SUMMARY:

Security Assessment & Authorization professional skilled in assembling security authorization package using Confidential ( Confidential ) Special Publications 800 - 53 Rev-4, 800-53A, 800-60, 800-30, 800-37, FIPS 199, FIPS 200. Proficient in the preparation and updating of System Security Plan (SSP), Security Assessment Plan (SAP), Plan of Action & Milestone (POA&M) and Security Assessment Report (SAR) and other Authorization To Operate package

SKILLS:

• COTS Approved Products List Integrated Tracking System (APLITS)
• Systems Design Risk analysis, design, Quantitative/ Qualitative analysis &
• Tools: eMass/ CSAM/ Service Now/ Remedy/ Xacta /
• Operating Systems Windows, Linux
• Web Technologies IE, Mozilla Firefox, O365
• Security Confidential ( Confidential ) Special Publications 800-53 Rev-4, 800-53A, 800-60, 800-30, 800-37, FIPS 199, FIPS 200. Proficient in the preparation and updating of System Security Plan (SSP), Security Assessment Plan (SAP), Plan of Action & