We provide IT Staff Augmentation Services!

Cyber Security Analyst Resume

Washington, DC

OBJETTIVE:

A positive self - motivated information security analyst with over 5 years experience on performing security control assessment, reviewing an ATO package document for Confidential compliance. looking for a new position to utilize my skill to improve the vision, mission and value of the organization.

QUALIFICATION SUMMARY.

  • Information Technology Infrastructure Library Time Management (ITIL) Service Management Written and Inter-Personal Skills.
  • Risk Management Framework (RMF) Quick learner, Team player and very Dependable
  • Knowledge of the System Development Life Excellent Oral Communication Cycle (SDLC) Analytical, Problem-Solving.
  • Confidential Compliance security Control Assessment (SCA)
  • NIST SP 800 Series Create and Update SSP FIPS 199 and FIPS 200. (SSP)
  • (SAR)security Test & Evaluation (ST&E) Nessus and familiar with eMASS. Plan of Action and Milestones (POA&M). ATO Packages.

PROFESSIONAL EXPERIENCE:

CYBER SECURITY ANALYST

Confidential - Washington DC

Responsibilities:

  • Manage and coordinate a team of information security professionals to conduct Security Authorization packages based on NIST standards for general support systems and major applications.
  • Provide input to management on appropriate FIPS 199 impact level designations and identify appropriate security controls based on characterization of the general support system or major applications.
  • Develop and maintain Plan of Action and Milestones (POA&MS) of all accepted risks upon completion of system
  • Perform vulnerability scanning using NESSUS and WEBINSPECT.
  • Experience in ISO Sans-20 security standard mapping, PCI DSS, and Fed Confidential
  • Manage and coordinate a team of IT auditors in assessing the financial management systems, which include the core financial system and major feeder systems, to ensure adequacy of internal controls and compliance with applicable regulations and standards.
  • Oversee the preparation of a Comprehensive and Executive Assessment & Authorization packages for submission to the Confidential Information Assurance Program Office for approval of an Authorization to Operate (ATO).
  • Perform Risk Assessments (RA), and Incident Response Plans (IRP).
  • Assist in establishing an Ongoing Authorization (OA) program design to review the security posture of designated systems on a continual basis.
  • Provide audit briefings to agency and Information Systems Security Officer’s (ISSO), to assist in the preparation of independent audit assessments with the agency’s goal of improving their operational effectiveness and ensuring that all findings are documented as Plan Of Action & Milestones within their Trusted Agent Confidential (TAF) tool.
  • Manage and coordinate a team of information security professionals to conduct Security Authorization packages based on NIST standards for general support systems and major applications.
  • Manage and coordinate a team of IT auditors in assessing the financial management systems, which include the core financial system and major feeder systems, to ensure adequacy of internal controls and compliance with applicable regulations and standards.
  • Participate in Confidential Critical Control Reviews (CCRs) and assist the Confidential CCR team with agency personnel interviews and document requests. Also assisted external auditors with OMB A-123 Audits, OIG and Financial Statements Audits.
  • Review and update SSP, SAP, SAR, RA, POA&M, IR, IRP, PTA, PIA, SORN,BIA,DRP,CP, CPT, and E-authentication .
  • Establishes relationship with other CISO Divisions executives to develop strong foothold into reviews of programs and portfolios in critical need of security control improvements.

CYBER SECURITY ANALYST

Confidential - laurel MD

Responsibilities:

  • Conducted Confidential -based security risk assessments for government contracting organizations and application systems, including interviews, tests and inspections; produced assessment reports and recommendations; conducted out-briefings. Assessments conducted following NIST 800 processes and controls.
  • Documented and Reviewed security plans (SP), contingency plans (CP), contingency plan tests (CPT), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines for various government agencies. Conduct Confidential -based security risk assessments for various government contracting organizations and application systems - including interviews, tests and inspections; produced assessment reports and recommendations; conducted out-briefings. Assessments conducted following NIST 800 processes and controls.
  • Performed Security Categorization (FIPS 199), Privacy Threshold Analysis (PTA), E-Authentication with business owners selected stakeholders.
  • Developed and conduct Confidential (Security Test and Evaluation) according to NIST SP 800-53 A.
  • Worked with business process owners to ensure timely identification and remediation of jointly owned risk related issues and action plans.

Hire Now