Post Job Free
Sign in

Information Technology It Security

Location:
Hyattsville, MD
Posted:
April 17, 2025

Contact this candidate

Resume:

PROFESSIONAL SUMMARY:

Mr. Khairzad’s is a professional IT Security Engineer with a strong background in Assessment & Authorization (A&A) phases, IT Security Auditing, Security Engineering, and Technical Testing. His experience consists of 25 years of exposure in computers and networks, 16 years in information security / assurance, 15 years in information system (IS) security auditing, 10 years in application security, 5 years in project management, 5 years in penetration testing and vulnerability assessment, 22 years supporting government clients. He is experienced with governmental procedures and FISMA compliance. Well versed with Risk Management Framework (RMF). Current and past experiences include working with Red and Blue teams, technical vulnerability scans, Security Testing and Evaluation (ST&E).

Secure Consulting Solutions, DHS/CISA December 2022 – April 2025

Red Team Tester

•Conducted onsite network penetration tests from an insider/outsider threat perspective.

•Utilized tools such as Nessus, Burp, Tenable SC, AppDetective, Bloodhound and Nmap.

•Performed tests against a wide range of areas, including web applications, appliances API/CLI’s and custom-built applications.

•Policy review, update and recommendation

•Supported Assessment & Authorization process

•Performed code review using Fortify

•Produced advisory reports to developers, engineers and high-level management regarding exploits, CVE vulnerabilities, and results from manual testing.

•Analyze and evaluate information technology security risks and controls.

•Continuous monitoring and vulnerability management.

•Provide technical scanning, analysis, and reporting in support of SCA support.

•Continuous monitoring and vulnerability management.

•Developed policies and procedures as it relates to information security.

Axxum Technologies, US Courts 01/2020 – 12/2022 IT Security Engineer

•Analyze and evaluate information technology security risks and controls.

•Identify threats and vulnerabilities.

•Policy review, update and recommendation

•Supported Assessment & Authorization process

•Evaluate of security administration and logical security controls over the following environments: UNIX, Windows, IOS, and VOIP.

•Database assessment (Oracle/SQL/DB2/MySQL/PostgreSQL/Informix).

•Web security assessment (Public/Private).

•Perform vulnerability testing with scanning tools such as Nessus, Tenable SC, AppDetective, Nmap, Burp, AppScan, FLUKE, and information technology security research.

•Perform general IT control review and analysis per NIST SP 800-53/ STIGs/ CIS Benchmark/ Best Practice.

•Continuous monitoring and vulnerability management.

•Provide technical scanning, analysis, and reporting in support of A&A.

•Assist Assessors with technical testing and recommendations.

Axxum Technologies, TSA/DHS 03/2006 – 12/2019 IT Security Engineer

•Reported on and carry out Information Technology Vulnerability Assessments and Audits.

•Analyzed and evaluated information technology security risks and controls.

•Identified threats and vulnerabilities.

•Worked in SCIF environments and cleared contracts

•Evaluated security administration and logical security controls over the following environments: UNIX, Windows, Linux, and VOIP.

•Assessment of Database (Oracle/SQL/DB2/MySQL), and Web Security (Public/Private).

•Performed vulnerability analysis with scanning tools such as Nessus, AppDetective, Nmap, WebInsnpect, AppScan, FLUKE, EnCase, and information technology security research.

•Provided IT risk reduction recommendations.

•Policy review, update and recommendation

•Supported Assessment & Authorization process

•Implemented risk management throughout information life cycle.

•Continuous monitoring and vulnerability management.

•Developed policies and procedures as it relates to information security.

•Performed general IT control reviews per NIST SP, DHS/TSA policy.

•Managed and performed security testing that follow national, federal, and organizational policy to ensure all TSA information systems (to include general support systems and major applications), both classified and unclassified.

•Complied with Department of Homeland Security (DHS) National Security Systems (NSS) Management Directives 4300B, and Department of Defense Information Technology policy and procedures regarding auditing of IT within TSA.

•Technical security testing of all TSA assets to included: web testing, database, OS, network devices, and software & hardware.

