Sample Template Example of Beautiful Excellent Professional Curriculum Vitae / Resume / CV Format with Career Objective, Job Description, Skills & Work Experience for Freshers & Experienced in Word / Doc / Pdf Free Download
Download Resume Format
JANKI CHOWDHURY
309 Millwood Sq. Phone 1: (347) 813-9876
Sterling, VA 20001 janki@gmail.com
U.S. CITIZEN
w/ Public Trust Level 6 Clearance
Objective
|
More than
11 years of hands-on network management and security experience. Demonstrated expertise in network security
issues and solutions, IT security requirements for Financial Firms and Federal
Government, vulnerability assessments, and penetration testing. Extensive experience with security tools
and technology to include vulnerability assessment tools, firewalls, forensic
tools, and intrusion detection systems. Subject Matter Expert (SME) in Cloud
Security Compliance, FedRAMP and CONOPS processes.
|
Employment
|
0208 – Present
Earthling Security / Zodmatic Inc.
Fairfax, VA
Sr. IA and Security Specialist / Sr. ISSO
/ SME in Cloud Security Compliance
Information Systems Security Officer for FEMA.gov and
Ready.gov. Responsible for all Assessment and Authorization (A&A)
documentation (FIPS 199, E-Authentication Worksheet, PTA, Social Media PTA,
SP, SAP, SAR, POA&M, CP, CPT, Risk Assessment and Assessment of Key
Controls) for both systems. Involved in strategically preparing all security
documentation / artifacts by applying Cloud Security Knowledge as well as the
FedRAMP process. Documented the Security Plan (SP) efficiently in order to
identify and delineate responsibilities for Cloud Customers, the Cloud
Service Provider (CSP) and Content Management Solution (CMS) Provider (CMS).
Worked with Acquia and Amazon Web Services (AWS) to identify security
requirements for DHS / FEMA, Acquia and Amazon. Assisted and guided Acquia (CMS Solution)
on their’ A&A process, security documentation, and NIST/FISMA
requirements. Also responsible for reviewing and approving all system
documentation for FEMA.gov and Ready.gov. Regularly attend DHS Cloud Working
Sessions and Cloud CMS Security Sessions. Directly work with DHS Headquarter
officials and security specialists on Cloud Security Compliance and FedRAMP
as it relates to FEMA.gov and Ready.gov. Recently promoted to Information
Systems Security Officer for all DHS / FEMA Public Cloud Offerings.
Key member of the Security Tiger Team for the Computer Literacy World (Team CLW). Team CLW is one of the 12 GSA potential cloud vendors for government agencies. Worked with Cloud Architectures on technical and security requirements. Assisted Team CLW on the Security Plans (SPs) by addressing each 800-53 Revision 3 controls in a very detailed, concise and thorough manner as required by the General Services Administration (GSA). Populated three different Security Plans (SPs) for Lot 1 – Storage, Lot 2 – Virtualization and Lot 3 – Web Hosting. Worked alongside the Identity Management Team to document Access Control and Identification and Authentication process for the Team CLW Cloud Infrastructure. Worked with a group of highly experienced security professionals to advise Team CLW on establishing a strong security program following their approval as a GSA cloud vendor. Supported Team CLW and provided Client Management support with the GSA Security Approval team. Documented the entire Incident Management process for the Team CLW Cloud Infrastructure. Also applied to become a Third Party Assessment Organization (3PAO) for Cloud Security Compliance and FedRAMP.
Conducted network security scans and reviewed system
design documents. Created a Risk Identification and Management Process for a
system within the Federal Reserve Bank (FRB) that is responsible for $4
trillion annually. Responsible for all vulnerabilities within the system. Reviewed
and prepared Certification and Accreditation artifacts for the FRB following
NIST and FISMA requirements.
Conducted a thorough Office of Inspector General (OIG)
audit of the Security and Exchange Commissions Continuous Monitoring program.
Reviewed all C&A Artifacts, Vulnerability Scan Reports, Security Policies
and Procedures, System and Application audit logs, 800-53 Revision 3
controls, Backup and Retention process, Access Management process, etc.
Interviewed a number of individual throughout OIT as part of the Audit.
Delivered a lengthy document discussing all audit findings and recommendation
for the Office of Inspector General (OIG) to SEC’s Upper Management.
