Information Technology Security Analyst

Talented IT Security Analyst providing definitive IT Security solutions, custom tailored for client specific needs. Dedicated, proven results, focusing on vulnerability assessment and mitigation strategies, certification and accreditation, and auditing compliance.

PROFESSIONAL EXPERIENCE

• Confidential Current Position: Cyber Security Analyst Serve as technical analyst for cyber security threats and/or incidents, and provide resolution procedures to Senior Management, Mid Level Management, and technical staff. Provide services and/or consultation in: 1 Research of industry best practices for application to PA information security/cyber security program, and 2 Analysis of network traffic via Riverbed, packet analysis . Provide guidance, installation/upgrade method suggestions, and trend analysis for PA baseline and non baseline applications. Provide analysis of malware trends and report issues which may pose a threat to PA's overall security posture.
• Manage New York State, Multi State Information Sharing and Analysis Center MS ISAC, New Jersey State and US CERT Cyber Security Alerts. Research technical aspects of alert messages and delegate to sections for remediation.
• Research technical aspects of incident messages and delegate to sections.
• Generate all technical reports to identify PA assets affected by cyber security incidents using PA network tools i.e. Riverbed . Review findings to include traffic and packet analysis, and suggest potential remediation efforts.
• Document and process NYS, NJS, and MS ISAC incident advisories as generated by PA perimeter log. Track, follow up, ensure remediation, and closeout incidents for documented incidents.
• Coordinate with points of contact to ensure version updates of core build software as needed.
• Review agency approved non core build software to ensure currency. Coordinate all technical aspects of software and hardware patching initiatives that affect Cyber Security to the PA i.e. McAfee update prior to EOL, core software . Escalate to Authority Project Manager where additional information or assistance from PA staff or vendors is required.
• Coordinate all technical aspects of software and hardware projects with technical staff of the Technical Service Department TSD and vendors to TSD.
• Perform all root cause analysis of malicious logic/incidents, reporting results to TSD section analysts and relevant management. Suggest remediation efforts to thwart potential/active threats.
• Identify the key technical threats relevant to PA as reported via Cyber News advisories and report findings to management. Suggest remediation efforts to section leads and relevant management as necessary.

Confidential

Position: IT Security Analyst

• Implement IT security measures throughout the Department of Commerce.
• Focal point of contact for all IT security matter, policies, and procedures.
• Spearhead implementation of IPv6, Trusted Internet Connection TIC, DNS Security DNSSEC, DHS Cyber Hygiene Service, and Risk and Vulnerability Assessment Commerce wide to 14 different organizational units .
• Ensure all IT security procedures are followed, disabling units not in compliance until they successfully remediate issues.
• Brief the Chief of Information on IT Security projects, prioritizing the projects based upon Department of Commerce needs, goals, and quarterly objectives. Track status of projects, provide leadership for completing projects, and also provide assistance as necessary to the organizational units in order to ensure successful completion/implementation.
• Utilize Microsoft Excel and Access to monitor, track, and analyze raw data provided from the Department of Homeland Security Cyber Hygiene Scan.
• Perform data analytics of raw data to disseminate to the 14 different organizational units which fall under the Department of Commerce, to identify, classify, and rank security incidences for remediation, and brief Chief Information Officer Security Council on pertinent information, necessary action, and forthcoming actions.

Confidential

Position: IT Security Analyst

• Served as primary point of contact for Security matters for the Integrated Resources Information System IRIS .
• Prepared for Authorization To Operate ATO inspection for the IRIS software via the DOD DIACAP inspection process. Ensured all applicable Information Assurance controls were met in accordance with DOD regulation, STIGs, and IAVAs. Remediated and properly documented deficiencies immediately. Prepared required documentation for submittal for ATO.
• Suggested remediation recommendations to team members from a security standpoint on issues that prevented proper resolution/implementation of Information Assurance controls.
• Implemented and tracked Plan of Action and Milestone POA M, and submitted to Designated Approving Authority DAA upon completion. Updated and tracked statuses in Vulnerability Management System VMS .
• Assisted in revamping Service Level Agreement SLA, and Continuity of Operations Plan COOP between DISA/DELTA Resources and the Defense Enterprise Computing Centers.
• Managed IRIS Helpdesk by prioritizing and assigning trouble tickets to developers and associate staff for remediation of IRIS issues.

