| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Active Secret ClearanceMBA -Cyber Security-Certified CompTIA Security+, Cyber Threat Leve 1, CISA.E-mail: EMAIL AVAILABLE Phone: PHONE NUMBER AVAILABLE Address: Owings, MD Street Address
PROFESSIONAL SUMMARYDedicated and driven Security and Compliance Analyst with a passion for ensuring robust security protocols and regulatory compliance within organizational frameworks. Seeking to leverage a strong background in risk assessment, threat detection, and regulatory adherence to contribute effectively towards safeguarding sensitive data and fortifying organizational resilience against evolving security threats. Committed to staying abreast of industry best practices and emerging technologies to enhance security posture and mitigate vulnerabilities effectively. I am dedicated to safeguarding organizational assets, information systems, and data from cyber threats and risks. I have conducted cyber risk assessments, prioritized risk management activities, and ensured compliance with cybersecurity standards and regulations. Investigated and resolved security-related issues such as system vulnerabilities, malware infections, and unauthorized access attempts. I leverage log analysis tools to go through vast amounts of data, identify abnormal behavior, and investigate security incidents to determine their root cause.SKILLS SNAPSHOTNIST 800 series; 800-18, 37, 39 .50, 53, 53A, 30, 60, 118, 137, 171, FIPS, FISMA ISO 27001, HIPAA, SOC2, PCI-DSS and others. Incident reporting and incident management with tools like JIRAVendorsecurityassessmentProjectManagementNetworking monitoring with IDS/IPS, Firewall etc.POAM ManagementDrafting and creating Sops Third Party Risk Management (TPRM) Drafting Policies&Procedures Software Development Lifecycle (SDLC) Cloud and FedRAMP ComplianceGRC Compliances and EXACTA 360 proficientTechnical Writing Capabilities.solutions SIEMs, firewall appliances, intrusion prevention systems, data loss. OWASP Top 10 and SANS 25. Identify and address issues such as CSRF, XSS, SQL Injection, Privilege Escalation. conducted and reviewed vulnerability scans, device configurations, and system architecture, employing tools like Nessus, WebInspect, IACS, CSAM, and AppDetective. I've honed my expertise in information security engineer, specializing in vulnerability scanning, anti-malware solutions, content filtering, breach detection, and network security. Leverage detection/prevention systems (IDS/IPS), firewalls, proxies, antivirus software, Endpoint Detection and Response (EDR), and Data Leakage Prevention (DLP) solution.(SIEM) solutions such as Splunk, IBM QRadar, or ArcSight for log aggregation, correlation, and analysis.EDUCATIONMaster of Science in Cybersecurity Technology, University of Maryland Global Campus, June 2022Cyber Threat Hunting Level 1Certified CompTIA Security+Certified Scrum Master. Scrum AllianceProfessional Scrum Master. Scrum.OrgCertified Information Security Manager (CISM) by ISACAPROFESSIONAL EXPERIENCETriple Canopy Inc October 2019 PresentCyber Security Analyst, Washington DCTracking and report level of compliance for Information Systems.Reviewing and analyze information system audit records weekly for indications of inappropriate or unusual activity and reports findings to appropriate management and technical personnel.Receiving information system security alerts, advisories, and directives from designated external organizations on an ongoing basisGenerating internal security alerts, advisories, and directives as deemed necessary and disseminate security alerts, advisories, and directives to appropriate management and technical personnel.Implementing security directives in accordance with established time frames.Ensuring that the organization's systems and processes meet industry regulations.Reviewing and analyze security controls, identify vulnerabilities and risks, and recommend and implement solutions to improve the overall security posture of the organization.on Authorization boundariesEvaluating the effectiveness and implementation of Continuous Monitoring PlansRepresenting the customer on inspection teamsCommunicating with the Information system Security officer to analyze risks.Conducting risk management by identifying, assessing, responding, and monitoring risk respectively.Assessing incoming threats and developing plans to close loopholes.Analyzing security breaches to determine the root cause of problems.Generating reports for both technical and non-technical staff.Completing penetration tests on network systems and configured and updated antivirus servers.Performing security evaluations, managed, and regulated all user access to the company's network, and pro-actively participated in team meetings with IT managers.Performing and analyze vulnerability scans using the Nessus ToolPlanning, implementing, upgrading, or monitoring security measures for the protection of computer networks and information.Assessing system vulnerabilities for security risks propose and implement risk mitigation strategies.Meticulously assess and analyze the organization's current security posture, identifying vulnerabilities and potential threats.Design and implement comprehensive security policies, procedures, and controls to mitigate risks and ensure compliance with industry standards and regulations.Conduct regular security audits and assessments to evaluate the effectiveness of existing security measures and recommend improvements.Develop and deliver customized security awareness training programs to educate employees about best practices and reduce the risk of security incidents.Manage and configure security technologies such as firewalls, intrusion detection/prevention systems, and endpoint protection solutions to safeguard the organization's assets.Collaborating with cross-functional teams to integrate security requirements into the development lifecycle of applications and infrastructure projects.Monitor security events and alerts using SIEM (Security Information and Event Management) tools, promptly investigating and responding to potential security incidents.Leading incident response efforts, coordinating with internal stakeholders and external partners to contain and mitigate security breaches effectively.Conducting in-depth forensic analysis and root cause analysis to understand the impact of security incidents and prevent future occurrences.Maintain and enhance the organization's disaster recovery and business continuity plans, ensuring resilience in the face of cyber threats and disruptions.Staying abreast of the latest cyber security trends, threats, and technologies through continuous learning and professional development activities.Contribute to the development and maintenance of security documentation, including policies, standards, procedures, and guidelines.Serve as a subject