SUMMARY:

• 7+ years of experience in IT Security positions within Federal organizations, leading and managing network security, vulnerability management.
• Proficient in Security Assessment and Authorization process from initiation to continuous monitoring.
• Skilled in the development of security plans (SP), Contingency Plans, Disaster Recovery Plans, Incident Response Plans/Training, Configuration Management Plans, System Security Checklists, Privacy Impact Assessments, POA&M, Authority to Operate (ATO) letters, FISMA Reports, Standard Operating Procedures (SOP)
• Possesses in - depth ability performing information security risk assessments and analysis, risk mitigation in large-scale networked application environments.
• Performed risk analysis, assessment testing and analysis utilizing tools such as Nessus and others to support the testing process.
• Testing and Assessing Network Infrastructures, Data Warehouses, Web Applications, Oracle Databases, Application Servers, Windows and Unix/Linux systems, Penetrating testing, PCI (DSS), Security Test & Evaluation, Security Training, VM ware, Mainframe- RACF, TAF, IDEA, CSAM, XACTA IA Manager, eMASS, NESSUS, Microsoft SharePoint, Confidential Review and system configuration.
• Possesses excellent analytical/strong initiative and qualifications required to excel and succeed.
• Continuously upgrading and readily prepared to take on new challenges, absorb and easily adapt to any emerging technology.

EXPERIENCE:

Confidential

Information Assurance/Alternate Information System Security Officer

Responsibilities:

• Assist in the development of System Security Accreditation Agreement (SSAA) documentation in accordance with the Confidential guidelines
• Review and apply Command Cybersecurity policies, Information Assurance policies
• Familiar with Risk Management Framework (RMF), ACAS and eMASS
• Develop supporting documentation for Interim Authority to Connect (IATC), Interim Authority to Operate (IATO), and Authority to Operate (ATO)
• Facilitate security and site surveys
• Member of the configuration control board evaluates the security impact of purpose system change to verify compatibility with current IA policy and standard.
• Certification Testing & Evaluation (CT& Confidential ) and operational Security Testing & Evaluation ( Confidential & Confidential )
• Respond to FISMA and IA data calls and perform task as directed by the Government lead
• Senior IA Specialist or system owner leading to the assurance that the IA requirements are met
• Liaison with various Government agencies and contractors to process C&A documentation for final approval and Independent Verification and Verification (IV&V) of technical documentation
• Ensure that all monitored systems comply with the DoD Gold disk, STIGs, IAVA, IAVB, IAV-TA, Security Control procedures in addition to FISMA requirements
• Report on all security, IA, and C&A compliance requirements

Confidential

Information Assurance Analyst

Responsibilities:

• Conducting the following annual information assurance security requirements and completing documentation for new/existing OBO Major Applications and General Support Systems (A&A) leading to successful ATOs.
• Implement Confidential guidance that is pertinent to Risk Management Framework
• Responsible for conducting interviews with application and system developers to document system operation
• Assist application and system developers with documenting control implementation
• Conduct Plan of Action and Milestone review
• Ensure Implementation of System Technical Implementation Guide ( Confidential ) and Security Readiness Review.
• Conduct and coordinate annual control assessments and contingency plan test
• Mentors team members in establishment, evaluation, and reporting upon risks and controls in the IT and business environments.

Confidential

Information Security Analyst

Responsibilities:

• Responsible for all phases of C&A to ensure compliance and provide guidance on IT Security requirements to assigned stakeholders.
• Assist in developing and executing the agency Certification & Accreditation
• Assist in developing unified guidelines and procedures for conducting certifications and/or system-level evaluations of federal information systems and networks including the critical infrastructure
• Advise the Government on new standards and make recommendations on new IT Security technologies to improve efficiencies.
• Conduct C&A Kick-off Meetings; Prepare the Security Test & Evaluation ( Confidential & Confidential ) Plan; Conduct the Confidential & Confidential Kick-off Meeting; Conduct the Confidential & Confidential Execution via document examination, interviews and manual assessments; Analyze automated scan results; Conduct Step 4, Self-Assessment of the RMF; Populate the Requirements Traceable Matric (RTM) with results of Confidential & Confidential ; Perform Risk Analysis; Create a Security Accreditation Report (SAR); Create a Plan of Action and Milestones (POA&M); Conduct Confidential & Confidential Findings Meeting with the System Owner, ISSO and other system personnel as required.
• Risk Management Framework that is the 6 step of RMF, Confidential 800-37 steps in the security Assessment and Authorization (A&A) document from Categorize information system to follow-up Monitoring Security Control
• Communicate with ISSO on continuous monitoring activities related to Plan of Action and Milestone closures, waivers and exceptions;
• Coordinate courtesy scans with ISSOs and Security Engineers as requested by assigned systems;
• Advise new system development teams on Security Policies and Technical Standards;
• Track security activities of assigned systems and brief senior leadership on said activities;
• Attend Security Training as requested by senior leadership;
• Advise ISSOs on successful completion of System Security Plans, Contingency Plans, FIPS 199 and Confidential -Authentication Workbooks.
• Responsible for ensuring assigned systems are decommissioned according to Media Sensitization
• System Technical Implementation Guide ( Confidential ) requirement are maintained

Confidential

Risk Management Analyst

Responsibilities:

• Develop guidance, processes, and procedures for the secure configuration and management of IT-enabled medical devices throughout the SDLC.
• Coordinate with VA's MDPP Working Group, which is comprised of client subject matter experts and stakeholders, to address medical device security issues.
• Serve as an author for deliverables - primarily policy and procedure documentation - but also bulletins, process flows, roles and responsibilities, and presentations. Using technical knowledge, provide input to other MDPP work products such as checklists, bulletins, and guidance documents.
• Assist in the development of presentations for training VA personnel on new guidance
• Perform guidance for the communication on medical device security needs, risks and controls
• Conduct Risk Assessments in according to Confidential SP 800-30

Confidential

IT Security Analyst

Responsibilities:

• Conduct meetings with the IT team to gather documentation and evidence about their control environment.
• Perform Security Categorization (FIPS 199), Privacy Threshold Analysis (PTA), Confidential -Authentication with business owners and selected stakeholders.
• Develop and conduct Confidential & Confidential (Security Test and Evaluation) according to Confidential SP 800-53A.
• Apply current computer science technologies and Information Assurance (IA) requirements to the analysis, design, development, evaluation, and integration of computer/communication systems and networks to maintain an acceptable system security posture throughout the lifecycle of multiple national level mission system.
• Develop, maintain, and communicate a consolidated risk management activities and deliverables calendar.
• Work with business process owners to ensure timely identification and remediation of jointly owned risk related issues and action plans.
• Perform comprehensive Security Control Assessment (SCA) and prepare report on management, operational and technical security controls for audited applications and information systems.
• Review audit logs and provide documentation guidelines to business process owners and management

Confidential

IT Security Analyst

Responsibilities:

• Conducted FISMA-based security risk assessments for various government contracting organizations and application systems - including interviews, tests and inspections; produced assessment reports and recommendations; conducted out-briefings.
• Documented and reviewed System Security Plan (SSP), Security Assessment Report (SAR), Security Plan of Action and Milestones (POA&M), Authorization letter/memorandum (ATO).
• Assisted with review of policy, security alerts, guidance, regulations and technical advances in IT Security Management
• Utilized processes within the Security Assessment and Authorization environment such as system security categorization, development of security and contingency plans, security testing and evaluation, system accreditation and continuous monitoring.
• Contributed to initiating FISMA metrics such as Annual Testing, POA&M Management, and Program Management.
• Communicated effectively through written and verbal means to co-workers, subordinates and senior leadership.