Senior System Team Lead
Resume:
KAMAL MOSTOFA
Aldie, VA ********@*******.*** 703-***-****
Senior Cybersecurity Architect
Dedicated and results-driven senior cybersecurity architect with 20+ years of experience in system administration and implementing successful cybersecurity and information assurance frameworks. Critical thinker and data-driven decision-maker with in-depth knowledge of information technology (IT) regulatory requirements and various technical tools and operating systems, adept at managing security operation center (SOC) and system of systems (SOS) onboarding, conducting risk assessments, and leading contingency plan testing. Hands-on leader and excellent communicator who excels at managing high-performing teams, cultivating positive relationships with key stakeholders, and serving as a trusted advisor for senior management.
AREAS OF EXPERTISE
System Administration Cybersecurity Information Assurance
SOC & SOS Onboarding Security Testing & Evaluation (ST&E) Risk Assessments
Contingency Plan Testing Certification and Accreditation (C&A) Team Leadership
IT Operations NIST and FISMA regulations Data Analysis & Reporting
TECHNICAL SKILLS
Windows Linux UNIX QRadar Palo Alto Local Area Networks (LANs) Wide Area Network (WANs) Internet Information Services (IIS) Microsoft System Center Configuration Manager (SCCM) EVA Apache Tomcat Veritas Oracle SQL Secure Shell (SSH) WS_FTP Pretty Good Privacy (PGP) Public Key Infrastructure (PKI) Sniffer TNG Unicenter Nagios Retina Guardium Symantec Nessus Nmap Palo Alto JIRA Wireshark Juniper Network Security Threat Response Manager (STRM) ServiceNow Webtrends Atlassian FireEye CrowdStrike QRadar VMware ESXi vSphere vCenter IBM Cloud Virtual Local Area Networks (VLANs) Virtual Private Networks (VPNs) Storage Area Networks (SANs) Network-Attached Storage (NAS)
PROFESSIONAL EXPERIENCE
CYBERSECURITY ARCHITECT SOC/SOS TEAM LEAD – IBM July 2017 – December 2024
Serve as a SOC/SOS onboarding team lead for the chief information security officer (CISO) providing continuous monitoring 24/7 and incident response (IR) services to protect mission-critical IBM assets. Onboard assets and use ServiceNow to digitize workflows.
Onboard Armada Apps, and Bu’s C_Code to ensure all logs forward to QRadar. Worked Symantec Data Loss Protection (DLP) DSM for IBM QRadar. Create SMTP response rule, create a None of SMTP response rule, configure a log source, and map DLP events.
Maintain CrowdStrike DNR for systems administrators to provide endpoint security, threat intelligence, and IR services. Oversee the ProofPoint server logs, Audit log, Rsyslog, to ensure all logs forward to QRadar for monitoring.
Proactively monitors and addresses cyber-security issues and threats at IBM. Proactively identify, investigate, and remediate information security threats to the confidentiality, integrity, and availability of IBM’s assets
Maximize cybersecurity capabilities and system performance by assisting with a migration from an on-prem network to QRoC (QRadar on the Cloud) and providing technical support to security owners for onboarding issues or problems with ports and protocols. Coordinate with SecEng to open JIRA ticket and PagerDuty API keys integration to connect resilient.
As a Security Owner of Nessus Professional, configure custom audits for multiple operating systems to create an, effective management program include asset, risk, change, patch, mitigation, vulnerability identification, incident response, etc.
Create end-to-end Nessus monthly profile process for Nessus new plugin mapping review script runs from cron, policy review for the new month, compare to the IBM Advisories DB, and update severity in policy management tool for users.
Administered the FireEye CMS consolidates the management, reporting and data sharing of FireEye Web, Email and Malware Analysis to stop advanced attacks targeting IBM. Drive rapid resolution of environment outages and opening RT to address all FY issues.
Cyber Security Architect – Artech, Client – IBM January 2017 – June 2017
Research security trends, standards and practices to identify needs for enhancing security solutions for Nessus vulnerability scanning process such as download current recommended version for MAD (Master Data Management), Leverage in-depth technical expertise to install Nessus package, custom plugins, feed registration, and activation code for Nessus. Creating scripts for Linux Audit configuration to track security-relevant events, record the events in a log files to detect misuse or unauthorized activities inspecting by the monitoring team. Proactively reducing the attack of all IBM systems before a Zero-day vulnerability is discovered. Work with upper management to define application security posture.
