Enterprise Security Manager Sample Resume Format in Word Free Download - Whether you are looking for Business Letter Sample, Free Resume, how to write resume, examples of job application letters, curriculum vitae, CV, whether letter format or template for letter writing. Looks like you are right here because this time we are going to discuss about Enterprise Security Manager Sample Resume Format in Word Free Download.
There are so many examples Enterprise Security Manager Sample Resume Format in Word Free Download available on the internet, and it just so happens on this occasion we will share Enterprise Security Manager Sample Resume Format in Word Free Download. For more details please just refer to Enterprise Security Manager Sample Resume Format in Word Free Download following:
Sample Template Examples of 60 Beautiful Excellent Professional Curriculum Vitae ( CVs / Biodata ) Best Formats / Layout with Tips / Guide for How to Write a CV / Resume Builder / CV Maker ( Cover Letter, Career Objectives, Summer Training, Project Summary, Job Profile, Work Experience etc.) in Word / Doc / Pdf Free Download.
These CVs are prepared by Highly Trained Professionals and they cover Almost all Professions ( Freshers / Experienced, CA, CS, ICWA, LLB, Graduates, BCom/BSc/BA/BBA, MBA-> HR, Marketing, Finance, Systems, Engineers-> CSE, IT, Electronics and Communication, Electrical, Mechanical, Civil etc).
Beautifully Designed Excellent Professional CV Formats:-
1) Chartered Accountant Resume in Doc:
2) Fresher Resume Format:
3) Beautiful Resume Format in Word Free Download:
4) Information Technology Resume Format:
5) SAP SD Resume Format:
Whether you are looking for Business Letter Sample, Free Resume, how to write resume, examples of job application letters, curriculum vitae, CV, and whether letter format or template for letter writing. Looks like you are right here because this time we are going to discuss about it.
Appear first on Resume Format 6) .. To be Continue
Download Resume Templates
Download Resume Templates
Download Resume Templates
Download Resume Templates
Download Resume Templates
Sample Template Example of Beautiful Excellent Professional Curriculum Vitae / Resume / CV Format with Career Objective, Job Description, Skills & Work Experience for Freshers & Experienced in Word / Doc / Pdf Free Download
Download Resume Format
Maya Paul
309 Stanton Rd SE, Washington, DC 20001 maya.paul@gmail.com
Masters of Science, Information Assurance, Expected December 2010, Capitol College, Laurel, Maryland
Bachelor of Science, Computer Science, May 2003, Clark Atlanta University, Atlanta, GA
Clearance: TS/SCI w/ CI Polygraph, TSA EOD, CUSTOMS BI
Objective: To secure a Reverse Engineering position that allows me to telecommute.
SUMMARY OF QUALIFICATIONS: As a mission driven and goal-oriented Information System Security professional with extensive experience in Information Technology and Information Security, I possess extensive experience in planning, developing, and implementing security programs, and advanced technical information security solutions. I develop strategic plans for agency-wide implementation to address the operations of client services, product support, quality assurance, and information security training. Using strict budget controls to meet Cybersecurity goals, I handle day-to-day needs of crisis management, trouble-shooting, problem solving, and project negotiation challenges. Additionally, I have significant technical experience in System and Network Analysis, Intrusion Detection, Malware Analysis, Forensics, Administration & Maintenance, SIGINT, and consulting in the Government and Commercial sectors.
SKILLS, KNOWLEDGE, & TRAINING:
IT SECURITY GOVERNANCE & TOOLS: Federal Information Systems Management Act (FISMA), OMB Circular A-130, Federal Information Processing Standard (FIPS) 199, Federal Information Systems Controls Audit Manual (FISCAM), Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX), Payment Card Industry (PCI), SAS 70, Financial Statement Audits (FSA), C&A, Risk Assessments, Plan of Action and Milestone (POA&M) reviews, System Self Assessment (ASSERT), Trusted Agent FISMA, National Institute of Standards and Technology (NIST) 800-18, 800-37, 800-53, 800-100, 800-115, GIAC Audit 507 Training, Risk Management Service (RMS), Program Review for Information Security Management Assistance (PRISMA).
