Information Systems Security Officer
Resume:
Sr. INFORMATION SYSTEMS SECURITY ANALYST /
INFORMATION SYSTEMS SECURITY OFFICER
DAVID N. MANGA
Fort Washington MD 20744
Cell: 240-***-****
Email: ad07og@r.postjobfree.com ad07og@r.postjobfree.com
EXPERIENCE SUMMARY:
Information Systems Security Officer with over 18 years of professional experience in the Information Systems sector with a strong emphasis in Information Assurance, Security Control Assessment, Vendor Security Assessment, Policy Implementation and Security Documentation. Rich experience in providing subject matter expertise in developing, implementing and assessing Information Security programs to validate compliance with FISMA. Mr. Manga has intensive knowledge in Security Assessment and Authorization, Certification and Accreditation, Security Planning, Vulnerability Scanning, Business Continuity Planning, Risk Assessments and Vulnerability Management, Mr. Manga has intensive work experience in managing and maintaining firewalls, including creating and managing firewall rules, the ability to troubleshoot potential issues on the network relating to availability issues from security devices. He has experience in managing Security Event and Incident Management (SEIM) systems - including monitoring and responding to alerts, the ability to determine network and system baselines and ensure monitoring and alerting is established, experience in managing anti-virus products, IDS/IPS, and Web Application Firewalls. Working knowledge of IP network designs and security fundamentals, including FWs, Routers and ACLs. Adept at providing leadership, managing multiple concurrent projects, being attentive to detail and maintaining the ability to make rational decisions in pressure situations.
ENVIRONMENT:
Risk Assessment, Vulnerability Scanning, IT Security Compliance, Vulnerability Assessment, Impact Analysis - Assessment & Authorization, Security Control Assessment, Security Control Assessment, Nessus Vulnerability Scanner, RMF, eMass.Csam, Tenable.Nexus
Software: Wireshark, Nmap, Zenoss, Cain & Abel, Nessus, Snort/ACID, Splunk,John the Ripper, Cryptool, ArcSight, Firewalls, Proxies, IDS/IPS. Operating Systems: UNIX(Sun Solaris, Linux, Aix), BMC Software(Remedy 7.2), Netbackup, EMC, Quest Software(Oracle TOAD 10.7, Oracle TOAD Analyzer). MySQL, SQL Server 2005/2012. Oracle APEX, Oracle Internet Directory (OID/ONS). Oracle 7/8/8i/9i/10g/11g,12c Oracle 9i/10g/11g/12c RAC, Oracle Data Guard (standby db, both logical and physical), Oracle Advanced Replication, Oracle Streams, RMAN,, Oracle Enterprise Manager(OEM) Grid Control 10g/11g, Oracle SQL*Loader, DB2, OPatch, RMAN, Veritas, Explain Plan, Statspack, Tkprof, SqlTrace, AWR, ADDM, ASM, SQL*Plus. Operating Systems: UNIX(Sun Solaris, Linux, Aix), BMC Software(Remedy 7.2),
EDUCATION:
PhD Candidate at Walden University
Master in Science of Cybersecurity from University of Maryland
Graduate Certificate in Cybersecurity Technology from University of Maryland
Master in Information Systems from Strayer University, Washington, DC
Bachelors in Computer Information Systems from Strayer University, Washington, DC
Security+ Certification, Cysa+, Casp+
ORACLE Certified Professional (7,8i/9i/10g,11g,12c)
Clearance: TS
EMPLOYMENT BACKGROUND:
Technical and Project Engineering (TAPE), LLC January 2020 to Present
Sr. Information Systems Security Analyst / Alt. Information Systems Security Officer
Duties and Responsibilities: As Alt. Information Systems Security Officer
Develop and Update Document Security Authorization packages, including Security Plans (SSP's), Contingency plans, and SOP's for accreditation of Information Systems
Develop System Security documentation in compliance with RMF and FISMA guidelines
Conduct Security Authorization reviews and Security Audits in compliance with Risk Management Framework (RMF) Steps 1-6
Perform the updating and tracking of POA&Ms, SSP, ISVMS etc
Processed the Privileged Access Requests (PAR) for different users.
Develop and maintain comprehensive system security authorization documentation
Support the Assessor with all Ongoing Authorization (OA) and Security Control Assessment (SCA) activities per established schedules
Manage system POAM's per DHS and TSA Policy
Provide Change Management Support for their assigned systems
Manage PKI Certificates for assigned FISMA systems, ensuring all PKI certificates renewals and revocations are completed and processed prior to the expiration.
