SUMMARY:

Seeking a position within a company where my years of professional experience, education and abilities will be utilized to contribute to the growth and success of the company.

PROFESSIONAL EXPERIENCE:

Confidential

System Security Lead

Responsibilities:

• Reviewed FedRamp provisional package and support documents in effort to grant Authorization To Operate (ATO) to cloud service provider (CSP)
• Reviewed and updated Office of Inspector General Information Technology Computer Crime Investigative Network ( Confidential Net) System Security Plan (SSP)
• Modified controls from NIST 800 - 53 Rev 3 to rev 4 and documented them in the SSP
• Created/developed travel policy for Confidential devices during staff travel in high risk areas
• Created policy for external portable devices and media usage
• Researched and documented FISMA requirement for logging - windows server
• Reviews and update System Characterization Documents (SCD) for Confidential Information Technology Operations and Security Services (IT OPS) for:
• Local Area Network ( Confidential LAN),
• Education Investigative Technology System ( Confidential EDITS),
• Management Information System ( Confidential MIS) and
• Intranet
• Creates and conducts Monthly Status Report sessions for Confidential and IT OPS projects
• Conducts vulnerability scans with AppDetective Pro
• Reviews Foundstone vulnerability scan reports for LAN, EDITS, MIS and Intranet; Documented scan report for LAN, EDITS, MIS and Intranet in vulnerability remediation form for ticket generation
• Created rules of Behavior (ROB) for LAN, EDITS, MIS and Intranet
• Reviews and updates Information System Contingency Plan (ISCP) Configuration and Management Plan (CMP) for LAN, EDITS, MIS and Intranet
• Reviewed and Updated Privacy Impact Assessment (PIA) for LAN, EDITS, and MIS
• Updates Security Documentations for LAN, EDITS, MIS and Intranet and Uploaded them into Cyber Security Assessment Management (CSAM)
• Requests draft approval, Plan of Action & Milestone (POA&M) cancellation/approval from Independent verification and validation (IV&V) through CSAM
• Security Authorization Gap Analysis to remediate open POA&Ms
• Created Business Impact analysis (BIA) for LAN, EDITS, MIS and Intranet
• Coordinates with Stakeholders to remediate LAN, EDITS, MIS and Intranet POA&Ms
• Update Inventory for FISMA report submission in CSAM
• Manage and lead team members to achieve goal of Confidential and IT OPS project
• Prepares Balance score card for Projects managed

Confidential, Bowie, MD

Cyber Sec urity Analyst

Responsibilities:

• Directed, maintained, and implemented the necessary controls and procedures to protect information systems assets from intentional or inadvertent access modification, disclosure or destruction
• Coordinated the development of documents: Configuration management (CM), Contingency Plan (CP), Continuity of Operations (COOP), Disaster Recovery Plan (DR) and Incident Response Plan (IRP)
• Conducted systems risk assessment through risk analysis, assessed assets within system boundaries, and identified all possible vulnerabilities within the system
• Determined if security events monitored should be escalated to incidents and follow all applicable incident response and reporting processes and procedures
• Prepared security Assessment & Authorization (SA&A) documentation including Risk Assessment (RA), Contingency Plan (CP), Privacy Impact Analysis (PIA), and other artifacts required for the ATO package
• Supported the remediation actions to correct assessment findings and develop supporting plan of action and milestone (POA&M) reports and update System Security Plan
• Conducted the IT risk assessment and documented the control, Conducted meetings with the IT client team to gather evidence, developed test plans, testing procedures and documented test results and exceptions
• Reviewed POA&M, enforced timely remediation of audit issues, and updates system security plans(SSP) using NIST SP 800-18 guidelines
• Used and applied knowledge of Security Assessment & Authorization (SA&A) policies, guidelines, and regulations in the assessment of IT systems and the documentation and preparation of related documents
• Identified gaps, developed remediation plans, and presented final results to the IT Management team
• Supported System Test and Evaluation (ST&E) efforts and other support to the IT Security Office

Confidential

Information Assurance/Security Specialist

Responsibilities:

• Worked with project managers to ensure in corporation of security activities in all ongoing projects and to identify security impact of new releases
• Updated systems security plans based on the National Institute of Standards and Technology (NIST) Special Publications and conducted an annual self-assessment
• Completed risk assessments based on NIST standards to ensure IA design sufficiently mitigates IA risk and prepared risk assessment reports and provided recommendation to client
• Developed and conducted security tests and evaluations based on NIST 800-53 Revision
• Guide System Owners and Confidential through the Certification and Accreditation (C&A) process
• Ensured that management, operational and technical controls for securing either sensitive Security Systems or IT Systems are in place and are followed according to federal guidelines (NIST SP 800-53)
• Ensured that appropriate steps are taken to implement information security requirements for IT throughout their life cycle, from the requirement definition phase through disposal
• Additional responsibilities included assurance of vulnerability mitigation, training on C&A tools
• Performed vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle (SDLC)