SUMMARY

**+ years’ experience in the IT and IT Security, Threat Management, Risk Management, and Vulnerability Assessing fields.

Adept at OS fingerprinting, Banner Grabbing, Network Mapping using enumeration tools such as Wireshark, Nmap, Metasploit, John The Ripper, Aircrack, Burp Suite, Cain and Abel, SQLMap, Kali Linux, Nessus, Ettercap, Burp Suite, Aircrack, Snort, Webroot.

Experienced in performing vulnerability analysis for risk management using Tenable Nessus, OpenVas, Acunetix, Qualys, GFI Languard, and Owasp Zap.

Use encryption and hashing tools and techniques AES Crypt, BitLocker, Steganos Locknote, MD4 hashing calculators (for file integrity checking).

Skillful with SIEM tools such as Snort, Splunk, FireEye HX/NX, AlienVault for evaluating network attacks and alerts. I also used those alerts for preliminary threat hunting.

Advanced knowledge of cybersecurity, penetration testing, and vulnerability remediation.

Trained in Windows and Linux products for support, scanning, troubleshooting, end-user support, and management of security applications.

Qualified in migrations, deployments, support, and troubleshooting.

Use Kali Linux and Metasploit tools for security and penetration testing.

Trained in applying compliance regulations to harden the confidentiality, integrity, and availability of information systems.

Proficient assessing client security systems using NIST Publications 800-53A, 800-53, 800-37, FIPS 199, FIP 200, OMB A-130, ISO 27001, COBIT, HIPPA, and all related appendices.

In-depth knowledge of FIPS guidelines, System Security Plan (SSP), Security Assessment Plan (SAP), SAR, Plan of Action & Milestone (POA&M), Risk Assessment (Impact Analysis), and Contingency Planning.

Implement practical use of the cybersecurity kill chain for cybersecurity forensics investigations.

Great problem solving and analytical skills needed for effective product delivery.

Ability to adapt and deliver in a fast-paced and time-sensitive environment.

Competent in IT configurations, monitoring, and troubleshooting techniques.

Experience in Oracle/ SQL / Databases, SAN/NAS/DAS/CIFS, Disks, Storage, & RAID Groups.

Deployment and design of Cisco routing and switching devices: ISR 4000 routers, Cisco ASA firewalls, PoE Switches, Cisco smart switches and, Meraki Networks.

TECHNICAL SKILLS

Security: Computer Forensics Incident Response, Windows Firewall, IDS, IPS, Network Security, End-Point Security, Security Information Event Management (SIEM), Situational Awareness Toolkit, Encryption, Risk Management, PKI, Disaster Recovery Planning, Computer Network Defense (CND), Computer Network Offense (CNO), Content Filtering, Patch Management.

Security Tools: WireShark, Cisco Talos, SNORT, Nessus, Kali Linux, Splunk, ArcSight ESM, LogRhythm NetMon, McAfee Threat Intelligence Exchange, Kali Linux, SolarWinds Netflow Analyzer, IronPort, Google’s VirusTotal, nMAP, PCAP, AlienVault, CheckPoint Firewall, Cisco ASA.

Services/Network Protocols: HTTP, HTTPS, DNS, DHCP, FTP, SMTP, ARP, TCP/IP, ICMP, tracert, ifconfig, ipconfig.

Standards: ISO 27001, NIST Risk Management Framework.

Assessment: Threat Assessment, Vulnerability Assessment.

Servers: Window 2012R2.

Virtualization: Virtual Box, Microsoft Hyper-V.

EXPERIENCE

03/2020 - Present

Information Security Engineer Legg Mason Baltimore, MD

Legg Mason is an American investment management firm with a focus on asset management and serves customers worldwide. Legg Mason offers products in equities and fixed income, as well as domestic and international liquidity management and alternative investments.

Provided information about vulnerabilities at risk of being exploited and recommended courses of action for patching, mitigation, or elimination of discovered risks to improve the security posture of the organization.

Devised playbook for tabletop exercises about how to respond to hypothetical incidents.

Researched various cybersecurity domains for the client (Mobile Security, End Point Solutions, MDM, Policies, Physical Security, etc.).

