We provide IT Staff Augmentation Services!

Cyber Security Analyst Resume

Washington, DC


An Information Security Analyst with over 5 years of experience in information assurance, strong in performing Assessment and Authorization(A&A) following NIST/ FISMA standards and guidelines. Experienced in POA&M management. A very effective team player with exceptional written and verbal communication skills.


Vulnerability Assessment, Risk Assessment, SSP, SAR/RAR, POA&M FISMA, NIST SP 800 - Series, System Security, FedRAMP, HIPPA, Risk Management, Cloud Computing, System Monitoring, CSAM and Nessus, Oracle Database, SQL, Visio.


Cyber Security Analyst

Confidential, Washington, DC


  • Knowledgeable in all six phases of Risk Management Framework (RMF) following NIST, FISMA standards and guidelines.
  • Review scans with engineers to identify vulnerabilities and make recommendations on how to fix weaknesses.
  • Knowledgeable in categorizing information system using special publications, NIST 800-60 and FIPS 199.
  • Knowledgeable in creating, reviewing and updating System Security Plans (SSP) against NIST 800-18 and NIST 800-53 requirements.
  • Knowledgeable in selecting security controls using NIST 800-53 Rev 4 as guide.
  • Knowledgeable on creating of implementation plan for the information system, identify system Specific, Hybrid and Common controls.
  • Review System Security Plan(SSP) to verify NIST requirements.
  • Collect and validate artifacts from the system owner and assigned Points of Contacts to support information system audit and review.
  • Assess security controls effectiveness (i.e., controls implemented correctly, operating as intended, and meeting security requirements).
  • Develop Security Assessment Plans (SAPs) and Security Assessment Reports (SARs).
  • Assist in the continuous monitoring phase using NIST 800-137 as a guide and Nessus vulnerability scanners to detect potential risk on a single or multiple asset across the enterprise network.

Information Security Analyst

Confidential, Washington, DC


  • Supported the POA&M identification, tracking, remediation, closure, and reporting process enterprise wide.
  • Reviewed POA&M creation template and provided timely response with recommended changes to ISSO.
  • Processed, monitored and tracked POA&Ms using CSAM.
  • Analyzed results from vulnerability scanning tools such as Nessus.
  • Reviewed vulnerability scans to identify new weaknesses and determine false positives along with mitigation strategies.
  • Collaborated with ISSOs and other stakeholders to remediate POA&Ms.
  • Managed and escalated outstanding remediation items to ensure timely completion.
  • Updated and reported on POA&M activities as required.
  • Reported and responded to security incidence.
  • Evaluated known vulnerabilities to determine if additional safeguards were needed, ensuring systems were patched and security hardened.
  • Evaluated monthly Nessus vulnerability scans to support continuous monitoring strategies developed by client.
  • Ensured risks were mitigated efficiently in accordance to the organization.
  • Performed other POA&M IV&V functions as needed.

Hire Now