| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Bowie, MD Street Address
PHONE NUMBER AVAILABLEEMAIL AVAILABLEObjective: To obtain a challenging permanent position in the field of Network Security Engineering.Education: Capitol Technology UniversityMasters in Network SecurityGraduated: May 2007SUMMA CUM LAUDEUniversity of MarylandBS in Computer ScienceClearance: TOP SECRET SCIFBI CI POLYDHS EODTraining: SWIMLANE - Certified SOAR User 2023TANIUM Threat Response Analyst 2023FBI Citizens Academy 2011 Cyber Security, Counter Intelligence and Counter Terrorism Training.DISA Endpoint Security Solutions (ESS) 5.10 2023DISA Assured Compliance Assessment Solution (ACAS)/NESSUS v5.4 2022Certification: CISSP, CISM, CCNP Security, CCSP, CCNA, CCNA Security, CCDA, CEH, CNDA, LINUX +, SECURITY+, NETWORK +, ITIL V3, VCP, GCIH, GCIA, CASP,AWS Certified Solutions Architect Associate, AWS Certified Cloud PractitionerTechnical: Hardware: Sun E250, E450, NETRA, SUNFIRE, StoreEDGE Rackmount, Sparc Workstations, DELL, Sun and PC Clones.Software: Solaris 6-8, Debian, FreeBSD, Redhat, IPlanet, Netscape Enterprise Server, Windows 95/98/2000/NT/XP, Apache, IIS, Stronghold, Sendmail, Perl, ProFTPD, IBM WebSphere, Exchange Server.ColdFusion, VERITAS Storage Management.Languages: C/C++, HTML, Java, JavaScript, Perl, Shell Scripting.Network Services: HTTP FTP NFS SMTP POP DNS SSH TELENT.Security Tools: Splunk, ArcSight, Authentic8, NEOSIS, LogRhythm, SILK,Big Fix, McAfee EPO, Tanium, FirePower, FireEye, Nessus, CrowdStrikeExperience:Company GrayTier TechnologiesWork History 12/2022 PresentSr Cyber Security Analyst/Incident ResponseTriage and investigate cyber-related activities, determine the source of malicious events in order to contain and remediate further damages to critical systems and data.Proactively perform network defense for high-visibility federal government systems. Utilize state-of-the-art tools like Azure, Splunk, Threat Connect, FireEye HX, and AWS CloudWatch to detect, and analyze threats.Apply leading-edge principles, theories, and concepts; contribute to the development of new principles, concepts and methodologies.Brief leadership and stakeholders on the latest security issues and then develop mitigation and remediation approaches.Continuously monitor multiple AWS cloud environments for anomalies and potential threats.Conduct daily audit review of on-prem and cloud environments critical logs and investigate anomalies events accordingly.Perform incident response and remediation when threats are identified on-prem and cloud environments.Continuously track zero-day vulnerabilities, new threat exposures and emerging security technologies in an effort to keep federal government networks and systems secure.Protect federal government infrastructure and data by enabling the appropriate security controls.Investigate and find evidence of anomalous activities that violates federal government acceptable use policy.Utilize FireEye HX Endpoint Detection Response (EDR) to perform static malware analysis.Perform email trace and purge utilizing Microsoft EOP to triage and contain threats stemming from Phishing activities.Perform IOCs sweep utilizing CrowdStrike to identify potentially infected hosts on the network.Perform hosts and systems quarantine utilizing TANIUM.Company ManTechWork History 03/2019 11/2022Sr Cyber Security Analyst MID Shift LeadUtilizing the security tools such as Splunk, Arcsights, Loggers, Ironport, Netwitness, Sourcefire, FireEye, Remedy, Bluecoat, Sentry, Palantir, Bigfix, McAfee EPO, etc. to monitor, detect, identify, report malicious activities on classified and unclassified networks.Identifying security vulnerabilities and developing contents/signatures in Arcsight and Spunk, Cisco Sourcefire, FireEye to monitor, identify and remediate network intrusions and suspicious activities.Using network monitoring tools such as Splunk, Arcsight and Sentry to identify, isolate and remediate infected hosts.Utilizing Mandiant Forensics tool to capture hard drive and memory images to perform Forensics.Leverage classified reports from Intelligence Communities to identify new tactics, techniques and protocols that state actors and cyber criminals are employing to penetrate against FBI network.Working with other security groups such as CYWATCH, Advanced External Threat, JSOC, CJIS SOC etc. to detect and remediate security incidents.Analyzing incoming CYWATCH alerts and disseminating the alerts to all the Federal Information Security Management Act (FISMA) system owners.Utilizing the MITRE Cuckoo Sandbox to perform Malware Analysis and Reverse Engineering.Utilizing Netwitness and FireEye to capture raw packages and transferring them to Cuckoo Sandbox for further analysis.Developing Standard Operating Procedures and providing training to all the analysts in the Enterprise Security Operating