- Confidential detail oriented individual with over 5yrs experience in cyber security field, information Security with focus on Confidential, Confidential Cyber Security Risk Management Framework (RMF), System Security Monitoring and Auditing, Risk Assessments, Security Control Assessment (SCA) and Developing Security Policies, Procedures according to Confidential Standards and guidelines, deeper knowledge of the Confidential Special Publications.
- Strong communication and interpersonal skills with the ability to act as Confidential resource for, provide customer service in Confidential courteous manner to, and work effectively with diverse groups of people at various levels within an organization. Writing skills sufficient to compose and edit Confidential variety of documents using correct spelling, grammar, and punctuation, with the ability to pay close attention to detail and proofread work carefully.
- Strong organizational skills sufficient to prioritize work and complete assignments accurately, either independently or as part of Confidential team, under pressure of competing deadlines and with frequent interruptions, working from own initiative and/or following direction, policies, or procedures. Independently establish priorities and coordinate and complete assignments within established timeframes.
- Ability to identify customer needs and use analytical and decision - making skills to offer options and resolve problems in Confidential variety of contexts.
- Ability to effectively communicate technical issues, identify technical gaps, and the root cause or systemic issues across the agency.
Confidential, Chantilly, VA
Cyber Security analyst
- Perform ongoing Assessment and Authorization projects in support of client security systems and ensuring quality control of Confidential & Confidential documents.
- Conduct risk assessments and collaborate with clients to provide recommendations regarding critical infrastructure, network security operations and Continuous Monitoring processes.
- Extensive knowledge in Categorizing Information Systems (using Confidential 199 as Confidential guide)
- Create, update and revise System security Plans, Confidential and Confidential audits, Contingency Plans, Incident Reports and Plan of Action & Milestone
- Review Privacy Impact Assessment (PIA) document after Confidential positive PTA is created and ensure PII findings are recorded in the System of Record Notice (SORN)
- Document and finalize security Assessment Report (SAR) and Performing security assessment and continuous monitoring of cloud computing services on multi-agency systems in accordance to FedRAMP security control baselines
- Determine security controls effectiveness (i.e., controls implemented correctly, operating as intended, and meeting security requirements).
- Evaluate threats and vulnerabilities based on tenable reports and also Implement Risk Management Framework (RMF) in accordance with Confidential SP 800-37.
- Classification and categorization of information Systems using the RMF processes.
- Provide audit briefings to agency and Information Systems Security Officer (ISSO), to assist in the preparation of independent audit assessments with the agency's goal of improving their operational effectiveness and ensuring that all findings are documented as Plan of Action & Milestones within their Trusted Agent Confidential tool.
- Generate, review and update System Security Plans (SSP) against Confidential 800-18 and Confidential 800 53 requirements.
Confidential, Bowie, Maryland
Cyber security Analyst
- Conduct comprehensive assessments of the security controls employed within or inherited by an Information System to determine the overall effectiveness of the controls.
- Document results of security assessments in Confidential Security Assessment Report (SAR).
- Ensure security assessments are completed for each information systems.
- Assess the severity of weaknesses or deficiencies discovered in the information system and its environment of operation.
- Recommend corrective actions to address identified vulnerabilities.
- Review and validate the remediation of Plan of Action and Milestones (POA&M) weaknesses
- Review scan results from various tools and in corporate those results in the security assessment process.
- Monitor and evaluate Confidential system's compliance with IT security, resilience, and dependability requirements.
- Identify security requirements specific to an IT system in all phases of the System Life Cycle
- Participate in continuous monitoring activities.
- Assist with analyzing, developing, implementing, integrating, and maintaining secure Agency IT.
- Support the analysis, development, evaluation, and production of all system.