TECHNICAL SKILLS:

FIPS 199, FIPS 200, Confidential 800 - 53 Rev4, Confidential 800-30, Confidential 800-37, Confidential 800-39, E-Authentication, Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), Risk Assessment (RA), SSP, ISCP, ST&E, SAR, Plans of Action and Milestones (POA&M), Authorization to Operate (ATO) Letter, MS Office, Visio, SharePoint, Access, PeopleSoft, Confidential Vulnerability Scanning Tool, WebInspect, Splunk, DbProtect

EXPERIENCE:

Information Security Analyst

Confidential, Rockville, MD

Responsibilities:

• Assist in Updating IT security policies, procedures and standards according to Confidential .
• Experience in cloud system assessments, primarily with AWS (Amazon Web Services) by utilizing FedRAMP and Confidential guidelines.
• Experience in executing Step 4 (Security Assessment) of the Confidential Risk Management Framework (RMF).
• Experience in developing and disseminating Security Assessment Plans.
• Experience in interpreting and evaluating implementations of Confidential 800-53 rev 4 security controls.
• Documenting findings within Requirements Traceability Matrixes (RTMs) and Security Assessment Reports (SARs).
• Experience reviewing and interpreting Confidential Vulnerability and Compliance scans, WebInspect scans, IBM Guardian, Burpsuite and DbProtect scans.
• Ability to execute Security Assessments and develop and deliver supporting documentation within aggressive timelines.
• Assessing systems of varying scope and complexity and comprise of various technologies.
• Perform vulnerability scanning with the support of Confidential scanning tool to detect potential risks on a single or multiple asset across the enterprise network.
• Perform risk assessments, review and update, Plans of Action and Milestones (POA&M), Security Control Assessments, and specific security documentation. (SA&A) Security Assessment and Authorization using Confidential SP 800-53 rev4/FIPS 200 (Security Controls), Confidential SP 800-53A rev4 (Assessing Security Controls).
• Monitor controls post authorization to ensure constant compliance with the security requirements.

Cyber Security Analyst

Confidential, McLean, VA

Responsibilities:

• Assisted with updating IT security policies, procedures and standards according to Confidential .
• Performed vulnerability scanning with the support of Confidential scanning tool to detect potential risks on a single or multiple asset across the enterprise network.
• Performed risk assessments, reviewed and updated, Plans of Action and Milestones (POA&M), Security Control Assessments, and specific security documentation. (SA&A) Security Assessment and Authorization using Confidential SP 800-53 rev4/FIPS 200 (Security Controls), Confidential SP 800-53A rev4 (Assessing Security Controls).
• Monitored controls post authorization to ensure constant compliance with the security requirement.
• Worked with client in safeguarding CUIs (Controlled Unclassified Information) by performing the necessary assessments which primarily deals with the 18 control families.
• Supported Cyber Security analyst in conducting Vulnerability Management, Security Engineering, Certification and Accreditation, and Computer Network Defense.
• Performed risk assessments, updated and reviewed System Security Plans (SSP) using Confidential 800-18 (Guide for Developing Security Plans for federal information systems) Plans of Action and Milestones (POA&M), Security Control Assessments, Configuration.

Cyber Security Analyst Intern

Confidential, Woodbridge, VA

Responsibilities:

• Assisted with policy writing and understanding of Confidential publication.
• Assisted in Updating IT security policies, procedures and standards according to Confidential .
• Worked with network security (network administrator policies and procedures, firewalls, etc.
• Assisted in technology management.
• Troubleshot hardware and software.
• Installed New Local and Network Printers and configurations.
• Proactively and reactively researched the root cause of and provided solutions or known work-around for Problems in the Enterprise environment.

SOC/IDS/IPS/Monitor

Confidential

Responsibilities:

• Responsible for monitoring and troubleshooting the electronic security systems (ESS).
• Supervised 4 Operators on each shift including myself.
• Monitored multiple accounts across agencies, and used open sources tools to determine potential threats for the network.
• Provided support to agency users. Used remedy to monitor and updated incoming/assign tickets.
• Responsible for working in a 24/7 Security Operation Center (SOC) environment.
• Utilized SNORT for packet logging and traffic analysis.
• Proficient with scanning tools such as Confidential, DBProtect, and WebInspect.
• Surveillance cameras stay alert and focus, coordinated and managed electronic security equipment.
• Worked various types of communication and electronic data processing equipment.
• Received and transmitted routine and emergency call in the Security Operations Center, administer routine and emergency call assignments and operations.
• Provided arm and uniform security, force protection, and law enforcement functions.
• Provided analysis and trending of security log data from a large number of heterogeneous security devices.
• Provided Incident Response (IR) support when analysis confirms actionable incident.
• Provided threat and vulnerability analysis as well as security advisory services.
• Analyzed and responded to previously undisclose software and hardware vulnerabilities.
• Investigated, documented, and reported on information security issues and emerging trends.
• Integrated and shared information with other analysts and other teams.