PROFILE SUMMARY:

• Talented and results - driven Information Security Professional with versatile, cross-platform experience in Information/systems security. Experience in hardware, software, networking, and security technologies, analyzing security deficiencies and violations, performing risk assessments, vulnerability assessments, and security assessment and authorizations. Delivered solutions implementing administrative, technical and physical controls establishing security management, protection of assets, and compliance.
• Demonstrated organizational and interpersonal skills working across departmental boundaries while maintaining strong communications and disseminating information from technical to comprehensible language to management, peers, and users. Performed as a highly motivated, goal-oriented team player with ability to work on projects independently. Tunde Fajemidupe is familiar with Cloud Security Alliance CSA guide v3.0 and Confidential SP 800-144(Guidelines for managing Cloud computing Security and Privacy); and a vast experience in RMF and he is a bona-fide member of ComPTIA, ISACA and International Information System Security Certification Consortium (ISC)2.

CORE SKILLS:

• Demonstrated experience as a Security Specialist and Information Assurance Analyst
• Specialize in the Federal Information Security Management Act ( Confidential ) and the Security Authorization process based on Confidential RMF 800-37 Rev.1
• Coordinate in-depth interviews and examine documentation and artifacts in accordance with Confidential SP 800-53 and 800-53A
• Proven ability to thrive in a team environment but capable of operating independently
• Conversant with security-scanning tools such as NESSUS, MBSA IBM APPSCAN, NMAP, HP FORTIFY, HP ARCSIGHT ESM, WEBINSPECT and RETINA .

TECHNICAL SKILLS:

• Security Assessment & Authorization
• Security Planning
• Business Continuity Planning
• Risk Assessments
• Vulnerability Management
• PCI - DSS
• HIPAA
• Incident Response
• Policy and Process Development
• MYSQL
• MSSQL Server
• Oracle
• SharePoint
• Windows Server
• Unix / Linux
• RetinaCS
• NESSUS
• NMAP
• HP Fortify
• HP ArcSight
• WebInspect
• IBM Appscan
• McAFEE Antivirus
• Coldfusion
• HTML
• Javascript

PROFESSIONAL EXPERIENCE:

Confidential

Information SecurityAssessor

Responsibilities:

• Performed vulnerability assessment on Confidential internal, internet-facing and vendor applications, web services and REST using IBM Appscan based on company policies.
• Use of HP Service Manager for Change management of applications and updating Configuration Items in Configuration Management.
• Use of Archer in monitoring and tracking the remediation processes for application vulnerabilities.
• Exploration, testing and running full scans on application to detect vulnerabilities.
• Use of Qualys tool to detect the strength of application ciphers and the vulnerabilities.
• Configuration of the IBM Appscan tool to meet individual scanning requirements.
• Analysis and assessment of applications for vulnerabilities and false positives.
• Performed penetration testing for network vulnerability assessment on Confidential 's network with Retina/BeyondTrust Network Security Scanner.
• Use of Burp Suite for Manual penetration testing of Web applications.
• Use cURL and Snort for vulnerabilities and intrusion detection, traffic analysis and packet logging.
• Attend information security meetings to get customers' requirements and recommend best secure way practices and ensuring applications are remediated before being approved for production use.
• Troubleshoot applications for scanning enablement.

Confidential, Bloomington, IL

Application Vulnerability Mgt Security Analyst

Responsibilities:

• Performed Configuration of HP WebInspect 10.30(.40, .50) Scanners according to the Organization's policies
• Update the SmartUpdate (Scanner Database) from time to time.
• Run RESTful Dynamic scans (An advanced form of Webservice scans) on Organizational Applications in both development and testing environments before getting into production.
• Run UI and Webservice Dynamic scans on applications to detect vulnerabilities
• Analysis of generated reports to developers and guidance on steps for patching.
• Run Veracode static scanner for scanning compiled codes of the Organization's applications.
• Run an Audit & Crawling of Applications and Webservers.
• Attend Security meetings to get the Customers requirements.
• Generated of WSD files for webservice scan.
• Troubleshoot complex applications for scanning enablement
• Involves in Threat modeling processes that define scope and depth, understanding of what is being modeled and interpreting the model as related to Assets, Controls and Threat agents using STRIDE and DREAD Models.
• Other duties as may be assigned.

