Post Job Free

Resume

Sign in

Security Officer

Location:
Hyattsville, MD
Posted:
October 13, 2020

Contact this candidate

Resume:

Mohamed Sannoh

Skills

●RISK MANAGEMENT FRAMEWORK (RMF)

●NIST 800-53 REV 4

●NIST 800-30

●NIST 800-53A

●NIST 800-37

●NESSUS

●SPLUNK

●FEDRAMP

●IAAS

●MICROSOFT OFFICE SUITE

●PAAS

●SAAS

●FIPS 199 & 200

●MICROSOFT OFFICE 365

●MAC

●CSAM

●PC

●SYSTEM SECURITY PLAN (SSP)

●SYSTEM SECURITY REPORT (SAR)

●PLANS OF ACTION AND MILLSTONES (POA&M)

●TECHNICAL WRITING

●LIAISING

●ANALYTICS

●DETAILED RESEARCH

●INTERPERSONAL COMMUNICATIONS

Professional Summary

Authorized to work in the US for any employer Results-driven IT professional with notable success in planning, analysis, and implementation of security controls using RMF, NIST 800-53, FIPS 800, and NIST 800-53a to name a few. Strengths in providing comprehensive Risk management framework, FedRAMP and creating POA&Ms, SSPs, and SARs. Also utilized tools such as Nessus, Splunk, and CSAM for assessments. Certified in Comp TIA Security+, and Comp TIA CASP+ with 8 years of experience.

Certifications

●CompTIA CASP+

●CompTIASecurity+

●Testout PC Pro,

Education

-A.S BTI

-B.S Central Penn College (pending)

Experience

Cyber Security Analyst, Penske — 05/2018 -present

●Cyber Security Analyst, Penske

●Assist in conducting cloud system assessments using FedRAMP

●Collaborated with 3PAOs to prepare application materials demonstrating that organization meet both technical competence in security assessment of cloud systems and management requirement for organizations performing inspections.

●Conducts assessments on CSP using NIST SP 800 53-A

●Use AWS as an IaaS for system backups

●Configured OS using AWS DaaS

●Utilize Cisco SaaS services such as Webex

●Ensure proper deployment of software to respected team regarding SaaS securely through AWS DaaS

●Assessing and implementing security controls to any CSP before deployment

●Help manage all services for the AWS platform regarding configuration, monitoring.

●Updates IT security policies, procedures, standards and guidelines according to department

●Utilizes NIST 800-53A (Rev 4) and NIST 800-53 to review/update security controls and make the changes in requirements traceability matrix (RTM)

●Updates and reviews security control plan (SSP), Plan of action (PO&AM), and generate security assessment report (SAR)

●Performs vulnerability scan and monitor continuously with the aid on Nessus

●Supported Cyber Security analyst in conducting Vulnerability Management, Security Engineering, Certification and Accreditation, and Computer Network Defense.

Junior cyber security analyst, Eurofins Laboratories — 06/2016-05/2018

●Assist in conducting cloud system assessments using FedRAMP

●Updates IT security policies, procedures, standards and guidelines according to department

●Utilizes NIST 800-53A (Rev 4) and NIST 800-53 to review/update security controls and make the changes in requirements traceability matrix (RTM)

●Updates and reviews security control plan (SSP), Plan of action (PO&AM), and generate security assessment report (SAR)

●Performs vulnerability scan and monitor continuously with the aid on Nessus

●Supported Cyber Security analyst in conducting Vulnerability Management, Security Engineering, Certification and Accreditation, and Computer Network Defense.

●Assembled and produced two running cyber honey pots for data

●Delivered weekly intelligence briefs to Chief Information Security Officer

●Performed industry threat reports

●Worked in both Linux and Windows environments

●Created SAP (to document assessment schedules, control families to be assessed, control tools and personnel, client’s approval for assessment, assessment approach and scope, ROE if vulnerability scanning is involved).

●Conducted risk management by identifying, assessing, responding and monitoring risk respectively.

●Used POA&M tracking tools like CSAM (Cyber Security Assessment and Management), Excel spreadsheet to make sure the POA&M is not in delay status.

●Adapted and quickly learned a new position and industry to further develop analytical and technical skills.

●Helped in updating IT security policies, procedures, standards and guidelines according to department and federal requirements

●Supported Cyber Security analyst in conducting Vulnerability Management, Security Engineering, Certification and Accreditation, and Computer Network Defense.

●Managed the mapping of 72 complex technical requirements, functionalities, and capabilities to NIST 800-53 Rev 4 security controls, FISMA, and Fedramp, to ensure compliance with federal standards, policies, and procedures.

SOC Analyst, SAP — 04/2014 - 06/2016

●Worked in a SOC environment, where I assisted in documenting and reporting vulnerabilities (Tier 1).

●Assisted the SOC team in documenting and reporting vulnerabilities by utilizing tools such as Splunk and SNORT.

●Monitored personnel or equipment locations and utilization to coordinate service and schedules.

●Recorded and Assembled facts to prepare reports that document incidents and activities.

●Strong knowledge of TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB

●Strong knowledge of one or more

●Windows/AD file system, registry functions and memory artifacts

●Unix/Linux file systems and memory artifacts.

●Cybersecurity automation.

●Acquired Knowledge of APT actors; the tools, techniques, and procedures (TTPs).

●Knowledge of TTP methods and frameworks.

●Experience with one or more scripting languages (PowerShell, Python, Bash, etc.).

●Experience managing cases with enterprise SIEM or Incident Management systems.

Network Engineer, Contegix — 09/2012-04/2014

●Operating a large network (1000+ nodes in multi-tier and multi-location networks).

●Troubleshooting and problem solving of Layer 1 through Layer 7 of the OSI model.

●Firewall management, with Cisco ASA and Juniper firewalls.

●Responsible for the implementation of engineering processes that provide for timely and appropriate integration of all engineering disciplines to ensure a network system design that meets all requirements and allows for consistent delivery against all customer SLAs.

●Experience with Cisco Nexus and IOS based enterprise class routers, switches and firewall product lines.

●Experience with VMWare NSX and Virtual Box.

●Routing protocols; specifically, BGP, OSPF and EIGRP.

●Experience with Cisco routers 2900/3900/4300 Series.

●TCP/IP packet analysis using Wireshark.

adgxlf@r.postjobfree.com 484-***-**** Washington D.C. 220057



Contact this candidate