Post Job Free
Sign in

Information Security Analyst

Location:
Arlington, TX
Posted:
August 02, 2023

Contact this candidate

Resume:

Michael Oke

To obtain the position of a Security Analyst / Engineer where my

9+ years experience can be applied.

Phone: 214-***-****

Address: Arlington, TX 76014

Email: adyonm@r.postjobfree.com

9+ years focused system, network, and security analyst / engineer with extensive knowledge in maintaining confidentiality, integrity, and availability.

CAREER ACCOMPLISHMENTS

Certified security professional and a highly skilled Information Security Analyst with strong understanding of standard / best practices to ensure and maintain confidentiality, integrity and availability of company data and business processes.

Understands the design and effectiveness of IT controls. Understands threat modeling, static code analysis concepts and builds security remediation plans. Served as a subject matter expert on information security practices, wrote and designed information security plans / network infrastructure from scratch with my knowledge and experience working with various information security frameworks (ISO/IEC 27001 / 27002, NIST 800-53, FISMA, FIPS, COBIT, CIS, etc) and regulatory frameworks

(SOX, PCI-DSS 3.2, HIPAA, GDPR, etc.)

Possesses working knowledge of Networking (New Gen Firewalls, Switching, Routing, TCP/IP, DNS, VPNs, SSL, etc.), Directory Services and Federation (Active Directory, etc.), Asset Management (ServiceNow, Axonious, and Flexera), Identity Lifecycle and Privileged Access, Management (CyberArk, and Tanium), Vulnerability Management

(Qualys), Endpoint Protection (Cortex XDR, Microsoft Defender, Symantec, and MalwareByte), Cloud (Azure), etc Worked with 3rd party vendors, conducted internal audits and executed security test plans, also participate in the execution of vulnerability assessments, and security audits as directed. Experience promoting Security Awareness through training, education, ongoing communication, campaigns, voice calls, in person, and use of Knowbe4 Automated Security Awareness Program for phishing elicitation through e-mails, etc.

Excellent organizational and analytical skills with an ability to prioritize conflicting tasks and handle multiple work efforts in a fast-paced environment.

Dedicated to solving any information technology problems with ready-made solution or research (documented comprehensive knowledge base of issues and resolution). Ability to analyze, aggregate and develop risk remediation plans; Develop sound plans - thoroughly lay out tasks, resources, and schedules; Ensure risk issues are clearly articulated and at the right level of detail; Draft deliverables requiring minimal revisions.

Proficient in installing and maintaining Windows Server 2012 R2, 2016, & 2019 (DHCP, Active Directory (AD), Group Policies, File / Print Server, etc.), Windows OS (7, 10, & 11), Microsoft Office 2007, 2010, 2013, 2016, 2019 & 365, Mac OS, Phone Support, and Remote Desktop (RDP).

Support Windows Systems, Troubleshooting (Hardware & Software), Wired & Wireless LAN, Printer (Network, Stand Alone, & Multipurpose).

Experience working with cross departmental teams within and outside the organization, with proven collaboration skills.

Experienced in full remote support, identity management, access management, and privileged access management.

Familiarity with Agile / DevOps concepts and principles Ability to quickly learn new software / applications, technologies, security standards / protocols, and apply them with an enterprise perspective.

PROFESSIONAL EXPERIENCE

Costco Wholesale / Costco IT - Issaquah, WA

IS INFO SEC INFORMATION SECURITY ANALYST (Enterprise Cybersecurity

& Risk Management) (Cybersecurity Asset Intelligence) June 2022 - Present

As an Enterprise Cybersecurity & Risk Management Analyst, help drive compliance and assurance efforts by mitigating risks across stakeholders, teams, partners and services. Developed approaches for industry-specific threat analysis, application-specific penetration tests and the generation of vulnerability reports

Assist with various risk and compliance assessments. Thrives in ambiguity and enjoys working across many stakeholders to shore up all aspects of security compliance. Work closely with Risk Engineers and other teams to implement corporate guidance in response to emerging standards and legislations by making certain that all policies and procedures are applied and well documented, performing internal security reviews, and identifying compliance problems that call for formal attention. Proactively and constructively work with my team to continuously refine the risk assessment for better insight into our IT infrastructure.

Led, coordinated, and organized meetings with IT and business stakeholders to validate and collaborate to update the knowledge base repository system.

Identifies problems, analyzes data, and presents findings in a professional manner, recommends mitigations either via new technology, alternative compensating controls, or policy modifications to improve overall security posture.

Performs ongoing security / risk assessments to grant Information Security Risk Acceptance or Exception using various information security frameworks (ISO/IEC 27001 / 27002, NIST 800-53, FISMA, FIPS, COBIT, CIS, etc) and regulatory frameworks (SOX, PCI-DSS 3.2, HIPAA, GDPR, etc). Provides governance for the identification, validation, and remediation of information technology controls for applicable information security compliance frameworks and regulatory frameworks above to reduce liability and fines.

