Cyber Security Engineer
Resume:
Emmanuel Boateng
Cyber Security Engineer
Phone: 410-***-****
Email: advd7d@r.postjobfree.com
PROFESSIONAL SUMMARY
8+ years’ experience in Cyber Security, Networking, security Assessments and Audits, Risk management, Security awareness and Training, and Information Systems Management.
Monitor IT network systems for anomalies and perform proper updating and patch management.
Use encryption and hashing tools such as the MD5 online tool, Hash Calc, and Crypto Demo.
Apply Malware analysis, including viruses, worms, trojans, botnets, and rootkits using both static and dynamic analysis.
Skilled finding Cyber Security vulnerabilities and risks in computer networks and resolving vulnerabilities by updating systems accordingly.
Ensure security compliance with the NIST Risk Management Framework.
Follow Incident Response Plans to mitigate system breaches, document findings, and perform post-incident analysis to update the Incident Response Plan.
Perform Access Control Identity Management, Penetration Testing, Vulnerability Assessment, SOC Analysis, Incident Response, and Threat Mitigation.
Perform log analysis, intrusion detection/prevention, and incident management as SOC Analyst by reviewing alerts from various SIEM tools.
Produce reports about Cyber Security events and Vulnerabilities found in vulnerability assessment scans using tools such as Nessus, OpenVAS, Retina CS.
Investigate and analyze Cyber Security events found in vulnerability scans and suggest countermeasures to mitigate threats.
Conduct penetration tests/audits on systems and networks for vulnerabilities by performing Footprinting and Scanning using tools such as Whois Lookup, Path Analyzer Pro, Nmap, Hping3, OpUtils, and Google hacking.
Skilled with tools such as Splunk, Nessus, WireShark, IDA Pro, ArcSight, LogRhythm, AlienVault, ForgeRock, Tcpdump, and Nmap.
Skilled collecting network traffic and performing analysis from network devices such as Firewall, IDS/IPS, Antivirus, Switches, and Router traffic through Log and Event-based on TCP/IP.
Experience with AWS Cloud Security and architectural technology.
Know ow to apply solid theoretical understanding of common protocols such as HTTP, DNS, DHCP, SNMP, FTP, SSH, SMB, TLS, and SSL.
Expert using applications such as Microsoft Office Suite/365 (Word, Excel, PowerPoint).
Skilled in Networking protocols and packet analysis tools, Computer Networking and TCP/IP stack.
TECHNICAL SKILLS
Investigative/Pentest tools
Wireshark
Path Analyzer Pro
Whois
Protocol Analyzer
Nessus
AirCrack-ng
Hashcat
MyDNSTools
NMAP
Proxy Switcher
OpManager
Netcat
Burpsuite
Web-stat
Saint
Zenmap
Netcraft
Shodan
Geo IP Lookup tool
Ettercap
Hping3
CYBERSECURITY FRAMEWORKs
NIST 800 SERIES
HIPPA
SOX
COBIT
RMF
SIEM
ArcSight
Splunk
LogRhythm
DIG
Maltego
Recon-ng
Netscan Tool Pro
Colosoft ping tools
AirCrack
Email Tracker Pro
John the Ripper
OpUtils
Engineer Toolset
Kismet
Cain and Abel
Operating Systems
Windows Server Desktop Editions
Mac OS
Kali
IDS/IPS
Advanced Threat Protection (ATP)
Snort
Sourcefire
AlienVault
TippingPoint
PROFESSIONAL EXPERIENCE
07.2021 – Present
Cyber Security Engineer
Kelly Benefits, Maryland, Sparks
Technologies: Proofpoint, Jira, Darktrace, Security Scorecard, Cisco Firewalls, Logic monitor, Tenable, Ivanti, Carbon black, AD Audit plus and Cisco meraki
Applied best-practice cyber security assessment exercises to identify threats to the company’s IT/Cyber network.
Worked with stakeholders in alignment with a systematic approach for developing resilient cyber security programs, mechanisms, protocols, etc.
Identified security objectives, potential threats and vulnerabilities, provided insight into an attacker's perspective by considering some of the entry and exit points that attackers are looking for to successfully exploit an IT/Cyber system.
Supervised the development of training content for issues related to IT Cybersecurity.
Responsible for open and close tickets, security reviews, SOC Audits, Risk assessment and Troubleshooting firewall
Reviewing alerts in and resolving the same, led in Tabletop Exercise, develop playbooks and write newsletter
Involved in IT Audits as well as policy reviews
Assisted in deploying Dark Trace and third-party risk assessment.
