SUMMARY:

• A performance - oriented security analyst with closed to 5 years’ experience in a face pace environment. With much ability who to act as the glue that links mission critical security requirements I do respond to the ever-changing demands of clients by creating innovative high quality and defect free solutions that precisely meet business demands and consistently exceeds expectations. I possess Strong interpersonal communication and leadership skills .
• Haven thrived successfully through this complex environment of new challenges and the emergence of uncertainty in information and system security, I have gained In-depth understanding of business drivers and how to apply technology to achieve and support them.
• Perform security controls assessments, review vulnerability results and work with stakeholders to established plans for sustainable resolution.
• Proficient in the Risk Management Framework (RMF) assessments and Continuous Monitoring as recommended by FISMA. I have Performed RMF assessment on several different environments using both scanning tools and manual assessment.
• I assist in initiating meetings with various System Owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls, and documenting findings of assessment.
• Successfully implemented NIST 800-137, NIST 800-18, NIST 800-53a, NIST 800-34, NIST 800-53 rev3 and rev4, NIST 800-61, NIST 800-39, NIST SP 800-30 rev1 and NIST SP 800-37 and FIPS 199, FIPS 200 just to name a few
• Successfully utilize the various NIST Special Publication and the ISO standard in implementing security controls and preventing attacks.
• I have substantial experience with exploitation tools like Nessus for Vulnerability and other network monitoring tools like Nmap including some knowledge on Kali Linux.
• High ability working in a fast-pace environment while directing multiple projects from concept to implementation.

TECHNICAL SKILLS:

Application/Operating system: Linux Server 6 & 7, Unix Servers, Windows 98/2000/NTTools: Nessus, Qualys, CSAM, XACTA, PCI DSS, Apache, NIST 800 series, Wireshark, Nmap, NetstatPrograms:: Microsoft Office Suite (Excel, Word, Power Point, and Outlook).

Artifacts collected: PO&AM, System security Plan SSP, Security Assessment Plan and Security Assessments Report SAR, A&A Package development .

PROFESSIONAL EXPERIENCE:

Confidential

Information Security Analyst

• Conduct internal and external security audits. Established plans and protocols to protect information systems against unauthorized access, modification and/or destruction
• Perform security categorization, using FIPS 199, and review Privacy Threshold Analysis (PTA ), and E-Authentication with business owners and selected stakeholders .
• Develop NIST Compliant vulnerability assessments, technical documentation, and Plans of Action and Milestone (POA&M), and address system weaknesses
• Perform comprehensive Security Control Assessment (SCA) and prepare report on management, operational and technical security controls for audited applications and information systems
• Document and review System Security Plan (SSP), Security Assessment Report (SAR), Security Plan of Action and Milestones (POA&M), Authorization letter/memorandum (ATO
• Conduct risk assessments regularly ; ensured measures raised in assessments were implemented in accordance with risk profile, and root-causes of risks were fully addressed following NIST 800-30 and NIST 800-37
• Document and Review security plans (SP), contingency plans (CP ), contingency plan tests (CPT), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines for various government agencies.
• Reliably Performed security control assessment of all assigned systems, developed test plans and assessment reports in support of system authorization
• Provided written and verbal reports of audit findings as well as interpreted audit results to stockholders.
• Ensure there is PCI DSS audit compliance and tracked vulnerabilities to ensure finalize mitigated controls were correctly implemented.
• Monitor, identify, and analyse security risks to determine their impact and likelihood so that mitigations strategies can be prioritized.

Environment: General support system - Red hat Linux 6&7, Window 98/2000/NT & virtual machines.

Confidential, Springfield, VA

Support State Govt) Information Security Analyst

• Develop and maintain Plan of Action and Milestones (POA&MS) of all accepted risks upon completion of system (C&A)
• Perform on-site security testing using vulnerability scanning tools such as Nessus.
• Update System Security Plans (SSP), Risk Assessments, Incident Response Plans, create Change Control procedures, and draft Plans of Action and Milestones (POAMs)
• Conduct internal and external security audits. Establish plans and protocols to protect information systems against unauthorized access, modification and/or destruction.
• Provide written and verbal reports of audit findings as well as interpreting audit results against defined criteria.
• Document the fails/pass controls results in the Requirement Traceability Matrix by using NIST SP 800-53A as a guide to determine assessment methodology.
• Perform security controls assessments, review vulnerability results and work with stakeholders to established plans for sustainable resolution.
• Complete security controls assessment and documenting weaknesses/findings in the Security Assessment Report (SAR).
• Perform Security Categorization (FIPS 199), Privacy Threshold Analysis (PTA), E-Authentication with business owners and selected stakeholders.
• Prepare incident reports of assessment methodology results and create reports detailing the identified vulnerabilities and the steps taken to remediate them.
• Conduct FISMA-based security risk assessments for government contracting organizations and application systems, including interviews, tests and inspections; produced assessment reports and recommendations ; conducted out-briefings . Assessments conducted following NIST 800 processes and controls.