Skilled Information Security Analyst with expertise in IT security, risk management framework, system development life cycle, system vulnerability management.
Familiar with the FISMA Information Systems Certification and Accreditation (C&A /A&A) process utilizing the NIST SP800-53 rev.3, and rev.4, Security Controls.
Expert at identifying, assessing, prioritizing, and monitoring corrective actions of IT security weaknesses identified during systems and application security assessments
Strong knowledge of system, network security, log analysis, SIEMs, and intrusion detection technologies
Well-versed in direct and remote analysis with strong critical thinking communication and people skills.
Experienced in assessing internal/external security vulnerabilities of information systems
Olabisi Onabanjo University
Security+ in view
Databases: DB2, MySQL and Access.
O/Systems: UNIX / Linux, Microsoft Windows
Enterprise / GRC: MS SharePoint, BWise..
SUMMIT TECHNOLOGIES, INC. August 2017 – July 2018
Information Security Analyst
Monitored information systems for security risks, identified potential threats, and determined impact levels and took necessary steps to mitigate threats.
Implemented security controls in compliance with security policies, regulations and guidelines; FIPS 199 and FIPS 200, NIST 800 series, FISMA.
Participated in conducting security gap analysis reviews of information security assets with other stakeholders using NIST Special Publication 800-53.
Review user accounts and access periodically to ensure compliance with regulatory and corporate security policies.
Performed network risk assessments and vulnerability assessments.
Ensured measures raised in risk assessments were implemented in accordance with risk profile, and root-causes of risk were fully addressed following NIST 800-30 and NIST 800-37.
Developed NIST-compliant vulnerability assessments, technical documentation, and
Reviewed information systems for vulnerabilities and recommended appropriate compensating controls to mitigate such vulnerabilities.
Categorized information systems according to Confidentiality, Integrity, and Availability status, using FIPS 199 and NIST SP 800-60.
Trained information system users on possible risks and threats to ensure security of information systems.
Experienced in the use security vulnerability scanner e.g. Nessus scanner, to check information system vulnerabilities.
Maintained good working relationship with stakeholders at all levels to promote adherence to Summit Technology’s security policies.
Performed assessment of current and new technology tools and infrastructure to identify risks and categorize security baselines.
Performed other security duties as assigned by superior.
Conducted system and network vulnerability scans to identify and remediate potential risks.
Participated in the creation and review of system security plan (SSP) for multiple systems.
Submitted weekly reports to the Chief Information Security Officer on trends on cyber threats and system vulnerabilities (e.g. OWASPS 10) and recommendations on how to mitigate such threats.
PARAGON TECHNOLOGIES July 2015 – May. 2017
Vulnerability Assessment Analyst
Performed daily vulnerability assessments to assess the severity and risks that pose threats to organizational assets and gave recommendations on remediation of such threats.
Responsibilities included internal and external PCI vulnerability scanning as an Approved Scanning Vendor (ASV) company.
Performed continuous threat monitoring and review to assess and prioritize vulnerabilities using CVSS. Prioritized risks, identify proper timeline to remediate, and managed 0-day vulnerabilities.
Tracked progress on remediation of identified risks and vulnerabilities and provided appropriate reporting to all stakeholders; internal, third party manager, external vendor, and senior management.
Coordinated and managed timely remediation of security vulnerabilities across a variety of technologies.
Developed strong working relationships with stakeholders on information security issues.
Prepared weekly status reports on vulnerability assessment for Management use.
Kept an updated record of security threats and vulnerabilities and ways to mitigate such threats i.e. OWASP 10 vulnerabilities.
Gave recommendation on implemented security controls to mitigate against security threats.
Knowledge of security guidelines and policies i.e. NIST framework, PCI DSS, HIPAA, FISMA, FIPS, and GDPR.
Provided subject matter expertise and recommendations on vulnerability assessment to all stakeholders.
Developed and maintained a vulnerability assessment database for metrics purposes.
Nessus Vulnerability Scanner