An Information Security Analyst with over 5 years of experience in information assurance, strong in performing Assessment and Authorization(A&A) following NIST/ FISMA standards and guidelines. Experienced in POA&M management. A very effective team player with exceptional written and verbal communication skills.
Vulnerability Assessment, Risk Assessment, SSP, SAR/RAR, POA&M FISMA, NIST SP 800 - Series, System Security, FedRAMP, HIPPA, Risk Management, Cloud Computing, System Monitoring, CSAM and Nessus, Oracle Database, SQL, Visio.
Cyber Security Analyst
Confidential, Washington, DC
- Knowledgeable in all six phases of Risk Management Framework (RMF) following NIST, FISMA standards and guidelines.
- Review scans with engineers to identify vulnerabilities and make recommendations on how to fix weaknesses.
- Knowledgeable in categorizing information system using special publications, NIST 800-60 and FIPS 199.
- Knowledgeable in creating, reviewing and updating System Security Plans (SSP) against NIST 800-18 and NIST 800-53 requirements.
- Knowledgeable in selecting security controls using NIST 800-53 Rev 4 as guide.
- Knowledgeable on creating of implementation plan for the information system, identify system Specific, Hybrid and Common controls.
- Review System Security Plan(SSP) to verify NIST requirements.
- Collect and validate artifacts from the system owner and assigned Points of Contacts to support information system audit and review.
- Assess security controls effectiveness (i.e., controls implemented correctly, operating as intended, and meeting security requirements).
- Develop Security Assessment Plans (SAPs) and Security Assessment Reports (SARs).
- Assist in the continuous monitoring phase using NIST 800-137 as a guide and Nessus vulnerability scanners to detect potential risk on a single or multiple asset across the enterprise network.
Information Security Analyst
Confidential, Washington, DC
- Supported the POA&M identification, tracking, remediation, closure, and reporting process enterprise wide.
- Reviewed POA&M creation template and provided timely response with recommended changes to ISSO.
- Processed, monitored and tracked POA&Ms using CSAM.
- Analyzed results from vulnerability scanning tools such as Nessus.
- Reviewed vulnerability scans to identify new weaknesses and determine false positives along with mitigation strategies.
- Collaborated with ISSOs and other stakeholders to remediate POA&Ms.
- Managed and escalated outstanding remediation items to ensure timely completion.
- Updated and reported on POA&M activities as required.
- Reported and responded to security incidence.
- Evaluated known vulnerabilities to determine if additional safeguards were needed, ensuring systems were patched and security hardened.
- Evaluated monthly Nessus vulnerability scans to support continuous monitoring strategies developed by client.
- Ensured risks were mitigated efficiently in accordance to the organization.
- Performed other POA&M IV&V functions as needed.