VULNERABILITY ASSESSMENT/PEN TEST: Significant experience with the following:
Guidance: NIST 800-42, 800-115, and Open Web Application Security Project (OWASP);
Training: SANS Cutting-Edge Hacking Techniques, SANS Defeating Rogue Access Points, Project Management, SANS System and Network Security Auditor, SANS Web App and Ethical Hacking, and Network Security & Firewalls.
Security Tools (Application): AppScan, NTOSpider,Hailstorm, WebInspect, Acunetix, AppDetective, Nikto, Samurai, Paros, Fortify 360, w3af, Burp Suite, Webscarab, Oracle Audit Tools, and SQLLHF, Ounce Labs 6, and FxCOP.
Infrastructure Tools: Nessus, Internet Security Scanner, NMAP, Superscan, TeleSweep, L0phtCrack, Cain, John the Ripper, Sam Spade, PWDump3, BackTrack3, Windump, Metasploit, Oracle Audit Tools, and SQLLHF;
Source Code Analysis: Fortify, Ounce, FxCop; and
Compliance Tools: Enterprise Security Manager, DumpSec, Hyena.
ADMINISTRATION: SUN/Solaris Systems Administration, TCP/IP & Network Administration, Windows 2000 /2003 Server, UNIX Network Administration, Linux (Fedora 6) Administration. Proficient in UNIX shell scripting. Trained in the MCSE Windows 2000 Track & as a Microsoft Certified Professional, and run OSs in VMware.
ENCRYPTION: FIPS 140-2, FIPS 197, Public Key Infrastructure (PKI), Asymmetric, Symmetric, and Hashing.
DATABASES: Oracle9i Database Administrator Training, SAP, Microsoft SQL Server 2000 System Administration and Database Implementation training, Resource Access Control Facility (RACF), LIS-11, MS Access.
NETWORK INFRASTRUCTURE: Tivoli Security, Web Sphere Family Architecture, CCNA, CCDA, PIX and Raptor Firewalls, and Access Control Lists, DII COE, C2PC, GCCS, DCTS, I3. Trained to install, configure, and maintain Cisco switches, Cisco 2600 series routers with RIP and static IP.
INTRUSION DETECTION: TCPDump/Windump, Network Analysis, BRO, Snort, Komodo, Symantec Manhunt, Wireshark/Ethereal, Dragon, SourceFire, Tipping Point, ArcSight.
PROGRAMMING LANGUAGES: C, C++, JAVA, and UNIX Shell Scripting.
CERTIFICATIONS: Sigma Greenbelt & SPIDynamics WebInspect, ISC CSSLP, SANS GIAC Network and System Auditor (GSNA), Certified Incident Handler (GCIH) Certified.
WORK EXPERIENCE
March 2007 to Present Fort Meade, MD
DEPARTMENT OF DEFENSE HEADQUARTERS
Sr. IT Security Analyst (Department of Defense/Homeland Security)
Provide analyses of malware to determine malicious behavior and recognize emergent patterns and linkages to visualize the larger picture of cyber-based operations. Perform dynamic and static analysis and reverse engineering on complex malicious code through the use of tools, including dissemblers, debuggers, hex editors, virtual machines, and network sniffers. Provide malware analysis findings in technical analysis reports, briefings, and threat assessments. Perform research in the area of malicious software, vulnerabilities, and exploitation tactics.
Uses a variety of forensics and detection tools to conduct forensic examination activities including assisting in the analysis of various types of network, computer and technology devices which may contain digital evidence.
Write scripts to automate analytical processes that analyze and respond to software and hardware vulnerabilities.
Perform investigation of unauthorized use of computers and networks, fraudulent activities, data spills, and containment and eradication of malicious code
Lead the implementation of security programs designed to anticipate, assess, and minimize system vulnerabilities, coordinating the implementation of security programs across platforms (Tier I, II and III) and establishing vulnerability reporting criteria.
