We provide IT Staff Augmentation Services!

Sr. Information Assurance Analyst Resume

Rockville, MD

SUMMARY:

To utilize and enhance my skills, secure full time employment. I am a Subject Matter Expert on the FISMA Risk Management Framework and NIST ( 800 - 53), ISO 27000, FISMA,FIPS 199, DIACAP, HIPAA, SOX and PCI standards..

TECHNICAL SKILLS:

Security Tools: CSAM, Agiliance, Retina, McAfee EPO, Solarwinds, Patch Manager, Lumension, McAfee Foundstone, Tripwire, Websense, McAfee DLP, McAfee IDS, Appdetectve, Fortify, Webinspect

EMPLOYMENT EXPERIENCE:

Confidential, Rockville, MD

Sr. Information Assurance Analyst

Responsibilities:

  • Lead and support security control assessments based on Confidential SP 800-53 Rev 4.
  • Create documentation for control assessment such as Confidential, Confidential Plan, Confidential Report and debrief documentation.
  • Analyze results from vulnerability scanning tools such as Nesses, Webinspect and App detective.
  • Interface with clients related to the overall security control assessment program and all security control assessment activities. Which includes but not limited to:
  • Review Contigency Plans
  • Review SDLC Policies
  • Review Incident response plans
  • Review Configuration Management Plans
  • Review System Security Plans
  • Review Security Impact Analysis
  • Review Risk Assessments
  • Review evidence for assessment and help create POAMs for assessments.

Confidential, Arlington, VA

Sr. Information Assurance Analyst

Responsibilities:

  • Analyze application, database and operating system, scans and map findings to controls for POAM creation.
  • Manage a Cyber Security program for a large scale government network.
  • Develop, implement and/or review policies and procedures as required by various security controls.
  • Conduct periodic reviews to ensure compliance with established policies and procedures ensuring all software, hardware and firmware changes recorded as required by established configuration management procedures.
  • Participate in the configuration management process by reviewing changes for security impacts to the systems and participating in the Change Review Board process.
  • Ensure systems are operated, maintained and disposed of in accordance with applicable governing policies and procedures.
  • Perform IS security briefings, report all security incidents to the ISSM, and investigate, document and report, as well as provide protective and corrective measures in response to such incidents.
  • Coordinate and participate in special projects concerning information security, including testing and implementation of security software enhancements.
  • Develop, facilitate, and present information security awareness and security training on various customer and corporate security policies.
  • Serve as the company Information System Security Officer for a number of government accredited systems.
  • Maintain a broad knowledge of technology, equipment and/or systems to include the configuration, maintenance of firewalls, various operating systems, and phone switches
  • Support and maintain the physical security standards for Sensitive Compartmented Information.
  • Provide system administrator support when needed.
  • Interface with appropriate government agencies, company management and employees, customers, third party vendors, and suppliers to ensure understanding of and compliance with security requirements.

Confidential, Arlington, VA

Sr. Information Assurance Analyst

Responsibilities:

  • Executing and evaluating Third Party controls assessments and evidence for controls gaps and assisting with the documentation of any required remediation plans
  • Assisting with the design and implementation of effective continuous testing and reporting processes and tools for infrastructure controls
  • Assisting with the continuous improvement of the IT - Third Party Oversight Controls Assessment process and documentation
  • Assist vendors with scanning applications, databases and applications as needed,
  • Assist vendors with patch management solutions where needed.
  • Assist vendors with vulnerability management and remediation techniques as needed,
  • Collaborate closely with Third Party Oversight to provide Information Security Risk Assessment support for security assessments of E* Confidential vendors
  • Complete security risk assessments, determine mitigating controls, document identified security risks, and track the corrective action through Management Action Plans (MAPs) as required.
  • Execution of Third Party Control Reviews including onsite reviews, WebEx and phone.
  • Collaborate closely with Business owners to define action plans to track gaps/needs across the technology organization specific to Third Party controls.
  • Participate in meetings with IT managers and staff to understand E* Confidential ’s Third Party controls including management of processes and tools.
  • Understand areas to improve risk management posture and recommend corrective actions and new standards.
  • Refine process documentation to align with Regulatory requirements and best practices as noted through organizations such as BITS, ISO, and COBIT
  • Provide reporting and metrics that ensure the quality of the program’s services are meeting business objectives
  • Foresees organizational impacts and understands the procedures associated with introducing new technologies and processes
  • Coordinate \ participate as Subject Matter Expert for assigned onsite review activities for ensuring Information Security controls are being properly met and documented.
  • Coordinate \ participate as Subject Matter Expert for assigned onsite review activities for ensuring Information Security controls are being properly met and documented.