Worked with stakeholders across all levels of the organization to establish and implement a security policy within the company that ensures confidentiality, integrity, and availability of company resources.

Performed tasks ranging from the deployment of workstations to system hardening to the security imaging of industry-specific devices and the configuration of Infrastructure devices (Cisco switches and servers) and Juniper Firewalls.

Investigated and responded to Tier 1, 2, and 3 alerts from ArcSight SIEM.

Cross-referenced alerts from other sources against ArcSight to rule out false positive and false negatives.

Designed metrics to assess how long before an alert is triggered versus how much time it takes to be placed in the queue for proper incident responses.

Used ArcSight information such as the source IP, ports, payload, and destination address, and provide insight about how to create a response action plan in the event of a real-time incident.

Assisted in the architecture of how to configure Splunk for threat feeds alongside ArcSight and Sourcefire.

Applied security to AWS cloud.

Used Sourcefire IDS to inspect packets and payloads that trigger ArcSight alerts.

Installed anti-malware, HIDS, host-based firewalls, MDM, DLP and monitored software on various devices.

Used the Cyber Security Kill chain as part of the Intelligence driven defense initiative aimed at providing greater visibility for identification and prevention of cyber intrusions/malicious activity.

Involved in all steps from initial reconnaissance through intrusion and exploitation, privilege escalation, lateral movements, obfuscation, and exfiltration.

Employed FireEye sandboxing solutions for Dynamic Malware analysis.

Provided high-level consultation and security analysis for best practices to safeguard data across several interoffice departments (e.g., H.R., Finance, R&D, I.T., Coding, Risk Management).

Consulted with stakeholders to schedule break/fix solutions, security solutions, and risk-mitigation strategies.

Performed data backups, reimaging, data restores, and transfers to ensure critical systems had no downtime.

Used Arcsight Enterprise security manager to assist with SIEM operations.

Installed hardware and software, including, RAM, Bitlocker, TPMs, FDE software, and hard-drive replacement.

Performed software upgrades, patch management, sandbox testing, and system upgrades, as well as system hardening.

Utilized CrowdStrike Falcon Platform by providing endpoint security with antivirus solutions (Falcon Prevent), Threat detection and Response (Falcon Insight) and device control (Falcon Device Control).

Set up Cloud native endpoint protection for scalability and real-time threat intelligence combined with security and IT operations to provide robust and lightweight security platform.

Deployed Global Cloud IAM software.

Established cyber security for the Azure Cloud.

Provided onsite support to the network teams for security configurations, routing protocols, as well as performed various networking duties such as managing server backup tapes, rebooting/repairing servers, and assured resources for security and business continuity.

Delivered remote support, asset management, security and compliance support for company partners and clients across the United States, ensuring that all local laws and constraints meshed with security policies set forth by all impacted local governments, cybersecurity frameworks and compliance.

Provided backend support for company infrastructure using both active directory and SCCM.

Supported clients both onsite and remotely for dealing with hardware and software issues on laptops, desktops, mobile devices and networks, local peripherals, as well as virtual machines and mobile devices.

Serves as primary support person for asset tracking, loss prevention, and hardware/software remediation, as well as change management for onsite network equipment.

Deployed software and hardware of MAC (JAMF-Self Service), PC (SCCM), and MS Surface devices (e.g., desktops, laptops, tablets, surface to TVs, smartphones).

Performed Malware intrusion detection/prevention and security on company hardware.

Performed vulnerability scans using Wireshark and Nmap to update/identify needs for employee training by initiating a social engineering campaign, including but not limited to phishing, whaling, and vishing.

Used EmailTracker-Pro to identify potentially malicious emails and provide the IP WhoIS information to stakeholders and network security engineers.

Followed Response Playbooks/Incident Response Plans (IR Plans) used by SOC team.

Used NIST Risk Management Framework as a basis for SOC team Cyber Security guidelines such as Continuous Monitoring.

Worked with cross-functional teams to ensure compliance with SOC Team Cyber Security Risk Management procedures throughout the system.

Applied NIST Compliance, Security Management and Operations, Vulnerability Assessment, Risk Management Framework, Incident Response, Monitoring, and Threat Detection and Mitigation standards and protocols.

