Senior It Security Analyst Resume
2.00/5 (Submit Your Rating)
Washington, DC
SUMMARY
- A Senior IT Security Analyst wif over six years’ experience in Security Documentations, Assessment and Authorization (A&A or C&A), POAM Management and Vulnerability Management.
TECHNICAL SKILLS
- Project Management - MS project/Gantt Chart/CPM
- Preparation of Security Assessment and Authorization (A&A) package
- Risk Assessment and Risk Management (RMF Process)
- Quality Assurance and Operations Management
- Managing People, Team Collaboration, Coordination and Relationship building
- Good noledge of FISMA and NIST Special publications
- Good Time Management
- Team Player/Leader
- Excellent Communication and Analytical Skills
PROFESSIONAL EXPERIENCE
Confidential, Washington DC
Senior IT Security Analyst
Responsibilities:
- Provide input to management on appropriate FIPS 199 impact level designations and identify appropriate security controls based on characterization of teh general support system or major applications.
- Provide IA Support and Risk Management Framework and Continuous Monitoring processes
- Develop and maintain artifacts supporting teh Risk Profile SP, CP, CM, IR and POA&Ms
- Review and Perform Security Impact Analysis (SIA) for all change requests in teh environment
- Responsible for preparing all Assessment and Authorization (A&A) documentation, working very closely wif teh Information System Security Officer (ISSO), Information System Owner (SO) and teh other members of teh Information Assurance team.
- Create, update and revise System Security Plans, FISMA and FISCAM audits, Contingency Plans, Incident Reports and Plan of Action & Milestone
Confidential
Senior IT Security Analyst
Responsibilities:
- Managed and coordinated a team of information security professionals to conduct Security Authorization packages based on NIST standards for general support systems and major applications.
- Risk Management Framework (RMF) assessments and Continuous Monitoring: Perform RMF assessment on several different environments at teh Census Bureau using both scanning tools and manual assessment. Assessments include initiating meetings wif various System Owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls, and documenting findings of assessment.
- POAM Remediation: Performed evaluation of policies, procedures, security scan results, and system settings to address controls that were deemed insufficient during Certification and Accreditation (C&A), RMF, and continuous monitoring.
- Expertise in National Institute of Standards and Technology Special Publication (NIST SP) documentation: Performed assessments, POAM remediation, and document creation using NIST SP 800-53 Rev.2 and NIST SP 800-53 Rev.3.
- Developed solution to security weaknesses: Developed solutions to security weaknesses while working on POAM remediation and Corrective Action Plan (CAP) for teh US Census Bureau. Assist ISSOs create solutions to weaknesses based on system functionality and pre-existing architecture.
- Performed on-site security testing using vulnerability scanning tools such as Nessus.
Confidential
IT Security Analyst
Responsibilities:
- Conducted meetings wif teh IT team to gather documentations and evidences (Kick - off meeting) about their control environment.
- Performed Security Categorization (FIPS 199), Privacy Threshold Analysis (PTA), e-Autantication wif business owners and selected stakeholders.
- Developed and conducted ST&E (Security Test and Evaluation), Security Assessment plan (SAP) according to NIST SP 800-53A.
- Held kick-off meeting wif CISO and systems stakeholders prior to assessment engagement
- Applied current computer science technologies and Information Assurance (IA) requirements to teh analysis, design, development, evaluation, and integration of computer/communication systems and networks to maintain an acceptable system security posture throughout teh lifecycle of multiple national level mission system.
- Developed, maintained, and communicated a consolidated risk management activities and deliverables calendar.
- Developed and updated SAR, SSP, CP & POA&M
- Worked wif business process owners to ensure timely identification and remediation of jointly owned risk related issues and action plans (POAM)
Confidential, Reston, VA
Information Systems Security Officer (ISSO)
Responsibilities:
- Provided security support to 40 government and contractor personnel
- Responsible for preparing all Certification and Accreditation documentation, working very closely wif teh Information System Security Manager (ISSM), Information System Security Representative (ISSR) and teh other members of teh Information Assurance team including teh Certification Unit (CU) and Accreditation Unit (AU) representatives
- Created, updated and revised System Security Plans, FISMA and FISCAM audits, Contingency Plans, Incident Reports and Plan of Action & Milestone
- Reviewed and uploaded deliverables in C&A database (CARA)
- Determined false positives along wif Security manager to create, update and maintain POA&M items
- Granted access based on review and approval of SAR Request to teh Financial Management System
- Coordinated, participated and attended weekly ISSO meetings for security advice and updates
- Informed and advised government and contractor personnel on security matters