Information System Security

Jessica Jeff

*************@*****.***

Active Top Secret/SCI with CI Polygraph

EDUCATION:

ROCHESTER INSTITUTE OF TECHNOLOGY

ROCHESTER, NY

Bachelor of Science

NEW YORK CITY TECHNICAL COLLEGE

BROOKLYN, NY

Associate of Arts (A.A)

CERTIFICATIONS – Current

Project Management Professional (PMP)

Certified Information System Security Professional (CISSP)

CompTIA Security+

Certified Data Privacy Solution Engineer (CDPSE)

Certified Ethical Hacker (CEH)

Certified Network Defense Architect (CNDA)

Information Technology Infrastructure Library (ITIL V3)

CompTIA Advance Security Practitioner (CASP)

CompTIA Network+

Certified Information Security Manager (CISM)

PROFESSIONAL EXPERIENCE

Platinum Business Service LLC,

Incident Response Analyst, October 2023 -Present

As an Incident Response Analyst working in the Security Operation Center (SOC), the following technical aid are applied: combination of network, host-based, on-premises and cloud security tools to perform near real-time detection, collection, analysis, correlation, and reporting of system security events that pose a threat to the Organization’s network, data, and assets.

Assists with monitoring network’s systems, and services for abnormal behavior that could indicate outages or hazardous conditions on the network utilizing Splunk, Microsoft Defender for endpoint and CrowStrike logs.

Analyze events to distinguish from incidental threat to possible malicious activities on the network.

Employ Remedy ticketing system to report, track and assist with the resolution of any suspected cyber security incident or violation.

Coordinate with the designated teams to respond to operational vulnerabilities that may negatively impact the network.

Communicate with customers to ensure compliance with established security requirements.

Observe media channels for threats related to the US.

Open Systems Technologies Corporation (OST) Quantico, VA

Sr. Information Systems Security Officer, (ISSO) April 2022- December 2023

Responsible for ensuring the appropriate operational security posture is maintained for information systems, works in close collaboration with Information System Security Managers and Information System Owners. Monitor the information system(s) and its environment of operation to include developing and updating FISMA documentation, keep track of the implementation of configuration management across authorization boundaries. Cooperate with security specialists, program managers, engineers, and all levels of management to execute strategic and tactical goals to obtain ATOs utilizing Risk Management Framework methodology.

Monitor security controls for FBI Information Systems to maintain security Authorized to Operate (ATO).

Ensure that system security documentation is developed, maintained, reviewed, and updated on a continuous basis.

Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each Information System.

Ensure that selected security controls are implemented and operating as intended during all phases of the Information System lifecycle.

Manage the risks to Information Systems and other FBI assets by coordinating appropriate correction or mitigation actions and oversee and track the timely completion of (POAMs).

Ensure that changes to an FBI Information System, its environment, and/or operational needs that may affect the authorization status are reported to the system owner and the Information System Security Manager (ISSM).

Deloitte Touché Tohmatsu India, LLP. Springfield VA

Security Control Assessor, November 2021- April-2022

As a Security Control Assessor responsible for assessing the management, operational, assurance and technical security controls implemented on information systems via security testing and evaluation. Determine which teams are responsible for development and implementing common controls. Identify the points of contact within the organization and obtain the materials needed for the assessment.

Identify systems and agency risks and conduct vulnerability analysis in accordance with industry best practices.

Research, detect, analyze vulnerabilities of Information Systems.

Provided technical knowledge and analysis of complex vulnerabilities.

Apply industry standard principles, methods, and knowledge to identifying and remediating vulnerabilities.

Experience with ACAS (Nessus) and DISA STIGS

Knowledge of A&A (RMF) testing and assessing cyber security solutions

Federal Data Systems, Inc. Alexandria VA

Incident Handler, July 2017- November 2021

As a member of the Pentagon Computer Incident Response Team/Non-Compliant Reporting Team, provide incident analysis, communicate threat indicators, warnings and disseminate situational awareness on current and emerging threats to JSP leadership, and related agencies. The non-compliance reporting team utilizes technologies for the preservation of data required for strategic and tactical analysis, counterintelligence, and law enforcement investigations.

Use appropriate skills and techniques in scoping, containing and eradicating incidents based on the processes outlined.

Experience with handling escalations and managing the incident process to closure.

Apply threat intelligence to proactively manage incidents to minimize the impact to the customer by utilizing the tools within the environment to resolve issue in a timely manner.

Employ industry standards incident response technics, escalations procedures and warm handoff of cases to various agencies and department across the organization.

Able to provide feedback to the team to mediate false escalations to support the learning process.

NetOps Solutions, Inc. Alexandria City, VA

Junior Analyst, November 2016- July 2017

As a member of a Vulnerability Assessment Team (VAT) that supports JSP customers at the highest level. The VAT team serves as the principal coordination point for the network vulnerability assessment process. The VAT team organizes threat mitigations strategies with the various organization’s teams. The analysis and mitigation strategies provided are in accordance with JSP priorities.

Managed, tracked Cyber–Task Orders issued by USCYBERCOM.

Employed Vulnerability Assessment findings to prepare Plan of Action and Milestone (POA&Ms), to facilitate the tracking and handling of threats to the network.

Managed and reported on Information Assurance Vulnerability Alerts (IAVA) and DISA’s Security Technical Implementation Guide (STIG) Compliancy

Stayed abreast of the organization polices as emerging technologies were introduced to make sure they were in alignment with the organization’s risk tolerance.

Documented security information in accordance with the Risk Management Framework (RMF) and NIST guidelines.

ActioNet, Inc., Arlington, VA

Quality Assurance Testing Engineer, September 2015 – September 2016

Ensured the organization received the best product possible. Aimed to deliver consistent results through a set of established and standardized procedures. Employed existing processes to achieve the specified benchmarks set by the organization. Performed regression testing on Commercial Off-The-Shelf (COTS) and provided input on the design test of plans. Performed analysis and worked with application vendors to make sure they adhered to the security requirements for information systems. Conducted vulnerability testing on patches to mitigate Information Assurance Vulnerability Alerts (IAVA) issued by USCYBERCOM. Conducted functionality tests of assigned software, in accordance with Department of Defense Security Technical Implementation Guides.

Performed scripted and ad hoc test cases on the approved Army Gold Master images/builds for NIPRNET and SIPRNET systems running on VMs.

Interpreted and reported testing results and was vocal proponent for quality in every phase of the development process.

Reviewed product user interface for conformity to design guidelines.

Executed and monitored functions including running and analyzing security scans using Assured Compliance Assessment Solution (ACAS).

Worked with technical teams to develop software test plans.

Contact this candidate