Security Analyst Cyber

Location:

Spring, TX

Posted:

July 06, 2024

Contact this candidate

Resume:

DERICK ACHOMBOM

Wrexham Street

Spring, Texas, **373

******.********@*****.*** 240-***-****

PROFESSIONAL SUMMARY

Highly skilled Cyber Security Analyst with over 8 years of experience in securing data and computer systems. I am committed to providing security implementation and support including in-depth analysis, planning and preparation. Offering exemplary project management and communication talents.

SKILSS

Knowledge and understanding of the National Institute of Standard and

Technology (NIST) RMF Special Publications.

Experience in using Microsoft Purview in Preventing Data Loss

Experience in supporting the steps in Risk Management Framework (RMF)

In-depth knowledge in identifying inside threats.

System Security Monitoring and Auditing.

A good understanding of Security Control Assessment (SCA)

Experience in System Organization Control

Perform Authentication Services and Identity and Access Management (IDAM)

In-depth knowledge of Microsoft 365, Microsoft Defender For Clouds Apps (MCAS)

Perform security controls through Microsoft Azure

Audit and investigate firewall logs

Monitor network traffic in the firewall

Experience in managing SIEM tools such as Vijilan, Perch and Splunk

Experience in managing EDR tools such as Crowdstrike and Huntress.

Experience in Futurefeed platform

Educate users on phishing emails and respond to threat.

PROFESSIONAL EXPERIENCE

Senior Cyber Security Analyst -Cyber5 (Feb 2022- Present)

JOB DUTIES

• Perform ongoing Assessment and Authorization projects in support of client security systems and ensuring quality control of A&A documents.

• Conduct risk assessments and collaborate with clients to provide recommendations regarding critical infrastructure, network security operations and Continuous Monitoring processes. Done through wireless security assessment.

• Extensive knowledge in Categorizing Information Systems (using FIPS 199 as a guide)

•Create, update and revise System security Plans, FISMA and FISCAM audits, Contingency Plans, Incident Reports and Plan of Action & Milestone

• Participate in ST&E Kick-off Meeting and populate the Requirements Traceability Matrix (RTM) per NIST SP 800-53A. Also done IDAM.

•Review Privacy Impact Assessment (PIA) document after a positive PTA is created and ensure PII findings are recorded in the System of Record Notice (SORN)

•Document and finalize security Assessment Report (SAR) and Performing security assessment and continuous monitoring of cloud computing services on multi-agency systems in accordance to Fed RAMP security control baselines

• Determine security controls effectiveness and configuration (i.e., controls implemented correctly, operating as intended, and meeting security requirements, SIEM and Encryption.)

• Evaluate threats and vulnerabilities based on tenable reports and Implement Risk Management Framework (RMF) in accordance with NIST SP 800-37 using Rapid Fire Tool (RFT).

•Classification and categorization of information Systems using the RMF/ NIST processes to ensure system Confidentiality, Integrity and Availability.

• Establish, maintain, and execute all components of an incident response plan, from incident intake through root cause analysis, technical remediation analysis, and reporting.

Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security using MCAS, Azure, Vijilan, Perch and Crowdstrike.

Extensive knowledge in the use of Darkweb and D3 to analyze threat actors.

Accurately documenting an incident from beginning to end as well as evidence handling.

Experience in Cyber attacks and Malwares and Patch management

Employ security tools (Rapid Fire Tool, RFT) to analyze target organization's risks and weaknesses through network scans.

Apply countermeasures to protect the system against threats by effective deploying SIEM.

Assess data vulnerabilities and potential points of exposure to determine the risk of data loss.

System Security Analyst Tinker AFB (Contract OKC) SEPT 2023-FEB 2024.

Perform ongoing Assessment and Authorization projects in support of client security systems and ensuring quality control of A&A documents.

Conduct risk assessments and collaborate with clients to provide recommendations regarding critical infrastructure, network security operations and Continuous Monitoring processes. Done through wireless security assessment.

Extensive knowledge in Categorizing Information Systems (using FIPS 199 as a guide)

Create, update and revise System security Plans, FISMA and FISCAM audits, Contingency Plans, Incident Reports and Plan of Action & Milestone

Participate in ST&E Kick-off Meeting and populate the Requirements Traceability Matrix (RTM) per NIST SP 800-53A. Also done IDAM.

Review Privacy Impact Assessment (PIA) document after a positive PTA is created and ensure PII findings are recorded in the System of Record Notice (SORN)

Document and finalize security Assessment Report (SAR) and Performing security assessment and continuous monitoring of cloud computing services on multi-agency systems in accordance to Fed RAMP security control baselines

Determine security controls effectiveness and configuration (i.e., controls implemented correctly, operating as intended, and meeting security requirements, SIEM and Encryption.)

Evaluate threats and vulnerabilities based on tenable reports and Implement Risk Management Framework (RMF) in accordance with NIST SP 800-37 using Rapid Fire Tool (RFT).

Classification and categorization of information Systems using the RMF/ NIST processes to ensure system Confidentiality, Integrity and Availability.

Network Analyst-Department of Justice (BOP) Houston, Texas. (Aug2020 – Jan 2022).

JOB DUTIES

Document procedures and work instructions for use by the Security Operations Center (SOC) staff.

Deploy security tools and technologies to monitor network traffic and user behavior, looking for any unauthorized access or data transfers that could indicate potential data loss.

Provides cybersecurity recommendations to management based on significant threats and vulnerabilities.

Participates in project planning and reporting across multiple efforts.

Collaborates with product and project teams to understand needs and enable them within the infrastructure.

Identify, investigate, and respond to cyber threats, incidents, and anomalies.

Assists in developing standards and procedures for security technologies.

Review and analyze network traffic in the Firewall.

•Cyber Security Analyst -Legacy Development Inc. (Jun 2015- Jun 2019)

•Analyse, create and enforce data loss prevention (DLP) policies that outline acceptable use of company data, data handling procedures, and restrictions on data movement across networks.

•Review Privacy Impact Assessment (PIA) document after a positive PTA is created and ensure PII findings are recorded in the System of Record Notice (SORN)

• Determine security controls effectiveness and configuration (i.e., controls implemented correctly, operating as intended, and meeting security requirements, SIEM and Encryption.)

• Evaluate threats and vulnerabilities based on tenable reports and Implement Risk Management Framework (RMF) in accordance with NIST SP 800-37 using Nessus.

Classification and categorization of information Systems using the RMF processes to ensure system Confidentiality, Integrity and Availability.

Review and audit Firewall Logs.

EDUCATION AND CERTIFICATION

University of Wisconsin – Whitewater Degree: Bachelor’s in Business Administration Dec 2018

MBA in Cyber Security Management May 2022

St Paul’s Computer Center, Cameroon, HND in Information Technology 2012

CERTIFICATION

Certified Information Security Manager (CISM)

Certified Information Security Manager® (CISM) - Credly

CompTIA Security+ Certification

https://www.credly.com/earner/earned/badge/092614d3-bf02-43b6-94f8-acb432e0b380

Top Secret Clearance from DOD

Contact this candidate