We provide IT Staff Augmentation Services!

Security Analyst Resume Profile

Strengths

  • A strong leader to manage information security and related risks
  • Polished, persuasive communicator, able to translate complex issues into easily understood statements for all levels of the organization.
  • High level written communication and coordination skills to work with internal teams, senior management and business unit stakeholders.
  • Managed information security related risk assessments, policies and procedures, security standards, governance/compliance
  • Able to apply expert level business and technical acumen while defining security and compliance solutions that deliver best practices for building and monitoring controls for information data protection and threat management for business goals and objectives.
  • Well-developed organizational skills, able to forecast problems and envision solutions
  • Customer-centric in all facets of work, partnering with clients, sub-contractors and vendors.
  • Security Assessment Tools
  • Solar Winds, Nessus, SAINT, nCircle, Mandiant, TCPdump, Nmap, netcat, Cain and Abel,
  • Kismet, Ethereal, Hydra, Qualys, Wireless Air Defense, Varonis, Imperva, backtrack tools.
  • Malware analysis tools and techniques
  • Microsoft Sysinternals, regshot, capturebat, wireshark, fakedns malcode analysis pack , dependency walker, md5deep, peid, dd, autorun, etc.
  • Mandiant tools - Memoryze, Audit Viewer, Redline, IOCe, Metasploit Forensic Framework, Web Historian, ApateDNS.

Professional Experience

Confidential

  • Cyber Security Engineer that ensures compliance with Government laws and regulations with security guidelines, policies and procedures as part of an outsourced IT Security Services. Compliance with regulatory requirements and the organization's own policies are a critical component of effective risk management.
  • Serve as an internal information security advisor to the organization.
  • Ensure technical risk is identified and managed in a timely manner.
  • Communicate effectively with senior management, key leadership, business peers, IT peers and vendors to solve business/technical problems and provide technical solutions.
  • First responder to incidents and performs forensic analysis using appropriate tools to assist with incident investigation.
  • Assist with development of disaster recovery and business continuity procedures, plans and testing.
  • Developed and maintained Global Information Technology security processes/standards that are compliant with policies and best practices.
  • Maintain a solid understanding and process to continually research and address security concerns.
  • Balances risk vs. business needs while ensuring policies are implemented in accordance with corporate-wide policies and external regulatory obligations.
  • Performs vulnerability and penetration tests to ensure compliance.
  • Performs research of malicious software and exploitation tactics impacting the business.
  • Researches and advises client on safeguards to mitigate risks, threats, and vulnerabilities.
  • Participate in security regulatory compliance efforts.
  • Stays abreast of internal security related risks that would affect the business.
  • Develops and standardize processes and procedures relating to IT Security risk across the technology organization.

Confidential

  • Coordinated the activities for proof of concept on various malware tools and technologies that identify Advanced Persistent Threats APT for incident response, investigation functions, and forensics.
  • Evaluate and analyze malicious code through the use of forensics tools.
  • Responsible for implementing an Enterprise security detection and protection solution in support of identifying compromised systems that are infected with malicious software within the organization which provides some proactive measure to stop the malware from infecting targets including the disruption of processing services or infiltration of sensitive financial data.
  • First responder to determine the activities by examining the malicious software, such as bots, worms, and trojans to understand the nature of their threat and ascertain the intended function and risk to First Data's assets, and financial information from the infiltration of malicious software.
  • Draft formal and informal reports with details of the malware,
  • Manage compliance and risk management for the most critical and complex applications, systems and data such as confidential restricted information and protection of control systems for the credit card processing system. This includes ensuring the proper alignment of controls related to infrastructure and information systems and distribution of information to prevent theft, misuse and compliance with all regulatory requirements.

Comprehend a basic understanding of operating systems/file systems, networking, system administration, architectures and security elements to include firewalls, intrusion detection systems, routers and proxies, as well as researching and maintaining proficiency in tools, techniques, countermeasures, and basic trends in computer and network vulnerabilities and exploits.

  • Understand regulatory requirements and best practice solutions to build and manage an APT solution to manage security risks.
  • Knowledge of reverse-engineering malware by assessing the event's scope, severity, repercussions which assist in containing the incident and in planning recovery steps.
  • Created indicators of compromise IOCs for scoping and containing the malware intrusion.
  • Implemented and evaluated Request for Proposal RFP for enterprise wide pen test/vulnerability software.
  • Liaise with technology teams to ensure alignment between the security and enterprise architecture.
  • Investigated various software products to identify PII and credit card data DLP for PCI compliance.
  • Performed vulnerability and penetration tests to ensure annual PCI compliance.
  • Performs research of malicious software and exploitation tactics.
  • Stays abreast of internal security related risks that would impact the business.

