Follow CIS Controls and Best PracticeAssist with educating and updating procedures (in Confluence) to include compliance with ISO Standards Work with Compliance team to provide evidentiary artifacts for compliance with ISO Standards using JIRA to track all workUse Qualys for scanning and reportingUsing Splunk to create high level dashboards to track vulnerability adn remediation progressCreating asset groups, Remediation Policies, creating tickets for track accurate completion of patching for the internal App/Dev groupWork with LOB representatives on vulnerabilities and remediation to ensure remediation efforts adhere to corporate policies

Vulnerability Program Manager responsible for Policy documentation (NIST 800-53v4) and compliance of all Waddell and Reed and Ivy Investment Endpoints. Assess and work with LOB representatives on vulnerabilities and remediation to ensure remediation efforts adhere to corporate policies. Define, implement and manage the Information Vulnerability Management (IVM) Program through the identification and analysis of known and newly found vulnerabilities to determine their operational and security impact. Address vulnerabilities found through remediation recommendations, Information Vulnerability Alerts and Information Vulnerability Bulletins. I am responsible for SOW for annual Pen Tests as well.

I supported the systems developed for the Corporate systems, Finance, Treasury tax business line and online software; marketing systems; and the country of Canada as part of our global security initiative. Current initiatives include: gathering of in-place security elements from our business unit in Canada to develop a security reference architecture for that market; working with the Corporate Services and Finance/Treasury development units to develop a plan for future state security needs that includes a secure software development environment; ensuring that our security engineering and incident response teams have all information needed from these units in order to provide appropriate security support and response. I was also involved in running adhoc vulnerability scans as well as reporting through Qualys for Corporate assets as well as Australia.

I scheduled and ran all of EPIQ Systems vulnerability scans using McAfee Vulnerability Manager. I was responsible for coordinating scans and implementing policy change exceptions. I also was responsible for changing over to a new Vulnerability Management vender, Qualys, and implementing a schedule for rollover to this new system as well as installing the Qualys Cloud Agent. I had access to GRC Archer, SEIM and ePO as well in order to access reports that pertain to scanning. I also used Prime 2.0 to consolidate and verify appropriate IPs and subnets are being scanned as EPIQ Systems continuously acquires new companies/networks. I served as Incident Response Commander on a rotating basis. This entailed handling all internal/external requests for Security Operation group to perform unblock requests as well as daily ticket response for handling emergency issues.

As a Sr. Security Analyst, I served as the liaison between H&R Block and the Managed Security Service Provider (MSSP). My primary focus in this position was to address all security incidents reported by the MSSP and coordinate all remediation efforts within other internal support teams. This was accomplished using Symantec operational support of all security incidents, service requests and server logging per device. All efforts are tracked and documented in the Service-Now ticketing system. I provided enterprise support to all assets within the World Headquarters and Field/Remote offices. I was also involved with supporting and developing operational processes in regards to our anti-virus, data loss prevention, and Qualys vulnerability scanning and reporting processes and assisted in the establishment of specific security testing criteria and procedures. I led project development team in Vulnerability Management, to include PCI, and Risk Assessment. Provided Qualys vulnerability scanning for enterprise and analyzing, managing and reporting all assets. I coordinated and assisted in fulfilling request for ad hoc security reporting. I also participate in daily/weekly security status calls and assist with special projects. PCI and SOX compliance.

Coordinated and lead technical calls including ensuring the appropriate technical staff were on call to facilitate the implementation of fix or work around. This includes ensuring the appropriate USDA CIO’s, internal and external Agency CIO’s, business owners and application owners as well as the application administrators are on the call. I monitored the servers and databases on the servers to ensure no outages occur, paying special attention to high level/confidential (presidentially mandated) web applications/pages.I determined and communicated the business impact of critical/confidential and high priority incidents as well as documenting all communication and action items and ensuring each technical support staff complete assigned action items on time in order to communicate accuracy of information to the customer. I documented changes in processes as they occured based on current departmental policy. I used appropriate tools to recommend appropriate improvements. I created, assigned and tracked all incidents to ensure they are being handled according to current documented ITIL process and completed in timely manner. I reviewed documented, tested and recommended procedures, products, and/or services to better meet the customers’ needs.

I monitored and analyzed network traffic, performed security incident handling, incident reporting, and threat analysis. I worked with IDS and on virus and malware behavior and intrusion methodologies and other technology to ensure operational security. I monitor and analyze IDS alerts, network and system logs, and available open source information to detect and report threats to customer networks. I am well versed at conducting special cyber-security studies, surveys, and reviews of IT systems to ensure that appropriate safeguards exist to protect against perceived threats. I have a working knowledge of enterprise level operational security, telecommunications, networking and security technology, policy and programs, and cyber security test programs and methodologies.I responded to management relating to status of incidents for agencies. I relayed the status of Incidents for each agency. I determined appropriate response action(s) required to mitigate risk and provide threat and damage assessment for security threats. I attend weekly conference calls with WDC staff to provide status of open incidents and other projects. I also provide technical guidance on training documents as well as creating and maintaining current procedure documentation. I was responsible for processing incident tickets within REMEDY in accordance with the Continuity Plan, monitor all open incidents and track progress from inception through resolution and closing incident tickets that have been researched by the agencies and closing documentation has been received expressing their findings and how the incident has been corrected. I sent notification documents as needed per requests as well as send correspondence to ISSPMs. I prepare the CIRG (Critical Incident Response Group) packet following the Continuity Plan Guidelines and the CIRG Meeting Preparation Checklist. I generate reports and follow established policy. I notify agency and advise on policy that the agency needs to take.

I developed and maintained Certification and Accreditation documentation for agency as required in NIST 800-34 and NIST 800-53. I interacted, via email and by phone with each application owner(s) and application programmer(s) to gather the original requirements preceding the development of the application to gain knowledge of the application for proper documentation. My team processed access control change requests to include creating, assigning and resetting logon IDs, identifying and resolving logon issues, entered data records of help calls in an automated Access database, logged requests and updated the request and ID databases. The user IDs/passwords I created and maintained were for Mainframe, Sybase, NFC, ADPS, GLS, AS400 and UNIX systems and subsystems. I established all process and procedures for our department and communicated those procedures to other State Coordinators/SEDs and Branch Chiefs, in written correspondence or by phone. I tracked and researched trouble tickets and participated in mandatory audits in order to maintain appropriate levels of access to prevent unauthorized access and protect confidential and proprietary data. I coordinated User IDs with other Security offices through oral and written correspondence. I helped organize training for new systems nationally. I have also participated as an instructor, giving the Security portion of the training. I trained new Security Officers on all systems. I spent time education each state IT Specialist and management of our policy, procedures, and risks associated with new applications. I maintained responsibility for communicating new policies, programs, initiatives and any management dissemination to the staff. Through meetings with the Project Manager, I interpreted personnel and operational policies and relate their significance to daily work practices. I worked with the team to pinpoint potential obstacles and develop implementation plans.