Information Security Analyst

Conduct manual security vulnerability assessments for Administrative Office of US Courts (AO)
• Scheduled Security Assessment Test Plans to be completed on assigned host/appliance within different branch
of AO to be completed within scheduled time frame
• Prepare vulnerability reports for AO with suggestions for remediation and explanation of findings
• Performed analysis involving OWASP Top 10 Vulnerability Assessment of various internet-facing web
applications and Web services
• Executed daily vulnerability assessments, threat assessment, mitigation, and reporting activities
• Actively searched for potential security issues and security gaps that are beyond the ability of detection by any
security scanner tool
• Conducted penetration tests on systems and applications using automated and manual techniques with tools
such as Core Impact, Metasploit, Burpsuite, Kali Linux, Acunetix, Nmap, and many other open-source tools as
needed
• Manually inspect HTTP requests/headers/responses using Burp Suite as Proxy
• Identify weaknesses in controls that can be used in attack/exploit by manually conducting security assessment
checks

Review Cyber Security Maturity Model Certification documentation and cross reference NIST SP 800-171
policies and procedures to ensure controls are implemented in our environment
• Act as first response in Endpoint Detection and Response Triaging alerts in Microsoft Defender and Wazuh
• Perform vulnerability scans using Nessus – forward results to appropriate teams with vulnerability
recommendations
• Virtual Desktop Infrastructure: Managed and performed process that built over 25 virtual servers in less than 6
months
• Monitor and analyze network traffic for intrusion or malicious behavior utilizing IronVue
• Assist with Fortinet Firewall rule creation, modification, and system deployment
• Create, modify, manage user accounts for several Linux servers