From: route@monster.com
Sent: Thursday, November 10, 2016 3:24 PM
To: hg@apeironinc.com
Subject: Please review this candidate for: Network Engineer TS SCI
This resume has been forwarded to
you at the request of Monster User xapeix03
|
|||||||
|
|||||||
|
|
|
||||||
|
||||||
|
ALICIA DUNN 320 S Madison St • Wilmington, DE 19801• 919-841-2784 (C) •
adidunn@yahoo.com Audit Professional Robust Experience in IT Risk Assurance, Security & Network
Engineering w/ Masters in Accounting EDUCATION: EAST CAROLINA UNIVERSITY, College of Business in
Greenville, NC ▪ Masters of Science in Accounting w/ concentration
Audit, Dec 2012 ▪ Management Information System, pending Dec 2016 ▪ Beta Alpha Psi Honors Chapter, Nov 11, 2011 NORTH CAROLINA STATE UNIVERSITY, College of Sociology/Business, Raleigh, NC ▪ Bachelor of Science in Criminology (Major) &
Accounting (Minor), Dec 2007 Community College of the Air Force, Maxwell AFB ▪ Associates in Information Systems Technology
(IT), Oct 2010 ▪ Associates in Construction Management (Civil
Engineering), Dec 2007 Related Certifications: ▪ CISA (Certified Information Systems' Auditor) #12102380 ▪ CFE (Certified Fraud Examiner) #613333 ▪ CISSP (Certified
Information Systems Security Professional) #406617 ▪ CMA (Certified Management Accountant); #48861 ▪ CISM (Certified
Information Security Manager); awaiting application approval (passed) ▪ CRISC (Certified Risk & Information Systems
Control); awaiting
application approval (passed) ▪ CIA (Certified Internal
Auditor); #144077 ▪ CEH (Certified Ethical Hacker) #ECC023149 ▪ CCNP & CCNP Security (CSC011942103) ▪ CCNA & CCNA Security Related Certifications in progress: ▪ CPA Exam (Passed BEC- 11/02/2015; need to
test for AUD, REG, & FAR) Security Clearance: TS/SCI-CI Poly cleared (facilitates the ability to use a cleared
member for audit engagements where there is a 'need to know' standard
for assurance and accountability) PROFESSIONAL EXPERIENCE JP Morgan Chase, Wilmington, DEJune 2015– Present Information
Risk Lead (IRM)-VP •
Provided oversight and consultation and/or
remediation on issues/potential issues that arise within Cyber
Security engineering and operations functions and tools, risk control
self assessment, and regulatory guidance, as necessary. •
Executed control testing as a result of Risk
Control Self Assessment (RCSA) program to identify issues and gaps. •
As an IRM, interacted with CTO and ADM for break
management (gap analysis), as a result of application control assessments
(ACA) within IT Risk Central. •
Developed, implemented, and executed various
processes to monitor regulatory related controls to ensure that they are
being effectively executed. •
Developed associated reporting requirements in
Excel and escalated processes change review, while engaging management on
appropriate actions. •
Validated and reviewed controls in light of key
business projects, business changes and operational events to ensure ongoing
compliance with key regulatory commitments. •
Facilitated internal and external audits
including requests for information (RFI). •
Completed operational and technology risk
analysis, process improvement, end-to-end business process mapping and
reviews, procedure documentation, and metrics development •
Actively tracked, observed, documented and
requested reporting evidence based on COSO, SSAE 16 (#70), SOX 404 & 302,
HIPAA, PCI, ISO 27001(2), NIST 800-53, AGILE and the SDLC cycle. •
Perform Walkthroughs and SOX audits •
Reported metrics and utilizing Cognos, advanced
Excel, SQl queries, and Powerpoint CACI, Bagram, Afghanistan Dec 2013- Feb 2015 Information
Assurance Analyst (IT Audit)/Network Engineer Ensured the integrity and protection of networks,
systems, and applications by technical enforcement of organizational security
policies, through monitoring of vulnerability scanning devices such as
Nessus, REM/Retina, Q-Tip, SCCM/SMS, WSUS, AV, etc., to detect network
vulnerabilities and deficiencies. ▪ Met with clients to plan, analyze, design, and
test computer applications. ▪ Implemented counter-measures and mitigating
controls ▪ Performed ad hoc queries in SQL, including updates
to the SQL database ▪ Researched and recommended network and server
hardware and software for large complex networks. ▪ Performed data testing, risk identification, and
issue resolution for customized database users. ▪ Monitored data usage to ensure security of data
and access privileges ▪ Installed, supported and maintained network
servers and appliances ▪ Established and maintained user accounts,
profiles, file sharing, access privileges and security ▪ Performed daily server tape backups. ▪ Windows Administrator Role: Assured
Compliance Assessment Solution (ACAS) Administrator, and the Vulnerability
Management System (VMS) Engineer for Continuous Monitoring and Risk Scoring
(CMRS). ▪ Serves as the Information Systems Security Office
(ISSO) and DoD Windows Server Update Services (WSUS) Administrator. ▪ Conducts COMSEC Maintenance, (Connectivity). ▪ Performed daily maintenance and support of
computer networks including both hardware and software ▪ Configured Taclanes, switches, adding users to
active directory, disabling HBSS to install new software ▪ Configured the registry in support of new
software installs, span ports, load crypto, run cables, install software
and updates, configure VoIP phones CUCM, assess systems failures
by installing new memory cards, new batteries, etc. GENERAL DYNAMICS IT, Fayetteville,NC
Sept 2013- Dec 2013 Sr.
