PROFESSIONAL SUMMARY:

• Overall 7 years of Experience in Information Technology Industry, with 5 including Cyber Security Project Management, Assessment & Authorization Process working with Government, Healthcare, Finance and Contractor industries.
• Expertise working on various projects such as completing system authorization packages including SSP, SAR, CP, PTA, PIA, and SSP.
• Exposure in working in different teams (ATO Team; Contingency Planning Team; Interconnexion Security team) performing tasks such as ATO Package Documents Revision, Compliance Documents Revision, POA&M Revision.
• Strong ability to work under strict government contract guidelines to ensure successful project completion within limited time constraints
• Experienced in developing and updating System Security Plan (SSP), Privacy Impact Analysis (PIA), System Security Test and Evaluation (ST&E) and the Plan Of Actions and Milestones (POA&M)
• Experienced developing and maintaining security artifacts from scratch like SSP, SAR, POA&M.
• Experience in the application of FISMA guidelines including the NIST special publications 800 - 18, 800-30, 800-37, 800-39, 800-53, 800-53A, and 800-60, FIPS 199 & 200
• Expect in creation of documents for FEDRAMP A&A process to retrieve ATO through GSA
• Thorough knowledge of all Penetration Testing phases with strong ability to perform vulnerability scanning Using Nessus scanner to intelligently manage vulnerabilities with expectation of reviewing Scanning documents for accuracy
• The ability to communicate complex security risks to non-technical staff
• Ability to work with multiple clients in a trusted advisory capacity to ensure that all PCI DSS requirements are in place and are functioning as intended with Strong Ability in preparing reports for (PCI DSS, ROC and AOC)
• Extensive experience in writing and executing Test cases and Test Scripts, mentoring customer's staff, working with overall team to meet project goals.
• Knowledge of Several Computer Environments: Performed evaluation and guidance on security control implementation on multiple environments include Windows server, Windows 7, Windows XP, RedHat, Linux & Unix, Oracle, Cisco IOS, custom created applications, and COTS applications.
• Extensively experienced to work with various defect tracking tools like ALM/Quality Center, Clear Quest, Jira, and thorough knowledge of entire SDLC phases
• Familiar with different standard like CMMI, IEEE and ISO standard.
• Excellent Organizational ability, Communication skills, analyzing skills, technical documentation and reporting skills.
• Strong communicator and skillful in working closely with customers to identify and resolve problems.

PROFESSIONAL EXPERIENCE:

Confidential, Reston VA

Senior Information Security Analyst

Responsibilities:

• Conduct Plan of Action and Milestones (PO&AM) reviews, oversight and reporting as well as Privacy Impact Assessments
• Conduct risk and collaborate with clients to provide recommendations regarding critical Performing daily ongoing (A&A) Assessment and Authorization projects in support of client infrastructure, network security operations and Authorization projects in support of client infrastructure, network Security operations and Continuous Monitoring processes.
• Coordinate data collection, analysis and reporting for IT security data calls, Freedom of Information Act (FOIA) Requests, Incident reports
• TACT streamlines response activities across managed service lines to provide a seamless threat response to our clients.
• Perform security assessments and review system security documentation
• Launched the Threat Analysis Collaboration Team (TACT), the first cross-organizational advanced threat detection and response team within Managed Security Services.
• TACT produces in-depth research on cyber threats, to include aggregation and correlation of indicators of compromise.
• Manage and coordinate a team of information security professionals to conduct Security Authorization packages based on NIST standards for general support systems and major applications.
• Manage the Computer Security Awareness Training and Role-Based Training projects
• Performed Security Categorization (FIPS 199), Privacy Threshold Analysis (PTA), E-Authentication with business owners selected stakeholders.
• Developed and conducted Security Test and Evaluation (ST&E) or Assessment and Authorization (A&A) according to NIST SP 800-53A rev 3 and rev 4.
• Perform Vulnerability scanning using Nessus Scanner and review scanning documents for accuracy
• Develop Security Assessment Plan (SAP) to initiate Security Assessment for low, moderate and high control information systems
• Conduct Security Control Assessment on General Support Systems (GSS), Major Applications and Systems to ensure that such Information Systems are operating within strong security posture
• Active participation in providing resolution to Authorization to Operate (ATO), Risk Management Framework Process (RMF), Federal Information Security Management Act (FISMA), findings and reports in support of office activities.

Confidential, Washington DC

Cyber Threat Intelligence Analyst

Responsibilities:

• Coordinate in-depth interviews and examine documentation/artifacts in accordance with NIST SP 800-53A rev 4
• Perform Federal Information Security Management Act (FISMA) audit reviews using NIST 800-37.
• Conduct risk assessments and collaborate with clients to provide recommendations regarding critical Performing daily ongoing (A&A) Assessment and Authorization projects in support of client infrastructure, network Security operations and Continuous Monitoring processes
• Review and update some of the system categorization using FIPS 199, Initial Risk Assessment, E-authentication, PTA, PIA, SAR, SSP, SAP& POA&M.
• Participate in Assessment & Authorization (A&A) Kick-off Meeting and populate the Requirements Traceability Matrix (RTM) per NIST SP 800-53A.
• Conduct a Privacy Threshold Analysis (PTA), and Privacy Impact Analysis (PIA) by working closely with the ISSOs and the System Owner.
• Coordinate, participate and attend weekly ISSO forums for Security advice and updates.
• Performed evaluation of policies, procedures, security scan results, and system settings in order to address controls that were deemed insufficient during Certification and Accreditation (C&A), RMF, continuous monitoring, and FISCAM audits.
• Provide continuous monitoring support for control systems in accordance to FISMA guidelines and conduct FISMA-based Security risk assessments.
• Performing IT assessments of client environments, using defined, best practice IT standards, Payment Card Industry Data Security Standard (PCI DSS) and assisting the senior Security consultant
• Manage and coordinate a team of IT auditors in assessing the financial management systems, which include the core financial system and major feeder systems, to ensure adequacy of internal controls and compliance with applicable regulations and standards.

Confidential, Richmond, VA

QA/ QC Engineer/ Software Tester

Responsibilities:

• Performed manual testing of the entire application.
• Managed communication with the System developers concerning business and user requirements of the applications.
• Used Test Director for uploading requirements, creating Test Plans, Test Cases, Test Sets and updating Test results.
• Extensively involved in testing the application, which was executed in two phases. Initial testing was conducted manually and later phase was executed using Rational Robot.
• Extensively involved in writing, executing and analyzing UAT.
• Performed Black Box, Functional, Integration, UAT and Regression Testing of the website.
• Initiated defects and assigned to Development teams with appropriate severity levels.
• Analyzing and reporting the test problems/failures and defects to the Development Team.

Environment: Windows, UNIX, Java, JavaScript, SQL, PL/SQL, Oracle, Crystal Report, Web Logic, Soapui, Rational Robot, Clear Case, Clear Quest, HP ALM