| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name , CISM, CEH, CASPEmail Address: EMAIL AVAILABLE Phone Number: PHONE NUMBER AVAILABLE SUMMARYHighly skilled and experienced information security professional with 5 years of expertise in penetration testing and cybersecurity. Certified in various industry-recognized certifications including Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), and CompTIA Advanced Security Practitioner (CASP). Proven track record of identifying vulnerabilities, conducting comprehensive security assessments, and providing strategic recommendations to enhance organizational defenses. Possesses exceptional technical knowledge, analytical skills, and a strong dedication to maintaining the integrity of information systems.PROFESSIONAL EXPERIENCENorwin Technologies, LLC. Richardson, TX 11/2023 03/2024 Cyber Security Specialist (Contractor)Norwin Technologies helps customers design, build, and manage intelligent, flexible, and secure Information Technology environments. Safeguarded information system assets by identifying and solving potential and actual security problems Protected systems by defining access privileges, control structures, resources, and proper configuration of security solutions applied in the protection of Authoritys assets Implemented configuration and maintenance of the Cybersecurity Incident Response Plan to effectively identify and alert upon potential security events Participated in the investigations being performed as part of the Cybersecurity Incident Response Team; documenting, and maintaining accurate, and detailed records of the incident and all activities that were undertaken in response to an incident Implemented security improvements by assessing current situation, evaluating trends, and anticipating requirements Determined security violations and inefficiencies by conducting periodic audits Upgraded systems by implementing and maintaining security controls Participated in the process of selecting and reviewing information security solutions Assisted in the configuration of intrusion detection and prevention solutions based in the host and network servers to effectively identify potential security incidents Provided the highest level of customer service and professionalism to all internal and external customers Provided superior customer service efficientlyCalian Corporation Houston, TX 08/2021 - 06/2023 Penetration Tester /Information Security AnalystCalian IT and Cyber Solutions (ITCS) creates enterprise value by solving complex problems through a portfolio of on-demand resourcing, IT and cybersecurity consulting, managed services, and SaaS. Conducted internal system/application security audits to ensure compliance with industry specific standards and regulatory requirements/guidelines/frameworks (e.g. PCI DSS(Payment Card Industry Data Security Standard), NIST (National Institute of Standards and Technology) SP 800-53, ISO (International Organization for Standardization) 27001, HIPAA (Health Insurance Portability and Accountability Act), HITRST (Health Information Trust Alliance) OSHA (Occupational Safety and Health Administration), GDPR (General Data Protection Regulation) and validated the resilience of security controls Maintain and develop IT governance frameworks, policies and standards and collaborate with leadership to enforce and establish IT governance practices Performed comprehensive penetration testing on clients corporate systems, networks, and applications to identify vulnerabilities and potential weaknesses Utilized penetration testing tools and techniques to simulate real-world cyber-attacks and assessed the effectiveness of existing security measures Conduct compliance and IT security training for employees to promote culture of security awareness Produce detailed reports outlining identified security issues, potential impact, and recommended remediation strategies Collaborated with cross-functional teams to prioritize and address identified vulnerabilities, ensuring the implementation of effective security controls Assisted in incident response activities, including identifying the source, performed impact analysis of security breaches and provided recommendations for containment and recovery Monitored security events and alerts using a SIEM(security information and event management)system .example SPLUNK to ensure a timely detection and response to any anomalies and unauthorized activities Educated clients on security best practices, offering training sessions and workshops to enhance clients overall system security awareness Identified opportunities to optimize API performance, such as reducing latency, improving response time and enhancing scalability Implemented and managed cloud security measures to ensure the protection of sensitive data and infrastructure Collaborated with cross-functional teams to design and implement security controls for cloud-based applications and services. Actively monitored and responded to security incidents, including conducting root cause analysis, and implementing necessary remediation actions. Utilized cloud security tools, such as Azure Sentinel, to detect and respond to security threats in real-time. Assisted in the implementation and configuration of Azure Sentinel for security monitoring and incident response. Contributed to the development of security awareness training materials for employees. Robert Wood Johnson University Hospital New Brunswick, NJ 12/2019 8/2021 Information Security EngineerRWJUH An academic medical center whose Centers of Excellence include cardiovascular care from minimally invasive heart surgery to transplantation, cancer care, stroke care, neuroscience, orthopedics and womens and childrens care, including The Bristol Myers Squibb Childrens Hospital (BMSCH) Provided response and analysis to data calls and all audit requests by due dates, maintained tracking reports and central repository of data call artifacts. Performed Penetration Testing and Red Team/Blue Team security audits. Identified security gaps for exploiting and executive level briefing. Performed Risk Assessment of vulnerabilities with response for mitigation or acceptance. Prepared and documented System's ATO Brief for submission to Authorizing Official(AO) for his adjudication to grant ATO to a new system or for the existing system to continue operation. Scheduled, tracked, and managed the monthly and quarterly POA&M(Plan Of Action And Milestone) review process. Coordinated meetings and tasking with System Owners (SOs), Information System Security Officers (ISSOs) and supported remediation of opened POA&M items. Reviewed Information System Security Policies and Procedures, System Security Plans(SSPs), and Security baselines in accordance with NIST, FISMA, OMB App III A-130, and industry best security practices Updated settings for Microsoft Defender SmartScreen to help protect your device against potentially dangerous apps, files, sites, and downloads. Assess Security Controls through document review, interview, and test procedures to ensure compliance with FISMA and NIST SP 800-53A Rev 1 Conducted in-depth technical reviews of new and existing IT systems to identify the appropriate mitigation strategies required to bring these systems into compliance with established policy and industry guidelines. Provided ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, OMB, FISMA, etc. Reviewed and validated vulnerability scan results at the operating system (OS) and application level and worked with stakeholders to architect and implement mitigations CERTIFICATIONS Certified Information Security Manager (CISM) Certified Ethical Hacker (CEH) CompTIA Advanced Security Practitioner (CASP) Azure 104 CCNASKILLS Penetration Testing Vulnerability Assessment Network Security Web Application Security Incident Response Risk Assessment Security Auditing Security Policy Development Programming Languages: Python Operating Systems: WindowsEDUCATIONBachelor of Science in Information TechnologyUniversity Name: University of Ghana LegonRelevant coursework: Network Security, Security Compliance, Ethical Hacking, Information Security control assessments |