Produced Cyber Weekly Reports for reporting to Senior Management/Executives.

Conducted e-mail analysis on suspicious e-mails.

Actively conducted open-source research to find new threats and IOCs.

Served as the system tool owner for security applications Splunk, Carbon Black, etc.

05/2018 - 03/2020

Cyber Security Engineer Texas Instruments, Inc. Dallas, TX

Texas Instruments designs and supplies semiconductors and digital signal processing solutions for the world market.

Worked with on-site team and management to understand how different Cyber Security solutions would support specific business objectives.

Identified gaps in the organizational security stack and evaluated technologies to close them, resulting in improved security posture.

Researched security strategies and techniques used in malicious campaigns to identify their source or offending parties involved.

Evaluated and reported cyber threats as well as aided in preventing, detecting, examining, studying, and analyzing computer and network intrusions.

Documented Cyber Security incidents on blacklisted IPs/domains detected on client ad tag and alerted clients in a timely manner.

Devised plans and scenarios for various types of Penetration Tests.

Populated and sustained an active intrusion database and delivered data analysis support, evaluated data from logs, sensors, network devices, alerts, and ran applications using SIEM tools, log servers, application interfaces, and third-party applications such as Process Explorer.

Assessed information system controls on various platforms and devices to include Windows, Linux, UNIX operating systems, Databases, and Network devices.

Conducted regular assessments on assigned systems to ensure the renewal of systems ATO.

Documented exploits and results in finalized Security reports to direct remediation.

Demonstrated knowledge of processes, procedures, and regulations using Nessus, I was able to perform scans of the entire system and provide an overview of network vulnerabilities.

Conducted security assessments on assigned systems to ensure FISMA compliance following NIST SP 800-53 rev 4, NIST 800-53A, and FIPS.

Meticulously reviewed information system documentation (for example, Security Assessment Reports (SAR), System Security Plans (SSP), and Executive Summaries to confirm FISMA conformity).

Operated in a team to ensure that deliverables were completed with the highest quality and submitted in a timely manner per FISMA specification.

Implemented Assessment and Authorization (A&A) processes under the NIST 800-53/53A, 800-37 Risk Management Framework (RMF) for new and existing information systems, receiving over eight ATOs.

Upgraded software, patches, and security patches on dev/test and production environments.

Identified and prioritized information security risk and advised business partners about security/privacy requirements and solutions to ensure compliance.

Performed information security assessments in direct support of a major compliance effort (NIST, PCI-DSS, and ISO).

Applied knowledge of Intrusion Detection/Prevention Systems and rule/signature writing.

Delivered cooperation to partner agency cyber threat analysis entities to communicate and share threat information across the cybersecurity community.

Monitored performance on several risk management activities, including risk, control registers, workflow review, and approval with Archer GRC.

Monitored and analyzed network traffic security systems such as Firewalls, Servers, and Databases using tools such as Nessus, SIEM, Nmap, Snort, IDS alerts, DLP, and web proxy for system vulnerability.

02/2016 - 05/2018

Threat Hunter Legrand West Hartford, CT

Legrand, North & Central America, one of Legrand S.A’s largest subsidiaries, is the global specialist in products and systems for electrical and digital building infrastructures.

Monitored, managed, analyzed, and reported cyber security incidents and day to day events of cyber security.

Performed project management and assisted with forecasting, budgeting, and monitoring of data security projects and procedures as they are to Cyber Security Operations Center.

Set up configuration files in Splunk; tuned rules to create better alerting and established security baselines for configurations to tune out unnecessary alerts.

Worked on Indicators of Compromise (IOC) Vetting and Ingestion.

Performed simulation and incident testing in a lab environment.

Conducted security assessment of management, operational and technical controls.

Conducted interviews to gather information on the status of certain controls, as well as the overall security status of information systems.

Developed security strategy and performed IT risk assessment and vulnerability assessment and worked with the business to mitigate risks.

Created and documented policy for SSL certificate management.

Used WireShark to troubleshoot and investigate network issues

Tracked and updated Plans of Action and Milestones (POAM) regarding the mitigation and remediation status.