matter expert on security-related matters, providing guidance and support to internal teams and external partners.Participate in security governance meetings and represent the security team in discussions related to risk management and compliance.Foster a culture of security awareness and accountability throughout the organization, promoting a proactive approach to cyber security among all stakeholders.Performing system vulnerability scanning, IAVM Compliance, STIG/SRG Compliance and performing log reviewsMVM, Inc January 2013-October 2019Security Control Assessor, Ashburn, VA,Verified accurate system categorization using National Institute of Standards & Technology (NIST) 800-60 and FIPS Federal Information Processing Standard (FIPS) to support systems/applicationsEstablished security controls for information systems based on National Institute of Standards & Technology (NIST) 800-53 rev 4 and Federal Information Processing Standard (FIPS) 200Conduced security assessment interviews and compose security assessment reports (SARs) during the completion of the securityTest and Evaluations (ST&Es)Reviewed and confirm assessment and authorization (A&A) documentation is included within the system security packagePrepared Security Assessment Reports (SAR) in which all the weaknesses are reported.Performed information security risk assessments and audit of information security processes to assess threat levels, risks, and vulnerabilities from emerging issues and recommend mitigation strategiesCoordinated with system owners to develop, test, and implement contingency and incident response plans to allow the organization to promptly return to daily operations following an unforeseen eventAnalyzed and update remediation plans of action and milestones (POA&Ms) and implement/document corrective action plansResolved complex technical issues leveraging knowledge of the software development lifecycle (SDLC)Coordinated with the IT Director and security teams to develop and maintain IT security policies, architecture, and security across the organization, including performing audits of security systems to maintain compliance with standards and protocolsCommunicated with the Information system Security officer to analyze risks.HartWood Foundation Inc. May 2010-January 2013Assessor/IT Auditor, Fairfax VA.Consolidated risk management activities, and manage tasks to ensure timely deliverables.Champion a team of 5 information security professionals and oversee the review of security authorization packages based on the National Institute of Standards & Technology (NIST) to support systems/applicationsMade recommendations based on Federal Information Processing Standard (FIPS) 199 impact level designations and identify the controls needed based on general support system or major applicationsPerformed oversight of the development, implementation and evaluation of IS security program policy; special emphasis placed upon integration of existing SAP network infrastructurePerformed assessment of ISs, based upon the Risk Management Framework (RMF) methodology in accordance with the Joint Special Access Program (SAP) Implementation Guide (JSIG)Advised the Information System Owner (ISO), Information Data Owner (IDO), Program Security Officer (PSO), and the Delegated and/or Authorizing Official (DAO/AO) on any assessment and authorization issuesEvaluated Authorization packages and make recommendation to the AO and/or DAO for authorizationEvaluated IS threats and vulnerabilities to determine whether additional safeguards are requiredAdvise the Government concerning the impact levels for Confidentiality, Integrity, and Availability for the information on a systemEnsured security assessments are completed and results documented and prepare the Security Assessment Report (SAR) for the Authorization boundaryInitiated a Plan of Action and Milestones (POA&M) with identified weaknesses for each Authorization Boundaries assessed, based on findings and recommendations from the SAREvaluated security assessment documentation and provide written recommendations for security authorization to the GovernmentDiscussed recommendation for authorization and submit the security authorization package to the AO/DAOAssessed proposed changes to Authorization boundaries operating environment and mission needs to determine the continuation to operate.Reviewed and concur with all sanitization and clearing procedures in accordance with Government guidance and/or policyAssisted the Government compliance inspectionsEvaluated the effectiveness and implementation of Continuous Monitoring PlansReviewed documentations to include System Security Plan using NIST 800-18 as a guide, Authorization to Operate (ATO),Security Assessment Report(SAR) using NIST800-30 as a guide, FIPS 199 and NIST 800-60 Vol1/Vol2 for System Categorization based on confidentiality, integrity and availability (CIA), policy and procedures, e-authentication, privacy threshold analysis (PTA), Privacy Impact Analysis (PIA), Contingency Plan (CP) and Interconnection Security Agreement (ISA) as per NIST 800-47, Certification and Accreditation (C&A) packages and System Standard Operating Procedures.Worked with Stakeholders and Project managers to Develop a concrete, detailed plans for a project, including the schedule, the budget, outlining the duties of each team members, creating project charters and setting a timeline for the projectGuided and mentored the team while reviewing their performances and managing the KPIs.Lead daily team stand up and weekly team meetings. Ability to facilitate meetings as well as capture and publish accurate notesAnalyzed and identified system and process gaps for new proposed business changes withapplicationsIn charge of producing weekly quality check reports published by other department managers.Reviewed and assessed architecture design, implementation, testing and deployment needs, assess risk and worked with team and other project managers to develop risk management and issues management plansSuccessful implementation of online transaction processing applications and its associatedmodules like database testing and validation.Technical SkillsNessus ToolVulnerability ScanWiresharkSniffingNmapVulnerability ScanNIST SP 800-53Recommends security controls for federal information systems and organizations and documents security controls for all federal information systems.Microsoft office suiteMicrosoft words, Excel, PowerPoint, OneNote, Outlook, Access, and Skype for BusinessVMwareAble to run multiple applications and operating system workloads on one serverVirtual Machine ApplicationStores data, including operating systems and applications.Burp SuiteVulnerability scanOpenVASVulnerability scanNikto2Vulnerability Scan (Penetration testing)Cain & AbelPassword Recovery toolCryptographyProtects sensitive dataOWASP ZAPVulnerability Scan |