Define Security coding practices and standards based on OWASP Secure Coding Guidelines including guardrails in the SDLC. Conduct manual code reviews, static code analysis know false positive from true.
SENIOR SYSTEM SECURITY ANALYST – PowerTek, Client – Federal Housing November 2015 – November 2016
Monitor AT&T MTIPS alerts and analyzed inbound IP traffic as a system security analyst for the Federal Housing Finance Agency. Conducted thorough audits of IT security measures. Reviewed and analyzed IPS signatures, malicious payloads, and web content when new threats were identified. Performed National Institute of Standards and Technology (NIST)-based security assessments and introduced network security best practices in accordance with NIST regulations. Utilized Wireshark to analyze PCAP files.
Ensure prompt and effective IR by leveraging Nessus, Nmap, Palo Alto, and Juniper STRM to collect data on threats, compile and analyze key insights, and determine the appropriate action.
Improve cybersecurity by performing annual contingency plan and system testing, analyzing certification and accreditation (C&A) processes, managing SOC monitoring, and monitoring emails for threats, including phishing and malware.
SENIOR SYSTEM SECURITY ENGINEER – DirectViz, Client – DOS May 2014 – December 2015
Protect critical information systems to support assessment and authorization (A&A) for system owners in the U.S Department of State Diplomatic Security. Played an active role in developing documentation and test activities to support system accreditation for C&A and A&A initiatives under the risk management framework (RMF) methodology. Registered systems and applications and created the system security categorization worksheet. Performed iPost monitoring, created and updated the privacy impact analysis (PIA), maintained the security control database, and developed a plan of action and milestone (POA&M).
Protect unclassified and classified information systems within Linux and Windows environments by utilizing Nessus to scan for system vulnerabilities, assessing security controls, and validating user and administrator processes for compliance.
Led continuous improvement of system security and stability by establishing cybersecurity policies and roles, creating new procedures for implementing DOS systems, directing system monitoring, and maintaining awareness of security threats.
Verify proper implementation of all security controls, including identification and authentication, access control, labeling, and auditing, by conducting thorough evaluations and providing comprehensive test support.
Sr. SME Incident System Admin – Redport-IA, Client – DOE April 2012 – April 2014
Build over 100's CentOS, Windows servers, VMware ESXi hosts and its successful integration with the hardware and applications software of the major computing systems across the CTFO (Computer Threat Focused Operations). Maintained latest systems patches and security updates for all CentOS, Windows, and VMWare ESXi Servers. Maintained DOE CTFO Data Center Hardware systems including failed RAID Controller.
Provide high-level technical support for CTFO HW/SW including DNS, Linux clustering, CentOS, OpenBSD, HBGary, Solera SAN, Dell Compellent, FishEye, Bamboo, Jira, Norman, IceWeb NAS, Centrifuge, ESXi servers, VMware Workstations, vSphere, and vCenter. Manage NAGIOS to monitor all CTFO servers’ environment and disk space to avoid reaching a capacity of 85%. Maintain user, vendor support
System Admin & Web Admin Principle – CACI, Client – AFHSC at WRAMC December 2007 – January 2012
Administer Windows 2003, RHEL5, HP Blade C7000, Procurve/Brocade switches, CISCO, VLAN, IIS, Apache Tomcat, SCCM, SMTP, EVA 6400/8400,
VERITAS NetBackup, Analyzed Gold Disk, STIGS for Standardized, Harris Stat/ RETINA scan and audit reports for AFHSC. Resolve daily CAC issues.
ADDITIONAL PROFESSIONAL EXPERIENCE
Senior Systems Engineer, EMC Corporation Network Security Analyst (for DOD), Integic Corporation (acquired by Northrup Grumman) Network Administrator & Project Manager (for DOD), Aspen Systems (acquired by Lockheed Martin) Systems Administrator, ManTech Solutions
EDUCATION
Master of Science in Information Technology Management (MScIT), Security, Marymount University Master of Science in Computer Information Systems, Boston University Metropolitan College Master of Social Sciences (MSS), Dhaka University
CERTIFICATIONS and TRAININGS
Security+, CompTIA Certified Novell Administrator (CNA), U.S. Department of Justice IT Information Library Foundations Certification (ITIL), PeopleCert Linux Foundation Certified System Administrator (LFCS) MCP, Microsoft, and achieved hundreds of DOD and IBM Think 40 workplace trainings and digital credentials for Soft skills development.
Contact this candidate