Bilal Razzaq
Clearance: Top Secret
Phone: 703-***-****
Email: adiiv0@r.postjobfree.com
Residence: Fairfax, Virginia
CLEARANCE
Top Secret Clearance, issued May 2020
Secret Clearance, issued July 2014
Education
M.S Applied Information Technology, concentration in Cyber Security, George Mason University
B.S Psychology, George Mason University
Certifications
PMP.CISSP, FAIR Risk Analyst, CEH v9, Splunk Certified Power User
SKILLS, TOOLS, AND TECHNOLOGIES
Standards/Frameworks
NIST 800, FISMA, OMB Circular A-130, Privacy Act of 1974, FAIR, Cybersecurity Framework, CDM, CMMI, Waterfall, Agile, Scrum, PMBOK, ITIL, COBIT,
Network Scanning Tools
Nessus, WireShark, NMAP, and SPLUNK 6.x
Static Application Security Testing (SAST) Tools
HP Fortify SCA, SSC, and IBM AppScan
Software/COTS
CSAM, eMASS, ServiceNow, SailPoint, Salesforce, MS Project, Microsoft Teams, MS Project
Programming Languages
SQL, CSS, HTML, Python and XHTML
EXPERIENCE DETAILS
Spry Methods, ISSO 10/2017– Present
Conduct security Impact Assessments of an application's security design for the appropriate security controls, which protect the confidentiality and integrity of data
Provide support to the Security Program and Project Managers for Risk Management
Monitor vulnerability management consoles and coordinate for remediation
Analyzes vulnerability and compliance scan results, creates pivot charts, draft reports and briefs stakeholders on technical vulnerabilities
Oversees the implementation and assessment of security controls in accordance with the NIST RMF standards
Prepares ATO packages and provide status updates to the Information System Security Manager
Coordinate with the Engineering Team to prepare for and facilitate Information Assurance audits
Plan for and execute workshops, tabletop exercises, and writes reports to summarize activities
Draft and implement IT Security procedures and assists with vulnerability assessments as needed
Updates vulnerability POA&Ms and facilitates meetings as needed
Enforces security policy and procedures
Provides assistance with Incident Response in the areas of enterprise malware prevention and data spills
Identify risk and recommend areas for improvement
Booz Allen Hamilton, Inc., Senior Consultant 10/2015 – 10/2017
Ensure cyber security policies are adhered to and that required controls are implemented.
Review Technical Security Controls and provided implementation responses as to if/how the systems are currently meeting the requirements.
Determine security controls effectiveness (i.e., controls implemented correctly, operating as intended, and meeting security requirements).
Generate, review and update System Security Plans (SSP) against NIST 800-53.
Review and update System Security Plan (SSP) based on findings from assessing controls using NIST SP 800-18 rev1, NIST SP 800-53a rev4, and NIST SP 800-53.
Conduct risk assessments regularly; ensured risk profile implemented measures raised in evaluations, and root-causes of risks were adequately addressed following NIST 800-30 and NIST 800-37.
Perform continuous monitoring on Information systems using NIST SP 800-137.
Generate Security Assessment Reports (SAR).
Develop technical solutions to support requirements in solving complex network and system security problems
Support network firewalls; conduct risk and vulnerability assessments; conduct information assurance audits; and, review all safeguard procedures to measure the effectiveness of total system security
Vulnerability assessments were performed on a daily basis, and intelligence was considered, and the appropriate personnel was alerted for any systems out of Compliance by VRAM (Vulnerability Remediation Asset Manager).
Scanning was conducted using ACAS, scans and was uploaded on a weekly, biweekly basis.
POA&Ms were reviewed weekly for completeness and accuracy.
SNORT (Source Fire), ACAS (Security Center) monitoring, patching, total management of systems.
The MIL Corporation, Systems Analyst 8/2014 – 9/2015
Developed, documented, and controlled configuration baselines for network security appliances.
Identified and applied the best and most feasible security information solutions that include the use of emerging technologies and best practices customer’s business requirements.
Developed and provided Information Assurance (IA) vulnerability notifications and real-time security incidents by developing and implementing mitigation actions to the Government Technical Manager (GTM).
Reviewed and analyzed security performance metrics and Service Level Agreements (SLAs).
Conducted security risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection requirements. Leveraging standard reporting templates, automated security tools, and cross-functional teams to facilitate security assessments.
Reviewed and resolved all customer routine assignments and special projects for certification and accreditation (C&A) efforts including Categorization Information System, Select Security Controls promptly, Implement Security Controls, Assess Security Controls, Authorize Information System, and Continuous Monitoring using the NSIT SP800-37, NIST SP80-53, and NIST SP800-53.
Fair Isaac Corporation, Consultant 3/2014 – 7/2014
Managed IT vendor relationships and projects.
Managed telecommunications solutions for thirty sites, including contract negotiation and support.
Managed security systems for programs, including, physical access systems, and end-user support.
Completely revamped internal IT security in compliance with PCI-DSS standards.
Implemented backup and disaster recovery systems in-line with industry best practices, reducing unscheduled system downtime by 95%.
CGI Federal, Consultant 6/2012 – 3/2014
Understand, document and interpret complex user requirements to define technical requirements and other non-functional requirements.
Prepare data mapping and perform testing of applications.
Analyze and manipulate large data sets.
Develop use cases; defining and documenting users’ procedures and workflows, and how each class of user interacts with each system function.
Establish appropriate security levels for processes, information exchange, and policy implementation.
Define, review and influence standards and quality measures/metrics.
Assist in the development of conversion and implementation strategies.
Develop test plans, test cases and perform testing in Momentum.
Work Properties, Network, Systems Consultant 7/2010 – 9/2011
Lorton, VA
Communicated with customers, sales staff, and marketing staff to determine their IT needs.
Recommend network security measures, such as firewalls, network security audits, and security probes.
Prepared detailed network specifications, including diagrams, charts, equipment configurations, and recommended technologies.
Developed disaster recovery plans.
American Institutes for Research, Network Assistant 1/2010– 9/2010
Washington DC
Installed, operated, administered, managed, and retired service infrastructure components such as servers, operating systems, virtualization, networking components and special service appliances.
Conducted day-to-day activities including backups, tapes, restores, and procurement.
Assisted Network Engineers in the migration of domain names and records.
Used Symantec End Point client to monitor compliance with management policies and associated expectations.
George Mason University, Quality Assurance Analyst 7/2008– 9/2009
Fairfax, VA
Designed test plans, scenarios, scripts, and procedures.
Assisted in Developing testing programs that address areas such as database impacts, software scenarios, regression testing, negative testing, error and bug retests, or usability.
Documented software defects, using a bug tracking system, and report defects to software developers.
Participated in product design reviews to provide input on functional requirements, product designs, schedules, or potential problems.