Perform static code analysis on Web Application and recommend resolution for security holes such as SQL injection, Buffer Overflow, etc.
Escalate detection of root-kit and Trojan methods, as well as, evidence of hacking techniques and counter attack methodologies
Review all-source intelligence information and correlates it with data derived from various levels of perimeter defenses architecture (IDS, Firewalls, and Logs) in order to provide the customer with assessments and reports facilitating situational awareness and understanding of the current cyber threat.
Build/Monitored IDS, IPS systems, (Sourcefire, Dragon, Tipping Point, Argus, Bro, McAfee Intrushield, Stealthwatch) and Arcsight management console
Investigate suspicious events by looking at the payloads, web site source code, http and email headers.
Set up dual stack IPv4/IPv6 lab to test new IDS/IPS systems for IPv6 compatibilities and new signatures.
Perform penetration testing against development and production Web Application, networks and systems.
Review and evaluated security incident response policies; identifying need for changes based on new security technologies or threats; testing and implementing new policies and instituting measures to ensure awareness and compliance.
Manage a team of four to five Intrusion Detection System Analysts and oversee all operations of those analysts.
Monitore several agencies of intrusion detection, attack and penetration, authorized use of vulnerability assessment tool, and investigation of non-compliant system usage.
Mar. 06 March 07 Washington, DC
KPMG (Senior IT Security Engineer)
KPMG, Federal Practice
Member of the Information Security Services (ISS) Team leading and providing Information Security and IT Audit support to the Federal Government and Commercial entities throughout the United States.
Lead and performed Network & System Vulnerability Assessments, Certification and Accreditation (C&A), Policy Review, DR/BCP, Risk Assessments, Penetration Testing, Wireless Reviews, IT General Controls, Applications (Oracle, MSSQL, SAP, Hyperion, Lawson, etc.) and Security Controls testing in support of FISMA, FISCAM, HIPAA, COBIT/SOX, and Financial Statement Audits.
Reviewed all SAP user IDs and user roles, all sensitive SAP activity groups, and perform an internal audit on these activity groups in the SAP production environment.
Utilized knowledge of OMB-A 130, Appendix III, and NIST guidelines, including 800-18, 800-26, 800-30, 800-31, 800-37, 800-53, 800-61, and DIACAP, to support the preparation and approval of System Security Plans (SSPs) or System Security Authorization Agreements (SSAAs)
Attained hands on experience in installing, configuring, testing, and hardening UNIX/Linux and Windows machines.
Mentored and trained new KPMG Associates on network security basics, and how to assess risk.
Coordinated the implementation of security programs across Tier I, II, and III systems, and establishing vulnerability reporting criteria.
Collated and documents test results and organized discussions for potential clients.
Recommended countermeasures and remediation techniques to eliminate vulnerabilities.
Performed System/WebTrust in accordance of the American Institute of Certified Public Accountants
Researched and recommended appropriate application security technology and/or processes.
Performed gap analysis, collect, create, and maintain system security documentation
Lead the creation of all necessary testing materials and documentation, including: test plans, test scenarios, and system test scripts.
Aug. 05 - Mar. 06 Washington, DC
Universal Service Administrative Company (USAC) designated by the FCC (Contractor)
IT Security Engineer/Application Development Support
Supported the development, implementation, and execution of application security within USAC's Systems Development Life Cycle (SDLC).
Developed team security advisory function and application security assessment
Oversaw of Configuration Management and Change Control functions pertaining to software development projects.
Performed gap analysis, collect, create, and maintain system security documentation.
Related and incorporated Federal and USAC related regulations and guidance into all layers of USAC infrastructure.
Researched and recommended appropriate application security technology and/or processes.
Performed Forensics investigation as needed using various Freeware and commercial tools.
Jun. 03 - Aug. 05
FORD MOTOR COMPANY Dearborn, MI
Data Security / Data Administrator (1/05 -8/05)
Used database assessment tools to discover database applications within our infrastructure and assesses their security strength.