Confidential, Baltimore, MD

Information Security Specialist

Responsibilities:

• Performed Federal Information Security Management Act ( Confidential ) audit reviews using Confidential 800-37 rev 1.
• Updated IT security policies, procedures, standards, and guidelines according to department and federal requirements.
• Performed risk assessments, developed and review System Security Plans (SSP), Plans of Action and Milestones (POA&M), Security Control Assessments, Security Assessment Reports (SAR), Configuration Management Plans (CMP), Contingency Plans (CP), Incident Response Plans (IRP), and other tasks given and specific security documentation. perform static inside-out code analysis using HP ArcSight and manually analyzing codes for SQL Injection, XSS, Cross Site Framing and XSRF due to web development experience.
• Performed vulnerability and baseline scans on the client network using Nessus and port scanning with NMAP.

Confidential, Lanham, MD

Information Security Analyst

Responsibilities:

• Performed Federal Information Security Management Act ( Confidential ) audit reviews using Confidential 800-37 rev 1.
• Updated IT security policies, procedures, standards, and guidelines according to department and federal requirements.
• Update Security Authorization Packages (SSP, SAR & POAM) and RAR.
• Performed risk assessments, developed and review System Security Plans (SSP), Plans of Action and Milestones (POA&M), Security Control Assessments, Configuration Management Plans (CMP), Contingency Plans (CP), Incident Response Plans (IRP), and other tasks given and specific security documentation.
• Used the Automatic and Manual crawl of WebInspect and AppScan in scanning applications, AppDetective for database scanning and Nmap for port scanning.
• Performed vulnerability and baseline scans on the client network using Retina Network Security Scanner (RNSS) and Nessus. perform static inside-out code analysis using HP Fortify and manually analyzed codes for SQL Injection and XSRF due to web development experience.
• Developed Rules of Behavior (RoB), Interconnection Security Agreement (ISA) and Memorandum of Understanding (MoU) for the client.
• Worked with IT Operations and Network Engineers to mitigate system vulnerabilities discovered in network devices (routers, switches, VPN Concentrator), servers, and workstations.
• Familiarity, strong interpretation and worked with Confidential Publications SP 800-18, SP 800-30, SP 800-37 rev 1, SP 800-53 rev 4, SP 800-53A, SP 800-60 and Federal Information Processing Standards (FIPS) - FIPS 199 and FIPS 200.
• Working knowledge of duties required for a security analyst
• Working knowledge of duties required to implement information security controls and lead information security initiatives
• Ability to translate business requirements into control objectives.
• Working Knowledge of Proper Baseline Configuration of Security Controls, Configuration settings, Impact Analysis, Access Restrictions and Configuration Change controls.
• Established best practices in Server and Network support and trained technical staff.
• Authored Service Level Agreement for internal/external customers for user/security administration.
• Working with Developers to ensure every step of SDLC is properly assessed against risk and appropriate control and enhancement implemented to mitigate against risks.

Confidential

Web Developer/ Information Assurance Tester

Responsibilities:

• Build rapport and elicit problem details from help desk customers.
• Apply diagnostic utilities to aid in troubleshooting.
• Added new users and provided access to databases and system functions. Setup and supported connected peripherals.
• Migration and Backing up of Information and Disaster Recovery tests.
• Selected to create new procedures to improve department productivity and train new team members
• Manually check and test codes for vulnerabilities.
• Developed Web applications using ColdFusion (8) on front end with MySQL and Oracle 10g databases as the back end for various Clients.
• Document all pertinent end user identification information, including name, department, contact information, and nature of problem or issue.
• Gather and analyze requirements for various client projects, support solutions for the various systems.
• Scan and configure systems against intrusions, malware and viruses.