Tracked authorization termination dates for various information systems risk assessments including reviewing organizational policies, standards and procedures and providing advice on their adequacy, accuracy and compliance with industry standards.

Performed security vulnerability assessments and penetration tests to ensure client environments and data are secure as well as satisfying regulatory compliance requirements.

Created reports including remediation plans for discovered vulnerabilities.

Conducted security vulnerability assessments, security configuration, research and penetration tests using commercial tools such as Cobalt Strike, Metasploit Framework, Burp Suite, and other Open Source infosec tools while following methodologies and best practices as defined in PTES, NIST.

Composed security alert notifications and other communications.

Advised incident responders in the steps to take to investigate and resolve computer security incidents.

Attended industry-based webinars and meetings hosted by reputable organizations and agencies such as FS-ISAC, MS-ISAC, CISA, DHS, and Recorded Future.

Detected malicious activities through the analysis of User Behavior.

Performed forensic investigations and advanced threat analysis on many cyber security threats and reported on industry-standard security information on current trends.

Provided holistic data governance solutions with an emphasis on data classification and data leakage prevention.

10/2013 - 02/2016

Penetration Tester Georgia Pacific Atlanta, GA

Georgia-Pacific LLC is an American pulp and paper company based in Atlanta, Georgia, and is one of the world's largest manufacturers and distributors of tissue, pulp, paper, toilet and paper towel dispensers, packaging, building products and related chemicals.

Work applied:

Worked with company stakeholders to create enterprise security documents (policies, procedures, standards, guidelines, and playbooks) under the direction of the Chief Information Security Officer.

Worked with IT staff to understand and resolve system vulnerabilities.

Conducted risk assessments and collaborated with Management and technical team to provide recommendations regarding any changes that were being implemented on assigned systems.

Performed security vulnerability assessments and penetration tests to ensure client environments and data are secure as well as satisfying regulatory compliance requirements for such regulations. Burp Suite, DirBuster, Hp Fortify, N-map, SQL Map tools were used as part of the penetration testing, on daily basis to complete the assessments.

Reviewed PAOM to validate the items uploaded in the POAM tracking tools support the closed findings and coordinate promptly with stakeholders to ensure timely remediation of security weaknesses.

Conducted system security evaluations and assessments, documented and reported security findings using NIST 800 guidance per the continuous monitoring requirements.

Researched emerging threats and vulnerabilities to aid in the identification of network incidents.

Recommended and addressed the acceptability of the software products for continuous monitoring project.

Monitored daily event collection, security intelligence and emerging threat information sources including SIEM, vendors, researchers, websites, newsfeeds and other sources.

Analyzed security vulnerabilities and impact of mobile devices on network using mobile device management (MDM) tools.

Determined cause and researched attack vectors, extent of exposure, and overall risk to environment.

Performed and analyzed vulnerability scan reports and worked with stakeholders to establish plans for sustainable resolutions.

Completed tasks such as researching and identifying security vulnerabilities on the networks and systems.

Used Nessus to run scans on operating systems.

Monitored controls post authorization to ensure continuous compliance with the security requirements by evaluating vulnerabilities through Nessus scan results and work with the IT staff for mitigation actions.

Provided scanning of range operating systems and test beds using SCAP compliance tool and Nessus vulnerability scanner for independent security analysis.

Implemented deep drive analyses on alerts received from Splunk and took actions on remediation process.

Experienced in researching emerging cyber threats to understand and present hacker methods and tactics, system vulnerabilities, and indicators of compromise.

Supported day to day data security operations.

Monitored security patch levels of the servers, workstations and network environments, and anti-virus systems.

Performed proactive network monitoring and threat analysis.

Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation.

Assisted in planning, development and security of a system that aims to establish a security infrastructure.

Developed and maintained security implementation policies, procedures and data standards.

Completed tasks such as researching and identifying security vulnerabilities on the networks and systems.

Differentiated potential intrusion attempts and false alarms and prioritized response using Splunk and Snort.

Scheduled a Penetration Testing Plan throughout the organization and completed all the tasks in the given time frame.

Performed pen tests over different business applications and network devices of the organization.

