Soc Analyst Information Security
Resume:
Oscar Tabot
*******@*****.***
Summary
Dependable professional interested in Information Security/Cyber Security job positions with any company that can apply analytical, technical and innovation skills to support and guard organizations against security breaches while maintaining FISMA/NIST, PCIDSS, HIPAA and ISO27001, 14001, 9001 and 18001 compliance. Eager to work with a team of analysts, Security Control Assessors, ISO, Stake holders to defend digital files and electronic infrastructure.
Over 8 years’ experience in both IT and Information Security in the following areas.
Experience in supporting cloud services including AWS, Microsoft Azure, Google. Also experience in cloud automation and cloud security such as testing controls, assessment and monitoring.
Ability to Install, operate, maintain and upgrade Microsoft, Linux, and VMware hosts, operating system software, patches, and upgrades within cloud environment and making sure the goals of security are achievable.
Experience in managing the vulnerability management team and chairing the vulnerability meeting and use of Tenable to run a biweekly vulnerability meeting to discuss vulnerabilities found in the network. The risk scorecard supports the remediation process.
I am experience in using DLP tool to prevent sensitive data from leaving the network.
I monitor the network using Symantec DLP for our cloud services and storage data and mostly data that is at rest. Symantec DLP is set to scans existing accounts and I monitor and review accounts on daily bases.
Experience in knowing whether the sensitive information is being stored and how it is used, and I can determine the receiver of the receiving end
Experience and understanding of Digital Certificate and Public Key Infrastructure (PKI) technology, to enable organizations control large numbers of Digital Certificates for SSL, authentication, document signing, S/MIME and other usages of Digital Signatures.
Working with SailPoint which is an identity and access governance tool that allow me to track assets and keep record of employees utilizing company assets. Recent involvement and project of identity and access management solution was deploying new assets such as laptops and mobile device to a new site that recently hire new employees. Also, used SailPoint to facilitate auditing with external auditors in relation to access management in compliance with ISO27001.
Extensive experience in installation, Configuration, Updating, Support, and Maintenance of Unix and windows servers.
Expertise in migrating key systems from on premise hosting to Amazon Web Services (AWS)
Good Security Technology knowledge Splunk-Enterprise, IDS and IPS, DLP, (IAM) Identify Access Management, SIEM as well as tracking trends across incident and events. System ingest, monitoring data such as hardware, software, prevent attack and spot network intrusion. Do have the ability to trace back defensive weakness that could lead to breaches. Develop asset register and asset management database.
Provided guidance in the planning, gathering requirements, recommendations, and implementation of data migration to Office 365, and configuration best practices.
Experience in installing and configuring Windows Failover Clustering services, Extensive experience in Windows 2016/2012R2/2008R2/2003/2000/NT 4.0 servers at single or multi domain platforms.
Using various IDS/IPS to monitor traffic to and from network devices (NIDS) and also HIDS. Also installing IDS and IPS mostly Snort. Do make recommendation with client to improve network strength in monitoring and to but latest IPS and IDS that lead to the improvement of security controls.
Extensive experience with the Active Directory tools and Wintel servers.
Experience in syncing On-premises Windows Server Active Directory to Azure AD (AAD) using Azure AD connect.
Experience with Firewalls, IPs, switches and VPNs configurations. Responsible production support of Active directory (AD), GPO, GPP, Domain users, Users and groups and given appropriate permissions, shares and privilege to access LAN and Domain environment.
Development of system security plans (SSP), Contingency Plans and Contingency Plan test, Disaster Recovery Plans, Incident Response Plans/Training and Configuration Management.
Categorization of old and new systems, generation, reviews and update system security plans against NIST 800-18 and NIST 800 53 requirements. Review technical security controls and provide implementations
Forensic Analyst using Encase in conduction forensic investigation (understanding of digital forensics and attacks. Experience in scripting SDK/ Linux for the creation of applications software package, hardware platform, computer system, software framework and operating system
Experience on network infrastructure - TCP/IP, traffic analysis in maintaining security. ISO27001 Compliance Standards.
Extensive experience with Active Directory, GPO’s, DHCP, DNS, IP, Sub Nets, VPNs, VLAN, Network routing, firewalls, LAN/WAN switching and Backup & Recovery, File & Print Server, IIS (Web Server), FTP, Terminal Server
Good experience on Networking in AWS, VPC and Data center to Cloud Connectivity, Security Groups, Route Tables and ACL’s in AWS
Audit the finance department twice a year to make sure the department is meeting compliance according to Sarbanes-Oxley Act (SOX). Experience in auditing and reviewing financial transaction to protect shareholders and organization from accounting errors and fraudulent practices to improve business accuracy of both client and corporate disclosure.
Technical Skills
Vulnerability Scanning and Pen Test Tools NESSUS, Nexpose Rapid 7, WebInspect, Nmap and Kali Linux Metasploit, FireEye, Network Security Monitor, Symantec endpoint protection and Tenable.
Event Management, Log Monitoring and Ticketing Manage Engine- Event Log Analyzer, Symantec, Gaudium and CISO IronPort.
