Security Information

Robert D. Mercer Jr **********@*****.***

Freeport, New York 240-***-**** www.linkedin.com/in/robert-mercer-jr/

Master's Degree recipient (M.S. in Computer Science) and cyber security professional specializing in identifying and exploiting vulnerabilities, detecting cyber attacks, and defending against cyber threats using various methods (offensive security, vulnerability scanning, packet capture inspection, intrusion detection systems, intrusion prevention systems, security event monitoring etc.). Knowledge of common vulnerabilities and related attack vectors, including OWASP Top 10 and CWE/SANS Top 25. Ability to brief technical and non-technical audiences on security risks, threats, and vulnerabilities. Skilled in multiple scripting languages used to automate processes. Experience composing concise reports, and preparing adequate documentation of tactics, techniques, and procedures. Proven track record of being detail oriented, and applying critical thinking to any effort.

SKILLS & INVOLVEMENT

Python, C++, Scripting, Wireshark, Burp Suite Proxy, Firewalls, Nmap, Kali Linux, NetCat, SIEM, Splunk, Risk Assessments, NSBE, SNORT, Github, JIRA, Metaploit. Penetration Testing, Communications, Committed, Decision Making, Solving Problems

EDUCATION

Bowie State University, Bowie, MD August 2017 – December 2019

Master of Science, Computer Science, concentration in Cyber Security

●Cyber Club, Vice President

Howard University, Washington D.C. August 2012 – May 2017

Bachelor of Science, Electrical Engineering

PROFESSIONAL EXPERIENCE

Perspecta Labs, Silver Spring, MD May 2019 - August 2019

Cyber Security Analyst - Internship

●Configuring and monitoring Security Information and Event Management (SIEM) platforms for security alerts

●Follow detailed processes and procedures to analyze, escalate, and assist in incident response, security monitoring and remediation of critical information security events

●Scan and monitor system vulnerabilities on servers and infrastructure devices using various security tools and products (Nessus, Nmap, Acunetix, etc.)

●Ongoing review of SIEM dashboards, system, application logs, and custom monitoring tools

●Malware and threat analysis

●Assisted with the process of forensic investigations and disaster recovery

●Work closely with IT and development teams to design secure infrastructure solutions and applications, facilitating the implementation of protective and mitigating controls

●Researched the cybersecurity kill chain to gain a better understanding of threat modeling and threat hunting

●Quantitative analysis of pcap files (WireShark) to locate and gather information about attacks in order to create techniques, tactics, and procedures (TTPs) to rious malicious activities

●Wrote scripts in Python to automate the process of packet analysis, and signature detection in order to find multiple instances of cyber attacks and initiate countermeasures. With over 1.8M packets to parse, these scripts increased efficiency by more than 300% and became a staple in the intrusion prevention system

●Prepared concise documentation on what attacks were found, summaries of the packets, and an extensive analysis of the payloads

Bowie State University, Bowie, MD February 2018 - January 2020

Web Application Penetration Tester

●Investigate and analyzed known hacker methodology, system exploits and vulnerabilities to support Red Team Assessment activities

●Exploited vulnerabilities by conducting attacks (SQL injection, XSS, Brute Force, File Inclusion etc.) based on the results of vulnerability scans (Nessus, Nmap)

●Used Burpe Suite to intercept, modify, and send request in order to bypass security measures that were already in place

●Composed written reports, detailing assessment findings and recommendations

●Created attack signatures and wrote scripts (Python) to automate packet capture and packet analysis in order to detect these attacks in real time.

Provatek LLC, Columbia, MD May 2017 - December 2017

Security Engineer Intern/Co-op

●Used the cyber security kill chain to perform threat modeling against attack vectors to provide the team with more bandwidth to proactively about detect cyber attacks and impact the scope of cyber operations

●Researched black box fuzzing and white box fuzzing and used these techniques to explore paths that led to system crashes and other faulty behavior. As a result, we were able to resolve semantics issues in code that led to unwanted vulnerabilities

●Used model checking tools such as SAL to verify properties and protocols in systems.These include, Peterson’s protocol (mutual exclusion, Needham-Schroeder’s protocol, Priority-Ceiling Protocol, etc.

●Created signatures for attacks to build rules for IDS systems

Contact this candidate