Sr. Cyber Security Analyst Resume
Mclean, VA
SUMMARY
Motivated IT Security Analyst and Cyber Security Analyst with over 6 years of professional experience in Assessment and Authorization, Confidential 800 - 37 Risk Management Framework, POA&M management and Operational Policy and Procedures, OMB A-123. Experience in all phases of preparing and reviewing complete Assessment and Authorization packages for information technology systems and/or applications as defined by the Confidential and implemented by the guidance of the National Institute of Standards and Technology ( Confidential ).
PROFESSIONAL EXPERIENCE:
Confidential, Mclean, VA
Sr. Cyber Security Analyst
Responsibilities:
- Sound understanding and experience with Confidential Risk Management Framework process.
- Lead assessments of clients systems and environment following Confidential 800-53 rev 3 and rev 4 Standards.
- Review and update System Security Plans against Confidential 800-53 requirements.
- Determine security controls effectiveness (i. Confidential ., controls implemented correctly, operating as intended, and meeting security requirements).
- Conduct risk assessments, ensured measures raised in assessments were mitigated in accordance with risk profile, root-causes of risks and fully addressed following Confidential 800-30 and Confidential 800-37
- Perform on-site security testing using vulnerability scanning tools such as Confidential .
- Ensure Client delegated systems are in compliance with security policies and procedures.
- Provide continuous monitoring support for systems in accordance to Confidential guidelines.
- Assist System Owners and ISSO with the development of SA&A documentation.
- Liaised with external auditors during annual audit and ensured that deficiencies are remediated in a timely manner before recertification follow up.
- Develop and conduct Confidential & Confidential, Security Assessment plan (SAP) according to Confidential SP 800-53A.
- Peer review and analyze security authorization package documentation that are used to determine the Authority to Operate ( Confidential ) for systems ( Confidential, CP, RA, POA&M etc.).
- Serve as ISSO for multiple major applications and the general support system.
- Document and Review PTA for PII residing systems.
Confidential, Arlington, VA
Advisory Consultant
Responsibilities:
- Supported the client in performing the Confidential RMF process to ensure that they comply with security and complete their annual SA&A requirements using the Cybersecurity Assessment and Management (CSAM) tool to manage the SA&A workflow and associated documents.
- Developed and reviewed security categorizations using FIPS 199 and Confidential SP 800-60 to determine if the categorization is adequate and commensurate with the data that is processed.
- Reviewed current agency policies and procedures and identify gaps in terms of compliance.
- Served as ISSO for multiple major applications and the general support system.
- Performed and developed Privacy Threshold Assessments (PTA) and Privacy Impact Assessments in coordination with the system owners and stakeholders.
- Supported security controls assessment efforts by preparing and providing evidence artifacts.
- Coordinated and tracked remediation of security weaknesses as they are discovered, via the Plan of Actions and Milestones .
- Developed and reviewed risk acceptance memorandums to ensure that accepted risks have appropriate justifications and mitigations.
- Achieved and maintained Confidential compliance and authority to operate ( Confidential ) for systems based on guidance from the Confidential SP 800-37 Risk Management Framework (RMF).
- Performed and assist in internal audits of financial systems to ensure compliance with mandated annual OMB A-123 and Confidential requirements. Prepare all major deliverables ( Confidential .g., Work Papers, POA&Ms, Summary of Aggregated Deficiencies (SAD), and Certification Statement).
- Provided system stakeholders with recommendations on how to best remediate identified issues based upon Confidential guidelines and industry best practice.
- Performed security testing and security control assessments on federal applications to ensure compliance with the Confidential 800-53a and agency specific requirements.
- Participated in the Control Selection Meeting, Control Assessment Meeting and Findings Review meetings with the system stakeholders.
- Worked closely with the System POC to coordinate the data gathering effort.
- Reviewed and analyzed evidence to ensure each assessment objective is achieved.
- Developed security artifacts and procedures to ensure information system confidentiality, integrity and availability are in compliance with national policy
- Took notes during the SCA Walkthrough meetings.
- Reviewed security related documentation (System Security Plans, Configuration Management Plans, etc.)
- Conducted internal control assessment in accordance with OMB A-123 Internal Controls.
- Documented audit work paper, audit findings and recommendations.
Confidential, McLean, VA
IT Auditor/Consultant
Responsibilities:
- Reviewed, documented, and tested internal controls.
- Participated in on-site evaluations/audits for compliance with policy.
- Performed assessments of clients systems and environment following Confidential 800-53 rev 3 and rev 4
- Standards.
- Performed gap analysis on review of Confidential 800-53- Rev 3 to Rev 4 for System Security Plans Confidential updates.
- Assisted in preparing draft audit reports to communicate findings and recommendations to senior management.
- Performed all stages of audit, including planning; fieldwork/execution; reporting; and follow-up.
- Followed-up to ensure the prompt and proper resolution and implementation of corrective action plan.
- Documented control weaknesses related to testing exceptions.
- Identified and communicated IT audit findings to senior management and clients.
- Maintained a good working relationship with clients to enhance customer satisfaction and work with client management and staff at all levels to perform audit services.
- Ensured all POA&M actions are completed and tested in timely fashion to meet client deadlines.
- Interfaced with the client on a day-to-day basis
- Documented work completed by preparing work papers.
- Worked as a liaison to provide data and records for external auditors ( Confidential ) during financial system audits.
- Reviewed and upload deliverables in A&A repository
- Determined if Personal Identifiable Information (PII) is stored, processed, or transmitted. If applicable, conduct Privacy Threshold Analysis (PTA).
- Worked with client to improve the security posture of their information systems through the implementation of the Assessment and Authorization (A&A) process.
- Helped conduct weekly meetings with upper management on updates on POA&M tracking.
- Created and compile Authorization packages to include: Designation Letters, Security Plans, Contingency Plans, and SOPs.
- Worked with auditors to identify Key Controls, which must be assessed on a recurring annual basis.
- Initiated, coordinate and track the remediation of security weaknesses as they are discovered, via a "Plan of Actions and Milestones" (POAM).