Cyber Security Analyst Resume Houston, TX - Hire IT People

SUMMARY:

I am an Information Security Analyst with a passion and talent for aligning security architecture, plans, controls, policies and procedures with security standards and operational goals. I possess extensive experience with developing and testing security controls and architectures, and working with cloud - based systems. I have experience working on complex projects as a member of the project teams ensuring the delivery of projects on time and on budget.
Understanding of Risk Management Framework (RMF), Risk Assessment and Security Assessment and Authorization process (SA&A).
Experience with federal security policies, standards, procedures and guidelines including Confidential 800 SPs such as 800-18, 800-37 rev 1, 800-60, 800-53/53A rev 4) and Confidential 199 & 200.
Knowledge of Federal and international regulatory bodies such as Office of Management Budget (OMB), Confidential Reports, FedRAMP, PCI DSS and ISO.
Experience performing on-site security testing using vulnerability scanning tools such as Nessus
Experience in the development of Confidential Package Documents such as System Security Plans (SSP), SAR, POAM, Contingency Plans, Incident Response Plans, PIA and Configuration Management.
Proficient in explaining technical information, resolutions, documentations, and presentations to clients and non-technical personnel at all levels of the organization or enterprise.

WORK EXPERIENCE:

Cyber Security Analyst

Confidential, Houston, TX

Responsibilities:

Review and update some of the system categorization using Confidential 199, Initial Risk Assessment, E-authentication, PTA, PIA, SAR, SAP, SSP, IRP, & Confidential &M.
Develop and track for corrective actions the Plan of Action and Milestones ( Confidential &M of all accepted risks upon completion of System Control Assessment (SCA) exercises.
Create and review system security artifacts such as contingency plans (CP), incident response plan (IRP), privacy impact assessments (PIA), MOUs/ISAs and risk assessment (RA) documents for compliance with Confidential 800 guidelines and agency’s security requirements.
Conduct the ST&E Kick-off Meeting and populate the Requirements Traceability Matrix (RTM) according to Confidential SP 800-53A.
Monitor controls post authorization to ensure continuous compliance with the security requirements by evaluating threats and vulnerabilities through Nessus scan results and work with the IT staff for mitigation actions .
Develop and update Authorization to Operate ( Confidential ) packages such as the SSPs, SAR and Confidential &Ms for information systems to ensure they are in compliance with organization’s information security requirements.
Review implementation statements and supporting evidence of security controls as to if/how the systems are currently meeting the requirements and provide findings/suggested mitigations to stakeholders.

IT Security Analyst

Confidential, Houston, TX

Responsibilities:

Performed security categorization using Confidential 199 and review Privacy Threshold Analysis (PTA), and E-Authentication with business owners and selected stakeholders.
Worked with Certification and Accreditation team; to perform risk assessment, update System Security Plan (SSP), Contingency Plan (CP), and Plan of Actions and Milestones ( Confidential &M).
Managed vulnerabilities with the aid of Nessus, web inspect as vulnerability scanning tools to detect potential risk on single or multiple asset across the enterprise.
Tracked and updated Plan of Action & Milestones ( Confidential &M) for corrective actions following assessment activities and in response to identified vulnerabilities for maintaining system Confidential status.
Host and facilitate kick-off meetings and presentations with system stakeholders/clients on the operational security posture for the systems in their purview and on security related policies.
Assisted with security documentation such as Risk Assessments, Incident Response Plans, Change Control procedures and Standard of Operation and Procedures (SOP).
Primarily responsible for researching and evaluating relevant information security policies, guidance, and best industry practices, including Confidential and Confidential for applicability to IT systems security.