Confidential

Position: IT Specialist GS 2210 11 IT CUSTSPT

• Assisted with the delivery of Information Assurance and Vulnerability Assessment IAVA patches to ensure systems were in compliance with the established Information Assurance awareness program.
• Assisted with applying information security/information assurance policy, principles and practices.
• Reviewed and analyzed RETINA scans to assist with the delivery of appropriate Information Assurance and Vulnerability Assessment IAVA patches to ensure systems were in compliance with the established Information Assurance awareness program.
• Assisted with applying and enforcing information security/information assurance policy, principles and practices by consistent monitoring of workstation compliance as reported by the Information Assurance Division.
• Completed assigned tasks identified via Plan of Action and Milestones POA M .
• Conducted validation activities via RETINA scanning tool by performing vulnerability scans and data analytics of scan results and mitigation measures .
• Mitigated system weaknesses and shortcomings identified by applicable audits, IAVAs, and STIGs.
• Compiled information necessary for justifying why information systems possess operational necessity despite having an IT security weakness and provide results to IAM for determination of acceptance or denial of risk acceptability.
• Tested and verified IA controls.
• Performed analysis and security configuration in direct accordance with Operating System STIG requirements.
• Ensured standard environment settings as established via baseline, and applied configuration settings as necessary, identified potential risks, and mitigated as necessary.
• Performed testing on applications to ensure they met established requirements and functioned correctly as per Application Security and Development STIGs.
• Maintained applications and updated as necessary as per Application Security and Development STIGs.
• Completed DIACAP training via Defense Information Systems Agency DISA
• Assisted with administration of Local Area Networks LAN .
• Provided technical guidance, advice, and assistance to organization personnel.
• Supported a full range of hardware and software applications including personal computers, and network servers.

Confidential

Position: Information Technology Specialist GS 09

• Served as an Information Technology Specialist within an assigned hub/sector, responsible for network administration and support of automated information technology activities and related telecommunications requirements.
• Assisted with administration of the Local Area Networks LAN .
• Provided technical guidance, advice and assistance to organization personnel.
• Supported a full range of hardware and software applications including personal computers, and network servers.
• Planned and delivered a full range of information technology customer support services, including installation, configuration, troubleshooting, customer assistance, and/or training, in response to customer requirements.
• Diagnosed and resolved problems in response to customer reported incidents. Installed, configured, upgraded, set up, and troubleshooted all hardware and software components, ensuring compatibility with existing systems and other system interfaces, and tested for system malfunctions.
• Installed, upgraded, configured, and tested off the shelf, locally developed, and other agency developed computer software.
• Received, responded to, and ensured resolution of all types of help center calls.
• Documented actions taken in the help desk problem tracking system database.
• Provided computer and associated software training.

Confidential

Positions: Information Management Craftsman/Journeyman

Information Technology Manager/Trainer

Client Support Administrator

Work Group Manager

• Was responsible for all aspects of the installation, troubleshooting, and necessary upgrades of local area networks LAN, wide area network WAN, connectivity issues, PCs, laptops, printers, and faxes. Directly supported of 1200 personnel for the entire facility and 385 personnel in my immediate work center.
• Performed enhancements both hardware and software on information systems. Provided on call PC and LAN support for approximately 385 employees. Met with department heads on an individual basis to determine their exact upgrade needs for their units.
• Extensive hands on time as a supervisor, operator, and principal troubleshooter for 650 information systems valued at 450K.
• Created, managed and monitored user accounts, network rights, and access to computer systems and equipment using Active Directory. Allocated system resources to users and programs to include training on how to use computer systems and software/programs.
• Consistently recognized by management for superior performance, management, analysis/problem solving skills.
• Other primary duties included: Functional Area Records Manager, Automated Data Processing Equipment Custodian, Building Telephone Control Officer, Human Resource point of contact for resolving IT related issues, Information Assurance Training Monitor, and instructing new employees in the Information Management career field, both military and civilian.
• Revamped the entire database system for tracking internal performance evaluations and decorations.

Confidential

Position: System Deployment Team

• Was responsible for the setup, configuration of new computer systems.
• Tracked all system upgrades and changes in centralized system database.
• Trained end users on usage and policies regarding their new systems.
• Migrated user data and information from old systems to new systems.
• Ensured proper accountability for old and new systems during and after migration.

Confidential

Position: Counter Operations Agent

• Repaired customer owned computers remove viruses and spyware, install necessary hardware i.e. hard drives, memory, video and sound cards, etc. .
• Directly assisted customers with IT issues at the counter.
• Installed software antivirus, anti spyware, specified software, as well as hardware memory, video cards, hard drives, motherboards, etc. on both newly purchased computers as well as customer owned ones.
• Troubleshoot customer issues via telephone.
• Trained customers on usage of installed software recommend software that suits their needs/focus.
• Shipped computers to Geek Squad service center for further repair.

TECHNICAL SKILLS

• MCITP: Enterprise Desktop Administrator 7 D239 1920
• Comptia Security Certified Comp
• Security and vulnerability scanning with data analysis
• Superior troubleshooting, repair, upgrade, and regular maintenance of workstations/PCs, laptops, printers, faxes, to include hardware, software, configuration
• Extremely proficient in Microsoft Active Directory Management adding/creating/permissions for users and objects, RETINA, REMEDY, Symantec Antivirus, McAfee Antivirus, JAVA, Microsoft Office Suite, Microsoft Outlook, DameWARE, Adobe Products, FormFlow 2.1, PureEdge ICS Viewer, Winzip, Disk Imaging, Patch/ Hotfix management, NUMARA Footprints, NUMARA NAMPS, Visual Basic, RiverBed
• Extensive knowledge of Windows 95, NT, 2000, XP, Vista, Windows 7 Operating Systems
• Extensive knowledge of NIST, ITIL, Army Regulations
• Intimate knowledge of Microsoft 2003 server Exchange Mail Server, SCCM package compilation, deployment, updates, and report generation
• Superb ability to communicate with technical and non technical LAN users to resolve conflicts, teach end users, provide training and instructions.
• Active SECRET security clearance