Provide expertise in performing vulnerability assessment and penetration testing practices atSWIFT, covering the full assessment life cycle (Pre-engagement Interactions, IntelligenceGathering, Threat Modeling, Vulnerability Analysis, Exploitation, Post Exploitation, andReporting)Provide expertise in developing vulnerability assessments or penetration testing against SWIFToperational activities running on a wide variety of systems (HP UX, Windows, LINUX, Oracle, IOS,AWS, Azure and more)Develop and operate the ethical hacking tactics techniques and procedures (TTPs) ofRed Team in support of CISO’s definition and implementation of the security strategy.Work closely with “Red and Blue Teams”, developers and other IT operational teamsin creating courses of action (COAs) to mitigate existing threats and vulnerabilities.Identify required security improvements and develop internal communications and briefings toother operational teams as required.Stay abreast of current vulnerability / exploit techniques and analyze how they could potentiallyaffect Swift.Perform security validation assessment on web applications, infrastructure, PaaS, and SaaS.

IRT Waiver: Manage all waivers for current or re-approval exemption for various environments, web apps, servers, and accounts from NIH TMIR (Threat Management Incident Response) evaluate the protentional threat and take appropriate action and exemptions of Risk mitigations or firewall. Absolute Console: Verify end point status and persistence presence to enforce NAC or Disable vlan.Net sparker: Scan web apps to remediate in order to comply with IRT waivers. Quickly identify sources of security breaches and move them towards containment.Utilize compliance and vulnerability assessment tools like Nessus to analyze products for configuration and patch vulnerabilities.Work closely with other departments to mitigate security events by providing the needed analysis and leadership.Tenable Security Center: Create and manage dashboards and tables for institutes to track their vulnerability management progress.Conduct live analysis on networks and across multiple platforms via Cylance and Symantec DLP.Cylance Console: Track and valuate live IDS/IPS across the Enterprise endpoint environment. Symantec DLP: Maintenance and daily monitoring of the enterprise Data Loss Prevention (DLP)Strong knowledge and experience to be able to explain vulnerabilities and weaknesses, discuss effective defensive techniques with both technical and non-technical audiences.Perform and provide timely (within SLAs) operational support for remediation of vulnerabilities including HW, SW, and applications identified by the Client.Respond to internal and external (to NIH) information security alerts and incidents. Comply with the escalation of security incidents policies and procedures. Perform and support hardening of desktop images and configurations in accordance with guidance from the Chief ISSO and other Security departments.

Identify, report, and resolve security vulnerabilities, weaknesses, and violations. Assess risks, identify mitigation requirements, and develop accreditation recommendations; be responsible for tracking SA&A requirements for assigned systems and validate that task are on schedule, and ensure the delivery of quality documentation. IRT Portal: Manage all incoming Incident from NIH TMIR (Threat Management Incident Response) evaluate the protentional threat and take appropriate action for remediation. Quickly identify sources of security breaches and move them towards containment.Utilize compliance and vulnerability assessment tools like Nessus to analyze products for configuration and patch vulnerabilities.Work closely with other departments to mitigate security events by providing the needed analysis and leadership.Tenable Security Center: Create and manage dashboards and tables for institutes to track their vulnerability management progress.Conduct live analysis on networks and across multiple platforms via Cylance and Symantec DLP.Cylance Console: Track and valuate live IDS/IPS across the Enterprise endpoint environment. Symantec DLP: Maintenance and daily monitoring of the enterprise Data Loss Prevention (DLP)Strong knowledge and experience to be able to explain vulnerabilities and weaknesses, discuss effective defensive techniques with both technical and non-technical audiences.Perform and provide timely (within SLAs) operational support for remediation of vulnerabilities including HW, SW, and applications identified by the Client.Respond to internal and external (to NIH) information security alerts and incidents. Comply with the escalation of security incidents policies and procedures. Perform security testing of environments in support of threat remediation using NIH standard testing and security tools. Verify installation and evaluation of new Software, perform testing using NIH standard testing and security tools.

Tenable Security Center: Create and manage dashboards and tables for institutes to track their vulnerability management progress.Nessus Manager: Troubleshoot Nessus agents to verify is that they are linked to hostsIdentify vulnerable machine and remediate vulnerabilities from Tenable reports.Conduct security scans with Tenable Security Center for verification of remediation.Respond to IRT generated by SIRT to comply with Firewall access. Using ForeScout to implement NAC policy on the network and enable MAC filtering.Update Mac and Windows systems with Absolute Manage/Munki on daily basis to meet institute policy.Push Security Patch on Windows and Mac using managing tools.Manage and troubleshoot iPhone, iPad and Tables via MobileIron Cloud Console.Desk side support for networking, desktop support, Windows 7/10, Macintosh 10.X Troubleshooting and resolving technical issues via phone and Bomgar when possible. Providing support to monitor, install, and perform maintenance on desktop/laptop and printers. Providing support to install and provide basic support for approved PC/Mac software. Providing support for on-the-spot diagnostic evaluations, implementation of corrections, and training users in proper operation of systems and programs. Setting up new user account along with proper profile.

Provide technical support to customers via telephone, email and through ticketsAnalyze and troubleshoot software and hardware issuesSolved minor workstation-related issuesInstalled operating system, software, antiviruses and patches Resolve network connectivity issue via remotely