Network Engineer Managed USASOC network operations center,
including staff of 20+ employees ▪ Developed training plans with consistent goals
for overall career enrichment and future advancement. ▪ Led 20+ employees, including System
Administrators, Network Administrators, Information Assurance Associates, and
SharePoint, Solarwinds, and Server Administrators ▪ Conducted weekly briefings to update senior
management towers on growth of the CNCC mission and support for the entire
USASOC mission. ▪ Drove C&A activities, including accreditation
package development and security control testing and validation-Experience
with implementation using IA principles, National Institute of Standards and
Technology (NIST) special publications, federal regulations, security
standards, DoD, and DoN policies-Knowledge of use and application of
vulnerability assessment tools, including Nessus and Security Content
Automation Protocol (SCAP), Secure Technical Implementation Guides (STIGs),
checklists and SRG (Security Requirements Guides, monitor IAVAs. ▪ Managed network operations, utilizing command
line for Layer 2/3 switching operations and consistently updating network
diagrams on infrastructure changes. ITT EXELIS, Kunduz, AfghanistanJuly 2012- Sept 2013
Information
Assurance Analyst (IT Audit)/Network Engineer Ensured the integrity and protection of networks,
systems, and applications by technical enforcement of organizational security
policies, through monitoring of vulnerability scanning devices such as
REM/Retina, Q-Tip, SCCM/SMS, WSUS, AV, etc., to detect network
vulnerabilities and deficiencies. ▪ Implemented counter-measures and mitigating
controls ▪ Prepared incident reports of analysis methodology
and results ▪ Performed Computer Security Incident Response
activities and coordinated with government agencies ▪ Performed audits and vulnerability assessments,
including user accounts, application access, file system and external Web
integrity scans to determine compliance ▪ Drove special projects as required for compliancy
changes on SIPR, NIPR, JWICS or CXI enclaves. ▪ Lead Analyst (IA) for DIACAP certification,
including: o
Performing/Preparing All Audit scans(Retina- IAVA
compliancy) and SCAP scans, SIP, DIP and EPKG(Balance Scorecard and
POA&M) package, Patch Management using software via LanGuard as well as
remote login, and instructed employees on DIACAP information criterions for
NIPR, SIPR, &CXI enclave network designs using Microsoft Visio. Also,
helped prepare/design drawing for servers and network design. Network
Administrator ▪ Configured server farm /server interfaces for
NIPR, SIPR and JWICs for Snort, ArcSight, Retina, TACACS (Radius) and etc…. ▪ Actively utilized Sharepoint and Remedy. ▪ Performed routine analysis, troubleshoot, and
repair communication equipment such as routers and layer 3 switches
configuring BGP, EIGRP, Vlans, SVI’s, trunks, access interfaces, monitor
ports, ACLs, configuring new switches to come on the network, changing IOS
for switches and etc…functional knowledge of OSPF. ▪ Provided analysis for implementation techniques
and tools for the most efficient solution to network problems on NIPR, SIPR
& Citrix ▪ Planned, designed, implemented and maintained the
data and voice telecommunication systems ▪ Performed a variety of engineering studies and
analysis, recommends HW & SW improvements to overall network design. GENERAL DYNAMICS IT (TNOSC &TNCC), Fort Bragg,
NC Oct 2010- July 2011 Network
Engineer (Technician) ▪ Installed and configured network hardware,
software, VoIP(using Call Manager GUI interface) and data communication ▪ Troubleshot and provided technical support
and training to end-users ▪ Administered net security to routers and switches
while utilizing crypto equip such as TACLANES, KIV7’s, and etc… ▪ Provided installation, maintenance and
troubleshooting support of voice, video, and/or data communications networks. ▪ Monitored and responded to hardware and software
problems utilizing a variety of hardware and software testing tools and
techniques, on SIPR, CXI & NIPR networks. 24TH AF, 624TH OC, San Antonio, TX, Cyber
Security (Info
Assurance) Sept 2009-Oct 2010 Cyber
Security Specialist (oversight role) ▪ Provided Command and Control Operations to Dept
of Defense(DoD) Networks ▪ Conducted daily cyber ops briefs, relayed