ManTech, Dept. of State (DoS) 12/2003 – 03/2006 Sr. Security Analyst

•Conducted vulnerability scans and ST&E’s to determine potential weaknesses and vulnerabilities.

•Conducted vulnerability assessments for the Department of State.

•Worked with commercial computer product vendors in the design and evaluation of network and system assessment tools.

•Provided security engineering and integration services to customers.

•Conducted security training and provide security awareness.

•Performed vulnerability analysis with scanning tools such as Nessus, ISS, BTK, FLUKE, EnCase, and information technology security research.

•Provided hard drive forensic analysis on compromised computers.

•Evaluated policies, manuals, regulations, and other documents for relevance to information security management issues and ongoing efforts.

•Evaluated new network-monitoring tools designed for computer security.

•Identified potential network vulnerabilities and provide possible solutions for defense.

•Analyzed firewall, router, and application logs for security incidents and possible misconfiguration.

•Provided information system security training to other employees and performs oversight of all task-specific activities such as document preparation, writing, and methodologies.

•Performed Certification and Accreditation (C&A) assessments for FISMA/FISCAM, and NIST 800 requirements.

•Prepared security reports for delivery to the government client.

•Developed policies and procedures as it relates to information security.

ManTech, Dept. of State (DoS) 03/2003 – 12/2003 Software Engineer

•Installed and configured networks, servers, and desktops on both the classified and unclassified side for U.S Embassy’s around the world.

•Installed and upgraded NT networks to Active Directory networks, including training of Embassy personnel in Active Directory usage and upkeep.

•Conducted quality assurance checks on Active Directory domain controllers, Exchange 2000 servers, and CableXpress and file and print servers.

•Created and worked with trusts between Active Directory domains and NT domains.

•Trained system administrators and Office managers to use and keep the systems. Imaged servers and desktops using Ghost imaging software and server.

•Set and built security templates based on DS security guidelines for servers and desktops.

•Worked with fiber optic cable, experience in running and termination of fiber cable.

•Worked with Cisco switches and routers in staging, setup, and configuration.

ManTech, Dept. of State (DoS) 01/2001 – 03/2003 Sr. System/Hardware Engineer

•Installed and configured Network Intrusion Detection System (NIDS).

•Installed and configured Host Intrusion Detection System (HIDS).

•Configured routers and switches per policy requirements.

•Identified potential network vulnerabilities and provide possible solutions for defense.

•Worked with fiber optic cable, experience in running and termination of fiber cable.

•Worked with Cisco switches and routers in staging, setup, and configuration.

Orkand Corp., Dept. of State (DoS) 03/1999 – 01/2001 Systems Analyst/Trainer II

EDUCATION:

Bachelor of Science (B.S.) Degree, Major in Computer Science, Strayer University 05/30/2003

CERTIFICATIONS:

•CAP – Certification and Accreditation Professional

•FITSP – Federal IT Security Professional Auditor (FITSI)

•CRISC – Certified in Risk and Information Systems Control

•IABF – Certified Information Assurance Business Professional

•MCP – Microsoft Certified Professional

•CWAPT – Certified Web Application Penetrating Test

Security Clearance:

•Active DoD TS SCI Continuous Evaluation (CE) clearance.

•Active TSA EoD clearance

Security Tools Expertise:

•Operating System scanners: ISS (Internet and System Scanner), Tenable Nessus Security Scanner, Foundstone FoundScan scanner and SuperScan, Microsoft Baseline Security Analyzer (MBSA), Titania Nipper Studio, Center for Internet Security (CIS) Security Configuration Benchmarks, and Nmap/Zenmap.

•Web Applications scanners: Micro Focus (HP) WebInspect; IBM Security AppScan Enterprise and AppScan Standard Edition; Burp Suite Pro Scanner.

•Database scanners: AppDetective Pro database audit tool.

•Wireless scanners: Fluke OptiView Network Analyzer, NetStumbler wireless detector, and Airsnort

•Code Review: Fortify



Contact this candidate