Bilal Razzaq

Clearance: Top Secret

Phone: 703-***-****

Email: adiiv0@r.postjobfree.com

Residence: Fairfax, Virginia

CLEARANCE

Top Secret Clearance, issued May 2020

Secret Clearance, issued July 2014

Education

M.S Applied Information Technology, concentration in Cyber Security, George Mason University

B.S Psychology, George Mason University

Certifications

PMP.CISSP, FAIR Risk Analyst, CEH v9, Splunk Certified Power User

SKILLS, TOOLS, AND TECHNOLOGIES

Standards/Frameworks

NIST 800, FISMA, OMB Circular A-130, Privacy Act of 1974, FAIR, Cybersecurity Framework, CDM, CMMI, Waterfall, Agile, Scrum, PMBOK, ITIL, COBIT,

Network Scanning Tools

Nessus, WireShark, NMAP, and SPLUNK 6.x

Static Application Security Testing (SAST) Tools

HP Fortify SCA, SSC, and IBM AppScan

Software/COTS

CSAM, eMASS, ServiceNow, SailPoint, Salesforce, MS Project, Microsoft Teams, MS Project

Programming Languages

SQL, CSS, HTML, Python and XHTML

EXPERIENCE DETAILS

Spry Methods, ISSO 10/2017– Present

Conduct security Impact Assessments of an application's security design for the appropriate security controls, which protect the confidentiality and integrity of data

Provide support to the Security Program and Project Managers for Risk Management

Monitor vulnerability management consoles and coordinate for remediation

Analyzes vulnerability and compliance scan results, creates pivot charts, draft reports and briefs stakeholders on technical vulnerabilities

Oversees the implementation and assessment of security controls in accordance with the NIST RMF standards

Prepares ATO packages and provide status updates to the Information System Security Manager

Coordinate with the Engineering Team to prepare for and facilitate Information Assurance audits

Plan for and execute workshops, tabletop exercises, and writes reports to summarize activities

Draft and implement IT Security procedures and assists with vulnerability assessments as needed

Updates vulnerability POA&Ms and facilitates meetings as needed

Enforces security policy and procedures

Provides assistance with Incident Response in the areas of enterprise malware prevention and data spills

Identify risk and recommend areas for improvement

Booz Allen Hamilton, Inc., Senior Consultant 10/2015 – 10/2017

Ensure cyber security policies are adhered to and that required controls are implemented.

Review Technical Security Controls and provided implementation responses as to if/how the systems are currently meeting the requirements.

Determine security controls effectiveness (i.e., controls implemented correctly, operating as intended, and meeting security requirements).

Generate, review and update System Security Plans (SSP) against NIST 800-53.

Review and update System Security Plan (SSP) based on findings from assessing controls using NIST SP 800-18 rev1, NIST SP 800-53a rev4, and NIST SP 800-53.

Conduct risk assessments regularly; ensured risk profile implemented measures raised in evaluations, and root-causes of risks were adequately addressed following NIST 800-30 and NIST 800-37.

Perform continuous monitoring on Information systems using NIST SP 800-137.

Generate Security Assessment Reports (SAR).

Develop technical solutions to support requirements in solving complex network and system security problems

Support network firewalls; conduct risk and vulnerability assessments; conduct information assurance audits; and, review all safeguard procedures to measure the effectiveness of total system security

Vulnerability assessments were performed on a daily basis, and intelligence was considered, and the appropriate personnel was alerted for any systems out of Compliance by VRAM (Vulnerability Remediation Asset Manager).

Scanning was conducted using ACAS, scans and was uploaded on a weekly, biweekly basis.

POA&Ms were reviewed weekly for completeness and accuracy.

SNORT (Source Fire), ACAS (Security Center) monitoring, patching, total management of systems.

The MIL Corporation, Systems Analyst 8/2014 – 9/2015

Developed, documented, and controlled configuration baselines for network security appliances.

Identified and applied the best and most feasible security information solutions that include the use of emerging technologies and best practices customer’s business requirements.

Developed and provided Information Assurance (IA) vulnerability notifications and real-time security incidents by developing and implementing mitigation actions to the Government Technical Manager (GTM).

Reviewed and analyzed security performance metrics and Service Level Agreements (SLAs).

Conducted security risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection requirements. Leveraging standard reporting templates, automated security tools, and cross-functional teams to facilitate security assessments.

Reviewed and resolved all customer routine assignments and special projects for certification and accreditation (C&A) efforts including Categorization Information System, Select Security Controls promptly, Implement Security Controls, Assess Security Controls, Authorize Information System, and Continuous Monitoring using the NSIT SP800-37, NIST SP80-53, and NIST SP800-53.

Fair Isaac Corporation, Consultant 3/2014 – 7/2014

Managed IT vendor relationships and projects.

Managed telecommunications solutions for thirty sites, including contract negotiation and support.

Managed security systems for programs, including, physical access systems, and end-user support.

Completely revamped internal IT security in compliance with PCI-DSS standards.

Implemented backup and disaster recovery systems in-line with industry best practices, reducing unscheduled system downtime by 95%.

CGI Federal, Consultant 6/2012 – 3/2014

Understand, document and interpret complex user requirements to define technical requirements and other non-functional requirements.

Prepare data mapping and perform testing of applications.

Analyze and manipulate large data sets.

Develop use cases; defining and documenting users’ procedures and workflows, and how each class of user interacts with each system function.

Establish appropriate security levels for processes, information exchange, and policy implementation.

Define, review and influence standards and quality measures/metrics.

Assist in the development of conversion and implementation strategies.

Develop test plans, test cases and perform testing in Momentum.

Work Properties, Network, Systems Consultant 7/2010 – 9/2011

Lorton, VA

Communicated with customers, sales staff, and marketing staff to determine their IT needs.

Recommend network security measures, such as firewalls, network security audits, and security probes.

Prepared detailed network specifications, including diagrams, charts, equipment configurations, and recommended technologies.

Developed disaster recovery plans.

American Institutes for Research, Network Assistant 1/2010– 9/2010

Washington DC

Installed, operated, administered, managed, and retired service infrastructure components such as servers, operating systems, virtualization, networking components and special service appliances.

Conducted day-to-day activities including backups, tapes, restores, and procurement.

Assisted Network Engineers in the migration of domain names and records.

Used Symantec End Point client to monitor compliance with management policies and associated expectations.

George Mason University, Quality Assurance Analyst 7/2008– 9/2009

Fairfax, VA

Designed test plans, scenarios, scripts, and procedures.

Assisted in Developing testing programs that address areas such as database impacts, software scenarios, regression testing, negative testing, error and bug retests, or usability.

Documented software defects, using a bug tracking system, and report defects to software developers.

Participated in product design reviews to provide input on functional requirements, product designs, schedules, or potential problems.

Contact this candidate