EMPLOYMENT BACKGROUND:
Cyberonyx Inc: August 2016 to December 2019
Information Systems Security Analyst
Duties and Responsibilities: As Information Systems Security Analyst
Develop Document Security Authorization packages, including Security Plans (SSP's), Contingency plans, and SOP's for accreditation of Information Systems
Develop System Security documentation in compliance with RMF and FISMA guidelines
Conduct Security Authorization reviews and Security Audits in compliance with Risk Management Framework (RMF) Steps 1-6
Perform the updating and tracking of POA&Ms, SAR, SOP etc
Prepare and review documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs).
Monitor and analyze network traffic, Intrusion Detection Systems (IDS), security events and logs.
Perform incident response to investigate and resolve computer security incidents.
Lead, perform, review or track security incident investigations to resolution.
Lead, perform or review root cause analysis efforts following incident recovery.
Compose security alert notifications and other communications.
Stay up to date with current vulnerabilities, attacks, and countermeasures.
Develop follow-up action plans to resolve reportable issues, and communicate with the other Analysts to address security threats and incidents.
Regularly develop new use cases for automation and tuning of security tools.
Define and create privacy and security reportable issues metrics and reports.
Contribute to security strategy and security posture by identifying security gaps, evaluate and implement enhancements.
Prioritize and differentiating between potential intrusion attempts and false alarms.
EMPLOYMENT BACKGROUND:
Tactical Edge: July 2014 to July 2016
Cyber Security Analyst / DBA
Duties and Responsibilities: As Cyber Security Analyst / DBA on contract at U.S Defense Information Systems Agency (DISA) Perform Oracle Database STIG Compliance Configuration.
Contribute to a team of approximately thirteen cyber security professionals working with Intrusion Detection System (IDS) software and hardware. Monitor and analyze IDS data signatures/indicators of known threats and anomalies; investigate callouts and coordinate remediation. Extract PCAP and .bin files from Wireshark for use in additional research and analysis on Anonymous Network. Assess workstation Anti Virus definitions and virus threats detected using SEP 11 Management console. Provide detailed status updates on existing cyber security incidents daily to include follow up with client/customer to ensure satisfactory resolution. Interact with cyber intelligence analysts to conduct threat analysis operations as well as numerous IT professionals performing varying technical roles within the Teams. Assist various departments to filter all URLs and perform regular scan to identify malware and develop address data leakage and implement all processes according to standard procedures.
EMPLOYMENT BACKGROUND:
University of Maryland February 2012 to June 2014
Senior Oracle DBA/SQL Server
Duties and Responsibilities: Provide Oracle and SQL Server databases support to Student and Faculty. Configure and support Exadata V2, 150TB and clustered Linux servers (RHEL and OEL) to host Oracle 11g RAC technology stack supporting both OLTP and DSS (data mart/data warehouse) databases. Create High Availability 11g RAC Linux clusters (ranging from 2 to 6 nodes) utilizing Dataguard in compliance with Oracle's Maximum Availability Architecture (MAA). Utilize Oracle Automatic Storage Management (ASM), Oracle Managed Files (OMF) and Recovery Manager (RMAN) to improve I/O performance, reduce administration overhead and provide a comprehensive backup and recovery strategy. Administer single-node and RAC 9i, 10g and 11g Oracle databases on Linux, Solaris and Microsoft Windows hosts. Implement Enterprise Manager Grid Control (11g and 12c) to provide monitoring and management of the Oracle database estate. Manage Oracle RAC database configurations utilizing Veritas Cluster Server (VCS),GoldenGate and Data Guard to ensure maximum availability and data protection. Performed DB2 to Oracle Data Migration using SQL Developer Performed PeopleSoft project migrations, security migrations, and reference data migrations using Data Pump. Integrate and support additional RDBMS platforms including SQL Server (2005-2012) and MySQL. Installation and Configuration of Oracle EBS R12 on Linux on Oracle Virtual Machine (OVM). Implemented Oracle Hyperion 11.1.2.1 and Oracle Data Integrator 11.1.1.3.