adversary actions & informed leadership on decisions/counter threats
measures to be taken ▪ Analyzed anomalous traffic and coordinated with
Intel and Network Defense to prevent malicious activity on the network,
blocked malicious traffic using AF DNS blackhole ▪ Performed penetration testing ▪ Used computer forensic techniques ▪ Practical experience with retina scanners ▪ Command and control implementation of OPORDS
& IAVA compliancy ▪ Worked directly with AFCERT and INTEL to contain,
prevent, or correct network vulnerabilities. US AIR FORCE NAT’L GUARD, Charlotte, NC Feb
2002 – Present Cyber
Defense– IT Assurance Information Security, Governance, Risk & Compliance
(2012- present) Through
the use of risk mitigating testing techniques, performed assurance activities
based on multiple compliancy standards. ▪ Leveraged COSO, HIPAA, PCI, ISO 27001(2) and NIST
800-53 to perform risk assessments for the state of NC; our assessment group
engaged multiple departments throughout the state of NC, i.e. Dept of
Transportation, Dept of Health and Human Services, Dept of State Personnel,
and facilitated the performance of planning, execution and reporting. We have
been able to save countless hours and revenue, in regards to risks, as they
pertain to efficiency and effectiveness objectives for the state of NC. As
well as, providing mitigation strategies in regards to gaps in compliancy for
operational (day-to-day) and strategic goals, in their alignment to
regulatory standards. ▪ Drove risk identification, testing activities,
and issue resolution in accordance of test of design & test of
effectiveness in Assessment of SOX (Sarbanes Oxley) 404 & 302 ▪ Partnered with FBI in support of Cyber Defense
activities ▪ Quantitatively and qualitatively assessed risk,
based on probability and severity through the use of COBIT (ERM),
cost/benefit, gap analysis, value-at-risk,etc… ▪ Documented IT assurance workpapers; detailing
activities, results, next steps, process flow diagrams/process maps ▪ Designed 45 detailed testing procedures to
address network security risk for IT assurance testing. Including testing
protocols to assess and secure risk in the areas of HIPAA, PCI, SOX, COSO, COBIT, NIST 800-53, ISO
27001(2), FISMA, and the SDLC cycle. ▪ Performed IT audit testing activities such as: o
Ensured the integrity and protection of networks,
systems, and applications based through monitoring vulnerability scanning
devices and command applications to detect network vulnerabilities and
deficiencies. o
Filtered traffic & scanned traffic patterns
to produced ad hoc reporting o
Physical Security, Cryptography, Identity
Management, Configuration Management, PKI and directory services. Cyber
Transport Engineer - Network Infrastructure Support & Maintenance (2008-
Present) ▪ Setup/installed net hardware, software,
peripheral devices and crypto equipment, configure routers and switches,
configured users in Active Directory, BlueCoat while maintaining
accountability within Remedy. ▪ Managed hardware lifecycle management ▪
Performed routine analysis, troubleshooting, and
repair communication equipment on NIPR, SIPR & JWICs. ▪ Provided software technical support including
normal software functionality, installation, troubleshooting,
upgrading/replacing, and patch management TOOLS: ▪ Networking: Routers, Switches, Servers, VMWare,
Fortinet, Cisco ASA, Taclanes ▪ Software: SQL, Nessus, Snort, Security Onion ▪ High dependency on CLI via Nmap and NetStat ▪ Experience support end users directly or
indirectly with Active Directory service ▪ VMWARE, Splunk, Snort, Nessus, Security Onion,
Taclanes, Cisco Layer 2/3 switches, SCCM, Active Directory, Linux CLI, Window
CLI ▪ Utilize Security to block malicious traffic;
utilizing Snort(IDS), WinPCAP(nmap, windup, Squert, ELSA(BRO-syslogs), Sguil,
Snorby) ▪ Utilized ForeScout, Motorola Mobility, Cisco NCM,
Sharepoint, Solarwinds, InfoBlox, ISE, Riverbed, Putty, VMS, Websense, Source
Fire, Cisco Layer 2/3 switches, Active Directory and monitored Syslogs. ▪ Used IDS/IPS and HBSS ▪ NipR, SipR, and JWICs. ▪ Wireshark, Nessus, Enthrape, Mestasploit
(Armitage), Erase, and Retina. OTHER DATA: ▪
Affiliations:
ASMC (American Society of Military Comptrollers), Beta Alpha Psi (BAP) ▪
Languages:
Conversational Spanish |
|
|
||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|