Post Job Free
Sign in

Information Security Air Force

Location:
Billerica, MA
Salary:
150000
Posted:
February 07, 2021

Contact this candidate

Resume:

Mohammad Chowdhury

Billerica, Massachusetts

Email: **************@*****.***

Phone: 646-***-****

SECURITY CLEARANCE

Top Secret/SCI Eligible

TECHNICAL SUMMARY

Desktop Operating Systems: Windows 7 and 10 (32/64) (Home, Home Premium, Business, Ultimate), Windows Vista (32/64), Microsoft Windows XP (Pro/Home) (32/64bit).

Operating Systems: Windows 7, Windows 8.1, Windows 10. Windows 8.1, Vista, Windows 2003/2008 Server, Windows 2003, Windows 2003/2008 Server.

Application Software: Microsoft Office (Word, Power Point, Access, Excel, Outlook), MS Project 2013, Minitab, Microsoft FrontPage, MS Visio/WinZip, Adobe Acrobat 5.0/6.0, Acrobat PDF Writer, Lotus Notes.

Programming Languages: C++, HTML, PL/SQL, SQL*PLUS, VISUAL BASIC.NET, VBScripts.

Databases: SQL, MYSQL, Oracle, MS Access.

Software Testing Tools: Quick Test Professional, Quality Center, LoadRunner, Selenium.

SDLC: Waterfall, Agile.

Server Applications: DOORS NG, Active Directory, Group Policies, File and Print Services.

EXPERIENCE

Mainsail Inc. U. S. Air Force, Hanscom Air Force Base, MA (02/2020 – Present)

Systems Cybersecurity Specialist/Cyber Team Lead/Information System Security Manager (ISSM)

Supporting the U.S. Air Force Aerospace Management Systems Division (HBA) program offices. Perform work that involves ensuring the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools. Functions required to be performed include:

Supporting the system/application authorization and accreditation (A&A) effort, to include assessing and guiding the quality and completeness of A&A activities, tasks and resulting artifacts mandated by governing DoD and Air Force policies, such as the Risk Management Framework (RMF).

Recommending policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data.

Conducting risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs.

Promoting awareness of security issues among management and ensuring sound security principles are reflected in organizations’ visions and goals.

Conducting systems security evaluations, audits, and reviews.

Recommending systems security contingency plans and disaster recovery procedures.

Recommending and implementing programs to ensure that systems, networks, and data users are aware of understand, and adhere to systems security policies and procedures.

Participating in network and systems design to ensure the implementation of appropriate systems security policies.

Facilitating the gathering, analysis, and preservation of evidence used in the prosecution of computer crimes.

Assessing security events to determine the impact and implementing corrective actions.

Ensuring the rigorous application of information security/cybersecurity policies, principles, and practices in the delivery of all IT services.

OBXTek Inc. Defense Information System Agency, Fort Meade, MD (11/2019 to 2/2020)

Cyber Security Engineer

Update/complete IA controls in RMF

Conduct ACAS scans and analysis of results -Create, Update and manage CMRS -Conduct IA assessments of (RHEL, Postgres, Network devices/appliances and Windows) -Research and provide guidance as it relates to applicable STIGS, DoD Notices -Create, Update and Manage eMASS as required -Manage Vulnerability list -POAM creation as required and RMF.

Uses HBSS for host-based asset

Implements and reviews DISA STIGS for Risk Management Framework

Technologies and tools used as cyber security engineer: ACAS, HBSS, RMF, CMRS, PPSM (ports/protocols security management), SCAP, SRR database scans, knowledge of Operating Systems, Linux and Windows, eMASS system for RMF Accreditation.

U.S. DEPARTMENT OF DEFENSE Fort Meade, MD (10/2017 to 11/2019)

Cyber Analyst

Implement Tier 3 Computer Network Defense (CND) network assurance and policy, governed by USCYBERCOM, Creates SOP/TTPs, maintains positive control of user asset and evidence by completing and maintaining DA4137 chain of custody form.

System Analysis, generation of Configurations Item and Reviews for Tactical Data Link, jQuery and JavaScript code review, Software Development Life Cycle in Agile Environment, Prepares, distributes, and maintains plans, instructions, guidance, and standard operating procedures concerning Information Security.

Prepares, reviews, and evaluates documentation of compliance and IA security plans.

Implements effective security monitoring protocols; appropriately respond to and remediate information security threats.

Manages information security and compliance efforts, with an emphasis on regulatory requirements (DIACAP, RMF).

Strong understanding of Splunk configuration files and architecture

Knowledge of advanced search and reporting commands

Demonstrated ability to create complex dashboards, forms, and visualizations

Understanding of System Log Files and other structured and non-structured data

Knowledge of technical and infrastructure management for SIEM (Security Incident Event Management) infrastructures including Splunk, QRadar, and other best-in-class SIEM products.