Helped in deployment of carbon black EDR and phishing campaigns
Assisted with Third party risk assessment.
Produced Business Continuity and Network Perimeter Security plans, including Endpoint Security.
Conducted a DMZ security architecture review of multiple data centers across the globe to highlight gaps in common security controls.
Implemented a security architecture questionnaire based on the NIST Cybersecurity Framework v1.1 with scoring to reduce the time of a security architecture review.
Assessed rules for effectiveness and prioritized for implementation based on maximum risk reduction.
Outlined a plan for website security following OWASP Top 10.
Architected end-end Identity and Access Management solutions in On Prem and hybrid following HIPAA regulatory compliance standards.
Delivered holistic data governance solutions with an emphasis on data classification and data leakage prevention.
Collaborated with stakeholders, including project managers, architects, and other technical leads around cybersecurity requirements throughout the lifecycle of the project.
Made recommendations to mitigate risks during the development and production cycle.
Managed and ensured compliance with IT structures / processes / guidelines /technologies.
Oversaw troubleshooting of complex, technical situations by providing solutions based on established cybersecurity standards.
Performed analysis to validate all security requirements and recommended additional security measures and safeguards.
Evaluated security measures to protect against threats or hazards to data.
Engaged with external auditors and third parties in support of security activities.
Developed project plans, estimations, specifications, flowcharts, and presentations.
Cyber Security Engineer
Ashley Home Store – Brandon, FL
Ashley Home Store is an American furniture store chain that sells Ashley Furniture products. Opened in 1997, the chain comprises over 2000 locations worldwide.
Conducted Security Control Assessments to assess the adequacy of management, operational privacy, and technical Security controls implemented using NIST 800 framework.
Assessed and updated System Security Plan (SSP) and created a Security Assessment Report (SAR) for stakeholders.
Conducted Business Impact Analysis to determine security plan.
Performed Risk Assessments in accordance with NIST Risk Management Framework.
Conducted Security Risk Assessment on all new applications and IT Systems, to verify if they satisfied the established security baseline before adoption into corporate infrastructure.
Conducted internal and external vulnerability assessments on computing assets such as hosts, network resources, and all other aspects of the organization.
Applied knowledge about regulatory compliance mandates such as HIPAA, FISMA, CFAA, CIPPA, COPPA, SOX, GLBA.
Produced Vulnerability Reports, Executive Summaries, and Penetration Testing reports for submission to operations and management stakeholders.
Worked with the Incident response group in monitoring for intrusion events.
Implemented Assessment and Authorization (A&A) processes under the NIST 800-53/53A, 800-37 Risk Management Framework (RMF) for new and existing information systems.
Created and maintained an inventory of all third-party tools/systems used. Inventory included the functions the third-party tools/systems performed.
Worked with on-site team and management to understand how different Cyber Security solutions would support specific business objectives.
Identified gaps in the organizational security stack and evaluated technologies to close them, resulting in improved security posture.
Designed and developed Business Continuity Plans and Network Perimeter Security, including Endpoint Security.
Applied FireEye Threat Intelligence subscriptions and services to address all aspects of the company’s threat intelligence needs.
Implemented the Risk Management Plan with a stakeholder team. Used Risk Management Plan to ensure the steps of the risk management process were conducted properly (e.g., Set Objectives; Risk Identification; Risk Assessment; Risk Analysis; Risk Tolerance; and Risk Mitigation).
Completed the annual cyber risk compliance program IAW NIST 800-171 and DFARS.
Worked with senior leadership to ensure that cybersecurity and compliance go hand in hand.
Implemented a governance, risk management, and compliance (GRC) program to help improve information sharing.
Implemented Risk Management protocols per NIST Risk Management Framework.
Implementation of IT Strategy and Enterprise Security Architecture.
Developed Plan of Action & Milestones (POA&M).
10.2017 – 10.2019
Cyber Security Engineer
Gartner – Stamford, CT
Gartner, Inc. is the world’s leading research and advisory company and a member of the S&P 500. Gartner equips business leaders with indispensable insights, advice, and tools to achieve business objectives.
Conducted Business Impact Analysis to determine security plan.
Conducted a gap analysis of the firm's DDoS capabilities and documented the security requirements for an enterprise-wide DDoS solution in a hybrid environment.
Conducted a DMZ security architecture review of multiple data centers across the globe to highlight gaps in common security controls.
Conducted Security Control Assessments to assess the adequacy of management, operational privacy, and technical Security controls implemented using NIST 800 framework.