Center (ESOC).Identifying and remediating phishing campaign.Training team members on current applications/tools and also on new technologies.Providing guidance to junior members on how to handle security incidents.Creating after action report for major incidents.Peer review analysts JIRA and Remedy tickets for quality assurance.Review and approve MIDS Analyst timesheets for payroll.Review and approve MIDS Analyst travel expense.Company LeidosWork History 02/2015 03/2019Sr Cyber Intelligence AnalystPerform continuous monitoring, detecting and analyzing network threats activities on both unclassified and classified networks.Utilize network security tools to include Splunk, ArcSight, Netwitness, FirePower, FireEye, Palo Alto, BlueCoat, Big Fix, McAfee EPO, Tanium and Solara for triage and incident response.Utilize Splunk to create search queries, dashboards, summary index and alertsProvide Threat Assessment of known indicators of comprise utilized by APT and Cyber Criminals against DoD entities, Cleared Defense Contractors and US Government networks.Provide a weekly Threat Brief of the DODIN posture at the Commanders Update Brief (CUB) and advise leadership of current Nation State CNE threats against DODIN.Analyze various classified and open-source reports to stay abreast of adversaries new TTPs and exploitation attempts against the DODIN.Provide Snort, Yara and HBSS signatures to the Intelligence Community in an effort to mitigate and countermeasures adversarys threats to the DODIN.Upload serialized intelligence reports into CSSAC in an effort to deploy web content filter (WCF) and access control list (ACL) blocks on malicious domains and IP addresses.Administer ArcSight dashboards and channels to aid continuous monitoring of known indicators of compromise and adversarys command and control infrastructures.Analyze Sharkseer intrusion alerts to detect and respond to adversarial capabilities as they occur in near real time. Utilize FireEye and McAfee tools to stop zero-day malware attacks on DoD computer networks.Analyze net flow and full packet capture of anomalous traffic captured at the DODIN IAPs, this is an effort to decipher APT Computer Network Exploitation operations on the DODIN.Conduct queries of known indicators of compromise utilizing ACROPOLIS tools to identify and mitigate suspicious traffic on the DODIN.Disseminate JFHQ-DODIN Threat Alert tippers to all DODIN entities stemming from malicious events observed in the wild. JFHQ-DODIN tippers are developed to provide indication and warning to the Intelligence Community and CSSPs.Company MetronomeWork History 03/2013 02/2015Sr Cyber Intelligence AnalystProvide incident response and remediation by mitigating all potential risk identified from IDS alerts, recommend forensic analysis, Operating System rebuild and follow up directly with Information Systems owners regarding each incident.Fine tune IDS policy based on intelligence gathered from US CERT, DIA, DC3, NSA, and US Cybercom. Query internal network against potential indicators and implement router and firewall blocks accordingly.Perform internal risk assessments (network and application), set baseline security requirements, control objectives, and industry best practices for defense-in-depth security.Responsible for ensuring compliance with Information Security policies and procedures and DoD privacy and security laws.Work closely with Network Operations Security Enterprise Management (NOS/EM) to perform review and mitigation status of IAVAs and POAM.Educate senior management personnel (through bi-weekly briefings) on DoD security policies, guidelines, statutory laws, and federal regulations governing privacy and security.Review plans, policies, and procedures with key personnel in an effort improve processes for safeguarding PII and promote best practices.Company ICF InternationalWork History 10/2007 03/2013Network Security EngineerMonitor DOD networks and information systems using Snort IDS, Interrogator, and 2I tools to provide incident response and mitigations accordingly.Provide Incident and Intrusion Reporting Responsibilities, and Secure Management of compromised Information Systems.Creating and maintaining Snort rules to countermeasure new and existing threats based on classified intelligence or open-source information.Provide protection of classified and unclassified Information Systems and securing protection between Enclaves.Provide Information Assurance Vulnerability Management of classified and unclassified systems and provide safeguard measure as required.Implement network blocks on perimeter routers, firewalls, and switches as directed COR. Compile information and prepare computer security incidents reports daily/weekly/periodic basis on the events and incidents in the course of network monitoring.Continually perform real-time and retrospective