SUMMARY:

• Cyber Security expert with focus on FISMA, System security evaluation, validation, monitoring, Governance, Risk & Compliance.
• Penetration testing tools experience e.g burp suite,core;zap,and owasp Top 10.
• Accomplished Security Analyst/assessor with over 6 years professional record of successfully assessing information security risks and coordinating remediation efforts.
• I'm looking to use my skills and expertise to help achieve Enterprise - wide information risk goals and objectives.

PROFESSIONAL EXPERIENCE:

Cyber Security Analyst

Confidential, Washington, DC

Responsibilities:

• Work with Confidential team of Information System Owners, Developers and System Engineers to select and Implement tailored security controls in safeguarding system information.
• Provide Assessment, Authorization and Information Assurance support to include security test and evaluation (ST&E), security control assessment, vulnerability scanning, vulnerability assessment, POA&M management, IT security policies and procedure developments.
• Facilitate the development and maintenance of the Plan of Action and Milestones via CSAM (Cyber Security Assessment & Management), and supported remediation activities.
• Reviewed, updated and developed required security documentation including but not limited to System Security Plans (SSPs), Contingency Plans (CP), Plan of Action and Milestones (POA&Ms), Security Assessment Reports (SAR).
• Perform Security Categorization (FIPS 199), conduct assessment and review Privacy Threshold Analysis (PTA), E-Authentication, Contingency Plan and Testing, Incident Response, SORN, for compliance and completeness.
• Collaborate with the ISSO to draft and manage POA&M for authorized systems with appropriate remediation suspense dates and track findings until closure.
• Experience managing extended ATO's due to exceptions and waivers ignited by open POA&M's.
• Evaluating and/or creating System Security Plans (SSP), Contingency Disaster Recover Plans (CDRP), Risk Assessment Reports (RAR), Security Assessment Reports (SAR) and Executive Summaries.
• Experience developing and updating system categorization levels using FIPS 199/NIST, selecting the controls using Confidential /FIPS 200, implementing controls and developing SSP and other key deliverable documents.
• Document and Review security plans (SP), contingency plans (CP), contingency plan tests (CPT), privacy impact assessments (PIA), and risk assessment (RA) documents per Confidential 800 guidelines for various government agencies.
• Review system vulnerability scans and audit logs and work with system administrators to remediate findings and document non-remediated findings in the POA&M.
• Drafted, finalized, and submitted Privacy Threshold Assessments (PTA)s, Privacy Impact Analyses (PIAs), E-Authentication Assessments, System of Record Notices (SORNs).
• Carried continuous monitoring after authorization to operate(ATO) to ensure continuous compliance with the security requirements.
• Put together Authorization Packages (SSP, POA&M and SAR) for Information systems to the Authorization Officer.
• Analyzed and updated System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M).
• Served on Confidential team of information security professionals in the development of security policies, procedures, and security assessment and authorization ( Confidential & Confidential ) packages using Confidential 800 series SP for FISMA compliance

Security Control Assessor

Confidential, Virginia

Responsibilities:

• Scheduled kick off meetings with system owners to help identify assessment scope, system boundary, the information system's category and attain any artifacts needed in conducting the assessment.
• Develop Security Assessment Plans (SAPs) and perform assessment per Confidential SP Confidential .
• Interviews System Administrators to assist in generating custom reports and/or artifacts in support of the Confidential & Confidential process.
• Hold kick-off meeting with system owner, ISSO and other stakeholders to discuss assessment activities
• Perform vulnerability assessment of information systems to detect deficiencies and validate compliance using management tracking tool. (CSAM)
• Perform comprehensive Security Control Assessment (SCA) and prepare Confidential report on management, operational, technical, and privacy security controls for audited applications and information systems.
• Conduct kick-off meetings with system owner, ISSO, and other stakeholders to gather security control documentation and artifacts about the applicable security control.
• Conduct Security Test and Evaluation (ST&E) assessment and populate Requirement Traceability Matrix (RTM) based on Confidential SP Confidential .
• Conduct assessment of security control selections on various Moderate impact level systems to ensure compliance with the Confidential SP Confidential
• Conduct assessment per Confidential SP Confidential and document findings and remediation actions in the POA&M.
• Participate in weekly meetings to discuss the status of the assessment process.
• Developed Security Assessment Plan (SAP) to initiate Security Assessment for low, moderate and high control information systems.
• Conducted kick off meetings with assessment stakeholders to discuss the assessment scope, timelines as well as roles and responsibilities of involved parties.
• Undertook IT Control risk assessment to identify system threats, vulnerabilities and risk, and generate reports.