Assessed and updated System Security Plan (SSP) and created a Security Assessment Report (SAR) for stakeholders.
Conducted Risk Assessments in accordance with NIST Risk Management Framework and implemented Risk Management protocols per NIST Risk Management Framework.
Developed an internal systems security plan about how to handle procedures to isolate and investigate potential in Developed Plan of Action & Milestones (POA&M).
Developed scheduled alerts, reports, and correlated searches on Splunk.
Designed and developed a Business Continuity Plans and Network Perimeter Security, including Endpoint Security.
Implemented IT Strategy and Enterprise Security Architecture.
Performed Nessus vulnerability scanning to support the organizations vulnerability management program.
Used the Cyber Kill Chain steps to trace stages of a cyberattack from the early reconnaissance stages to the exfiltration of data.
oReconnaissance (Observation): Attackers typically assess the situation from the outside-in, to identify both targets and tactics for the attack.
oIntrusion: Based on what the attackers discovered in the reconnaissance phase, they’re able to get into your systems: often leveraging malware or security vulnerabilities.
oExploitation: The act of exploiting vulnerabilities, and delivering malicious code onto the system, to get a better foothold.
oPrivilege Escalation: Attackers often need more privileges on a system to get access to more data and permissions: for this, they need to escalate their privileges often to an Admin.
oLateral Movement: Once they’re in the system, attackers can move laterally to other systems and accounts to gain more leverage: whether that’s higher permissions, more data, or greater access to systems.
oObfuscation / Anti-forensics: To successfully pull off a cyberattack, attackers need to cover their tracks, and in this stage, they often lay false trails, compromise data, and clear logs to confuse and/or slow down any forensics team.
oDenial of Service: Disruption of normal access for users and systems, to stop the attack from being monitored, tracked, or blocked.
oExfiltration (Extraction stage): Getting data out of the compromised system.
Utilized Enterprise Mission Assurance Support Service (eMASS), a government-maintained web-based application with a comprehensive array of services for thorough and entirely incorporated cybersecurity management:
oeMASS supports Information Assurance (IA) program management and automates the DoD Information Assurance Certification and Accreditation Process (DIACAP) and Risk Management Framework (RMF) process.
oeMASS showcases incorporate dashboard reporting, controls scorecard metrics, and the production of a system security approval package
oeMASS offers a unified suite of authorization resources and counteracts cyber-attacks by establishing strict process control methods for obtaining authorization assessments
Implemented the Risk Management Plan with an organization’s stakeholder team. Use the risk management plan, with the stakeholder team, to ensure the steps of the risk management process are conducted (Set Objectives; Risk Identification; Risk Assessment; Risk Analysis; Risk Tolerance; and Risk Mitigation).
Completed the annual cyber risk compliance program IAW NIST 800-171 and DFARS.
Applied knowledge about regulatory compliance mandates HIPAA, FISMA, CFAA, CIPPA, COPPA, SOX, GLBA.
Analyzed PCAPs using Wireshark, responding to network security issues.
Applied FireEye Threat Intelligence subscriptions and services to address all aspects of our threat intelligence needs.
Employed situational awareness (SA) for recognizing terrorist threats and to identify criminal behavior and other dangerous situations.
Utilized Archer GRC in performing operational risk management of new and existing assigned entities/vendors to identify the risk-based level and security posture for each entity.
Tested website for security using Qualys.
Monitored and analyzed network traffic security systems such as Firewalls, Servers, and Databases, using tools like Nessus, SIEM, Nmap, Snort, IDS alerts, DLP, web proxy, for system vulnerability.
Performed information security assessments in direct support of a major compliance effort (NIST, PCI-DSS, and ISO).
Managed operational activities, including training metrics, to measure the progress and effectiveness of the training and awareness content.
Responded to intrusions and threats detected by Snort IDS/IPS.
Conducted various security scans like Network Vulnerability scans, Port scanning, Host and Database scan in accordance with our vulnerability management program.
Streamlined the legacy security architecture questionnaire into one based on the NIST Cybersecurity Framework v1.1 with scoring to reduce the time of a security architecture review by 30%.
11.2015 – 10.2017
SOC Analyst lll
McKesson Corporation – Irving, TX
McKesson Corporation is an American company distributing pharmaceuticals and providing health information technology, medical supplies, and care management tools.
Conducted security assessment of management, operational, and technical controls.
Conducted interviews to gather information about the status of certain controls, as well as the overall security status of information systems.
Conducted security vulnerability assessments, security configuration, and research and penetration tests using commercial tools such as Cobalt Strike, Metasploit Framework, Burp Suite, and other Open-Source infosec tools while following methodologies and best practices as defined in PTES and NIST.
