Security Consultant Resume
2.00/5 (Submit Your Rating)
SUMMARY:
- Certified Information Security Professional with more than 10 plus years of experience.
- Extensive experience with Nessus, Big Fix, Confidential, and Confidential and Confidential 800 - 53, Confidential controls including the latest Continuous Monitoring requirements, POAMs, patch deployment and management, and remediation.
- Previously took a 2-person IA team with 7 systems from an audited 64%, and within 2 years audited at 96% and came in 1st place.
- Reviewed Applications Designs to determine Compliance to Confidential SP 800-53 rev 4 compliance, assisted in the production of Security documentation for Applications, and assisted in implementation efforts for new Infrastructure / applications to ensure compliance for Confidential 800-53 rev 4, HIPAA, HITRUST, and PCI.
TECHNICAL EXPERIENCE:
Security Consultant
Confidential
Responsibilities:
- Responsible for developing and documenting Confidential cloud criteria, condition, cause, effect of identified deficiencies and recommend courses or remedial actions; conducting validation testing on remediation measures taken to remediate Plans of Action and Milestones (POA&M) created in response to discovering validated vulnerabilities or deficiencies.
- Reviewed vulnerability scan reports until mitigated, and reviewed Applications designs to determine Compliance to Confidential SP 800-53 rev 4 compliance, assisted in the production of Security documentation for Applications, and assisted in implementation efforts for new Infrastructure / applications to ensure compliance for Confidential 800-53 rev 4, HIPAA, HITRUST, and PCI.
Security Consultant
Confidential
Responsibilities:
- Responsible for developing and documenting the criteria, condition, cause, effect of identified deficiencies and recommend courses or remedial actions; conducting validation testing on remediation measures taken to remediate Plans of Action and Milestones (POA&M) created in response to discovering validated vulnerabilities or deficiencies.
- Reviewed Applications Designs to determine Compliance to Confidential SP 800-53 rev 4 compliance, assisted in the production of Security documentation for Applications, and assisted in implementation efforts for new Infrastructure / applications to ensure compliance for Confidential 800-53 rev 4, HIPAA, HITRUST, and PCI.
Senior Security Support Analyst
Confidential
Responsibilities:
- I created the component strategy to implement the Confidential and Confidential Cybersecurity policies and procedures including Confidential ; perform security assessments in accordance with Confidential 800-37 and Confidential 800-53; upgraded and conducted Nessus vulnerability scans and assessments reports;
- Contingency planning and testing; provides Confidential audit support and POAM management and remediation; and provides Continuous Monitoring, including the use of the Confidential mandated Confidential Endpoint Manager (Big Fix).
- Experience with implementing one of our Cloud systems for Confidential compliance; including testing the controls, reviewing and taking required action on the Cloud Service Provider authorization package, and facilitating with applicable parties for approval.
- I also conducted Patch and Vulnerability management and remediation, Audit Log Retention and Monitoring, report actual or suspected computer-security incidents including PII breaches.
- I was the SME for Cyber Security Assessment and Management ( Confidential ) which is a web-based secure network a capability to assess, document, manage, and report the status of IT security risk assessments.
- I also use following security tools: Nessus, WebInspect, Veracode, Confidential Endpoint Manager (IEM), ArcSight, and analyze AppDetective scan reports.
Security Consultant
Confidential
Responsibilities:
- Facilitated, analyzed, and tested information security controls and performing Certification and Accreditation using the Confidential methodology Confidential .
- Confidential Certification and Accreditation, best practices in security, and Confidential security management practices.
- Firm understanding of Confidential SP 800-53 controls, network architecture, physical security, telecommunications/network security, disaster recovery, business continuity planning, application and security awareness training required. Analyze and define security requirements for applications hosted on local and wide area networks.
- Performed Lead ISSO duties in support of in-house and external customers.
- Duties include, but are not limited to, reviewing and developing C&A support documentation; reviewing Foundstone, Nessus, WebInspect, and AppDetective scan reports and provided Confidential analysis for reporting to the Confidential Director and System Owners; incident reporting and monitoring using ArcSight; notifying Confidential Director when changes occur that might affect C&A; performing system and network self-inspections; providing security coordination and review of all system test plans; identifying vulnerabilities and implementing countermeasures; conducting system audits and surveys and gathering pertinent security documentation for inclusion into system accreditation packages; documenting hardware and software upgrades and changes; maintaining security records; and receiving direction from the Confidential Director and POAM management and remediation.
Confidential
Information Security Technician
Responsibilities:
- Managed and inspected three security programs utilizing the Confidential tool for verification of Confidential compliance.
- Briefed management of status of operations.
- Provided technical analysis and support in resolving computer events and/or intrusions.
- Conducted vulnerability assessments, penetration testing, and analyzed output from network vulnerability assessments and recommended mitigation strategies using and reviewing the Foundstone scanning tool.
- Reviewed and provided feedback on information system security plans and procedures.
- Assisted in establishing and maintaining security products to include intrusion detection systems, antivirus and patch management.
- Reviewed and provided input into network designs to ensure compliance with security and enterprise architecture.
- Reviewed logs from devices and made recommendations for risk mitigation.
Confidential
Manager, Securify Pilot Services
Responsibilities:
- Managed the Securify Pilot Services program along with three personnel.
- Briefed government officials and Confidential management on status of operations.
- Assisted in managing the combined Confidential Certification and Confidential Security Analysts in supporting Confidential Intrusion Detection.
- Provided technical support to Network/Security administrators during the identification and resolution of computer security incidents/events.
- Provided technical analysis and support to assist Incident Handlers in identifying and resolving computer events and/or intrusions.
Confidential
Network Security Engineer
Responsibilities:
- Performs vulnerability testing, risk mitigation, risk analysis, and documentation utilizing the Confidential Information Technology Security Classification and Accreditation Process ( Confidential ) process.
- Supports development and documentation of security policies, practices, and processes at security program levels as well as for specific major applications and systems.
- Provide expert level security engineering or analysis in the following areas: Confidential documentation, Operating Systems, ISS Internet Scanner (Test, Reports, and Analysis), Security Readiness Review Scripts (Test, Reports, and Analysis).
- Responsible for maintaining certification and accreditation readiness of all network systems.
- Is responsible for Information Assurance Vulnerability Alert compliance verification. Installed, configured, maintains, and monitors ISS Real Secure Workgroup Manager, Network sensors, and Server sensors.
- Provide technical Trusted Systems Confidential implementation and support to Pilot Services projects in all aspects of Trusted Systems and Information Security Engineering.
Confidential
Assistant System Administrator
Responsibilities:
- Was responsible for 6 servers, 36 workstations, and 13 printers running under Windows NT used by the Directorate.
- Analyzed, installed, tested, and maintained the operating system and application software used by Freedom of Information Action Officers.
- Provided support for site infrastructure, including session and security management.
- Maintained an inventory of all hardware and software assets.
- Provided first-line support for all customers; performed troubleshooting on network, system, and application problems.