EMPLOYMENT BACKGROUND:
Infinity Systems Incorporated Dec 2010 to February 2012
Senior Database Administrator
Duties and Responsibilities: Responsible for all aspects of Oracle database administration including design, installation, creation, monitoring, performance tuning, storage management, security, backup and recovery. Provide Oracle Database Administration support and troubleshooting, including install Oracle software, patches and upgrades; manage and monitor tablespaces and tablespace quotas. Configure and manage RMAN backup and recovery, monitor database, performance. Analyze capacity and growth of databases using various automated stress testing tools and performance optimization Install, configure and manage Oracle Enterprise Grid Control. Support developers for efficient SQL query and performance. Develop Unix shell and Oracle SQL scripts to aid in the support of over 100 Oracle instances running on multiple Hewlett-Packard, IBM, and Sun midrange servers.
EMPLOYMENT BACKGROUND:
Computer Sciences Corporation July 2007 to November 2010
Senior Database Administrator
Duties and Responsibilities: As Senior Database Administrator on contract Defense Financial Accounting Service, Provide Oracle Database Administration support and troubleshooting, including install Oracle software, patches and upgrades; created production Linux RAC with Four nodes as well as other development RAC environments. Responsibilities include overseeing all aspects of the databases. This includes installation, upgrade, management, performance tuning, backup/restore, stored procedures, RAC administration, etc. Installed Oracle 11g RAC on Linux platform using ASM for a storage manager Configure and manage RMAN backup and recovery. Monitor database performance, Analyze capacity and growth of databases using various automated stress testing tools and performance optimization Utilize UNIX shell scripting to automate system administration on Oracle database Install, configure and manage Oracle Enterprise Manager(OEM) Grid Control for managing hundreds of Oracle databases, hosts and other related components. Support developers for efficient SQL query and performance. Provide on-call support for production database systems after hours and on weekends.
EMPLOYMENT BACKGROUND:
EDS March 1998 to June 2007
Senior Database Administrator
Duties and Responsibilities: As Senior Database Administrator on contract U.S Defense Department. Designed and implemented various high availability solutions for a diverse group of clients running Oracle 8,8i,9i and 10g using Data Guard, RMAN, Oracle Real Application Clusters (RAC), Oracle Flashback, and LogMiner. Performed application, SQL, and database instance tuning using a wide range of technologies including ADDM, AWR, Statspack, extended SQL trace (event 10046 trace files), OEM Performance Manager, and custom scripts. Install and configure Oracle Enterprise Manager (Grid Control) to monitor multiple databases on numerous computers and platforms.
Created an automated, enterprise wide monitoring infrastructure using several key technologies including UNIX shell scripts, Windows shell scripts (WSH), Java, and SQL. This allowed our operational DBA team to efficiently gather database metadata, exceptions, and performance statistics for remote clients running Oracle and SQL Server using a consolidated Intranet approach. Developed datamart solutions and analytical reports to derive business intelligence from the data warehouse.
Established and wrote the company’s standards and best practices document for all Oracle database environments based on Oracle's Optimal Flexible Architecture (OFA). This document outlined all standards for the DBA Operations Group including installing/upgrading Oracle, creating databases, DBA tools, administration and monitoring, naming standards, coding standards for Java and PL/SQL, policies, practices and procedures.
Performed several RDBMS upgrades from 8i to 9i, 8i to 10g R2, 9i to 10g R2 and 7.x to 8i on Unix (Linux, Solaris, AIX, HP-UX) and Windows platforms. Maintained currency with periodic Oracle Critical Patches.
Expert in 10g Oracle RDBMS installation on Linux platforms (32 and 64 bit), upgrade, configuration, backup, recovery, archiving & purging activities. Used stats pack report to tune materialized views by creating materialized view logs to enable fast refreshes on master tables.
Created physical standby database from hot backup of primary database. Created scripts to query performance views in an effort to reduce parse times and tune memory structures such as the database buffer cache, shared pool, library cache and PGA for a shared server configuration.
Created logical standby database from hot backup of primary database. Resolved gaps between primary and standby databases (Gap Resolution). Designed, documented, implemented, and maintained all disaster recovery procedures .
Installed Oracle 10g RAC on Linux platform using ASM for a storage manager. Provided performance tuning on a 10g RAC database on a Linux platform. Installed Oracle 9i RAC in a Unix environment for multiple nodes. Configured a 10g database in a non RAC environment using Sun clusters. Installed 10g R2 RAC with ASM on a 4 node linux cluster
Contact this candidate