SUMMARY:

Insightful, result - driven Information System Security Professional, with IT initiatives, knowledgeable in Risk Management Framework (RMF), System Development Life Cycle (SDLC), security life cycle and vulnerability management using FISMA, and applicable NIST standards.

FUNCTIONAL AREAS OF EXPERTISE INCLUDES:

• Information System Security
• Risk Management Framework
• Security Control Assessment
• Vulnerability Assessment Analysis
• Information Assurance
• Project Management and Support
• System Risk Assessment
• Vulnerability Scan Analysis and Remediation Recommendations.
• System Development Life Cycle
• Security Control Implementation
• NIST- SSP, SAR, RAR, SRTM and POA&M
• Linux-SQL and Software testing
• User Administration and Role Based Access Control
• Windows Networking and Patch Management

SKILLS AND COMPETENCIES:

• Broad knowledge of Microsoft Windows and LINUX platforms.
• Vast knowledge in all aspects of Security Authorization and Continuous Monitoring process using National Institute of Standard Publications 800-30, 800-37 Rev 1, 800-60, 800-53 Rev- 3 & 4, FIPS 199 FIPS 200, OMB A-130 App. III.
• Good knowledge of Federal Information Processing Standards (FIPS) 199 System Categorization, System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), Risk Assessment (Impact Analysis), Continuous Monitoring and the Plan of Action & Milestone (POAM).
• Broad knowledge of Information Security Risk Assessments, Implementation of Controls, Security Infrastructures and the entire Risk Management Framework.
• Proficient in the use of Vulnerability Scanning tools such as (Retina Web Security Scanner, Retina Network Security Scanner, DBProtect, Tenable Nessus) and analyzes security reports for security vulnerabilities.
• Proficient in working with Protocols such as TCP/IP, HTTP and LAN/WAN.
• Active Directory and Exchange User Management expert.
• Microsoft Office expert (MS Word, MS Excel, Outlook and PowerPoint) with excellent communication and writing skills.

WORK EXPERIENCE:

C&A Analyst

Confidential, VA

Responsibilities:

• Participating in the various activities for Certification and Accreditation of the United States’ Coast Guard Information Systems.
• Working with the ISSM and the SCA to uphold and maintain the best security posture of the Coast Guard systems.
• Actively involved in the Assessment and Audit of systems for Confidential and Re- Confidential .
• Performing Risk Assessment and vulnerability assessment.
• Performing System Self-Assessment review and validation.
• Reviewing Systems’ Plans and various systems’ documentations.
• Involved in the preparation of the Executive Summary, AO Memo, and SCA Recommendation on systems’ Confidential decision.

Information System Security Officer

Confidential, VA

Responsibilities:

• Working alongside System Owners, ISSMs, and a team of system Engineers to uphold the best information security practices for Confidential Systems.
• Supporting System owners on various system security activities and documentations including the creation of POA&Ms to track security risks, vulnerabilities and remediation actions, drafting of risk acceptance memos, and waivers.
• Responsible for the preparation of systems and systems’ documentation and artifacts in preparation for the annual system assessment.
• Responsible for the monthly testing of the due security controls in support of the Ongoing Authorization of the system.
• Responsible for system scan request and system scan result analysis to support various projects, remediation efforts and to support the systems’ quarterly scan.
• Maintenance, review and updating of the SSP, and the various system documentations.

Information Security Analyst

Confidential, VA

Responsibilities:

• Working alongside system Technical Leads to maintain and uphold best information security practices for Confidential systems.
• Responsible for the maintenance, review and updating of the SSP, and assessment documents ( SAR, RAR, SRTM, CSAM)
• Collaborating with the technical Leads to prepare the system for assessment, and collection of the artifacts to support Confidential annual system security assessment.
• Responsible for the review of the artifacts used to support system security assessment.
• Participating in the conduction of risk assessment and analysis.
• Responsible for system scan request and system scan result analysis to support various Confidential projects, and to support the quarterly scan.
• Developing and reviewing of Confidential system Security Impact Analysis (SIA) and documentation support changes to the Confidential systems.
• Supporting System owners on various system security activities and documentations including the creation of POA&Ms to track security risks, vulnerabilities and remediation actions, drafting of risk acceptance memos, and POA&M extension request.

Information Security Officer

Confidential

Responsibilities:

• Responsible for conducting security assessment reviews, interviews, and test to determine the Security posture of the System and to develop a Security Assessment Report (SAR) in the completion of the Security Test and Evaluation (ST&E) questionnaire using NIST SP 800-53A required to maintain company Authorization To Operate ( Confidential ), the Risk Assessment, System Security Plans (SSP), and System Categorization.
• Performing information security risk assessments and assist with the internal auditing of information security processes. Assessed threats, risks, and vulnerabilities from emerging security issues and also identified mitigation requirements.
• Conducting security scan on systems using vulnerability scanning tools; Tenable Nessus, and Analyzing the security reports for security vulnerabilities in accordance with the organization continuous monitoring plan and NIST SP 800-137.
• Providing recommendations in findings with selection and implementation of controls that apply security protections to systems, processes, and information resources using the NIST family of security controls.
• Working with the Support and Security coordination team to ensure compliance with security processes and controls.
• Responsible for developing Security Authorization documents and also ensures System Security Plan, Security Assessment Plan, Plan of Action and Milestones (POA&M), Contingency Planning and artifacts are maintained and updated in accordance with NIST guidelines.
• Validating remediated vulnerabilities.