- Well - rounded IT Security Professional, with deep knowledge in Assessment and Authorization (A&A), Vulnerability Assessment and Risk Management, in compliance to FISMA, using applicable NIST SP 800 Series and FIPS Standards, to maintain the Confidentiality, Integrity and Availability (CIA) of Information, and Information Systems.
- Knowledge of the System Development Life Cycle (SDLC), Information Technology Infrastructure Library (ITIL) Service Management, Risk Management Framework (RMF), FISMA Compliance, NIST SP 800 Series, FIPS 199 and FIPS 200.
- Security Control Assessment (SCA): Create and Update System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), Security Test & Evaluation (ST&E), Vulnerability Assessment Report (VAR), Plan of Action and Milestones (POA&M) and other Artifacts needed for ATO Packages.
- Excellent Oral Communication, Analytical, Problem-Solving, Time Management, Written and Inter-Personal Skills. A Quick learner, Team player and very Dependable.
- Tools: MS Office (Word, Excel, Power-Point, Outlook), Nessus, CSAM.
Confidential, Laurel, MD
Information Security Analyst
- Participate in Kick-off Meetings and follow Security Assessment Plan (SAP) procedures.
- Populate assessment documentation: SSP, ST&E, SAR, VAR, RAR, and POA&M.
- Conduct review of System Security Plan (SSP), Contingency Plan (CP), Configuration Management Plan (CMP), Incident Response Plan (IRP), Disaster Recovery Plan (DRP), Privacy Threshold Analysis (PTA), Interconnection Security Agreement (ISA), Memorandum of Understanding (MOU), Policies, Procedures and other artifacts, updated by the ISSOs, to ensure that they remain current.
- Perform Security Control Assessment, using NIST 800-53A Rev. 4, as a guide, by reviewing artifacts, provided by the POCs, on systems to determine if security controls are implemented, working properly as intended, or if they’re yielding the desired outcomes, per Organization’s guide and FISMA guidelines.
- Document assessment findings in Security Test and Evaluation (ST&E) Spreadsheets for immediate remediation.
- Enter the failed controls that can’t be immediately fixed into the POA&AM and provide recommendations to remediate the deficient controls.
- Perform Risk Assessments, per NIST 800-30 Rev1, on failed controls to determine Risk Levels, and produce a Risk Assessment Report (RAR) and recommendations.
- Analyze vulnerability scanning reports, generated from Nessus by system administrator, to identify weaknesses in the systems, and create POA&M for weaknesses identified.
- Conduct a review of System Categorization, performed by the information system owners (ISOs), in case of a Change in system’s Environment, using FIPS 199 and NIST SP 800-60 Vol.1&2 as guides.
- Perform review and updates to the System Security Plan (SSP), following periodic and annual assessments, using NIST 800-18 and other associated artifacts as guides.
- Assemble authorization packages (SSP, SAR and POA&M) for submission to the Authorizing Official (AO) for authorization to operate (ATO.)
- Perform on-going assessment of a subset of selected Technical, Operational and Management security controls, based on organizational-defined monitoring strategy, using NIST SP 800-137 and NIST SP 800-53A Rev. 4 as guiding documents.
Cyber Security Analyst
- Conducted annual Updates to System Security Plan (SSP), Contingency Plan (CP), Incident Respond Plan (IRP), Configuration Management Plan (CMP), Disater Recovery Plan (DRP), Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA), Risk Assessment (RA), Interconnection Security Agreement (ISA), Memorandum of Understanding (MOU), Policies, Procedures and Guidelines, per Organizations’ Missions and in compliance with FISMA.
- Developed Assessment and Authorization documentation (SSP, RTM, POA&M) needed to validate the effectiveness of the system’s security requirements, in accordance with the Risk Management Framework (RMF), and in compliance with FISMA.
- Worked with System Owners to Categorize Systems, based on Impact Analysis, using FIPS 199, and Identified the systems’ Information Types, using NIST SP 800-60 Vol. 1&2.
- Took part in Selecting a set of Applicable Baseline Security Controls, from NIST SP 800-53 Rev4, based on systems’ Categorization, and the minimum requirements of FIPS 200, and documented the selected controls in the SSP.
- Worked with Assessors and ISO to close Plan of Actions and Milestone (POA&M) entries.
- Assisted assessors complete the A&A process and to put together Authorization Packages (SSP, POA&M, and SAR) to be submitted to the Authorizing Official, for an ATO, in compliance with FISMA.
- Provided oversight and supported continuous monitoring of selected security controls, through periodic testing and assessments of controls, using NIST SP 800-137, as guide.
- Conducted monthly vulnerability scanning on systems, as part of Organization’s Continuous Monitoring Strategy, using the Nessus scanning tool.
- Analyzed the results and updated the SSP, POA&M and other documents as needed. Contributed to team efforts in relations to other tasks.
- Researched and recommended information Assurance (IA) products, based on set strategy, cost/benefit analysis and risk reduction methodologies, to the Law Group.
- Coordinated Kick-off meetings with outside contractors to perform on-site security and risk assessments and management to fulfill Information Assurance (IA) obligations.
- Analyzed reports and coordinated responses to third-party’s security assessments, and led in managing remediation and repairs activities of known systems deficiencies.
- Served as the Point of Contact and Liaison between Law Group’s management and third-party vendors as far as Information Assurance (IA), and systems security issues were concerned.
- Installed and Configured Software, Hardware, and Applications on multiple machines, and provided Patch Management to these systems. Made sure that the Law Group’s network, and its components, are functioning properly per the Organization’s standards.
- Oversaw the purchasing of new equipment, scheduled repairs of existing and legacy systems, and ensured that there is a well-functioning back-up mechanism in place.
- Reviewed the Law Group’s Policies and Procedures, and performed Updates, in accordance with industry’s best practice.
- Performed business immigration duties such as completing H-1B forms and other documents, during peak seasons, and filed the forms with the USCIS or Immigration Review Boards, when required.
IT Help Desk
- Served as the initial POC for troubleshooting hardware, software, network printers and other system components issues.
- Modified configurations and software default settings for the local workstation and other computer systems per Organization’s policies and procedures.
- Utilized Microsoft Office applications to create reports, spreadsheets, proposals and other support documents.
- Managed events and problem logs and escalated issues to appropriate quarters and kept track of the outcomes and communicated to end-users as needed.
- Worked with outside vendors to meet the IT needs of the Organization.
- Participated in updating the Organization's SOP, and Performed other duties as required.
- Provided technical assistance and support for incoming queries and issues related to computer systems, software, and hardware.
- Installed software on end user's computer and Performed basic hardware replacements and upgrades.