Conducted penetration tests on systems and applications using automated and manual techniques with tools such as Metasploit, Burp Suite, IBM App Scan, Kali Linux, and many other open-source tools as needed.

Worked with support teams to address findings as a result of the tests.

Participated in assigned exercises (e.g., COOP, network vulnerability, "red team/blue team", etc.).

Demonstrated problem-solving abilities by finding vulnerabilities and risks in computer networks and taking measures to correct or exploit those vulnerabilities.

Supported threat intelligence gathering, processing, correlation, and analysis.

Performed Vulnerability Assessments and Penetration Tests using tools such as Burp Suite, Nessus, and Kali Linux.

Established and improving the processes for privileged user access request.

Promoted a new and cost-effective Plan against Phishing Attacks and successfully reduced the volume of phishing mails up to 60%. Conducted attack analysis on the IDS reports to detect the attacks and reported the analysis.

04/2010 - 10/2013

SOC 2 Analyst ABM Industries New York, NY

ABM Industries is a leading provider of facility solutions with offices throughout the United States and various international locations. ABM's comprehensive capabilities include janitorial, electrical & lighting, energy solutions, facilities engineering, HVAC & mechanical, landscape & turf, mission critical solutions and parking, provided through stand-alone or integrated solutions.

Work applied:

Applied Cyber Security best practices and methodologies, including NIST SP800 Series, OWASP TOP 10 and SANS TOP 20 Vulnerabilities lists.

Executed security data management plans for the design and implementation of data collection and scheduling, and reviewed clarification and reporting systems.

Provided risk-based surveillance of organization information.

Identified and responded to different types of Cyber Security attacks such as DOS, DDOS, Phishing, Man-in-the-Middle attack, replay attack, Wireless attacks, Password based attacks, Sniffer attack, IP, MAC and DNS Spoofing attacks and Malware attacks.

Monitored daily IDS alerts utilizing Sourcefire, McAfee, and user-defined signatures to detect and report high-risk anomalies.

Analyzed Cyber Security breaches and provided recommendations in remediation strategies to victims of malicious activity throughout the area of responsibility.

Identified Cyber Security vulnerabilities and threats based on company's security policy and regulatory requirements such as PCI, PII, GLBA, HIPAA, FISMA and SOX.

Performed sniffing and penetration testing and provided mechanisms against sniffing using tools such as RSA Netwitness Investigator, and TCP dump.

Performed Mac and DNS Spoofing and ARP poisoning to provide a better overview of the vulnerabilities of the system using tools such as BetterCap and Ufasoft Snif.

Performed white, grey, and black box Penetration Testing.

Monitored global endpoints and network infrastructure using Splunk to ensure the safety of company intellectual property and financial assets from Advanced Persistent Threats (APT) to Security.

Managed the day-to-day operations of the Security Operations Center (SOC).

Provided senior leadership with weekly threat reports and team status as part of Security reporting.

Investigated, captured, and analyzed events related to cyber incidents.

Documented and logged technical incident details for future reference.

Developed and implemented a complete restructure of security groups to manage domain permissions to resources more effectively.

Assessed business processes to identify potential risks.

Handled Certification and Accreditation (C&A) actions correlated to certification of the US-VISIT core mission and support systems for the development of system releases.

Organized system security evaluations centered on NIST SP 800-53.

Produced security documents and system security plans, including security assessment reports, contingency plans, and disaster recovery plans.

Reinforced security tests and evaluations (ST&Es).

Supplied security support and assessment to development teams to incorporate information assurance/security during the course of the System Life Cycle Development of application releases.

Designed and tracked POA&Ms using Trusted Agent FISMA (TAF).

Developed FIPS-199 worksheets and E-Authentication.

EDUCATION

Bachelor of Science - Networking Information Technology

Central Connecticut State University

CERTIFICATIONS

Splunk Fundamentals Part1 Certified

Currently working on:

oSecurity+ (Certified

oEC-Council –Certified Ethical Hacker (CEH)

oAzure Security AZ-500

oCertified Information Security Auditor (CISA)

oCertified Information Systems Security Professional (CISSP)

Contact this candidate