Establishes and implements methodologies designed to identify general system and business controls, that identifies and prioritizes risks.

Develops, manages, and executes plans to communicate and remediate all known material weaknesses or significant deficiencies, and minimize any findings noted by either internal or external auditors. Identifies risks and evaluates findings while working with internal departments/business units to appropriately address the findings.

Provides visibility into current compliance status through timely tracking, trending, and escalation of issues. Reports on the status of compliance to Information Security leadership and IT management. Balances information security compliance, risks and business constraints to provide risk-based mitigation recommendations to management.

Establishes and meets deadlines to ensure adherence to rules and regulations. Manages and communicates key compliance milestones for critical systems and complex processes. Maintains a strong understanding and adherence of current and upcoming standards, regulations, and legislation. Stays current with new and evolving security topics and technologies via formal training and self-directed education.

Innovative, creative, and works well under pressure to identify and problem-solve high intensity situations with a strong sense of urgency.

Defines and reports on compliance metrics and risks, facilitate the communication of findings to control owners, identify weaknesses in control structures, and coordinate effective remediation with control owners with a primary focus on achieving a robust security compliance posture. Ongoing use Axonius, ServiceNow, and Flexera for asset management. Ongoing use of CyberArk, and Tanium for Identity Lifecycle and Privileged Access Management. Ongoing use of Cortex SDR, for Endpoint protection. On going review of SIEM tools (McAfee, and IBM QRadar) Ongoing use of Azure Boards (ADO) which supports agile methodologies, including Scrum and Kanban that help I and my teams collaborate and stay organized with dashboards, reports, and notifications. Promotes and supports a culture of compliance, risk avoidance/mitigation, and corporate accountability throughout the organization.

Memo Corporation - Southlake, TX

Information Security Analyst / Engineer

March 2016 - March 2022

Wrote and designed information security plans / network infrastructure from scratch to meet the various information security frameworks (ISO/IEC 27001 / 27002, NIST 800-53, FISMA, FIPS 199 / 200, COBIT, CIS, etc) and regulatory frameworks (SOX, PCI-DSS 3.2, HIPAA, etc.) with the understanding of standard / best practices to ensure and maintain confidentiality, integrity and availability of company data and business processes. Designed / implemented processes, and process improvements to align and comply with enterprise architecture / business processes.

Understood and translated technical issues into business implications for technical and business stakeholders. Performed monthly vulnerability assessment, threat assessment, mitigation and reported activities to safeguard assets which is not limited to logs.

Scanned IT infrastructure with Qualys and identified 100s of system security flaws on critical systems. Manage and perform Qualys scans before all production releases and analyze vulnerabilities and report to all stakeholders.

Remediation of identified risk allowed company to the PCI DSS compliant. Conducted scans of servers, network devices, desktops, and other end points to identify vulnerabilities with Wireshark (Network scanner), Qualys (vulnerability scanner), MalwareBytes, Microsoft Defender, and Symantec

(Endpoint Security).

Facilitated meetings to clarify and break down security requirements for Identity Convergence project. Analyzed, improved, implemented, and executed security controls proactively to prevent external threat actors from infiltrating company information or systems, using policies and procedures based on industry best practices and security framework.

Ensure and enables multi factor authentication for all NAS storage as part of access control to prevent unauthorized access.

Performed incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation / recovery. Improved network security through firewall rules, threat prevention, intrusion detection / prevention and access policies. Serves as a subject matter expert on matters related to information security practices. Conducted internal audits and execute security test plans to determine environment resiliencies. Configured and deployed Network / Security solutions based on specific project / needs. Generated security documentation, including security assessment reports; system security plans; contingency plans; and disaster recovery plans.

Planned / implemented upgrades and installed new equipment from different vendors (Dell, SonicWall, Unifi...) Performed identity management, access management, and privileged access management; creating, modifying, and disabling network and application user credentials as needed. Maintained a repository of malicious IP addresses and domain names; created custom intrusion detection signatures; recommended as well as experimented with tools and techniques that helped to prevent future intrusion.

Wrote and documented security policies for each department / team. Installed and administered Windows Server 2012, 2016, 2019, SQL etc. which included installing Active Directory, DNS, DHCP, GPO, and SSL Certificates. Managed installation and maintenance of other company's software which include patch management.

Participate in the execution of vulnerability assessments, penetration tests and security audits as directed. Efficiently works with cross departmental teams on a daily basis. Installed, maintained, troubleshooted hardware and software issues (computers, servers, printers, scanners, switches, firewall, VPN, applications, etc).

Ran network cables and built communication racks which included the installation of patch panels, switches, firewalls, mountable servers, battery backups, NAS storages, etc from scratch. Worked with 3rd party vendors to research and resolve application and hardware issue. Performed quarterly review of each business unit processes to ensure they are achieving their set objectives while I maintain the security position of the business.

