SUMMARY:

• Information system security specialist with an impressive successful track record, insightful, and result driven. Accrued expertise in directing a board range Corporate Initiatives while participating in planning analysis, implementation of solutions and software testing. I seek to work in a professional environment where I intend to fully utilize my seven years of accrued analytical and problem - solving experience.
• Proficient in Microsoft office suite (MS Word, MS Excel, Outlook, and PowerPoint), and Windows Server 2003-2016.
• Subject matter expert in Risk Management Framework
• Experience using compliance and scanning tools such as Nessus security center, CSAM, Xactcta, Wireshark
• Extensive experience in all aspects of Security Authorization and Continuous Monitoring process using National Institute of Standard Publications ( Confidential ) 800-30, 800-37 Rev 1, 800-60, 800-53A, 800-53 Rev- 3 & 4, FIPS 199 FIPS 200, OMB A-130 App. III.
• Experience with Federal Information Processing Standards (FIPS) 199 System Categorization, System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), Risk Assessment (Impact Analysis), Continuous Monitoring and the Plan of Action & Milestone (POAM).
• Experience with Information Security Risk Assessments, Implementation of Controls, Security Infrastructures, and the entire Risk Management Framework.
• Excellent communication and writing skills.
• Possess time management skill and the ability to work within stipulated time frame.
• Proficient in working with Protocols such as TCP/IP, HTTP and LAN/WAN.
• Outstanding knowledge of hardware like Switches, Servers, and Routers.

PROFESSIONAL EXPERIENCE:

Confidential

Sr Information Assurance Security Specialist

Responsibilities:

• Support Security Assessment and Authorization (SA&A) activities.
• Collect, review, and update, and maintain IT Security supporting artifacts.
• Perform Security Assessments of assigned systems and applications using existing Confidential and federal directives or policies.
• Create and maintain appropriate documentation and reports related to security operations in the cloud, including metrics, procedures, and processes. Perform vulnerability testing, risk analyses and security assessments as required for cloud systems.
• Review and provide comments on, and implement Confidential and OMB, to SAMHSA IT security policies, procedures, and other authoritative IT security guidance.
• Plan, schedule, coordinate, prepare, execute, and document the results of test plans.
• Support audits, reviews, assessments, and analyses.
• Coordinate, support, and assist in preparing for internal and external IT System Security reporting requirements.
• Coordinate, support, and assist in the completion of POA&M remediation efforts.
• Support Continuous Monitoring Plan and Strategy Plan.
• Provide IT security guidance to Authorizing Officials (AO), Information System Owners (SO), and the Contracting Officer's Representative (COR) Initiate, coordinate, support, and document all IT Security related meeting.
• Conduct security assessment interviews to determine the Security posture of the System and then develop a Security Assessment Report (SAR) in the completion of the Security Test and Evaluation (ST&E) questionnaire using Confidential SP 800-53A rev 4 required to maintain Company Authorization To Operate (ATO.
• Performs information security risk assessments and assist with the internal auditing of information security processes. Assess threats, risks, and vulnerabilities from emerging security issues and also identify mitigation requirements
• Provide recommendations for finding and select controls that apply security protections to systems, processes, and information resources using the Confidential family of security controls.

Confidential

Information Security Specialist

Responsibilities:

• Performed Confidential audit reviews using Confidential 800-37 rev 1.
• Updates IT security policies, procedures, standards, and guidelines according to the department and federal requirements.
• Performed risk assessments, developed and reviewed documentation such as:
• System Security Plans (SSP)
• Plans of Action and Milestones (POA&M)
• Security Assessment Report (SAR)
• Configuration Management Plan (CMP)
• Contingency Plans (CP)
• Incident Response Plans (IRP), and other tasks and specific security documentation by Confidential SP 800-37 rev 1, 800-18, 800-53 rev 3 and 4.
• Worked with IT Operations and Network Engineers to mitigate system vulnerabilities discovered in network devices (routers, switches, VPN Concentrator), servers, and workstations.
• Performed information security risk assessments and assist with the internal auditing of information security processes. Assess threats, risks, and vulnerabilities from emerging security issues.
• Plan, coordinate, support, and assess system vulnerability scans and assessments, and assist in completing remedial actions, as necessary.
• Performed security scan on a system using vulnerability scanning tools (Web Scanner, Nessus). Analyze security reports for security vulnerabilities.
• Responsible for developing Security Authorization documents and also ensures System Security Plan, Security Assessment Plan, Plan of Action and Milestones (POA&M), Contingency Planning and artifacts are maintained and updated using Confidential guidelines.
• Assisted with the selection and implementation of controls that apply security protections to systems, processes, and information resources using the Confidential family of security controls.
• Conducted users training to ensure systems security and increase user awareness.
• Conducted a weekly review of security logs and vulnerability scans on Operating Systems, Databases, Applications and developed Plan of Action and Milestone (POA&M).
• Identified, respond to, and report security violations and incidents as encountered to ensure that senior management is kept apprised of all pertinent security systems issues.

Confidential

Information Security Specialist

Responsibilities:

• Ensured all systems are operated, maintained, and the information at the end of its life cycle is disposed of following Internal Confidential security policies.
• Conducted users training to ensure systems security and increase user awareness.
• Conducted a weekly review of security logs and vulnerability scans on Operating Systems, Databases, Applications and developed Plan of Action and Milestone (POA&M).
• Monitored network performance and troubleshoot problem areas as needed.
• Identified, respond to, and report security violations and incidents as encountered to ensure that senior management is kept apprised of all pertinent security systems issues.
• Assisted with the development and updating of Confidential security policies.
• Performed compliance Map and Gap Analysis on Confidential systems.
• Conducted Risk Assessment on all Confidential system changes.
• Cross-trained and provided back-up for other IT support representatives when needed.
• Displayed exceptional telephone etiquette and professionalism in answering and resolving technical calls.
• Assisted in the daily administration of security controls, compliance, and monitoring.
• Provide IT System Security consultation for major application change/development efforts, as required, including but not limited to, attending meetings with development teams to ensure that IT security is built into the design/requirement documents.