Technologies used as System Analyst: eMASS system for RMF accreditation, SPLUNK, DOORS NG, Kovair integration tool, C#, JavaScript, XML, HTML, MS Office Suite.

Cyber Incidence Responder

Creates forensic images, performs analysis of volatile and non-volatile computer evidence artifacts, perform network log analysis, performs network log analysis, and creates detailed report.

Responds to all categories of network security incidents, completes malware and non-compliance investigations, complete incident reports, performs host and network incident triage processes, and escalates incidents to proper authorities when required.

Executes IR and investigations processes, including containment to data spillages, data recovery, host analysis, and incident closures.

Technologies used as Cyber Incident Responder: Windows Command Prompt and PowerShell Commands, Disk and data capture tools, File viewers tools, File analysis tools, Registry analysis tools, Internet analysis tools, Email analysis tools, Mobile devices analysis tools, Network forensics tools, Tableau.

System Analyst

System Analysis, generation of Configurations Item and Reviews for Tactical Data Link, jQuery and JavaScript code review, Software Development Life Cycle in Agile Environment, Prepares, distributes, and maintains plans, instructions, guidance, and standard operating procedures concerning Information Security.

Prepares, reviews, and evaluates documentation of compliance and IA security plans. Participate in the identification, development and communication of new technology standards, services, solutions and best practices in support the Tactical Data Link project. Participates in complex software and hardware troubleshooting, patches and re-installations in cooperation with the Helpdesk.

Technologies used as System Analyst: eMASS system for RMF accreditation, DOORS NG, Kovair integration tool, C#, JavaScript, XML, HTML, MS Office Suite.

COMPUTECH COMPUTERS Elmhurst, NY (05/2013 to 08/2013)

QA Testing Engineer (Internship)

Designed and developed user-friendly interfaces using ASP.NET with C#.

Performed software defect reporting and bug tracking for different levels of testing such as Functional testing, Backend Testing.

User Acceptance Testing, System Testing, Integration Testing, Regression Testing, and End to End Testing.

Experienced with Defect Reporting.

Tracking and Resolution capabilities.

Implemented Data Driven Testing Using QTP to check for the functionality of the application.

Extensive use of VB scripting for putting conditions, loops and functions in QTP Scripts.

Writing SQL queries and statements to test database for retrieving information, editing data and inserting the data. Performed database testing/back-end testing by writing queries in SQL.

Met with the developers and technical content writers on a daily basis to update the test documents.

Wrote Test Cases and Performed Manual Testing such as Positive testing, Negative Testing and Black Box Testing.

Performed GUI Tests, Functional Testing, Smoke Testing, Unit Testing, User Acceptance Testing (UAT), System testing. Prepared and developed test cases, test scripts, and test approach documents

NEW YORK CITY DEPARTMENT OF EDUCATION Brooklyn, NY (01/2013 to 9/2017)

Substitute Teacher

Reviewed daily plans, duties and schedules to be followed for the entire teaching day with administrators and other school personnel.

Provided effective classroom management and teach students according to the lesson plans provided by the regular teacher or the administrator.

Served as administrative assistant to the school for attendance, making lesson plans, monitoring the school cafeteria, data entry and management.

Provided special attention and care for the students with disability and special education.

Maintained classroom control that fosters a safe, positive environment for all students and staff.

Ensured adequate supervision of students and the classroom environment to assure the health, welfare, and safety of all students.

EDUCATION

MBA: Information Systems Management, DeVry University School of Management, New York, NY (08/2016), Graduated Magna Cum Laude.

BS: Computer Science, CUNY- York College, Jamaica, NY (09/2009)

TRAINING

Introduction to Networks and Computer Hardware (INCH)

CompTIA Advance Security Practitioner (CASP)

Certified Ethical Hacker (CEH) Course

Information Security Risk Assessment through Data Collection

Defending the Critical Infrastructure from Cyber Attack

Information Technology Infrastructure Library (ITIL) 2011 Foundation Certification Course

Certified Information Systems Security Professional (CISSP)

Change Management

Project Management Professional (PMP)

Effective Leadership and Management,

Communication Strategies

Leadership Development Fundamentals

Fundamentals of Systems Acquisition Management, Defense Acquisition University

Modeling and Simulation in Test and Evaluation, Defense Acquisition University

Test in a Joint Environment, Defense Acquisition University

CERTIFICATIONS

CompTIA Security+

CompTIA A+

AXELOS Information Technology Infrastructure Library (ITIL) 2011 Foundation

EC Council Certified Ethical Hacker (CEH)

DISA eMASS

DISA ACAS v5.3 2016

DISA HBSS Advanced 301 ePO5.3



Contact this candidate