Trained new and existing personals to use old and new software. Promoted Security Awareness through training, education, ongoing communication, campaigns, voice calls, in person, and use of Knowbe4 Automated Security Awareness Program for phishing elicitation through e-mails, etc. Researched and stayed informed of new technologies, standards, and industry regulations, security best practices, and emerging threat or attack vectors.

Presented technical briefings as required by management. Designed and implemented my own ticketing system for the company use and provided support remotely as required.

Q3 Tech Group - Fort Worth, TX

System and Network Administrator

September 2013 to March 2016

Act as a Managed Service Provider (MSP) Remote / Physical for 11+ organizations / Industries, managing their whole IT infrastructures of about 33+ Microsoft Windows and Exchange servers, 350+ Windows workstations / users.

Installed and administered Windows Server 2012, SQL etc. which included installing Active Directory, DNS, DHCP, and GPO.

Installed, maintained, and troubleshooted hardware & software issues (computers, servers, printers, scanners, switches, firewall, VPN, promethean boards, projectors, applications, etc) including patch management. Installed SSL certificates and setup VPN as needed with SonicWall and Ubiquity firewalls. Ensure and enables multi factor authentication for all NAS storage as part of access control to prevent unauthorized access.

Conducted site surveys at clients locations to identify what servers, computers, firewall, printers, phones, wiring / cabling, etc that are needed, which was then sent to the Project manager (PM) for quotes in other to migrate the clients to what are needed for the company to proficiently function at its highest capacity with the IT infastructure. Documented surveys diagrams.

Worked with 3rd party vendors / contractors to execute approved migration / updates for each site. Worked with 3rd party vendors to research and resolve application and hardware issue. Ran network cables and built communication racks which included the installation of patch panels, switches, firewalls, mountable servers, battery backups, NAS storages, etc. Added & terminated users in Active Directory (AD) assign rights and access to data using individual / group policy

(GPO), reset passwords, and create e-mail addresses in Exchange / external e-mail hosts. Installed and maintained systems, network, hardware, and software application to ensure organization is at its optimum functionality.

Performed routine preventive maintenance on hardware and software not limited to patch installations and system scans.

Researched, developed, and maintained proficiency in tools, techniques, countermeasures, and current trends in computer and network vulnerabilities and exploits. Monitored, analyzed, and responded to security events utilizing security event management and reporting tools like MalwareBytes Endpoint Security, Symantec Endpoint Security, Wireshark (Network Scanner), and Qualys

(vulnerability scanner).

Ensured security compliance within the organizations through security assessments, policy development / enforcement, formal and informal communication.

Served as a subject matter expert on information security practices; wrote and designed information security plans / network infrastructure from scratch with my knowledge and experience working with various information security frameworks (ISO/IEC 27001 / 27002, NIST 800-53, FISMA, FIPS, COBIT, etc) and regulatory frameworks (SOX, PCI-DSS 3.2, HIPAA, etc.)

Communicated security events identified as potential security issues and follows up to ensure closure. Maintained auditable records (service logs, maintenance request, etc.) and provides responses to audit requests. Performed quarterly review of each organization's business processes to ensure they are achieving their set objectives while I maintain the security position of the businesses. Developed and enhanced processes to maintain efficiency while strictly maintaining confidentiality, integrity and availability of information systems.

Assisted with the development and implementation of security event monitoring on critical systems. Educated and orientate new / existing staffs, how to use new and existing software, and hardware through physical and remote desktop support.

Served as the Computer Incident Response Team (CIRT) for 11+ organizations. Promoted Security Awareness through training, education, ongoing communication, campaigns, voice calls, in person, and use of Knowbe4 Automated Security Awareness Program for phishing elicitation through e-mails, etc. Maintained highest level of ethical conduct including safeguarding sensitive information and access. Handled internal and external projects.

Prepared the all the companies we provide service to with full remote work capability for all employees. Utilized ConnectWise ticketing system and remote controls. EDUCATION & CERTIFICATIONS

University of Maryland Global Campus, Adelphi, MD

Bachelor of Science with a major in Cybersecurity and a minor in Computing January 2011 to May 2015

CERTIFICATIONS

Certifications

CompTIA Security+

CompTIA PenTest+

CompTIA Cloud+

CompTIA Cybersecurity Analyst (CySA+)

CompTIA Advanced Security Practitioner (CASP+)

CompTIA Security Analytics Expert (CSAE)

CompTIA Infrastructure Security Expert (CSIE)

CompTIA Security Analytics Professional (CSAP)

CompTIA Network Security Professional (CNSP)

CompTIA Secure Cloud Professional (CSCP)

CompTIA Network Vulnerability Assessment Professional (CNVP) Certified GRC Professional (GRCP)

Microsoft Certified: Azure Administrator Associate

CCNA

CISM - Pending



Contact this candidate