Reviewed database logs to detect internal or external security breaches from unauthorized users.
Recommended countermeasures and remediation techniques to eliminate vulnerabilities.
Created logical and physical Data Models (Erwin).
Interfaced with customer to design database (DB) changes and create database requests using a DB change package.
Created work list in the DB2/Oracle/Teradata/SQL environment.
Provided audits for DB2, Oracle, Teradata and SQL Server worklists.
Used of Oracle, Teradata Manager, DB2 and SQL Server Enterprise Manage tools.
Converted department site from static to dynamic (Database interactions) using various technologies such as ASP and JavaScript.
Security Analyst (7/04 1/05)/Web Hosting Security Service
Responsible for onsite security assessments and final security certifications of an application or infrastructure project.
Performed Risk assessment on applications and servers using various security tools on both Linux and Windows platform
Managed projects from initial program/scope definition through certification including overall project status, issues, and risks.
Oversaw and managing program level risks and issues.
Acted as liaison with Ford Motor Company business partners and 3rd party consulting firms.
Recommended countermeasures and remediation techniques to eliminate vulnerabilities
Project Manager/LINUX/UNIX Administrator/Security Analyst (1/04-7/04) / Server Hosting Center
Supervised a LINUX/ UNIX helpdesk technical team of 25 (5-7 per rotational week), including workflow, performance, quality management and ensured trouble tickets are handled in accordance to Service Level Agreement (SLA).
Monitored system security logs to detect unauthorized activities.
Approved and denied access to production systems.
Scanned systems on a weekly basis for possible security weaknesses using Nessus, NMAP and ISS
Performed manual audits on system using an Audit Program Guide created from NSA Unix/Linux secure baseline.
Recommended countermeasures and remediation techniques to eliminate vulnerabilities.
Executed Six Sigma processes to identify the top ten incidents by analyzing and binning over 4,000 incident tickets. The results of this project reduced trouble tickets by 45%.
Resolved over 10,000 file system problems in the UNIX server environment as identified by SCT for Sarbanes-Oxley 404 related servers.
Developed Perl Applications (tools) and assisted in a documentation standardization effort. Ensured that team members comprehended the precepts of problem ownership and resolution in order to meet customer service levels.
Supported LINUX/Unix OS and the various tasks and services related to server infrastructure support.
Provided third level contact support for server infrastructure support services which requires vendor interaction and research.
Researched and provided operational solutions and direction for projects using a variety of technologies and methodologies.
Network Security Engineer /Systems Analyst / (6/03-12/03)/Network Services
Performed proactive and reactive (1st and 2nd level) LAN problem analysis and troubleshooting.
Reviewed Routers configurations files both manually and automated using a tool called Router Audit Tool.
Performed Router audit using CIS security benchmark.
Monitored system security logs to detect unauthorized activities and systems failures.
Recommended countermeasures and remediation techniques to eliminate vulnerabilities
Performed IP address administration Domain Naming Services (DNS) for all Ford Credit networked devices at these sites using QIP (IP management software).
Assisted Networking Support partner (as 2nd /3rd level support) with WAN problem analysis and trouble-shooting.
Jan. 00 May 03
CLARK ATLANTA UNIVERSITY
Network Administrator/Assistant Security Engineer / Office Information Technology Center
Supported users over a 3000-node network on various OS such as Windows 2000 Server, Redhat, and Solaris.
Monitored system security logs to detect unauthorized activities.
Approved and denied access to production systems.
Scanned systems on a weekly basis for possible security weaknesses using Nessus and NMAP
Performed manual audits on system using an Audit Program Guide created from NSA Unix/Linux secure baseline.
Recommended of countermeasures and remediation techniques to eliminate vulnerabilities
Assisted in setting up Active Directory, troubleshoot win95 to XP
Provided in depth knowledge of Norton Symantec antivirus 7.6, Norton Ghost 7.5
Assembled, built, configured and troubleshoot computers.
Built and maintained several computer labs on various OS (Windows and Linux) utilizing hubs or/and switches.