Other Knowledge on LAN/WAN, TCP/IP, Subnetting, DMZ, Routers, Antivirus, Firewalls, IDS/IPS, Tripwire, Proxies and Splunk; Knowledge on Cloud Computing and Services, IAM and SIEM; Experience with Microsoft Office Tools: Microsoft Excel, Microsoft Word, Microsoft Access, Microsoft PowerPoint, SharePoint, Windows operating System, PowerShell, PeopleSoft; Great understanding and implementation of GDPR General Data Protection regulation, (2018). Provide training and awareness to stakeholders, employee and auditing facilities to meet compliance; Expert in cloud security, Azure Data services, Firewall, Checkpoint, Migration, ServiceNow; AWS and One Drive manager; Experience in Software testing and developing script to generate testing reports; Experience in using Encase to conduct digital forensic investigation and expert in analyzing of digital images.
DLP agent packaging, upgrading strategies, integration, testing and support. Automate scanning solutions for improving efficiencies with DLP scanning program for Data at Rest. Work with different teams to improve the DLP solution by updating the policies, fine tuning and remediation to meet internal & external regulatory requirements.
Education, Training and Certifications
MSC, Master’s in Cyber Security, Edge Hill University, UK
Bachelor of Science in Computer Science University of Buea
Association of Accounting Technician Manchester
Certified Cloud Security Professional (CCSK)
Scrum Master Accredited Certification
CompTIA Security Plus certification: Certified
Software Tester
ISO27001 Certified Lead Auditor
Experience in the following standards ISO27001, 9001, 18001, 45001, PCI DSS, HIPAA
ITIL Version 3 Certified
AWS Certified Solution Architect.
Certified Product Owner
CEH Certified Ethical Hacker In Progress
CIPP/G in Progress
QAS in Progress
Professional Experience:
Landis & Gyr, US Atlanta, GA March 2015 – Present
Information Security Analyst/Manager
I am experience in using transmission control protocol TCP, IP, LAN,WAN and VPN connect to provide secure communication of network packages.
Responsible with incident response from ticketing, preparation until generating report from lessons learned.
Responsible for the management of ISO27001 standard compliance and driving Information Security aspects within the business Processes.
Using Tenable to manage vulnerability, conduct scan, reporting and remediation via service now ticketing system
I am experience in using DLP tool to prevent sensitive data from leaving the network.
I monitor the network using Symantec DLP for our cloud services and storage data and mostly data that is at rest. Symantec DLP is set to scans existing accounts and I monitor and review accounts on daily bases.
Office 365 Administration, Office-365 License Assignation and troubleshooting part, troubleshooting Microsoft O365 tenant, including all 365 platforms and applications, Tracking and escalation of incidents with Office 365 technical support, Resolve issues pertaining to Office 365 tenant and identity.
Experience in managing the vulnerability management team and chairing the vulnerability meeting. Run a biweekly vulnerability meeting to discuss vulnerabilities found in the network. The risk scorecard supports the remediation process.
Used Active Directory Domain Services to maintain GPO, as well as delegate roles for users. Ran scripts to automate services.
Delivered new global enterprise SSO and LDAP architectures for development, staging and Production Environments.
Automated application workflow and windows patching via powershell scripts.
Project lead in mitigating severe and critical vulnerability and updating java script to reduce vulnerability level. With the use of remote desktop service and remote code execution vulnerability was reduce on 83 assets from 183 asset whilst implementing the patch. Also use the ticket system to report vulnerability when scans are completed making sure the Nexpose console disk has space.
To effectively manage vulnerability systems by patching twice a month, following the Microsoft patch Tuesday and the fourth Tuesday of the month.
Provide support and co-ordinate external audits and tender requests
Manage Windows Server functions, including: file and folder management and access, network printing services, server performance monitoring, user access and administration, application and services management.
Manages the Information Security Management System (ISMS) and 27001 Certification, Manage & conduct internal audit for ISO27001 across regions and global support.
Providing expertise to the business on Information Security and GDPR topics.
Chairing the Security Forum (preparing forum meetings, decision proposals, meeting minutes) and maintenance of the relevant risk registers and improvement trackers.
Worked on Ping Access Integration with Ping federate to Protect the applications using Ping Access Tokens.
Created SP /IdP connections using Ping Federate with external partners.
Implemented OpenID and OAuth solutions using Ping Federate .
Support the Business Management at EMEA/Global level to make informed decisions regarding information security.
Management of Group/EMEA/Global Security Incidents until their closure (via Incident Management and GLITCH reporting tool).
Support EMEA S&P Director to make informed business recommendations regarding information security to Group board.
Coach, train employees on Information Security (incl. Awareness) and carryout new employee inductions. Recently introduce a global information security awareness training for the business.
Preparing management reviews of the ISMS and supporting Management Systems (IMS), as part of overall Management responsibility.
Risk assessor and Developing reports (Incidents, Audits, Risk Assessments, etc.) as per the agreed frequency and content to support wider communication of the Information Security compliance.
Support and advice customer requests on information security and building supplier relationships (end-to-end solution).
Review and writing policies to support topics such as GDPR, DPIA etc. within US and Global (Europe) as required.