Created a NIST 800-53 revision 3 template used by NOAA. Wrote
security policies and procedures for NOAA and DOT as required. Conducted
Privacy Impact Assessment following NIST SP 800-122: Guide to Protecting the
Confidentiality of Personable Identifiable Information. Responsible for
discussing all privacy related issues with client. Reviewed and updated
privacy-related policies and procedures as needed. Used Cyber Security
Assessment and Management (CSAM) tool to upload documents, C&A inventory tracking, FISMA reporting,
security control assessment and POA&M weakness tracking. Performed annual
self-assessments on DOT systems following NIST SP 800-53 controls. Also
conducted Contingency Plan Tabletop Exercises with System Owners, ISSOs,
Administrators, etc. Responsible for giving customers systems security advice
using NIST, FISMA and FIPS as a reference point. Completed an entire C&A
package for an Oracle- based OBIEE Major Application The C&A included
Privacy Threat Analysis (PTA), RMS Questionnaire, Risk Assessment, System
Security Plan (SSP), Contingency Plan, ST&E Plan, Security Assessment
Report and Plan of Action and Milestones (POA&M). Ran internal non-intrusive security scans
using Nessus on 20 systems. Documented findings into POA&M.
Responsible for assisting with the delivery of
Operations-related Plan of Actions & Milestones items for HP-UX, Linux,
Solaris and Windows Systems. Delivered high quality work
products/deliverables that are required to satisfy the Plan of Actions and
Milestones developed as part of the recertification activities. Coordinated
closely with the Task Order team responsible for developing the overall POA&M master list. Proactively managed individual
Plan of Actions & Milestones work items assigned by the Security Analyst.
Conducted routine reviews of team deliverables to ensure compliance with
required documentation requirements. Supported Security team to work with
customer and end users to define functional and technical security and
privacy requirements as required. Reported weekly status to the relevant team
leaders. Identifies problems and brings them to supervisor's attention
with sufficient lead time to avert crises. Also identified changes in
scope or work effort that could result in budgetary overrun or the missing of
delivery dates. Constantly encouraged team work and supports supervisor
to set the tone for a positive work environment to meet overall team
objectives. Notified supervisors/escalates issues when problems or issues
arise that are outside of normal scope of area.
Responsible for creating a Security Program for NIGC
from scratch. Wrote policies, procedures, guidelines which met government
standards. Applied the NIST 800-18 to write a System Security Plan (SSP) for
the NIGC General Support System. The SSP
consists of the NIST SP 800-53 Revision 2 and the Rules of
Behavior for System Users. Assisted in creating a network diagram and data
flow model. Also, completed the FIPS 199 (Security Categorization of Federal
Information Systems) based on information received from conducting interviews
with regional offices, meeting with the client and the Privacy Impact
Assessment. Completed Privacy Impact Assessment (PIA) following NIST
standards. Compiled all Personable Identifiable Information (PII) and
implemented security best practices when dealing with PII data. Created an
Incident Response Handbook to assist NIGC users in handling and responding to
computer related incident. Also, wrote up a Contingency Plan following NIST
SP 800-34. Constantly worked with the client to ensure the documentation is
accurate. Worked alongside a team of IT Security Specialist to complete the
C&A package for NIGC and to brainstorm on constantly improving the NIGC
security program.
Responsible for Certification and Accreditation (C&A)
package for IT Systems for Pension Benefit Guaranty Corporation (PBGC), a
branch of the Department of Labor. Responsible for created Information System
Inventory Survey (ISIS) for ACT/Archive which is a minor application of
Ariel. Reviewed System Security Plan(s) and other previous PBGC C&A
documentation. Completed documentation of the hybrid and system-specific
controls for the 800-53 worksheets for eALG, IPS, CRM and CMS/CAS systems.
Verified IP address were consistent with PS application spreadsheet. Attended
several meetings, reviewed system designs and network diagrams to get a
better understanding of the PBGC network, systems, minor and major
applications. Worked efficiently with team members to create adequate and
precise documentation for the C&A package. Completed System Security Plan
for General Support Systems (GSSs). Responsible for reporting all outstanding
vulnerabilities in the Risk Assessment and Plan of Action and Milestones
(POA&M). Heavily involved in NIST, FIPS and Certification &
Accreditation process.
11/05 – 01/08 Telophase (Department of
Interior) Washington, DC
Information Systems Security Manager
(ISSM) / Information Systems Security Officer (ISSO)
Responsible for Certification and Accreditation (C&A)
package for IT Systems for the Office of Historical Trust & Accounting
(OHTA), a branch of the Department of Interior. The C&A package consisted
of the Security Test & Evaluation (ST&E), Contingency Plan, Risk Assessment,
Internal Control Review (NIST SP 800-53), Rules of Behavior and Plan of
Action and Milestones (POA&M). Performed Vulnerability Assessment Reports
for OHTA using Nessus. Internet Security Scanner (ISS) and GFI Languard.
Extensive knowledge with NIST Special Publications 800-18, 800-26, 800-30,
800-34, 800-37 and 800-53. The C&A was successfully audited by the IG and
the grade improved from a C- to an A for overall C&A effort,
documentation and implementation. Performed physical site assessments for the
main headquarters of OHTA in Washington D.C. as well as the contractor sites.
