Careers Summary: Security Analyst with over 5 years’ experience in the IT industry performing an integral role in protecting key assets in an organization, such as credit card data, customer data, personal information, financial systems, etc. through security controls and best practices with IT policies, laws, standards and frameworks applicable to ISO 27000, COSO, NIST-800, PCI-DSS, HIPAA GLBA etc. Proven knowledge of utilizing software and operating systems such as Linux, Microsoft.
Security Analyst Sep 2017 to Present
Information Technology Empowerment, VA
Under the direction of the Manager of Information Security, and working with appropriate staff, design, implement, and administer I.T. security systems to protect company information systems, networks, and data.
Regularly monitor security-related consoles, logs, and other tools and investigate any potential breaches or other security-related incidents.
Perform regular vulnerability scanning of the company's computers, servers and networks. And, work with the I.T. staff to mitigate any threats that are found.
Oversee the patching process for server and client computer operating systems and applications to ensure that all critical security-related patches are applied in a timely manner.
Work with the I.T. staff on network and server configurations and make recommendations regarding hardening, segmentation, monitoring/alerting, and protocol usage. This includes both wired and wireless networks.
Assist with the employee security awareness training and testing program.
Participate in the enforcement of password policies on multiple systems. This may include password filtering, multi-factor authentication, and the implementation of an identity and access management system.
Make recommendations and assist with the implementation of client security applications and malware removal tools.
Participate in the development, updating, testing, and execution of the company's incident response, disaster recovery, and business continuity plans.
Prepare reports that document security incidents or threats and the extent of the risk involved with these incidents.
Security Analyst Aug 2014 – July 2017
First Coast Inc. Chantilly, VA
Provided guidance and subject matter expertise to IT and business teams on processes, controls and objectives around audit and information security activities, best practices and process improvement.
Collected information and data to perform root cause analysis, establish facts, identify issues and work to develop remediation plans.
Worked with IT and business Management to create clear, actionable plans detailing specific deliverables, timelines and accountability to resolve information security issues.
Reviewed progress toward remediation efforts with IT and business leaders, technical teams, internal audit and other key stakeholders.
Contributed to the development of a single set of well-managed and rationalized information security controls aligned with all assurance requirements (customer, compliance/regulatory and industry standards).
Interpreted a variety of instructions, procedures, documentation, policies, standards, procedures, regulations, best practices and personal interviews to establish both current state and desired future state of systems and processes.
Evaluated effectiveness of IT controls against established standards to assure effectiveness and efficiency and provides recommendations for improvement.
Led large project teams consisting of cross-functional staff to define, design, develop and implement security solutions.
Assisted business leaders in identifying appropriate assurance levels and guide them through a process from gap assessment to engagement.
Demonstrated deep familiarity with Security industry best practices (HIPAA, ISO, PCI, NIST, etc.
Help Desk Associate / Customer Data Protection Oct 2012 -July 2014
G4s Secure Solution Steeling, VA
Monitored and protected customers data against internal and external vulnerabilities/threats.
Made and received phone calls to resolves issues affecting the AWS systems.
Worked with information Security officers to identify threats and administer patches into AWS web server systems.
Observed personal entering and exiting the Data Center to protect against theft of customers data and other network equipment.
Ensured authorized removal and installation of client network and system equipment such as web servers, solid state drives, network cards, motherboards, computers, HVAC, video cameras as per requirement of the client.
Documented logs detected in the information management system for further remediations by security analyst and other IT personals.
Investigated and prepared reports on accidents, incidents and suspicious activities within protected web server facilities of over 10,000 servers.
Written violation tickets to employees and visitors that violates that web server facility protocols and procedures that ensure secure posture of the web server systems, such as force alarms, entering and exiting with unauthorized data equipment etc.
Strayer University August 2014
Mary Washington University
Undergraduate Accounting Studies. 2008- 2010
CompTIA Security+ CE