intrusion detection analysis using malware package of UNIX-based and Microsoft Windows-based computer systems and intrusion detection software including Open source and GOTS tools to maintain skill sets required for analysis functions.Provide Certification and Accreditation of unclassified and classified DOD Networks and Systems. Implement and ensure that proper policies and procedures (DIACAP) are applied when handling classified data.Analyzing network traffic using TCPDUMP to uncover any malware or covert channels on DOD networks and information systems.Provide technical expertise as mandated in DOD 8570 during the investigation of computer security incidents as requested by the COR.Recommend mitigation and remediation methodologies based on DOD/DISA guidance and industry standards (NIST) on compromised internal hosts.Company GANTECH, INC.Work History 05/2005 10/2007Systems Security EngineerPerformed vulnerability assessment scanning using NMAP, Nessus, Superscan, Languard and Retina Network Security ScannerImplemented remediation controls against clients known vulnerabilities and developed risk assessments based upon results from vulnerability assessmentDeveloped and test host based hardening procedures for Windows platform based on the guidelines and procedure of Center for Internet Security (CIS).Support the evaluation of new Information/network security product; determining compatibility, resource requirements and development of migration strategies, tactics and tools.Use encryption schemes Triple DES and AES algorithms to negotiate VPN encryption keys.Analyze and monitor TCP and UDP packets at the Network layer for IDS and firewall implementation.Serve as a security technical analyst and advisor on clients initiatives to evaluate new technology resources for program compliance based on industry standard.Work directly with clients to review, recommend and implement a secure, redundant firewall and network configuration.Evaluated and tested several anti virus applications. Deployed and administered McAfee Epolicy 3.5 Anti Virus Management.Deployed and administered Patch Link Management using Novell Zenworks.Company NCO Financial SystemsWork History 01/2001 09/2005Network Security AnalystDesigned and implemented security in client-server (firewall) Inter/Intranet environment.Install, configure and manage deployment of Checkpoint, PIX, Firewalls, IPFilter, and NetFilter.Tested, evaluated and developed secure solutions (firewalls).Conducted a thorough network vulnerability assessment.Implementing Network Security technology (TCP/IP, IP ROUTING, Firewalls, Packet Filters, VPNs).Monitor and track real time IDS events using dragon.Assisted in the security review and testing of all networks, servers and applications.Performed regular intrusion detection (tracing network intrusion and responding to insider attacks), security updates and managed upgrades.Implemented and monitored security support systems, including firewall implementation monitoring.Provided technical services and system security engineering for Public Key Infrastructure (PKI) applications.Maintained backup and initiated disaster recovery.Recommended policies and procedures for managing, maintaining, and supporting the Intranet/ Internet usage.Company Advanced Web CreationsWork History 10/1998 09/2000Web Security AdministratorDeveloped, implemented and maintained firewall technologies that secure the web.Provided administration, maintenance and support of the websites, web servers and web application servers.Created, modified and deleted user profiles and other access controls.Reviewed security logs and violation reports (ids).Researched and integrated new technologies into the web environment.Evaluated and recommended security products for various web platforms.Worked with UNIX security, Architecture and Applications Development teams on a regular basis providing web administration support.Designed firewall Architectures such as Single box architecture, screened host architecture and multiple parameter nets.Addressed network topology and architectural issues.Designed, tested and implemented information dissemination system over TCP/IP local and wide area networks.Installed new servers/new applications on existing servers in support of internet and intranet environment.Installed, operated and monitored authorized network surveillance hardware and software.Company Advanced Web CreationsWork History 12/1997 12/1998Technical Support SpecialistProvide web based technical support via phone and email.Debug HTML and CGI ScriptsUpload Web Files via File Transfer Protocol.Solve end users problems.Work in teams to solve internet related problemsSetup DNS and email accounts.Troubleshoot email problems using Outlook and Netscape mail.Setup and administer online conferences through WebEx.References: Available upon request. |