IT Security Research-Project
Designed campus wide wireless network of 3000 nodes using Cisco Aironet 1200 Series.
Researched and implemented the appropriate encryption and authentication method to secure wireless data.
Documented the network as appropriate (included Network diagrams, Naming Conventions, IP addresses, WEP, etc)
Researched and cracked the WEP key using various Linux/Unix tools and sniffers (brief method below).
One laptop performs an active attack to stimulate data flow so that a sufficient number of packets can be captured in a relatively short amount of time, while the other laptop "sniffs" or captures the traffic produced by the attacking laptop.
Web Architect Project
Designed web site, which allows users to interactively register for classes and purchase items from the Clark Atlanta University bookstore.
Software Engineer Project
Developed Java Mall Navigation System that aided users in finding various stores within a mall as well as the many products sold by the stores
Created a Java Airline Flight Reservation System which allows users to order advanced tickets for a flight.
Led a development team in the design of a personality trait expert system using Prolog (Artificial Intelligence).
309 Stanton Rd SE, Washington, DC 20001 maya.paul@gmail.com
Masters of Science, Information Assurance, Expected December 2010, Capitol College, Laurel, Maryland
Bachelor of Science, Computer Science, May 2003, Clark Atlanta University, Atlanta, GA
Clearance: TS/SCI w/ CI Polygraph, TSA EOD, CUSTOMS BI
Objective: To secure a Reverse Engineering position that allows me to telecommute.
SUMMARY OF QUALIFICATIONS: As a mission driven and goal-oriented Information System Security professional with extensive experience in Information Technology and Information Security, I possess extensive experience in planning, developing, and implementing security programs, and advanced technical information security solutions. I develop strategic plans for agency-wide implementation to address the operations of client services, product support, quality assurance, and information security training. Using strict budget controls to meet Cybersecurity goals, I handle day-to-day needs of crisis management, trouble-shooting, problem solving, and project negotiation challenges. Additionally, I have significant technical experience in System and Network Analysis, Intrusion Detection, Malware Analysis, Forensics, Administration & Maintenance, SIGINT, and consulting in the Government and Commercial sectors.
SKILLS, KNOWLEDGE, & TRAINING:
IT SECURITY GOVERNANCE & TOOLS: Federal Information Systems Management Act (FISMA), OMB Circular A-130, Federal Information Processing Standard (FIPS) 199, Federal Information Systems Controls Audit Manual (FISCAM), Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX), Payment Card Industry (PCI), SAS 70, Financial Statement Audits (FSA), C&A, Risk Assessments, Plan of Action and Milestone (POA&M) reviews, System Self Assessment (ASSERT), Trusted Agent FISMA, National Institute of Standards and Technology (NIST) 800-18, 800-37, 800-53, 800-100, 800-115, GIAC Audit 507 Training, Risk Management Service (RMS), Program Review for Information Security Management Assistance (PRISMA).
VULNERABILITY ASSESSMENT/PEN TEST: Significant experience with the following:
Guidance: NIST 800-42, 800-115, and Open Web Application Security Project (OWASP);
Training: SANS Cutting-Edge Hacking Techniques, SANS Defeating Rogue Access Points, Project Management, SANS System and Network Security Auditor, SANS Web App and Ethical Hacking, and Network Security & Firewalls.
Security Tools (Application): AppScan, NTOSpider,Hailstorm, WebInspect, Acunetix, AppDetective, Nikto, Samurai, Paros, Fortify 360, w3af, Burp Suite, Webscarab, Oracle Audit Tools, and SQLLHF, Ounce Labs 6, and FxCOP.
Infrastructure Tools: Nessus, Internet Security Scanner, NMAP, Superscan, TeleSweep, L0phtCrack, Cain, John the Ripper, Sam Spade, PWDump3, BackTrack3, Windump, Metasploit, Oracle Audit Tools, and SQLLHF;
Source Code Analysis: Fortify, Ounce, FxCop; and
Compliance Tools: Enterprise Security Manager, DumpSec, Hyena.
