QUALIFICATIONS:

Highly skilled Information Technology Specialist, specializing in IT Security. Demonstrated knowledge and experience in host/network common vulnerabilities and exploits CVEs , analysis, and the tools used. Experienced in planning, developing, implementing, and maintaining security programs, polices, and procedures to provide confidentiality, integrity and availability for systems, networks, and data. Directly support Chief Information Security Officer CISO to provide information assurance to Recovery Board Accountability and Transparency Board RATB with security infrastructure implementation, vulnerability management, continuous monitoring, security awareness training, policies and procedures, review reports, and other security relate assignments.

• IT Security
• NIST 800-53 Rev 3/Rev 4
• FISMA
• POAM
• Problem Solving
• Analytical Skills
• Policy and Planning
• Systems Analysis
• Applications Software
• Operating Systems
• Network Services
• Data Management
• Systems Administration
• Detail Orientated
• Customer Service
• Oral Communication
• Interpersonal Relationships

TECHNOLOGYSKILLS:

• MS Windows 2003/2008 server, Windows 7/Vista/XP, Linux, Red Hat
• Microsoft Office 2000/2003/2007/2010, Visio, Adobe Acrobat, Adobe Photoshop, AutoCAD, Assembly, C, C , Matlab, Norton Symantec, McAfee Antivirus
• McAfee DLP/IDS, McAfee ePolicy Orchestrator ePO , Symantec DLP Vontu , NMAP, Putty, Tenable SC, Tenable Nessus, DBProtect Scanner, DBProtect Monitoring, BlueCoat, Netwitness, Xcedium, Solarwind, Splunk, HP Tipping point, Proofpoint, Archer GRC, RSA SecureID, SharePoint 2010, Microsoft SQL Server Database 2008
• TCP/IP protocol suite, TCP/IP headers and packets, the OSI model, and commonly used TCP/UDP ports and associated services

PROFESSIONAL EXPERIENCE:

Confidential

• Provides assistance to CISO in reviews and evaluates information security policies, and identifies the need for change based on the Board's new security technologies or threats included Grand Jury data, and law enforcement data protection.
• Prepares training materials and conducts quarterly and annually Security Awareness Training to the Board's staffs, and Grand Jury Security Awareness Training to authorized personnel
• Examines network device and server systems logs and information gained from network sniffers or protocol analyzers such as Palantir, McAfee IDS, McAfee DLP, Symantec DLP, Proofpoint, and HP Tipping Point to identify potential risks and policies violation
• Installed, configured, troubleshot,, upgraded, and maintained various security devices such as Tenable Security Center, Tenable Nessus Scanner, DBProtect, Symantec DLP, McAfee DLP, BlueCoat, and ProofPoint and uses software intended to ensure that automated systems and software applications are secure from unauthorized use, viruses, data leakages, and vulnerabilities would compromise other aspects of overall system security
• Implements and administers two factor authentication for more secure VPN authentication with RSA SecureID RSA token
• Migrates all hard tokens to software tokens for RATB's internal and external employees to prevent assets loss.
• Conducts internal and external vulnerability scans, and compliance scans to evaluate possible environmental risks to provide attack detection, mitigation, and compliance monitoring
• Ensures accurate vulnerability assessment results are generated and made available to the CTO, CISCO, and CIO
• Provides assistance to Operations team to keep patches up to date, track and document mitigation strategy such as date to be completed, patches that unable to roll out and risk associate
• Tracks and records possible intrusion or security breach from routine daily analysis, and assist in incident response and continuous monitoring activities
• Serves as point of contact for RSA Archer implementation, DHS Einstein Program an intrusion detection system that monitors the network gateways , and DHS NCCI for HeartBleed Vulnerability assessment
• Provides assistance for annual third party vulnerability assessment from DHS and Mindpoint Group
• Participates in drafting information systems security documentation, procedure, such as systems security plans, risk assessments, user security guides, standard of operation SOP , FISMA report, and C A process
• Conducts Privacy Impact Assessment PIA and Privacy Threshold Assessment PTA for FA.gov, General Support System GSS , and Recovery Operation Center ROC systems
• Gives assistance to internal and external contractors on security issues and reviews monthly continuous monitoring reports from third party contractors Smartronix, CGI Federal
• Assists Office of General Counsel with FOIA request
• Serves as SharePoint administrator for Office of Chief Information Officer
• Oversees POAM management process
• Accomplishment: Successfully protect RATB with millions of dollars of law enforcement cases from security incident over the years.
• Outstanding performance review 5/5.

Confidential

• Reviewed computer architecture and software specifically computer power patent applications to determine if they comply with Federal law and regulations and scientific principle
• Scrutinized patent applications, determines the scope of protection claimed by the inventor, researches relevant technologies, and communicates findings and decisions to patent practitioners and/or inventors
• Extensive reviewed of a large body of technical information, including detailed drawings as represented in electrical schematic, 3-dimensional mechanical portrayed drawings or chemical manufacturing process diagrams
• Prepare office actions which explain in details why or how the patent application is not eligible for approval in a production-oriented environment
• Conducted interview with patent attorneys regarding the patentability of the applications
• Recommended potential allowance patents to supervisor for allowance
• Experienced in patent database searching tools EAST, WEST, and google patents

Accomplishment: Outstanding performance. Promoted to GS9 within a year period

Confidential

Security Analyst Intern

• Helped build and configure Windows 2008, 2003 and XP based upon DHS Security Configuration Guidance in the Testing Lab environment
• Conducted internal vulnerability assessments scan using DBProtect for Database, WebInspect for Webserver, Tenable Security Center/Nessus, NMAP and Retina for OS
• Analyzed the scan results to determine potential vulnerabilities
• Experienced with developing Security Test and Evaluation Plans and analyzing the results of security test activities to evaluate the existence and effectiveness of NIST 800-53 security controls

Accomplishment: Full-time position offered