Developed security strategy and performed IT risk assessment and vulnerability assessment and worked with the business to mitigate risks.
Created and documented policy for SSL certificate management.
Used WireShark to troubleshoot and investigate network issues.
Tracked and updated Plans of Action and Milestones (POAM) regarding the mitigation and remediation status.
Tracked authorization termination dates for various information systems risk assessments, including reviewing organizational policies, standards, and procedures and providing advice on their adequacy, accuracy, and compliance with industry standards.
Created reports, including remediation plans for discovered vulnerabilities.
Set up configuration files in Splunk and tuned rules to create better alerting and established security baselines for configurations to tune out unnecessary alerts.
Composed security alert notifications and other communications.
Advised incident responders in the steps to take to investigate and resolve computer security incidents.
06.2015 – 11.2015
Penetration Tester
Kimberly-Clark Corporation – Irving, TX
Kimberly-Clark Corporation is a multinational personal care corporation that produces mostly paper-based consumer products. The company manufactures sanitary paper products and surgical and medical instruments.
Researched and identified security vulnerabilities on networks and systems.
Differentiated potential intrusion attempts and false alarms and prioritized responses using Splunk and Snort.
Scheduled Penetration Testing Plans throughout the organization and completed security tasks within tight timeframes.
Performed pen tests over different business applications and network devices of a variety of corporations and large formal organizations.
Conducted penetration tests on systems and applications using automated and manual techniques. Applied tools such as Metasploit, Burp Suite, IBM App Scan, Kali Linux, and many other open-source tools.
Worked with support teams to address findings from tests.
Participated in assigned exercises (e.g., COOP, network vulnerability, "red team/blue team", etc.).
Monitored daily event collection, security intelligence, and emerging threat information sources, including SIEM, vendors, researchers, websites, newsfeeds, and other sources.
Analyzed security vulnerabilities and the impact of mobile devices on network using mobile device management (MDM) tools.
Demonstrated problem-solving abilities by finding vulnerabilities and risks in computer networks and took measures to correct or exploit those vulnerabilities.
Performed Vulnerability Assessments and Penetration Tests using tools such as Burp Suite, Nessus, and Kali Linux.
Performed security vulnerability assessments and penetration tests to ensure client environments and data were secure, as well as satisfied regulatory compliance requirements.
Used Burp Suite, DirBuster, Hp Fortify, N-map, and SQL Map as part of the penetration testing on daily basis to complete vulnerability assessments.
Established and improved the processes for privileged user access request.
Promoted a new and cost-effective Plan against Phishing Attacks and successfully reduced the volume of phishing mails up to 60%. Conducted attack analysis on the IDS reports to detect the attacks and reported the analysis.
04.2014 – 06.2015
SOC Analyst
Apex Tool Group – Sparks, MD
Apex Tool Group is an American supplier of hand tools and power tools.
Provided services as security control assessor (S.C.A.) and performed as an integral part of the Assessment and Authorization process to include A&A, documentation, reporting, reviewing, and analysis requirements. As a team, we determined Security Categorizations using the FIPS 199 as a guide, reviewed, update and develop Privacy Impact Assessment (PIA), Privacy Threshold Analysis (PTA), and initiated System Security Plan (SSP).
Applied understanding the function and content of information security policies, standards, procedures, and practices as well as threats, risks and vulnerabilities at a functional level.
Executed security data management plans for the design and implementation of data collection, scheduling and review clarification and reporting systems.
Monitored and audited information security controls for compliance and effectiveness.
Worked with internal stakeholders to create a matrix that mapped project requirements to the National Institute of Standards and Technology (NIST) security controls.
Analyzed security breaches to determine their root cause.
Processed Nessus vulnerability scanning for critical and high severity alerts, log analysis, and results.
Managed Security Assessment and Authorization (SA&A) process to support continuous monitoring activities in accordance with NIST guidelines.
Monitored the IT regulatory landscape for emerging regulations and assessed the impact to control framework and risk strategy.
Reviewed and documented contingency plans (CP), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines for various agencies.
Reviewed and updated of the System Security Plan (SSP) using NIST SP 800-18 guidelines.
Reviewed and updated Cybersecurity documentation.
Developed and conducted ST&E (Security Test & Evaluation according to (NIST SP 800-53A) and perform on-site evaluation and support.
EDUCATION
Master of Professional Studies (Cybersecurity major)
University of Maryland, Baltimore County, MD
Contact this candidate