ADMINISTRATION: SUN/Solaris Systems Administration, TCP/IP & Network Administration, Windows 2000 /2003 Server, UNIX Network Administration, Linux (Fedora 6) Administration. Proficient in UNIX shell scripting. Trained in the MCSE Windows 2000 Track & as a Microsoft Certified Professional, and run OSs in VMware.
ENCRYPTION: FIPS 140-2, FIPS 197, Public Key Infrastructure (PKI), Asymmetric, Symmetric, and Hashing.
DATABASES: Oracle9i Database Administrator Training, SAP, Microsoft SQL Server 2000 System Administration and Database Implementation training, Resource Access Control Facility (RACF), LIS-11, MS Access.
NETWORK INFRASTRUCTURE: Tivoli Security, Web Sphere Family Architecture, CCNA, CCDA, PIX and Raptor Firewalls, and Access Control Lists, DII COE, C2PC, GCCS, DCTS, I3. Trained to install, configure, and maintain Cisco switches, Cisco 2600 series routers with RIP and static IP.
INTRUSION DETECTION: TCPDump/Windump, Network Analysis, BRO, Snort, Komodo, Symantec Manhunt, Wireshark/Ethereal, Dragon, SourceFire, Tipping Point, ArcSight.
PROGRAMMING LANGUAGES: C, C++, JAVA, and UNIX Shell Scripting.
CERTIFICATIONS: Sigma Greenbelt & SPIDynamics WebInspect, ISC CSSLP, SANS GIAC Network and System Auditor (GSNA), Certified Incident Handler (GCIH) Certified.
WORK EXPERIENCE
March 2007 to Present Fort Meade, MD
DEPARTMENT OF DEFENSE HEADQUARTERS
Sr. IT Security Analyst (Department of Defense/Homeland Security)
Provide analyses of malware to determine malicious behavior and recognize emergent patterns and linkages to visualize the larger picture of cyber-based operations. Perform dynamic and static analysis and reverse engineering on complex malicious code through the use of tools, including dissemblers, debuggers, hex editors, virtual machines, and network sniffers. Provide malware analysis findings in technical analysis reports, briefings, and threat assessments. Perform research in the area of malicious software, vulnerabilities, and exploitation tactics.
Uses a variety of forensics and detection tools to conduct forensic examination activities including assisting in the analysis of various types of network, computer and technology devices which may contain digital evidence.
Write scripts to automate analytical processes that analyze and respond to software and hardware vulnerabilities.
Perform investigation of unauthorized use of computers and networks, fraudulent activities, data spills, and containment and eradication of malicious code
Lead the implementation of security programs designed to anticipate, assess, and minimize system vulnerabilities, coordinating the implementation of security programs across platforms (Tier I, II and III) and establishing vulnerability reporting criteria.
Perform static code analysis on Web Application and recommend resolution for security holes such as SQL injection, Buffer Overflow, etc.
Escalate detection of root-kit and Trojan methods, as well as, evidence of hacking techniques and counter attack methodologies
Review all-source intelligence information and correlates it with data derived from various levels of perimeter defenses architecture (IDS, Firewalls, and Logs) in order to provide the customer with assessments and reports facilitating situational awareness and understanding of the current cyber threat.
Build/Monitored IDS, IPS systems, (Sourcefire, Dragon, Tipping Point, Argus, Bro, McAfee Intrushield, Stealthwatch) and Arcsight management console
Investigate suspicious events by looking at the payloads, web site source code, http and email headers.
Set up dual stack IPv4/IPv6 lab to test new IDS/IPS systems for IPv6 compatibilities and new signatures.
Perform penetration testing against development and production Web Application, networks and systems.
Review and evaluated security incident response policies; identifying need for changes based on new security technologies or threats; testing and implementing new policies and instituting measures to ensure awareness and compliance.
Manage a team of four to five Intrusion Detection System Analysts and oversee all operations of those analysts.
Monitore several agencies of intrusion detection, attack and penetration, authorized use of vulnerability assessment tool, and investigation of non-compliant system usage.
