Vulnerability Management Analyst

Experience Summary

IT Professional with experience in Information System Security, Information Assurance and Advanced Computer Operations.

Knowledgeable in all aspects of Security Standards and Risk Management Frameworks, FISMA, HIPPA, FIPS199, NIST guidelines 800-53 Rev 5,800-37, 800-30, 800-39, 800-53B, 800-53A, 800-60 rev1, FIPS 199, 800-171, 800-26 and ISO 9001,27001 standards.

Familiar with various security technologies and their functionalities i.e., SIEM, SOAR, IDS, IPS and firewalls

Understanding of cloud environments and related technologies such as virtual instances, databases, storage, serverless architecture and containers.

Knowledgeable of network security protocols, and assessment procedures

Familiar with and knowledgeable of encryption algorithms and methods as well as their various implementations and configurations

Incident reporting and documentation

Experience conducting risk and vulnerability assessments

Knowledgeable of Compliance and Regulatory Requirements such as GDPR, HIPPA, PCI-DSS

Familiar with the functionality of various network/system scanning tools such as Angry IP, Nessus, Maltego and web application scanners such as Wireshark, nkito, Arachni, OWASP ZAP and Burp Suite

Augments on the job experience with home-based cybersecurity lab. Conduct real world simulations of cyber threats and vulnerabilities to understand the functionality and features of various security controls.

CERTIFICATIONS

CompTIA Security+ CE

AWS Certified Cloud Practitioner

CDSE Introduction to the Risk Management Framework

Experience

Fortitude Systems/U.S. Dept of Transportation-Washington, DC-Vulnerability Management Analyst

January 2024-Present

Create and update documentation necessary for system ATOs

Create POA&M documentation

Work cross-functionally with Subject Matter Experts (SMEs) to collect system information and specifications to create Standard Operating Procedures (SOP’s), memos, control templates. Implement controls from NIST 800-53, ICD 503, RMF

Develop and maintain Assessment and Authorization (A&A) documentation

Assist with managing network security posture

Monitor, research and analyze security events using SIEM tools

Conduct vulnerability scans and endpoint assessments in the Common Operating Environment (COE) utilizing Tenable Nessus and Big Fix tools.

Create Vulnerability Remediation Management tickets utilizing Service Now

Choice Enterprise Technology, LLC -Gaithersburg, MD- Information Assurance Officer

August 2020-January 2024

Implementing, oversight, and maintaining security configuration, practices, and procedure for information systems.

Implement controls from NIST 800-53, ICD 503, and applying them to the design and implementation of information technology solutions to achieve or maintain Authority to Operate (ATO)

Experience with Cisco Adaptive Security Appliance firewall and IDS.

Understanding of various security vulnerabilities and able to implement firewall, switch and VPN functions.

Develop RMF security documentation

Assist in the development and implementation of security controls to protect information systems throughout the environment

Conduct compliance and vulnerability reviews and scans of operating systems

Investigate security breaches and participate in incident response

Monitor, research and analyze security events using SIEM tools

Conduct risk assessments and investigations, execute appropriate risk mitigations.

Analyze penetration testing and current event reports and convert to proactive monitoring/prevention strategies

Perform security analyses of operational and development environments, threats, vulnerabilities, and internal interfaces

National Institutes of Health-Gaithersburg, MD, Warehouse Specialist/Purchasing Agent

September 2017-August 2020

Process and prepare customer orders for shipping

Maintain customer data in order processing system (POTS)

Monitor and manage warehouse inventory stock levels,

Prepare invoices for customer orders

Completed NBS Internal and External Requisitioner Course

Create internal order requisitions

Route Requisitions for approval

Identify receiving requirements and enter NBS receiving information

U.S. Secret Service Washington, DC-IT Asset Manager

May 2017-September 2017

Receive and process incoming and outgoing material

Deliveries and pick-ups between various U.S. Secret Service Facilities

Monitor, maintain and distribute warehouse inventory

Maintain and adjust information regarding warehouse inventory utilizing the Sunflower Asset Management System,

Assist U.S. Secret Service employees with retrieving and storing materials

Receive, document and prepare government accountable property for distribution and disposal

Allen Impact/GWA Office Products, Warehouse Lead/ Assistant Supervisor

August 2014-April 2017

Handle and sort warehouse materials

Monitor and track inventory

Process orders, prepare for shipping and arrange for delivery to customers,

Utilize various types of warehouse machinery

Monitor and direct workflow in case of supervisors’ absence (supervised 12+ employees)

Truck loading and receiving

Coordinate customer deliveries,

Proficient with various shipping software applications (UPS, DHL, FedEx etc.)

Proficient knowledge of the Microsoft Dynamics AX inventory and business management system.

Education

University of the District of Columbia -2019-2021

Information Technology

Contact this candidate