CyberÂ SecurityÂ Analyst Resume Houston, TX - Hire IT People

PROFESSIONAL SUMMARY:

Understanding of Risk Management Framework (RMF), Risk Assessment and Security Assessment and Authorization process (SA&A).
Experience with federal security policies, standards, procedures and guidelines including NIST 800 SPs such as 800 - 18, 800-37 rev 1, 800-60, 800-53/53A rev 4) and FIPS 199 & 200.
Knowledge of Federal and international regulatory bodies such as Office of Management Budget (OMB), FISMA Reports, FedRAMP, PCI DSS and ISO.
Experience performing on-site security testing using vulnerability scanning tools such as Nessus
Experience in the development of ATO Package Documents such as System Security Plans (SSP), SAR, POAM, Contingency Plans, Incident Response Plans, PIA and Configuration Management.
Proficient in explaining technical information, resolutions, documentations, and presentations to clients and non-technical personnel at all levels of the organization or enterprise.

TECHNICAL SKILLS:

WORK EXPERIENCE:

Cyber Security Analyst

Confidential, Houston, TX

Review and update some of the system categorization using FIPS 199, Initial Risk Assessment, E-authentication, PTA, PIA, SAR, SAP, SSP, IRP, & POA&M.
Develop and track for corrective actions the Plan of Action and Milestones (POA&M of all accepted risks upon completion of System Control Assessment (SCA) exercises.
Create and review system security artifacts such as contingency plans (CP), incident response plan (IRP), privacy impact assessments (PIA), MOUs/ISAs and risk assessment (RA) documents for compliance with NIST 800 guidelines and agency’s security requirements.
Conduct the ST&E Kick-off Meeting and populate the Requirements Traceability Matrix (RTM) according to NIST SP 800-53A.
Monitor controls post authorization to ensure continuous compliance with the security requirements by evaluating threats and vulnerabilities through Nessus scan results and work with the IT staff for mitigation actions .
Develop and update Authorization to Operate (ATO) packages such as the SSPs, SAR and POA&Ms for information systems to ensure they are in compliance with organization’s information security requirements.
Review implementation statements and supporting evidence of security controls as to if/how the systems are currently meeting the requirements and provide findings/suggested mitigations to stakeholders.

IT Security Analyst

Confidential, Houston, TX

Performed security categorization using FIPS 199 and review Privacy Threshold Analysis (PTA), and E-Authentication with business owners and selected stakeholders.
Worked with Certification and Accreditation team; to perform risk assessment, update System Security Plan (SSP), Contingency Plan (CP), and Plan of Actions and Milestones (POA&M).
Managed vulnerabilities with the aid of Nessus, web inspect as vulnerability scanning tools to detect potential risk on single or multiple asset across the enterprise.
Tracked and updated Plan of Action & Milestones (POA&M) for corrective actions following assessment activities and in response to identified vulnerabilities for maintaining system ATO status.
Host and facilitate kick-off meetings and presentations with system stakeholders/clients on the operational security posture for the systems in their purview and on security related policies.
Assisted with security documentation such as Risk Assessments, Incident Response Plans, Change Control procedures and Standard of Operation and Procedures (SOP).
Primarily responsible for researching and evaluating relevant information security policies, guidance, and best industry practices, including NIST and FISMA for applicability to IT systems security.