Information Assurance Analyst Resume
Washington, DC
SUMMARY:
A Cyber Security Analyst with a solid background and understanding of how to protect information and information systems. Area of specialization includes: Network security, Cyber security, Information Assurance (IA), Certification and Accreditation (C&A)/Assessment & Authorization (A&A), Risk Management, Authentication & Access Control, System Monitoring, Regulatory Compliance etc.
TECHNICAL SKILLS:
- Network & System Security
- Risk Management
- Authentication and Access Control
- Vulnerability Assessment
- System Monitoring
- Regulatory Compliance
- Karli Linux
- Nessus
- Remedy
- Jira
- Archer
- Confluence
- Tivoli
- HP openview
- Apache web servers
- Mail servers
- FTP
- DHCP
- DNS
- Centos
- Red - Hat
- SSH
- VMware
- Virtual box
- Red-hat Enterprise Linux (RHEL)
- Oracle
- Salesforce
- SharePoint
- Excel
- Word
- PowerPoint etc.
PROFESSIONAL EXPERIENCE:
Confidential, Washington DC
Information Assurance Analyst
Responsibilities:
- Analyze federal legislation directives, Office of Management and Budget (OMB) mandates, and guidance provided by the National Institute of Standards and Technology (NIST) and interpret requirements.
- Experience working with the NIST 800 - 53 control catalogue and the assessment objectives outlined in NIST 800-53A.
- Review security control requirements to determine if a security control is implemented correctly and operating as intended.
- Support assessments/audits against standards such as NIST 800-53 or A-123.
- Experience working with external stakeholders to assist with the collection of Audit assessment artifacts for Center for Medicare and Medicaid Services (CMS).
- Provide security control assessment/audit liaison support to the CMS Information System Security and Privacy Group and its external stakeholders. Issues data calls, collect and catalogue artifacts, and work with external auditors to facilitate audits such as FISMA, CFO, OIG, GAO and A-123 Review.
- Evaluate the agency against cyber security maturity models and prepare the quarterly and annual FISMA report for the CISO.
- Develop and issue reports to management on the status of ongoing audit activities. Manage tasking using agile methodologies and automated tools such as Jira.
- In depth experience understanding the NIST Special Publication 800-53 security control catalogue.
- Experience with the assessment of NIST 800-53 security controls using NIST Special Publication 800-53A.
- Possess an in depth understanding of the six steps of the NIST Risk Management Framework (RMF).
- Conduct stakeholder interviews to evaluate the effectiveness of security controls and provide recommendations and guidance to the customer which enables them to enhance and optimize their information security program.
Confidential, Falls Church, VA
Information Security Analyst
Responsibilities:
- Analyzed and updated System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security Test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M).
- Assisted System Owners and ISSMs/ISSOs in preparing system packages, ensuring that management, operational, technical and privacy security controls are implemented adequately according to NIST SP 800-53 Rev4.
- Ensured that risks are assessed, evaluated and proper actions are taken to limit their impact on the Data and Information Systems.
- Developed templates for required security A&A documents: including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages.
- Conducted IT controls risk assessments that included reviewing organizational policies/procedures and provided advice on their adequacy, accuracy and compliance.
- Involved in security awareness training program to educate employees and managers on current threat and vulnerabilities.
- Updated IT Security policies, procedures, standards and guidelines according to department and federal requirements.
- Familiar with FEDRAMP and Cloud Computing.
Confidential, Fairfax, VA
Information Assurance Analyst
Responsibilities:
- Conducted Security Control Assessment on General Support Systems (GSS) and Major Applications Systems to ensure that all Information Systems are operating within strong security posture.
- Conducted examination and interview, formulated test plans, tested results and developed remediation plans for each area of testing.
- Prepared audit reports for distribution to management and upper management documenting the results of the audit performed.
- Performed Information Technology Risk analysis and assessments.
- Analyzed and defined Security Requirements for multiple IT issues.
- Developed, analyzed and implemented security specifications in accordance with NIST & FISMA.
- Applied appropriate information security control for Federal Information System as specified by NIST 800-37, SP 800-53 rev4, FIPS 199, FIPS 200 and OMB Circular 130 Appendix III.
- Conducted Security Assessment utilizing NIST 800-53A.
- Developed and Conducted Contingency Plan and Testing.
- Developed and updated System Security Plan (SSP), Plan of Action and Milestone (POA&M).
- Prepared and submitted Security Assessment Plan (SAP) to CISO for approval.
Confidential, Washington, DC
Linux System Administrator
Responsibilities:
- Scheduled and automated jobs in the Cron environment.
- Recovered root password.
- Created, deactivated users and assigned passwords that need to be changed.
- Used VI editor to edit necessary files.
- Configured local firewalls and managing IPtables.
- Volume and file system management in Linux Red-Hat operating systems environment (LVM).
- Monitored client disc general usage and quota.
- Detected and troubleshoot file system errors.
- Installed, configured and hardened servers.
- Familiar with various network systems such as servers, routers and switches.
- Preventive maintenance (OS patching of Red-Hat Enterprise Linux).
- Implemented Sudo privileges to approved users on Red-Hat Operating System for system security.
- Monitored performance using necessary monitoring tools (Dig, Top, Traceroute, Sar, Vmstat, Nslookup).
- Monitored servers using HP openview.
- Extensive knowledge of VMware and Virtualbox.