Information Security Analyst Resume
CORE COMPETENCIES/TOOLS:
Security Assessment and Authorization, FISMA, FIPS, Confidential SP 800 Series, DHS 4300, DoDI 8500/8510, DIACAP, eMASS,, DISA STIGs, USCGB, Project Management, DoDAF, FOIA, HIPAA, HITRUST, HSPD - 12, Microsoft Office/Project, MS Word, Excel, PowerPoint, Visio, Clear Case, CSAM/NCAT, Archer, Remedy, JIRA, Nessus, BurpSuite, AppDetective, dbProtect, NMAP, SDLC, Agile, Metric Reporting
EXPERIENCE:
Information Security Analyst
Confidential, Chantilly, VA
Responsibilities:
- Supported Program Manager and performed all adhoc tasks as assigned.
- Led team with the overarching structure, processes and procedures to align with the VA Office of Information and Technology’s objectives.
- FedRAMP/AWS implementation goals to include metrics and deliverables.
- Reported activities in the form of Quad Charts, Weekly Activity Reports, Executive Briefs and Monthly reports.
- Provided guidance on baseline configuration (STIGS, USCGB, etc.) and Security Impact Analysis
- Consulted on AWS implementation
- Reviewed/commented on System Engineering Technical Reviews
- Managed work flow and resources for team of 24 cybersecurity engineers and analysts. Performed the projects SOW as assigned.
IT Security Consultant
Confidential, Waldorf, MD
Responsibilities:
- Supported the 2020 Census. vendor meetings
- Designed, architected and implemented security controls securing enterprise wide systems, applications, network and infrastructure services with respect to AWS/Azure implementation
- Collaborated with System Owners, Information Stewards and Engineers on the design, architect and their implementation to the various systems
- Meet milestones while verifying the deliverables and artifacts.
Confidential
Senior Information Security Compliance Analyst
Responsibilities:
- Verified A&A package content during kick offs and subsequent meetings.
- Reviewed, edited and implemented security policies, procedures and security controls;
- Applied industry best practices to architect recommended solutions.
Confidential
Senior Information Security Compliance Analyst
Responsibilities:
- Supported the Confidential eHR Acquisition Solution with a strategy for implementing security requirements
- Collaborated with team, researched and recommended procurement options for a software solution documented and submitted in an analysis of alternatives
- Reviewed change control requests.
Confidential
Senior Information Security Compliance Analyst
Responsibilities:
- Collaborated daily with engineers, system administrators and system owners to develop policy and procedures.
- Supported the Risk Management Framework for Confidential Security Assessment Branch.
- Addressed and managed risk by way of assessments; Interviewed System Owners, Information Stewards and Engineers for the security requirements of Confidential 800 - 53 rev. 4 and documenting their implementation to the various systems.
- Provided direct support to CISO to include the analysis, review and execution of projects to enhance the security posture of Confidential information security programs and systems.
- Provided Federal Information Security Management Act (FISMA) and Office of Management and Budget (OMB) guidance and support.
- Represented CISO when unavailable; Collaborated daily with a variety of stakeholders, including Consumer Financial Protection Bureau (CFPB), system owner, implementation engineers, 3rd party auditors, vendor security teams and AWS to develop security artifacts and contractual deliverables
- Developed baseline configuration checklist and vulnerability assessment process documentation
- Consulted on existing CCB processes for improvement. Engaged 3rd party vendors and Cloud Service Providers in project efforts with respect to security procedures and ongoing requirements to maintain the existing FedRAMP security postures in reaching a Provisional Authority to Operate (P-ATO) for systems.
Information Security Analyst
Confidential, McLean, VA
Responsibilities:
- Developed security requirements for a departmental acquisition
- Developed and implemented the IT processes and technology which involved testing cyber security controls, defining remediation, project plans, and policy/procedure development. Participated in daily scrums (Epics and user stories)
- Discussed Confidential security requirements in addition to API options
- Recommended options to senior management of additional controls needed to effectively execute alignment to FedRAMP controls in pursuit of a Provisional Authorization-To-Operate (P-ATO) certification.
Information Security Analyst
Confidential, Chantilly, VA
Responsibilities:
- Developed documentation and content with vendors for the FedRAMP security controls supporting the (Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) as stacks
- Facilitated kick offs and other adhoc meetings for the Cloud Service Providers and Third-Party Assessment Organizations (3PAO)
- Verified deliverables and artifacts; Reviewed/commented on System Engineering Technical Reviews
- Improved processes that met PMO goals and objectives to ensure system confidentiality, integrity and availability through Continuous Monitoring and tracking of PoA&M's.
- Provided guidance on baseline configuration and security impact analysis.
Information Security Analyst
Confidential, Vienna, VA
Responsibilities:
- Tested security controls of Automated Information Systems (AIS); Analyzed risk to improve code reviews for application security scans (Nessus) and desktop configurations (USGCB); Documented security assessment packages against Confidential standards and addressed IV&V comments before submission to Designated Accreditation Authority for approval.
IT Security Consultant
Confidential, Waldorf, MD
Responsibilities:
- Provided consultation services in support of Assessment and Authorization (A&A) packages consisting of System Security Plans, Incident Response Plans, Security Categorizations, Business Impact Analysis, Contingency Plans and Testing, Security Assessment Reports, Security Test and Evaluation Plans and execution, Security Impact Analysis, Privacy Impact Assessments, Configuration Management Plans, and PoA&M activities.
- Developed System Security Plans, Contingency Plans and Security Assessment Reports for security authorization packages.
- Conducted security test and evaluations (ST&E).
- Information System Security Officer (ISSO) - Supported Director as tasked; Teamed up across diverse groups to elevate security posture and strategy for the valued effectiveness of the existing risk assessment program; supported baseline efforts Federal Desktop Core Configuration (FDDC).
- Developed Information Security Agreements and Memorandum of Agreements among others.
Information Security Analyst
Confidential, Rockville, MD
Responsibilities:
- Defined customer security requirements for Electronic Health Records (eHR) and recommended customer support principles and methods to provide information when responding, reporting and resolving customer requests
- Provided guidance for DoDI 8510.01 Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) Instruction.
Information Security Analyst
Confidential, Rockville, MD
Responsibilities:
- Executed document edits and functional tests for the interoperability of Confidential systems and components under the guidance of the Chairman of the Joint Chiefs of Staff Instruction (CJCSI) 6212; Corroborated-on DoD Architecture Framework (DoDAF) documents (SV, OV and TA) and other supporting documents Customer Requirements Document (CRD) and Interoperability Certification Evaluation Plan (ICEP) among others.
Program Manager
Confidential, Bowie, MD
Responsibilities:
- Developed, managed and implemented project plans to include (time management, work breakdown structure, budget, risk and procurement).
- Analyzed and developed cost and schedule variance using accepted EVM tool Cost Account Management (CAM)
- Assured responsiveness to requirements, rapidly resolved problems, and identified/responded to new requirements;
- Contributed to analyses of RFP's, coordinated development/submission of responsive proposals, and participated in negotiation of contracts (terms, conditions, prices) and contract modifications.
- Established team goals and objectives to be accomplished and ensure the integrity, compliance and accountability for Continuous Monitoring.