We provide IT Staff Augmentation Services!

System Security Lead Resume

SUMMARY:

Seeking a position within a company where my years of professional experience, education and abilities will be utilized to contribute to the growth and success of the company.

PROFESSIONAL EXPERIENCE:

Confidential

System Security Lead

Responsibilities:

  • Reviewed FedRamp provisional package and support documents in effort to grant Authorization To Operate (ATO) to cloud service provider (CSP)
  • Reviewed and updated Office of Inspector General Information Technology Computer Crime Investigative Network ( Confidential Net) System Security Plan (SSP)
  • Modified controls from NIST 800 - 53 Rev 3 to rev 4 and documented them in the SSP
  • Created/developed travel policy for Confidential devices during staff travel in high risk areas
  • Created policy for external portable devices and media usage
  • Researched and documented FISMA requirement for logging - windows server
  • Reviews and update System Characterization Documents (SCD) for Confidential Information Technology Operations and Security Services (IT OPS) for:
  • Local Area Network ( Confidential LAN),
  • Education Investigative Technology System ( Confidential EDITS),
  • Management Information System ( Confidential MIS) and
  • Intranet
  • Creates and conducts Monthly Status Report sessions for Confidential and IT OPS projects
  • Conducts vulnerability scans with AppDetective Pro
  • Reviews Foundstone vulnerability scan reports for LAN, EDITS, MIS and Intranet; Documented scan report for LAN, EDITS, MIS and Intranet in vulnerability remediation form for ticket generation
  • Created rules of Behavior (ROB) for LAN, EDITS, MIS and Intranet
  • Reviews and updates Information System Contingency Plan (ISCP) Configuration and Management Plan (CMP) for LAN, EDITS, MIS and Intranet
  • Reviewed and Updated Privacy Impact Assessment (PIA) for LAN, EDITS, and MIS
  • Updates Security Documentations for LAN, EDITS, MIS and Intranet and Uploaded them into Cyber Security Assessment Management (CSAM)
  • Requests draft approval, Plan of Action & Milestone (POA&M) cancellation/approval from Independent verification and validation (IV&V) through CSAM
  • Security Authorization Gap Analysis to remediate open POA&Ms
  • Created Business Impact analysis (BIA) for LAN, EDITS, MIS and Intranet
  • Coordinates with Stakeholders to remediate LAN, EDITS, MIS and Intranet POA&Ms
  • Update Inventory for FISMA report submission in CSAM
  • Manage and lead team members to achieve goal of Confidential and IT OPS project
  • Prepares Balance score card for Projects managed

Confidential, Bowie, MD

Cyber Sec urity Analyst

Responsibilities:

  • Directed, maintained, and implemented the necessary controls and procedures to protect information systems assets from intentional or inadvertent access modification, disclosure or destruction
  • Coordinated the development of documents: Configuration management (CM), Contingency Plan (CP), Continuity of Operations (COOP), Disaster Recovery Plan (DR) and Incident Response Plan (IRP)
  • Conducted systems risk assessment through risk analysis, assessed assets within system boundaries, and identified all possible vulnerabilities within the system
  • Determined if security events monitored should be escalated to incidents and follow all applicable incident response and reporting processes and procedures
  • Prepared security Assessment & Authorization (SA&A) documentation including Risk Assessment (RA), Contingency Plan (CP), Privacy Impact Analysis (PIA), and other artifacts required for the ATO package
  • Supported the remediation actions to correct assessment findings and develop supporting plan of action and milestone (POA&M) reports and update System Security Plan
  • Conducted the IT risk assessment and documented the control, Conducted meetings with the IT client team to gather evidence, developed test plans, testing procedures and documented test results and exceptions
  • Reviewed POA&M, enforced timely remediation of audit issues, and updates system security plans(SSP) using NIST SP 800-18 guidelines
  • Used and applied knowledge of Security Assessment & Authorization (SA&A) policies, guidelines, and regulations in the assessment of IT systems and the documentation and preparation of related documents
  • Identified gaps, developed remediation plans, and presented final results to the IT Management team
  • Supported System Test and Evaluation (ST&E) efforts and other support to the IT Security Office

Confidential

Information Assurance/Security Specialist

Responsibilities:

  • Worked with project managers to ensure in corporation of security activities in all ongoing projects and to identify security impact of new releases
  • Updated systems security plans based on the National Institute of Standards and Technology (NIST) Special Publications and conducted an annual self-assessment
  • Completed risk assessments based on NIST standards to ensure IA design sufficiently mitigates IA risk and prepared risk assessment reports and provided recommendation to client
  • Developed and conducted security tests and evaluations based on NIST 800-53 Revision
  • Guide System Owners and Confidential through the Certification and Accreditation (C&A) process
  • Ensured that management, operational and technical controls for securing either sensitive Security Systems or IT Systems are in place and are followed according to federal guidelines (NIST SP 800-53)
  • Ensured that appropriate steps are taken to implement information security requirements for IT throughout their life cycle, from the requirement definition phase through disposal
  • Additional responsibilities included assurance of vulnerability mitigation, training on C&A tools
  • Performed vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle (SDLC)

Hire Now