- Seeking an Information System Security Officer or Information Security Analyst position in a growth oriented organization with focus on Information Assurance/Cybersecurity.
Confidential, Silver Spring, Maryland
Information Security Analyst
- Performed Risk Management Framework (RMF) Using NIST 800 - 37 as a guide for assessments and Continuous Monitoring.
- Initiating meetings with various System Owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls, and documenting findings of assessment.
- Updated System Security Plans (SSP) Using NIST 800-18 as a guide to develop SSP, Risk Assessments, and Incident Response Plans, created/ change Control procedures, and draft, review, update Plans of Action and Milestones (POA&Ms).
- POA&M Remediation: Performed evaluation of policies, procedures, security scan results, and system settings in order to address controls that were deemed insufficient during Certification and Accreditation (C&A), RMF, continuous monitoring.
- Expertise in National Institute of Standards and Technology Special Publication (NIST SP) documentation: Performed assessments, POA&M Remediation, and document creation using NIST SP 800-53 Rev.1 and NIST SP 800-53 rev.4.
- Developed solutions to security weaknesses in the Requirement Traceable Matrix (RTM) and SAR, while working on POA&M remediation and Corrective Action Plan (CAP).
- Effectively communicate between multiple clients to perform POA&M remediation, also handled internal communications within Office of Information Security and external communications with several different divisions on a daily basis. Maintain excellent working relationships with both internal and external customers using communication skills.
- Provided services as security controls assessors (SCAs) being an integral part of the Assessments and Authorizations process to include A&A scanning, documentation, reporting and analysis requirements, analyzing current threats to information security and systems.
- Identified trends and root causes of system failures or vulnerabilities using NESSUS Vulnerability Scanner, Nmap to scan ports, weak configuration and missing patches.
- Assured that the Information Systems Security department's policies, procedures, and practices as well as other systems user groups are in compliance with FISMA, NIST, and general agency standards.
Confidential, Manassas, Virginia
Information Security Analyst
- Provide services as security control assessor (SCA) and perform as an integral part of the Assessment and Authorization process to include A&A, documentation, reporting, reviewing and analysis requirements.
- As a team, we determined Security Categorizations using the FIPS 199 as a guide, reviewed, update and develop Privacy Impact Assessment (PIA), Privacy Threshold Analysis (PTA), and initiated System Security Plan (SSP).
- Experience developing and updating System Security Plans (SSP), Contingency Plan, Disaster Recovery Plan, Incident Response Plans and Configuration Management.
- Skilled in performing assessments on FedRAMP based on customer responsibility documentation and controls provided by the Cloud provider to assess.
- Work with ISSO, AO and Security team to access security controls selected, and assess the weakness and produce (RTM) or Test case and all findings reported in our SAR report.
- Review and document contingency plans (CP), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines for various agencies.
- Review and update of the System Security Plan (SSP) using NIST SP 800-18 guidelines.
- Specialize in the entire FISMA Risk Management Framework (RMF), and system control assessment processes using NIST SP 800-60, NIST SP 800-53A, preparing and reporting SSP, SAP, PTA, PIA, E-Authentication ST&E, POA&M.
- Develop and conduct ST&E ( Security Test and Evaluation) according to NIST SP 800-53A and perform on-site security testing and reviewing vulnerability scan results.
- Utilize CSAM for assessments and upload artifacts in security documents when updating and developing them.
Confidential, New York, NY
- Coordinated operational functions within a medical environment which required supervising internal projects, developing comprehensive budgets, and monitoring productivity levels
- Performed in-depth project planning in order to ensure timely completion and supervised staff members which included providing training, feedback, and coaching
- Utilized superior communication abilities in order to maintain positive relationships with clients, co-workers, vendors, and members of management