We provide IT Staff Augmentation Services!

Sr. Cyber Security Analyst Resume

3.00/5 (Submit Your Rating)

Mclean, VA

SUMMARY

Motivated IT Security Analyst and Cyber Security Analyst with over 6 years of professional experience in Assessment and Authorization, Confidential 800 - 37 Risk Management Framework, POA&M management and Operational Policy and Procedures, OMB A-123. Experience in all phases of preparing and reviewing complete Assessment and Authorization packages for information technology systems and/or applications as defined by the Confidential and implemented by the guidance of the National Institute of Standards and Technology ( Confidential ).

PROFESSIONAL EXPERIENCE:

Confidential, Mclean, VA

Sr. Cyber Security Analyst

Responsibilities:

  • Sound understanding and experience with Confidential Risk Management Framework process.
  • Lead assessments of clients systems and environment following Confidential 800-53 rev 3 and rev 4 Standards.
  • Review and update System Security Plans against Confidential 800-53 requirements.
  • Determine security controls effectiveness (i. Confidential ., controls implemented correctly, operating as intended, and meeting security requirements).
  • Conduct risk assessments, ensured measures raised in assessments were mitigated in accordance with risk profile, root-causes of risks and fully addressed following Confidential 800-30 and Confidential 800-37
  • Perform on-site security testing using vulnerability scanning tools such as Confidential .
  • Ensure Client delegated systems are in compliance with security policies and procedures.
  • Provide continuous monitoring support for systems in accordance to Confidential guidelines.
  • Assist System Owners and ISSO with the development of SA&A documentation.
  • Liaised with external auditors during annual audit and ensured that deficiencies are remediated in a timely manner before recertification follow up.
  • Develop and conduct Confidential & Confidential, Security Assessment plan (SAP) according to Confidential SP 800-53A.
  • Peer review and analyze security authorization package documentation that are used to determine the Authority to Operate ( Confidential ) for systems ( Confidential, CP, RA, POA&M etc.).
  • Serve as ISSO for multiple major applications and the general support system.
  • Document and Review PTA for PII residing systems.

Confidential, Arlington, VA

Advisory Consultant

Responsibilities:

  • Supported the client in performing the Confidential RMF process to ensure that they comply with security and complete their annual SA&A requirements using the Cybersecurity Assessment and Management (CSAM) tool to manage the SA&A workflow and associated documents.
  • Developed and reviewed security categorizations using FIPS 199 and Confidential SP 800-60 to determine if the categorization is adequate and commensurate with the data that is processed.
  • Reviewed current agency policies and procedures and identify gaps in terms of compliance.
  • Served as ISSO for multiple major applications and the general support system.
  • Performed and developed Privacy Threshold Assessments (PTA) and Privacy Impact Assessments in coordination with the system owners and stakeholders.
  • Supported security controls assessment efforts by preparing and providing evidence artifacts.
  • Coordinated and tracked remediation of security weaknesses as they are discovered, via the Plan of Actions and Milestones .
  • Developed and reviewed risk acceptance memorandums to ensure that accepted risks have appropriate justifications and mitigations.
  • Achieved and maintained Confidential compliance and authority to operate ( Confidential ) for systems based on guidance from the Confidential SP 800-37 Risk Management Framework (RMF).
  • Performed and assist in internal audits of financial systems to ensure compliance with mandated annual OMB A-123 and Confidential requirements. Prepare all major deliverables ( Confidential .g., Work Papers, POA&Ms, Summary of Aggregated Deficiencies (SAD), and Certification Statement).
  • Provided system stakeholders with recommendations on how to best remediate identified issues based upon Confidential guidelines and industry best practice.
  • Performed security testing and security control assessments on federal applications to ensure compliance with the Confidential 800-53a and agency specific requirements.
  • Participated in the Control Selection Meeting, Control Assessment Meeting and Findings Review meetings with the system stakeholders.
  • Worked closely with the System POC to coordinate the data gathering effort.
  • Reviewed and analyzed evidence to ensure each assessment objective is achieved.
  • Developed security artifacts and procedures to ensure information system confidentiality, integrity and availability are in compliance with national policy
  • Took notes during the SCA Walkthrough meetings.
  • Reviewed security related documentation (System Security Plans, Configuration Management Plans, etc.)
  • Conducted internal control assessment in accordance with OMB A-123 Internal Controls.
  • Documented audit work paper, audit findings and recommendations.

Confidential, McLean, VA

IT Auditor/Consultant

Responsibilities:

  • Reviewed, documented, and tested internal controls.
  • Participated in on-site evaluations/audits for compliance with policy.
  • Performed assessments of clients systems and environment following Confidential 800-53 rev 3 and rev 4
  • Standards.
  • Performed gap analysis on review of Confidential 800-53- Rev 3 to Rev 4 for System Security Plans Confidential updates.
  • Assisted in preparing draft audit reports to communicate findings and recommendations to senior management.
  • Performed all stages of audit, including planning; fieldwork/execution; reporting; and follow-up.
  • Followed-up to ensure the prompt and proper resolution and implementation of corrective action plan.
  • Documented control weaknesses related to testing exceptions.
  • Identified and communicated IT audit findings to senior management and clients.
  • Maintained a good working relationship with clients to enhance customer satisfaction and work with client management and staff at all levels to perform audit services.
  • Ensured all POA&M actions are completed and tested in timely fashion to meet client deadlines.
  • Interfaced with the client on a day-to-day basis
  • Documented work completed by preparing work papers.
  • Worked as a liaison to provide data and records for external auditors ( Confidential ) during financial system audits.
  • Reviewed and upload deliverables in A&A repository
  • Determined if Personal Identifiable Information (PII) is stored, processed, or transmitted. If applicable, conduct Privacy Threshold Analysis (PTA).
  • Worked with client to improve the security posture of their information systems through the implementation of the Assessment and Authorization (A&A) process.
  • Helped conduct weekly meetings with upper management on updates on POA&M tracking.
  • Created and compile Authorization packages to include: Designation Letters, Security Plans, Contingency Plans, and SOPs.
  • Worked with auditors to identify Key Controls, which must be assessed on a recurring annual basis.
  • Initiated, coordinate and track the remediation of security weaknesses as they are discovered, via a "Plan of Actions and Milestones" (POAM).

We'd love your feedback!