We provide IT Staff Augmentation Services!

Information Assurance Specialist Resume

Alexandria, VA

OBJECTIVE:

Qualified Cyber Security Engineer with the ability to excel in a high performance team, seeking a position with an organization in which to further advance my skills while contributing and delivering of market leading security services and solutions. Experience, with NIST 800 - 53, documentation and writing of security policies.

SUMMARY:

  • Able to readily adapt to varied client environments, with responsibilities ranging from broad network security program development to deployment and implementation of broad ranging technical security controls.
  • 4 years Cyber Security experience.
  • Resolves customer security issues and address system and service requests.
  • Contributes to and participates in security incident plan exercises. Identifies, investigates and escalates information security incidents on the network.
  • Work with information system owners to categorize systems; select and implement and assess controls; frame, assess, respond and monitor risk to the business.
  • Maintains risk and vulnerability management records.
  • Reviews various sources of information to anticipate new security requirements and identify advancement in best practices.
  • Able to develop and provide services in the areas of IT security, Regulatory environments, corporate governance, risk management, security assessments, and managed cyber security services planning and organizing.

EXPERIENCE:

Confidential, Alexandria, VA

Information Assurance Specialist

Responsibilities:

  • Monitoring and enforcing security controls for technical, operational and management support.
  • Preparing system artifacts for system audits.
  • Reviewing monthly vulnerability scan reports and tracked and addressed weaknesses in POA&Ms as needed.
  • Working with ISSO to support multiple agency systems.
  • NIST 800-53 Rev4 security control assessments of federal government IT systems.
  • Monitoring the use of data files and regulated access in order to safeguard information.
  • Ensuring appropriate cyber security controls are in place.
  • Reviewing violations of computer security procedures and discussed procedures with clients to ensure violations are not repeated.
  • Working with a Software Development team in an Agile environment.
  • Performing Software Development testing.
  • Working with tools such as Jira, Confluence, Splunk and Tableau.

Confidential, Chantilly, VA

Cyber Security Analyst

Responsibilities:

  • Monitored the use of data files and regulated access in order to safeguard information.
  • Incident Management using Security Center.
  • Provided reports from security center to the management for remediation.
  • Used vulnerability scanners to scan for vulnerabilities.
  • Attended weekly meetings related to previous scans.
  • Contributed to a comprehensive, business aligned threat and vulnerability management and patching program.
  • Contributed to recommendations for business partners to remediate vulnerabilities, institute compensating controls or request risk acceptance decisions.
  • Communicated security threats, policies, standards and guidelines in clear terms to non-technical personnel.
  • Worked with Security Center (enterprise version of Nessus).
  • Participated in security incident operations, including after-hours response activities, event escalation coverage, and incident reporting.
  • Utilized IT security processes, processes, procedures and tools to meet the customer’s resources and sensitive information.

Confidential, Reston, VA

Cyber Analyst- Security Control Assessor

Responsibilities:

  • Reviewed and assessed security controls, Security documentation such as SSPs, PIAs, Incident Response plans, POA&Ms and visited sites for Security Authorization.
  • Performed research using NIST (National Institute of Standard and Technology) as a source and familiar with FIPS 199-200 publication. Also discussed about the Cyber Security Framework with my team for a project concerning critical infrastructures.
  • Monitored and enforced security controls for technical, operational and management support.
  • Prepared system artifacts for system audits.
  • Reviewed monthly vulnerability scan reports and tracked and addressed weaknesses in POA&Ms as needed.
  • Worked with ISSO to support multiple agency systems.
  • Experience with CSAM (Cyber Security Assessment and Management). Providing security program, Program Officials, and IT Security managers with web-based secure network capability to assess, document, report and manage on the status of IT security risk assessments and implementation of federal mandated IT security control standards and policies.
  • NIST 800-53 Rev4 security control assessments of federal government IT systems
  • Monitored the use of data files and regulated access in order to safeguard information.
  • Ensured appropriate cyber security controls are in place.
  • Reviewed violations of computer security procedures and discussed procedures with clients to ensure violations are not repeated.
  • Ongoing Security Authorizations; reviewing major applications and configurations.
  • Reviewed vulnerability scans from Nessus, QualysGuard and WebInspect.
  • Notified system owners of any vulnerability findings, and recommend remediation measures.
  • Preparation for kick-offs and Plan of Action and Milestones (POAMs).
  • Provided support to clients and reviewed policies, directives, and memoranda regarding Information security and privacy, the subject and the program.
  • Determined the impact of new or revised NIST publications, legislations and regulations and also assessed risks, and technologies and developed recommendations for appropriate actions.
  • Conducted research to evaluate and/or determine emerging industry technology trends, government agency best practices, and security and privacy issues.
  • Monitoring Systems and infrastructure supporting an enterprise incident management team.
  • Used FISMA and NIST standards for compliance.
  • Knowledge of FedRAMP Test Procedures: Center for Internet Security (CIS); NIST Special Publications 800-53A R1)- Access Control.
  • Made use of Continuous Monitoring: FedRAMP Test Procedures; NIST Special publications 800-30, 800-53A R1, 800-37 R1).
  • Provided information assurance, computer security best practices and system hardening.

Confidential, Adelphi, MD

Team Lead Cyber Security Analyst

Responsibilities:

  • Performed threat and vulnerability assessments, reviewed project requirements in order to effectively delegate and establish timelines for tasks.
  • Created plans for the project by using the necessary requirement, research, data management and collection of information to write a report for a team project.
  • Collected deliverables, monitored data with accordance to project guidelines and objectives and tracked records of work done so far by each team member.
  • Monitored and audited intrusion Prevention systems, I made use of cryptography and Intrusion Detection using Snort IDS and Wireshark protocol analyzer.
  • Used Snort for network intrusion detection and prevention system capable of performing real-time traffic analysis and packet logging on IP networks.
  • Performed Protocol analysis and content searching/matching. This analysis was also used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes and OS fingerprinting attempts.
  • Made use of Ubuntu in Helix 3 platform for digital forensics.
  • Helix was used for incident response, system investigation and analysis, data recovery, and security auditing.
  • Made use of Crypt tools and hashes such as MD5 and SHA-1.
  • Did projects that related with Access Control.
  • Business Continuity and disaster recovery planning.
  • Physical Environment security.
  • Reviewed project plans and coordinated project activity for the team of 6 members.
  • Made use of Network security tools such as Nmap, Nessus, Cain & Abel to perform projects.
  • Experience with operating systems such as: Microsoft Windows XP/7/8
  • Used McAfee Foundstone Vulnerability Manager and HP WebInspect.
  • Proven data analysis, data verification, and problem-solving abilities.
  • Excellent written and oral communication skills.
  • Able to prioritize and execute tasks in a high-pressure environment.
  • Excellent listening, presentation, and interpersonal skills.
  • I also have the ability to communicate ideas in both technical and user-friendly language. Keen attention to detail.

Hire Now