Mar. 06 March 07 Washington, DC
KPMG (Senior IT Security Engineer)
KPMG, Federal Practice
Member of the Information Security Services (ISS) Team leading and providing Information Security and IT Audit support to the Federal Government and Commercial entities throughout the United States.
Lead and performed Network & System Vulnerability Assessments, Certification and Accreditation (C&A), Policy Review, DR/BCP, Risk Assessments, Penetration Testing, Wireless Reviews, IT General Controls, Applications (Oracle, MSSQL, SAP, Hyperion, Lawson, etc.) and Security Controls testing in support of FISMA, FISCAM, HIPAA, COBIT/SOX, and Financial Statement Audits.
Reviewed all SAP user IDs and user roles, all sensitive SAP activity groups, and perform an internal audit on these activity groups in the SAP production environment.
Utilized knowledge of OMB-A 130, Appendix III, and NIST guidelines, including 800-18, 800-26, 800-30, 800-31, 800-37, 800-53, 800-61, and DIACAP, to support the preparation and approval of System Security Plans (SSPs) or System Security Authorization Agreements (SSAAs)
Attained hands on experience in installing, configuring, testing, and hardening UNIX/Linux and Windows machines.
Mentored and trained new KPMG Associates on network security basics, and how to assess risk.
Coordinated the implementation of security programs across Tier I, II, and III systems, and establishing vulnerability reporting criteria.
Collated and documents test results and organized discussions for potential clients.
Recommended countermeasures and remediation techniques to eliminate vulnerabilities.
Performed System/WebTrust in accordance of the American Institute of Certified Public Accountants
Researched and recommended appropriate application security technology and/or processes.
Performed gap analysis, collect, create, and maintain system security documentation
Lead the creation of all necessary testing materials and documentation, including: test plans, test scenarios, and system test scripts.
Aug. 05 - Mar. 06 Washington, DC
Universal Service Administrative Company (USAC) designated by the FCC (Contractor)
IT Security Engineer/Application Development Support
Supported the development, implementation, and execution of application security within USAC's Systems Development Life Cycle (SDLC).
Developed team security advisory function and application security assessment
Oversaw of Configuration Management and Change Control functions pertaining to software development projects.
Performed gap analysis, collect, create, and maintain system security documentation.
Related and incorporated Federal and USAC related regulations and guidance into all layers of USAC infrastructure.
Researched and recommended appropriate application security technology and/or processes.
Performed Forensics investigation as needed using various Freeware and commercial tools.
Jun. 03 - Aug. 05
FORD MOTOR COMPANY Dearborn, MI
Data Security / Data Administrator (1/05 -8/05)
Used database assessment tools to discover database applications within our infrastructure and assesses their security strength.
Reviewed database logs to detect internal or external security breaches from unauthorized users.
Recommended countermeasures and remediation techniques to eliminate vulnerabilities.
Created logical and physical Data Models (Erwin).
Interfaced with customer to design database (DB) changes and create database requests using a DB change package.
Created work list in the DB2/Oracle/Teradata/SQL environment.
Provided audits for DB2, Oracle, Teradata and SQL Server worklists.
Used of Oracle, Teradata Manager, DB2 and SQL Server Enterprise Manage tools.
Converted department site from static to dynamic (Database interactions) using various technologies such as ASP and JavaScript.
Security Analyst (7/04 1/05)/Web Hosting Security Service
Responsible for onsite security assessments and final security certifications of an application or infrastructure project.
Performed Risk assessment on applications and servers using various security tools on both Linux and Windows platform
Managed projects from initial program/scope definition through certification including overall project status, issues, and risks.
Oversaw and managing program level risks and issues.
Acted as liaison with Ford Motor Company business partners and 3rd party consulting firms.
Recommended countermeasures and remediation techniques to eliminate vulnerabilities
Project Manager/LINUX/UNIX Administrator/Security Analyst (1/04-7/04) / Server Hosting Center
Supervised a LINUX/ UNIX helpdesk technical team of 25 (5-7 per rotational week), including workflow, performance, quality management and ensured trouble tickets are handled in accordance to Service Level Agreement (SLA).
