- About four years of both Confidential practice and Cyber Security experience with concentrations on enterprise Security Risk Management with in - depth knowledge in managing and auditing Information Systems for compliance.
- Seeking to provide enterprise support to information systems, networks and processes through Information Assurance controls, compliance verification, Risk Assessment, Vulnerability management in accordance with FISMA, OMB, and Industry best practice.
- Support Cyber Defensive Operations specifically C&A and RMF Assessments and Authorizations.
- A highly motivated individual with capability team building, and the ability to learn new skills, and concepts.
- Assessment and Authorization
- Network & System Security
- Vulnerability Management (IVMs)
- Authentication & Access Control
- Change Control and Configuration Management
- Plan of Action and Milestones (POA&Ms)
- Regulatory Compliance
- Information System Audits
- Disaster Recovery Plans (DRP)
- Continuity of Operations Plan (CP)
- Information Protection Program (IPP)
- System Security Plan (SSP)
- Security Assessment Reports (SAR)
Security Technologies: Nessus Security Center.
Networking: LANs, WANs, VPNs, Routers, Firewalls, TCP/IP
Software: MS Office (Word, Excel, Outlook, Access, PowerPoint)
CIVILIAN PROFESSIONAL EXPERIENCE:
Confidential, Lanham, MD
Information Assurance Analyst
- Provided Information Assurance support and services in multiple systems and organizations
- Support in the implementation and management of Security controls operational, and technical controls for information systems.
- Review security authorization packages, developed and updated System Security Plan (SSP), Assessment Control Report, Plan of Actions and Milestones (POA&M) including the drafting of expectations and waivers as appropriate
- Perform continuous monitoring in line with Confidential SP consisting of vulnerability assessments to include automated, manual and Pen Testing to validate the Federal client's system's security posture and provide reports for each unit to be used for mitigation of findings.
- Review and update documents for quality, completeness, accuracy, succinctness, ease of understanding (for readers with no IT background).
- Develop and conduct Confidential & Confidential (Security Test and Evaluation) according to Confidential SP A. Generate assessment reports at the end of the process to communicate security vulnerabilities identified and develop recommendations for improving security posture and maintaining compliance
- Collaborate with external service providers for External Security Risk Penetration testing to identify potential external network threats and vulnerabilities. Track and report on progress in remediating or exempting reported vulnerabilities with business and IT partners.
- Prepare security assessment plan, secure resources and hold kick-off meetings prior to assessment
- Work with system owners on initial authorizations of new and legacy systems, reauthorization of existing systems; explain security requirements needed for authorization to operate, assist in ensuring documents and requirements meet Confidential and agency requirements