ERIC RAY JR

540-***-****

adlnrs@r.postjobfree.com

CYBER SECURITY PROFESSIONAL

TECHNICAL SUMMARY

Information Assurance & security testing, and vulnerability assessments; cyber security baseline assessments, security controls, implementation of information security best practices.

Working knowledge of NIST 800-53, RMF, HIPAA, FIPS, FISMA, OWASP Top 10, PCI DSS

Technical Knowledge

Work Environments: Information Assurance Vulnerability Management (IAVM), Network assessments, Computer Network Defense and Forensics & Vulnerability Assessment.

Systems Software: MS Office Suite, SCCM, SIEM, CTOLZ, NESSUS, NMAP, EMASS, ACAS, Web Inspect, DISA STIGs.

Information System Security Engineer, Department of Defense (NAVY)

Philadelphia, PA 09/2020 Present

(Contractor)

Intrusion detection, finding and fixing unprotected vulnerabilities, ensuring that remote access points are well secured.

Collecting data from a variety of Computer Network Defense (CND) tools including data from approved information assurance (IA) tools to include intrusion detection system alerts, firewall and network traffic logs, and host systems logs) to analyze events that occur within their environment.

Performing audit function for the Agent of the Certification Authority (ACA) or other government information Assurance (IA) Manager for mitigation of risks and reporting to include report generation for certification and accreditation packages or Certification of worthiness efforts.

Perform assessments of system and networks within the Network Environment (NE) or enclave and identify where those systems/networks deviate from acceptable configurations, enclave policy, or local policy

Perform security certification engineering analysis, vulnerability assessments, and risk assessments.

Perform passive evaluations (compliance audits) and active evaluations (penetration test and or vulnerability assessments).

Develop methods to improve the security of network, platforms, and data.

Information System Security Officer, Department of Defense (NAVY)

Philadelphia, PA 09/2019 08/2020

(Contractor)

Engineering services include research and recommendations for correcting CS non-compliance findings.

Review and analyzing network security requirements, network design and software and hardware.

Analysis to ensure security controls are implemented in compliance with CS policies and standards.

Ensure accreditation and authorization packages for system within the assigned technical department are

Developed, maintained, and updated prior to the operation date and/or expiration date.

On a quarterly basis, examine system services and provide guidance to users in assigned department on disabling services, reviews vulnerability finding to determine potential impact of remediation efforts, and devised system remediation and associated test procedures based on vulnerability scans results, STIG findings, and review of systems services.

System Administrator, Department of Defense (ARMY)

Aberdeen, MD 05/2019 - 08/2019

(Contractor)

Examine potential security violations to determine policy breach, assess impact and preserve evidence.

Apply IA program requirements to identify areas of weakness and apply appropriate access controls.

Conduct tests of IA safeguard in accordance with established test plans and procedures.

Implement and monitor IA safeguards IAW implementation plans and standard operating procedure.

Implement applicable patches including IA vulnerability alerts (IAVA), IA vulnerability bulletins (IAVB), and technical advisories.

Working knowledge of Virtualized Environment System administrator support shall be provided on NIPR and SIPR networks, or in standalone, non-networked operating environment.

Performed System Administration services including Data Center Operations* Web Site and Database Support*Backup and Recovery Operations*Network Monitoring and Server Room Operations*Information Assurance Support*Application Support Testing and Release Management.

Install, test, maintain and upgrade operating systems software and hardware to comply with IA requirements.

Security Analyst, UNISYS

Blue Bell, PA 08/2017 - 05/2019

Provide technical support across a multi-disciplined large enterprise IT service contract remediating vulnerability.

Keeps abreast of present-day security technologies and facilities (e.g., security products, network, and anti-malware technologies) as they become obtainable.

Assist with Server, patching/updating and security related diagnostic issues and installs with-in a Datacenter Environments.

Provided support for data security and backup and recovery

Support to enable the facility to address hands-on vulnerability remediation requirements.

Implement patches and implement corrective actions needed to mitigate security risk and vulnerabilities.

Implement IT policies, procedures, and system controls.

Conduct Cyber Vulnerability Assessments, patch, and printer remediation.

Assist with vulnerability scans, patch management reviews, along with security and risk assessments. Support remediation plans and task lists resulting from security-based audits, scans & review.

Maintain awareness of organization specific security and information technology polices.

Cyber Security Analyst, Department of VETERAN AFFAIRS “CRISP Initiative”

Perry Point, MD 11/2016 – 08/2017

(Contractor)

Research verify and document information security controls using Federal Certification and Accreditation (C&A) process to accredit the systems.

Enforced security policies, procedures and safeguards for all systems and staff, based upon NIST standards.

Analyzed and advised on the risk and remediation of security issues, initiate, coordinate, and track the patching and remediation of security weakness as they are discovered.

Work with (RMF) Risk Management Framework.

HIPPA trained & compliant. Emphasizing practical knowledge to assure compliance and avoid HIPPPA violations.

Ensured that all Personally Identifiable Information (PII) and Protected Health Information (PHI) are encrypted to maintain the integrity of data.

Provided security awareness training on best practices to safeguard and to secure data via internal personnel.

Freelance 05/2016 -11/2016

Performed, vulnerability assessment & virus scans/updates, file restore, batch transfers and recoveries along with other duties, Supported PC’s and client/server applications, PC hardware, software, desktops/laptops Installed.

Cyber Security Consultant, Zensar Technologies, Westborough, MA 09/2012 - 05/2016

Responsible for Checkpoint security gateway configurations in a distributed environment.

Conduct network discovery and vulnerability scans for system scope validation, identification of operating systems, applications, and network devices.

Perform onsite evaluations of IT configurations and documenting assessment steps, results, and risks.

Participate in integrated teams and working groups supporting A&A activities required by FISMA, Special Publication 800-37 and other relevant NIST policies.

Support the scheduling, planning, auditing, and reporting services on client applications, systems, networks, and data centers.

Review assess and document vulnerabilities to improve security posture of Information Systems & Computer Networks (IS&CNs).

Client Service Engineer, Zensar Technologies, Westborough, MA 03/2008 - 09/2012

Responsible for the procurement of all datacenter hardware and software technology.

Project liaison for all systems upgrades.

Implemented and maintained all aspects of the data center including racking, mounting, wiring, switch and router configuration and tape drive setup.

tools (SCCM remote, RDP)

Managed the deployment, migration and compatibility of hardware and software including HP ProLiant, Dell PowerEdge, IBM, Fujitsu, and Sun Microsystems servers.

Staff Desktop Tech, E*TRADE Financial, Arlington, VA 10/2007– 03/2008

Assisted in troubleshooting all hardware and software enterprise issues.

Responsible for maintaining infrastructure integrity by utilizing Active Directory and Microsoft Windows Server.

Provided local network access to resources and setup network access points.

Education

Master of Science, Cybersecurity, University of Maryland University College, MD, 05/2014

Bachelor of Business Administration, Computer Information Systems, Temple University Philadelphia, PA 05/2002

Training

SOC Analyst Prep, Cover6 Solutions Workshop- March 2018

Certification

Check Point Certified Security Administrator – CCSA February 2015

Supported Command Integration Program (ARMY) – June 2019

Navy Qualified Validator Level II (NAVWAR) – March 2020

CompTIA Security Plus – April 2017

CompTIA CYSA+ – July 2020

CompTIA CASP+ – October 2020

Contact this candidate