Monitored system security logs to detect unauthorized activities.
Approved and denied access to production systems.
Scanned systems on a weekly basis for possible security weaknesses using Nessus, NMAP and ISS
Performed manual audits on system using an Audit Program Guide created from NSA Unix/Linux secure baseline.
Recommended countermeasures and remediation techniques to eliminate vulnerabilities.
Executed Six Sigma processes to identify the top ten incidents by analyzing and binning over 4,000 incident tickets. The results of this project reduced trouble tickets by 45%.
Resolved over 10,000 file system problems in the UNIX server environment as identified by SCT for Sarbanes-Oxley 404 related servers.
Developed Perl Applications (tools) and assisted in a documentation standardization effort. Ensured that team members comprehended the precepts of problem ownership and resolution in order to meet customer service levels.
Supported LINUX/Unix OS and the various tasks and services related to server infrastructure support.
Provided third level contact support for server infrastructure support services which requires vendor interaction and research.
Researched and provided operational solutions and direction for projects using a variety of technologies and methodologies.
Network Security Engineer /Systems Analyst / (6/03-12/03)/Network Services
Performed proactive and reactive (1st and 2nd level) LAN problem analysis and troubleshooting.
Reviewed Routers configurations files both manually and automated using a tool called Router Audit Tool.
Performed Router audit using CIS security benchmark.
Monitored system security logs to detect unauthorized activities and systems failures.
Recommended countermeasures and remediation techniques to eliminate vulnerabilities
Performed IP address administration Domain Naming Services (DNS) for all Ford Credit networked devices at these sites using QIP (IP management software).
Assisted Networking Support partner (as 2nd /3rd level support) with WAN problem analysis and trouble-shooting.
Jan. 00 May 03
CLARK ATLANTA UNIVERSITY
Network Administrator/Assistant Security Engineer / Office Information Technology Center
Supported users over a 3000-node network on various OS such as Windows 2000 Server, Redhat, and Solaris.
Monitored system security logs to detect unauthorized activities.
Approved and denied access to production systems.
Scanned systems on a weekly basis for possible security weaknesses using Nessus and NMAP
Performed manual audits on system using an Audit Program Guide created from NSA Unix/Linux secure baseline.
Recommended of countermeasures and remediation techniques to eliminate vulnerabilities
Assisted in setting up Active Directory, troubleshoot win95 to XP
Provided in depth knowledge of Norton Symantec antivirus 7.6, Norton Ghost 7.5
Assembled, built, configured and troubleshoot computers.
Built and maintained several computer labs on various OS (Windows and Linux) utilizing hubs or/and switches.
IT Security Research-Project
Designed campus wide wireless network of 3000 nodes using Cisco Aironet 1200 Series.
Researched and implemented the appropriate encryption and authentication method to secure wireless data.
Documented the network as appropriate (included Network diagrams, Naming Conventions, IP addresses, WEP, etc)
Researched and cracked the WEP key using various Linux/Unix tools and sniffers (brief method below).
One laptop performs an active attack to stimulate data flow so that a sufficient number of packets can be captured in a relatively short amount of time, while the other laptop "sniffs" or captures the traffic produced by the attacking laptop.
Web Architect Project
Designed web site, which allows users to interactively register for classes and purchase items from the Clark Atlanta University bookstore.
Software Engineer Project
Developed Java Mall Navigation System that aided users in finding various stores within a mall as well as the many products sold by the stores
Created a Java Airline Flight Reservation System which allows users to order advanced tickets for a flight.
Led a development team in the design of a personality trait expert system using Prolog (Artificial Intelligence).
Download Resume Format
Whether you are looking for Business Letter Sample, Free Resume, how to write resume, examples of job application letters, curriculum vitae, CV, and whether letter format or template for letter writing. Looks like you are right here because this time we are going to discuss about it.
Appear first on Resume Format 6) .. To be Continue
Comments
Post a Comment