Other responsibilities included: locking down ports, configuration
management, patching systems, writing policies and procedures as listed in
the NIST SP 800-53 and creating diagrams of the OHTA network. Worked with IT
security team to complete the FIPS 199 as well as the quarterly OMB
reports. I was also in charge of
handling all incidents including the training of Incident Reports to the IT
staff. Also, implemented DISA and CIS Security Technical Implementation
Guides (STIGs) for Microsoft SQL Server 2000, Microsoft Windows XP, Microsoft
Windows Server 2003, Active Directory, Desktop Application, Domain Name
System (DNS) and Internet Information Server (IIS). Executed and reviewed the
results for the Windows Gold Disks and the Security Readiness Review scripts
provided by DISA. Responsible for creating, testing, implementing a very
concise Disaster Recovery & Continuity of Operations plan (COOP) for
OHTA. Also, involved in forensic analysis and imaging of hard drives using
Helix 1.9.
12/03 – 10/05
DNC
CORP New York, NY/Washington, DC
IT Security Specialist
Provides network security expertise and guidance in
support of security assessments for government and commercial clients. Performs network risk assessments,
vulnerability assessments, and penetration testing. Advises on security architecture. Evaluates and recommends security
technology such as network and host based intrusion detection systems (IDS),
virus protection capabilities, and virtual private network solutions. Review security configuration to ensure
compliance with policies and procedures and identifies potential risk. Researches and stays abreast of emerging
security threats and vulnerabilities and recommends security patches and
solutions to prevent exploitation of potential vulnerabilities.
12/00 -12/03
Securities Industry Automation Corp. Brooklyn,
NY
Unix Security Analyst
During my employment period at SIAC (Securities Industry
Automation Corp.) I was responsible for many key critical assets for the NYSE
some of my functions are listed below.
I was responsible for Disaster recovery procedures in the event of a
disaster at the NYSE. Ensured the
integrity of the recovery procedure by doing weekly contingency test to
ensure that the NYSE could utilize SIAC during a disaster, and that
everything would be seamless as possible.
I did weekly and daily backups for the systems of the National Market
Systems. I tested new releases with QA to make sure there are no problems
related with the release.
Wrote several UNIX scripts to enhance shift procedures.
Also responsible for submitted daily Morning Report on the Linux system to
the directors of the NMS and NYSE departments. Utilized ITO to monitor all
UNIX systems to verify all CPU’s and systems were running smoothly.
Management was immediately notified upon any discrepancy. Updated Emergency
recovery procedures on the OPRA systems which were responsible for trading Options
amongst several different exchanges.
I monitored
the operation of computer hardware systems and made recommendations for
operational enhancement. I assisted developers and systems support in
identifying and analyzing a wide variety of network and application problems
within the system. I conducted QA and development testing for new software
and hardware release cutovers for Consolidated Trade System (CTS),
Consolidated Quote System (CQS) and Inter-market Trading System (ITS).
|
Technology Skills
|
UNIX: Intel,
HP-UX 10.20, 11.0, Tandem and Solaris 2.7/2.8 for Sparc
Languages:
Bash, Perl , Shell, Ksh/Csh Scripting,
Microsoft:
Windows 2000, Windows Server 2003, Windows XP, Windows NT, Microsoft
Access, Microsoft Powerpoint and Microsoft Vizio.
Firewall:
Cisco PIX, Checkpoint, Raptor
IDS: Snort,
Dragon, Sourcefire, eTrust IDS
Host IDS:
Tripwire, BlackICE
Security Standards: FISMA, NIST 800-18, 800-26,
800-53, 800-37. 800-68, DITSCAP, DISA Security Technical Implementation Guide
(STIG), CIS Security Technical Implementation Guide (STIG), FedRAMP, CONOPS, Security
Content Automation Protocol (S-CAP) and S Clinger-Cohen Act
Security:
PKI, VPN, DES, SSL, SSH, Import Export Laws, DMZ
Vulnerability Tools: Nessus, GFI Languard, ISS,
Wireshark, Etherreal, Sniifer Pro
Forensic:
Encase 4.3, Encase 5.0 and Helix 1.9.
Networking: Cisco Routers, Cisco Switches, LAN, WAN, Routers, Switches, and
ISDN.
Storage System:
EMC, Auto Raid.
Hardware:
Sun Enterprise 450, E10K, HP 9000 Series 700/800 Model T 500, K 200/220/260/460,
L2000, N4000, J7000, D, C class.
|
Education
|
1998-2000 Long
Island University Brooklyn,
NY
Computer Science
2000-2004 Hunter
College New
York, NY
Computer Science
|
Certifications
|
Certificate of Cloud Security Knowledge (CCSK) – Obtained
in January, 2012
Working towards Certified Authorization Professional (CAP)
certification.
Working towards Certified Information Systems Security
Professional (CISSP) certification.
|
Download Resume Format
0 comments:
Post a Comment