Confidential

  • Served as an internal information security consultant to the organization.
  • Develop and structure the organization to ensure technical risk is identified and managed in a timely manner.
  • Communicated effectively with senior management, key leadership, business peers, IT peers and vendors to solve business/technical problems and provide technical solutions.
  • Develop and standardize processes and procedures relating to IT Security risk across the technology organization.
  • Develop a formal Threat Management Program focusing on security risks and vulnerabilities utilizing the appropriate level of staff, automation and process.
  • First responder to incidents and performing incident analysis.
  • Assist with development disaster recovery and business continuity procedures and plans.
  • Maintain a solid understanding and process to continually research and address security concerns.
  • Balances risk vs. business needs while ensuring policies are implemented in accordance with corporate-wide policies and external regulatory obligations.
  • Report progress on Architecture and Threat activities to management on a consistent basis.
  • Provided direct training to staff and management.
  • Assist with development of security procedures and policies.
  • Advised management in improving and carrying out policies in accordance with security state and federal regulations.
  • Took ownership and management of the compliance service and it's delivery from end to end.
  • Managed the compliance service to meet Service Level Agreements and ensure deliverables are provided within the timeframe specified.
  • Performs Network Security Monitoring NSM to detect intrusions and intrusion attempts.
  • Performed Detection and Response monitoring against mission critical systems housing sensitive/protected/private data and performing security reviews.
  • Partnered with the sales team as the SME for security solutions for opportunities with the Federal Government.

Confidential

  • Established great relationships with key customers to make sure we had in-depth information about core processes, so that we could determine whether there were compliance risks.
  • Performed information security risk assessments and serves as an internal auditor for security issues.
  • Monitored the internal control systems to ensure that appropriate access levels are maintained.
  • Interfaced with external IT Auditors to ensure the finance and IT systems had and used the right controls to be compliant with best practices security procedures
  • Took ownership and management of the compliance service and it's delivery from end to end.
  • Managed the compliance service to meet Service Level Agreements and ensure deliverables are provided within the timeframe specified.
  • Ensured that there was no unauthorized access to wireless networks to protect sensitive data.
  • Performed vulnerability, penetration tests of customer's wireless computing environment and provided technical solutions related to the results of the tests.
  • Managed project team resources for accountability and resolution of threats to improve customer satisfaction.
  • Provided preventative activities based on the results of risk assessments that did lower the number of incidents and complex problems.

Confidential

Professional Security Analyst

  • Guided Oracle in mapping ISO 17799 and SOX compliance processes to see how many points of convergence and overlap there were to meet government regulations and save money.
  • IT Security Professional with advanced information technology and auditing expertise to systematically identify critical problem areas/weaknesses to institute-improved course of action for maximum effectiveness.
  • Provided consulting expertise to all stake holders by identifying security risk management and compliance solutions driven by business needs for significant business critical applications.
  • Project Manager for PCI compliance and Federal on Demand services in the On Demand environment.
  • Developed the security procedures and policies for PCI compliance.
  • Performed vulnerability and penetration tests of Oracle's On Demand computing environment.
  • Acted as liaison between legal and the rest of the business to determine gaps and missing components which strengthened remedial efforts to reach compliance.
  • Worked closely with Legal and acting as a liaison between the other departments to implement compliance.
  • Systematically solved problems by working with key business owners to develop remediation plans.
  • Maintained and developed PCI compliance processes.
  • Provided direct training for Service Delivery Managers and Operations staff on Payment Card Industry Data Security Standards.
  • Performed vulnerability, penetration tests of customer's computing environments and perform investigations related to the results of these tests.
  • Developed and maintained Global Information Technology security processes/standards that are compliant with policies and best practices.
  • Developed Business Continuity plans for Global Information Technology Security Services.
  • Vendor Request for proposals was completed quickly and professionally for the sales process.

Confidential

Technology Risk Management Professional

  • A professional services company that is a solutions provider of internal auditing and technology services.
  • Managed and implemented client engagements including Sarbanes-Oxley SOX security controls evaluation as well as policies, procedures, internal control reviews, various risk assessments, remediation and evaluation of un-remedied deficiencies ensure the integrity of audit processes.
  • Quickly become knowledgeable of the client's industry and recognized key performance drivers to gain acceptance on a wide variety of issues impacting the client.
  • Monitored the internal control systems to ensure that appropriate access levels are maintained.
  • Advised management in improving and carrying out policies in accordance with security compliance of federal regulations.
  • Established solid relationships at all levels of the organization from the Legal Dept., CIO and VP level to system administrators.
  • Assist with development of security procedures, and policies.
  • Developed methods to improve security policies, processes and practices, and recommend changes to management.
  • Report progress on Architecture and Threat activities to management on a consistent basis.
  • Served as a key respondent and facilitator for internal and external security and compliance related audits.
  • Ensured that there was no unauthorized access to data and wireless networks to protect sensitive data.
  • Performed vulnerability tests of customer's computing environments and wireless networks, and performed investigations related to the results of these tests. g

Confidential

Security Analyst

One of 8 analysts on the Security Test and Evaluation Team inspecting and evaluating the safety of information system assets, as well as conducting NIST 800-26 self-assessments for the Bureau of Land Management BLM . Collect and analyze requirements, conduct security assessments and vulnerability testing, evaluate system documentation, and produce thorough reports describing exploitable vulnerabilities. Assist with development of security procedures, and policies. Developed methods to improve security policies, processes and practices, and recommend changes to management.

Hire Now