Confidential

IT Security Engineer

Responsibilities:

  • Review and provide guidance on software development life cycle (SDLC) documents for the Customer programs and provide development support for this documentation as needed.
  • Review server and workstation scans and provide direction for remediation.
  • Cloud Computing Security
  • Implement Security Awareness Training program.
  • Provide security oversight to old and new projects.
  • Provide assistance as needed to support annual audits of Customer systems and programs, including drafting responses to audit reports.
  • Update Incident Response forms, Track PII incidents, update the incident database, review and revise draft Personally Identifiable Information (PII) Breach Notification Packages.

Confidential, Falls Church, VA

Information System Security Engineer

Responsibilities:

  • Served as Confidential on ATO efforts, Risk assessments, Annual Review’s and Self assessments.
  • Run scan on Confidential web applications using Webinspect.
  • Run scan on databases using Appdetective.
  • Run cans on Confidential systems using HP Fortify.
  • Run manual checks against government systems using Confidential Application Security and Development checklist (8500). .
  • Run Retina scans on IT systems and respond to IAVA compliance issues.
  • Served as advisor on CIRT team.
  • Serve as an advisor on Information Assurance matters.
  • Run scans on IT systems and report vulnerabilities.
  • Ensure DHSS Information Assurance program requirements are properly implemented.
  • Assist in the development of accreditation packages Continuously review all System Security Accreditation Plans and complete re-accreditation actions as required.
  • Ensure that proposed system changes are reviewed, and that changes, enhancements, or modifications implemented do not adversely impact system security features.
  • Change Control advisor. that all Information System users of assigned systems are monitored to verify compliance with established security policies and procedures.
  • Investigate and report actual or suspected Information System Security incidents, events or violations.
  • Review system user practices and procedures for possible vulnerabilities that may pose a threat to system security.
  • Ensure compliance with proper media/equipment control, handling, labeling, and disposition procedures.

Confidential, Washington, DC

Security/Privacy & Compliance Engineer

Responsibilities:

  • Scan systems for vulnerabilities and recommend remediations.
  • Manage firewall configuration.
  • Provide technical expertise to clients, management and staff.
  • Work with System owners to remediate POAM’s.
  • Administrator for content filtering software.
  • Manage Confidential solution.
  • Create internet usage reports.
  • Assist with HIPAA and PCI audits to make sure PHI and PII is secure in transit and at rest..
  • Counsel employees on privacy and Security.
  • Investigated Change Control request.
  • Created SOP’s.
  • Revised outdated IT policies.
  • Assist with Security Awareness Training.
  • Monitor IDS traffic for security threats.
  • Discovers and mitigates security vulnerabilities.
  • Respond immediately to any type of threats to determine the risk and set priority for resolution.
  • Works with various IT office and departments to provide security expertise and guidance.
  • Enforce patch management of production & test servers on WMATA network.
  • Assist with enforcement of compliance for Security Awareness Training.
  • Support incident response program.
  • Respond to day to day operational issues.
  • Participates in other program related activities.

Confidential, Bowie, MD

Security Engineer/Privacy and Compliance Officer

Responsibilities:

  • Identifying and/or providing technical analysis of security requirements necessary for the protection of all information processed, transmitted and at rest.
  • Scan systems and recommend remediation’s for vulnerabilities.
  • Manage Confidential Solution.
  • Perform physical security vulnerability and risk assessments as it relates to physical HIPAA compliance ie protecting PHI and PII for 6 locations across the United States.
  • Perform Network scans and recommend remediation to network team.
  • Consult with network team for server hardening for HIPAA compliance and protecting PHI and PII in transit and at rest.
  • Responsible for server and workstation baseline configurations in accordance with HIPAA compliance regulations as it pertains to protecting PHI and PII..
  • Responsible securing PHI in accordance with HIPAA and PCI regulations.
  • Assist in PHI audits as it relates to compliance with HIPAA and PCI regulations.
  • Monitor network changes using Tripwire network monitoring tool.
  • Create reports for internet usage for management staff using WebSense content filtering.
  • Created incident response plan and incident response team.
  • Functioning as a liaison between the corporation and security system and application vendors.
  • Designing, maintaining, delivering and enhancing security awareness and training throughout the business.
  • Providing advice and assistance on the interpretation of security requirements.
  • Conduct/lead corporate investigations for missing or stolen assets.
  • Monitor IDS traffic.
  • Create technical and physical incident reports for HIPAA compliance violations.

Confidential, Washington, DC

Information Assurance Analyst

Responsibilities:

  • Part of a 3 person team that implemented Confidential ’s continuous monitoring program. That process includes: 1) The development of a strategy to regularly evaluate selected IA controls/metrics, 2) Recording and evaluating IA relevant events and the effectiveness of the enterprise in dealing with those events, 3) Recording changes to IA controls, or changes that affect IA risks, and 4) Publishing the current security status to enable information sharing decisions involving the enterprise.
  • Work with system owners to remediate POAM’s.
  • Security control assessments. testing and/or evaluation of the management, operational, and technical security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system or enterprise
  • Change control board. Committee that makes decisions regarding whether or not proposed changes to the network should be implemented.
  • Security Awareness Trainer. Making sure users understand that there is the potential for some people or organizations to deliberately or accidentally steal, damage, or misuse the data that is stored within a company's computer systems and throughout its organization.
  • Interact with Confidential personnel on a daily basis in developing security policies, supporting its Certification and Accreditation (C&A) efforts using Confidential publications 800-53, 800-37, responding to computer security incidents, and troubleshooting and resolving any IA related problems.
  • Track and report compliance status and associated deviation documentation per reporting guidelines as needed.
  • Ensure information assurance requirements are implemented, documented, and verified on servers.
  • Create and Maintain diagram of all network devices for enterprise using Microsoft Visio.
  • Track and remediate network incidents.

Confidential, St Alexandria, VA

Network/System/Security Engineer

Responsibilities:

  • Made sure all systems met baseline standards to meet Confidential 800-53A requirements for FISMA.
  • Provide day-to-day security maintenance and on-going security auditing.
  • Served as Asset Manager for all network devices.
  • Create and maintain documentation as it relates to network configuration and security policies.
  • Explore, test and implement new technologies.
  • Manage Confidential solution.
  • Active Directory admin.
  • Served as backup helpdesk manager.
  • Tier III Help Desk Tech
  • Develop and implement security policies and procedures
  • Install, configure, and manage IPS system (Active Scout).
  • Create Ghost Images for servers and desktops.
  • Manage various small to mid IT projects.
  • Build and manage production servers.
  • Create and manage FTP servers and accounts (Globalscape).
  • Scan network for vulnerabilities and create reports (Tenable Nessus SC3)
  • Manage patch software and deployment of necessary patches ( Patchlink).
  • Build and manage ticketing system BMC Remedy, Service Desk Express
  • Create incident reports using BMC Remedy Service Desk Express (Crystal Reports.).
  • Manage Change Control module of BMC Service desk Express.
  • Developed and managed content filter proxy server (Smartfilter)
  • Generated internet usage reports (Smart Reporter).
  • Managed Malware Software (pest patrol).
  • Ensure all machines on network had current virus signatures (Symantec 10.02).

Dell Service Provider

Confidential, Tewksberry, MA

Responsibilities:

  • Troubleshoot and replace Dell hardware (Laptops, Printers, Desktops and Server)components.
  • Test hardware for functionality.
  • Load software (Win2K, AD, Dell Open Server Mgmt, rebuild servers) to replace hardware.
  • Configure hardware for Dell Servers.
  • Provide Customer Service Training to entry level technicians.
  • Manage 10 technicians during installation and troubleshooting of Dell systems.
  • Load and configure applications.
  • Perform manual data migration.
  • Install peripherals ( Confidential ’s, scanners, printers, etc.)

Hire Now