POA&M Remediation: Performed evaluation of policies, procedures, security scan results and system settings in order to address controls that were deemed insufficient.
Work with a team in performing Security Assessment and Accreditation(A&A), RMF, continuous monitoring and FISMA audits.
Risk Management Framework (RMF) Assessment and Continuous Monitoring: Performed RMF assessment on several different environments at the Census Bureau using both scanning tools and manual assessment. Assessment included initiating meetings with various System owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls and documenting findings of assessment.
Performing SSAE (Statement of Standards on Attestation Engagement No.16) of the AICPA which is also called SOC review.
Using Source code review tools to analyze source code and/or complied versions of many types of application security flaws.
Work with the SOC analyst in setting up security monitoring tools to receive raw security-relevant data (e.g. login/logoff events, persistent outbound data transfers, firewall allows/denies, etc.). This includes making sure our critical cloud and on-premises infrastructure (firewall, database server, file server, domain controller, DNS, email, web, active directory, etc.) are all sending their logs to our log management, log analytics, or SIEM tool like ArcSight made by HP.
Performing vulnerability scanning and penetration testing with various scanning tools. Tasked to perform the role of a SOC analyst to analyze data from different security logs and correlating /associating them together to determine the existence and nature of security incidents and alert the SOC analyst and then create an incident ticket during escalation.
Vulnerability tool helps to find suspicious or malicious activity by analyzing alerts; investigating indicators of compromise (IOCs like file hashes, IP addresses, domains, etc.); reviewing and editing event correlation rules; performing triage on these alerts by determining their criticality and scope of impact; evaluating attribution and adversary details; sharing our findings with the threat intelligence community; etc.
Experience in writing, reviewing Information Security Policies to support the business meet legal requirements and compliance.
Currently working on migrating Siteminder 12.0 Sp3 which is called as next generation SSO which is in development stage.
Maintained an excellent rapport with fellow colleagues, vendors and trainees Involved in documentation regarding Windows server configuration, operating procedures, and service records relating to Windows hardware.
Conducting and managing PCIDSS compliance policies and performing assessments, monitoring of PCIDSS controls and reviewing vendors update and supporting internal and external auditing.
Experience in supporting cloud services including AWS, Microsoft Azure, Google. Also experience in cloud automation and cloud security such as testing controls, assessment and monitoring.
CWORLD Security LTD Washington DC Mar 2012 – Feb 2015
Information System Analyst
Document and Review System security plans (SPP), Contingency plans (CP), Contingency plan Tests (CPT), Privacy Impact Assessments (PIA) and risk assessment (RA) documents per NIST 800 guidelines for various government contracting agencies.
Conduct FISMA-based security risk assessments for various government contracting organizations and application systems including interviews, tests and inspections; produced assessment reports and recommendations; conducted out-briefings. Assessments conducted following NIST 800 processes and controls.
Perform Security Categorization (FIPS 199), Privacy Threshold Analysis (PTA), E-Authentication with business owners and selected stakeholders.
Performed Mid-level administrative responsibilities- 365 Admin, Azure, Cisco VoIP, Active Directory, Powershell scripting .
Installing and Maintaining Windows 2003, 2008, 2008 R2 and 2012 R2 Servers.
Managed MS Exchange servers, AD applications and public folders and resolved technical issues and monitored Office 365 systems.
Update patches on Servers Working Experience with Active Directory Components (AD Users and Computers, DNS, DHCP and WINS).
Configure hardware/software, devices lifecycle, arrange VPN access, and manage peripherals
Ability to develop and conduct ST&E (Security Assessment Testing and Evaluation) according to NIST SP 800-53A.
Troubleshoot and resolve various issues with Windows servers while migrations and documenting the troubleshoot process for future references.
Provide subject matter expertise with the development of security policy documentation that follows Federal Information Security Management (FISMA) requirements and National Institute of Standards and Technology (NIST).
Support customer by conducting vulnerability scanning using Nessus, WebInspect and Nexpose. Acted as a liaison for the program managers, system administrators, user representatives and developers to complete an entire A&A package in a timely, professional and organized manner, which included the analysis and definition of security requirements.
Manage various systems security artifacts within POA&M tracking tools like Trusted Agent FISMA (TAF) and RMF on a daily basis to validate remediation of security weaknesses.
Provide review of security controls employing NIST 800-53 recommended security controls. Perform Vulnerability scanning and prepare Assessment Reports (SAR).
Reviewing and certifying/validating items uploaded into POA&M tracking tool in support of remediated/close findings.
Establishes computer and terminal physical security by developing standards, policies and procedures; coordinating with facilities security; recommending improvements.
Worked with a team of CPA on providing report for SOC 2 type report which pro. Performing ISO 27001 with independent financial institutions with regard implementation, management and maintenance of an information security management system (ISMS). Worked with a third-party assessor to conduct both SOC 2 examination and ISO 27001 certification to provide independent assurance that the controls in place meet the necessary criteria which will result in an additional level of confidence that some internal assessments will not be able to provide.
Support Client by reviewing and updating cloud service provider deliverables for compliance with FedRAMP Framework.
Contact this candidate