OBJECTIVE:

An experienced, detail - oriented, and self-motivated IT security professional with proven knowledge of Federal Information Security Management Act (FISMA), National Institute of Standards and Technology (NIST) risk management framework, and diverse security policies, procedures, and information security best practices in achieving the security goals of information systems.

SUMMARY:

• Plan, System Security Checklists, Privacy Impact Assessments, POA&M,
• Familiar with VMware, Citrix Xenserver, and other Virtual Machine Applications.
• Penetration Testing experience.
• Good communication and writing skills.
• Have the ability to work unsupervised, follow instructions, procedures, and factual reports.
• Experienced working with Confidential SP rev 3 and rev 4
• Assist in establishing an Ongoing Authorization (OA) program design to review the security posture of designated systems on a continual basis.
• Experience in supporting auditing cycles for ISO and Sans-20 Security Standard Mapping (PCI, DSS and SSAE 16/ SOC Report)
• Experienced in the development of System Security Plans (SSP), Contingency Plans/Test(CP&CPT), Disaster Recovery Plans, Incident Response Plans/Training, and Configuration Management.
• Reviewed and updated some of the system categorization using FIPS199, Initial Risk Assessment, E-authentication, PTA, PIA, SAR, SSP SAP& POA&M.
• Manage and coordinate a team of information security professionals to conduct Security.
• Authorization packages based on Confidential standards for general support systems and major applications.
• IT Infrastructures: Operating Systems; Windows Server 2008 & 2012, Unix/Linux- RedHat Enterprise Linux(RHEL), Kali Linux. Databases (SQL), Network Devices (firewall, routers, switch and hub, IPS/IDS).

TECHNICAL SKILLS:

Penetration testing tools: Cain and Abel, John the Ripper, Wireshark.

Vulnerability scanning: Nmap and Nessus.

PROFESSIONAL EXPERIENCE:

IT Security Analyst

Confidential, Houston, TX

Responsibilities:

• Perform security control assessment (SCA) and continuous monitoring testing.
• Conduct vulnerability scanning and risk assessment in respect to criteria established by organization ( SWOT analysis) and best practices that protect assets.
• Review security artifacts updated by ISSO to confirm they are compliant as developing and updating IT security policies and procedures.
• Utilizing various security management tools (Vulnerability management, Nessus, Nmap, Wireshark, and Splunk) for risk analysis and remediation purposes.
• Experience with network vulnerability assessments and penetration testing methods.
• Identify security flaws in computing platforms and applications, develop strategies and techniques to mitigate identified cybersecurity risks.
• Analyze and prepare reports on various vulnerabilities identified and to be remediated according to their risk level or criticality.
• Testing of applications to ensure that they meet security standards as well as in corporate all clients requirements.
• Understanding of service objectives, capturing business requirements through active listening and questioning techniques, keep abreast with organization’s strategy and value, and proactive alignment with regulations and legislations.
• Development of written proposals, risk policies and procedures proposals, and liaise with vendors.

Cyber Security Analyst

Confidential, Maryland

Responsibilities:

• Conducted meetings with the IT team to gather documentations and evidences (Kick - off meeting) about their control environment.
• Expertise in National Institute of Standards and Technology Special Publication ( Confidential SP) documentation: Performed assessments, POAM Remediation, and document creation using Confidential SP.
• Performed Security Categorization (FIPS 199), Privacy Threshold Analysis (PTA), E-Authentication with business owners and selected stakeholders.
• Hold kick-off meeting with CISO and systems stakeholders prior to assessment engagement.
• FISMA Reports, Standard Operating Procedures (SOP) in accordance with
• Conduct the ST&E Kick-off Meeting and populate the Requirements Traceability Matrix (RTM) according to Confidential SP A.
• Experience with Confidential standard on cyber security and incident handling ( )
• Security Test and Evaluation (ST&E): Performed Security Test and Evaluation assessment on several different environments using both scanning tools and manual assessment. Environments tested include Windows server, Windows XP, Red Hat, Oracle, Cisco IOS, custom created applications, and COTS applications.
• Security Documentation: Performed updated to System Security Plans (SSP), Risk Assessments, and drafting Plan of Action and Milestones (POAMs).

Information Security Analyst

Confidential

Responsibilities:

• Developed NIST-compliant vulnerability assessments, technical documentation, and Plans of Action and Milestone (POA&M), and address system weaknesses
• Monitored controls post authorization to ensure continuous compliance in accordance to FISMA guidelines
• Ensured all POA&M actions are completed and tested in timely fashion to meet client deadlines.
• Participated and attended weekly ISSO forums for security advice and updates and also, conduct meetings with the IT team to gather documentation and evidence about their control environment.
• Applied appropriate information security control for Federal Information System based on Confidential SP, FIPS 199, FIPS 200 and OMB A-130 Appendix III
• Executed examine, interview, and test procedures in accordance with Confidential SP A Revision 4
• Managed vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple asset across the enterprise network
• Monitored security controls post authorization to ensure continuous compliance with the security requirements
• Created, updated and revise System security Plans, FISMA and FISCAM audits, Contingency Plans, Incident Reports and Plan of Action & Milestone
• Authored recommendations associated with findings on how to improve the customers security posture in accordance with Confidential controls
• Proven ability to support the full life-cycle of the Assessment and Authorization (A&A) process
• Supported client security policies and activities for networks, systems and applications including Vulnerability Management, Incident Reporting, Mitigation, and Continuous Monitoring
• Reviewed and updated some of the system categorization using FIPS 199, Initial Risk Assessment, E-authentication, PTA, PIA, SAR, SSP, SAP& POA&M.
• Project Management: Build (Using Standard and Advanced Installation), Deploy and Maintain Linux (Centos/RHEL) Version 6.X, 7.0 and 7.1, Solaris and Windows 2008 and 2012 servers.
• LAMP System Administration (Linux, Apache Server, MySQL, and PHP): Installing and maintaining the content management system, developing and maintaining an automation engine for the code deployment process, coordinating deployments with the development and infrastructure teams, and supporting integration with other technologies.
• MySQL/MariaDB administration and support experience including backup and recovery, replication, clustering, performance tuning, and monitoring.
• Report technical issues and problems to vendor support staff. Work with vendor technical support staff to resolve problems in a timely manner. Participate in technical planning with the ESA team.
• Assist with monitoring performance and backup of Systems.