy and Firewall logs.Maintain and support defensive security infrastructure in direct support for our Security Operations Center (SOC).
• Provided Daily Status Report to Federal and contract staff dat consists of a list of deployed and returned international laptops, tickets opened within teh last 24hrs and teh latest Critical patches dat are deployed. (Symantec Endpoint Manager, Tivoli Bigfix)
• Review open source security advisories and threat intel to notify Federal Security Staff via teh creation of internal RFC to deploy security and patch updates. (Google Chrome, Java, Microsoft, Apple)
• Perform endpoint security scans and updates on remote endpoints via Symantec Endpoint Manager, as a part of security event investigations.
• Monitor multi-level security networks to identify potential security violations, incidents, attacks, and/or potential malicious behavior.
• Ability to analyst high volume of security events while maintaining a solid quality of analysis.Identified data in firewall events to assist in troubleshooting .
• Performed assessment of information security management system (ISMS) for client in order to provide gap assessment and control recommendations .
• Evaluated IT controls of teh systems development methodology, quality assurance processes, change control and security and operations for teh software service provider Automated Wireless Environment. Provided process improvement recommendations.
• Performed tracking and monitoring of global security initiatives by providing management IS metrics on such matters as vulnerability threat management, security risk assessments, end-of-life equipment, entitlement reviews, security issues and security investigations.
• Evaluated teh security, audit and governance controls for teh IT systems development and support environments for Northeast District Banks and their IT service providers.
• Provided IT guidance and recommendations strengthening IT security and management controls used by our banks to safeguard their systems, networks and applications to ensure teh compliance with data privacy and IT control objectives of GLBA and SOX.
• Developed action plans to improve control over interface feeds, change control, application security and vendor management of teh consolidated tax reporting system.
• Evaluated teh quality of vendor controls by performing third party security assessments of voice services and media management vendors. Provided recommendations for compliance with IS policy and standards.

Confidential, San Diego, CA

Security Analyst

Responsibilities:

• Performed risk management assessments; developed and reviewed security categorizations, system security plans, plan of actions and milestones, security control implementation, configuration management plans, contingency planning, disaster recovery plans, incident response plans, information security policy, Rules of Behavior, vulnerability scans and other task specific security documentation.
• As teh senior information security analyst, provided security guidance to customers and government IT staff to meet security compliance requirements, evaluate various technologies and products, provide security architectural considerations and develop mitigation recommendations as part of teh risk management process.
• Determined if security requirements were available in specified systems and/or products in order to meet national security guidelines. Performed a risk management assessment and developed appropriate countermeasures.
• Conducted security interviews with stakeholders at teh United States International Trade Commission and teh Peace Corps.
• Provided support included responding to customer security queries, reviewing certification and accreditation documentation, reviewing system security plans for completeness, reviewing system and site IT architectures, planning and completing site certification and accreditation IT audit visits and making risk management decisions on teh acceptability of individual systems.
• Improved Information Security (IS) policies and standards and enhanced IT control activities to strengthen compliance with Gramm-Leach-Bliley Act (GLBA) and Sarbanes Oxley (SOX) laws, rules and regulations.
• Analyzed platform logs from aggregate tool (Log Logic) as part of Security Monitoring and investigated for various suspicious activities/trends and recorded/investigated cases.
• Executed enterprise queries (BindView Compliance Control Suite) and reviewed various platforms settings on a rolling monthly basis to ensure compliance with established Security Baseline Configurations based on industry standard CIS benchmarks.
• Performed detective processes (analysis and reconciliation) to ensure service accounts are compliant with established IT General Controls and registered with ownership identity in approved Information Security system and repository.