SUMMARY:

• Skilled and detail - oriented Security Control Assessor and IT Auditor with 7yrs experience in Security and Vulnerability Management Lifecycle.
• Well experienced in using FISMA and applicable NIST Special Publications including but not limited to FIPS 199/200, /SP 800-30, 800-37, 800-53 rev4/53A, 800-60, and 800-137.
• Experienced in FEDRAMP. Worked in high-availability production and development, 24x7 environments with strong communication, organization and problem-solving skills. A good team player, also possess a strong ability to work efficiently, independently and under pressure.

TECHNICAL SKILLS:

• Hands-on experience assessing, developing, and/or updating security documents /artifacts including but not limited to System Security Plans (SSP), Configuration Management Plans (CMP), Information System Contingency Plans (ISCP), Incident Report Plans (IRP), Business Impact Analysis (BIA), Control Tailoring Workbook (CTW), e-Authentication Risk Assessment, Plan of Action and Milestones (POA&M), Security Assessment Plans (SAP), Security Assessment Reports (SAR), Privacy artifacts in accordance with FedRAMP, NIST and applicable Federal regulations, guidelines, and the best practice for a variety Information Systems.
• Experienced on security administration functions pertaining to analysis, study and defining requirements and postures for Defense in Depth (DiD) architectures and configurations, in compliance with FedRAMP, NIST, the directives and guidance including but not limited to SP 800-30, SP 800-37, SP 800-53 Rev 4, SP 800-53A, SP 800-60, SP 800-137, FIPS 199, FIPS 200, OMB Circular A-123, and OMB Circular A-130.
• Familiar with Information Security tools and solutions including, Vulnerability Scanners (e.g. Nessus, Qualys), Security Information and Events System (e.g. ArchSight, Splunk), Data Protection/Encryption System, Network Devices (e.g. Firewalls, Intrusion Detection/Prevention System) and Antivirus solution, Systems Management Software/Solutions (e.g. BigFix), and Assessment and POA&M tracking tools (e.g. Trusted Agent FISMA (TAF), DOJ’s Cyber Security Assessment Management (CSAM)
• Experienced developing, tracking, and oversight to Plan of Action and Milestones (POA&M) process as part of continuous monitoring and A&A.
• Microsoft Office Suite (Word, Excel, PowerPoint, Visio, Outlook)
• Proficient using Windows 2000, 2003, 2008, Windows 7, and XP
• Proficient using Remedy, Macintosh Computers, Nessus Tenable Vulnerability Assessment.
• Expertise with Telecommunications Fundamentals System Forensics, NIST SP 800 Series, FISMA, FIPS Publications
• POA&M, FedRAMP, OMB, ST&E, FISMA, Risk Management Framework 800-37, SSP, Risk Assessment, FIPS 199, IT Security Controls, DISA compliance, Sarbanes-Oxley Compliance (SOX 404), Contingency Planning, Change Management, Security Gap Analysis, Configuration Management, STIG’s, HIPAA, SDLC, C&A, System Monitoring & Regulatory Compliance, Trusted Agent FISMA (TAF).
• Pursuing IAM Level III certification, Certified Information Systems Auditor (CISA).

PROFESSIONAL EXPERIENCE:

Snr Information Assurance Analyst

Confidential, Berwyn Heights, MD

Responsibilities:

• Ensures proper system categorization using NIST 800-60 and FIPS 199
• Implements appropriate security controls for information system based on NIST 800-53 rev 4 and FIPS 200.
• Develops System Security Plans (SSPs) to provide overview of federal information system requirements and describe the controls in place to meet these requirements.
• Reviews and updates remediation on plan of action and milestones (POA&Ms), in agency’s Cyber Security Assessment and Management (CSAM) tool. Works with system administrators to resolve POA&Ms, gathers artifacts and creates mitigation memos and corrective action plans to assist in the closure of POA&Ms.
• Guides System Owners and system teams through the ATO process, using NIST 800-37.
• Creates, modifies, and reviews Security Assessment Report (SAR), Contingency Plan (CP) and POA&M for review and approval for Authorization Official
• Performs security control assessment using NIST 800-53A guidance and as per continuous monitoring strategies
• Develops a variety of Assessment & Authorization deliverables including; System Security Plan (SSP), FIPS 199 Categorization, PIA, ST&E, SAP, DRP, IRP, ISCP, CMP.
• Sets up POA&M ATO follow up pre-brief meetings with the System Owner, ISSO and other key stakeholders for each system with open POA&Ms prior to the official follow-up briefs and as directed by the Client.
• Analyzes and updates System Security Plan (SSP), Risk Assessment Reports (RAR), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M)
• Coordinates with the agency’s Privacy, Records, and Information Governance Divisions related to compliance documentation and other requirements
• Conducts Contingency Plan tests using the table top and/or functional method at least annually and updating the plan
• Devises plans to certify and accredit assigned Information system or information systems
• Ensures Configuration Management processes are followed to ensure that any changes do not introduce new security risks
• Responds to emerging requirements or policies as set by legislation, regulation or policy
• Supports annual assessments in accordance with guidance in the DOI Information Security Performance Plan
• Creates Waivers or Risk Acceptance Memos to assist in the effective management of system risks

Security Analyst

Confidential, Greenbelt MD

Responsibilities:

• Conducted systems risk assessment through risk analysis, assesses assets within system boundaries, and identify all possible vulnerabilities within systems.
• Assessed security controls in accordance with the assessment procedures defined in the security assessment plan (SAP) through examination, interviews, and testing.
• Conducted initial remediation actions on security controls based on the findings and recommendations of the security assessment report and re-assesses remediated control(s), as appropriate.
• Conducted security assessments by reviewing System Security Plans (SSP) to create Kick-Off Presentation Slides, Security Assessment Plans (SAP), and Security Control Assessment (SCA) matrices.
• Uploaded Plan of Action and Milestones (POA&Ms) into CSAM and validated artifacts provided to remediate POA&Ms
• Drafted Security Assessment Reports (SAR) to provide stakeholders information regarding the security posture of their systems in accordance with the controls outlined in NIST SP 800-53 Rev. 4
• Conducted meetings with various system teams to gather evidence, developed test plans, testing procedures and documented test results and exceptions.
• Reviewed POA&Ms and enforced timely remediation of audit issues
• Reviewed Tenable Nessus vulnerability and compliance scans and WebInspect application scans as part of security control assessments.
• Performed FISMA continuous monitoring-related activities
• Provided support for documentation initiatives as related to System Security Plans (SSPs), Security Assessment Plans (SAP), Continuity of Operations Plans (COOP), Incident Response Plans(IRPs), and Information System Contingency Plans (ISCP)
• Responded to various executive data calls.

Network/ NOC Engineer

Confidential, Greenbelt, MD

Responsibilities:

• Experience with TCP/IP & OSI network technologies/Models
• Solid NOC Support experience(24x7x365)
• Initiate service calls with client/users and resolve network issues
• LAN/WAN monitoring and troubleshooting using Netcool and HP Openview
• Prepare & submit regular equipment failure report & maintain logs of network service interruptions.
• Experience with Remedy for Ticketing & Change Management System
• Keep the network Operations Manager inform of all equipment problems & their resolutions
• Maintain documents of work perform during the day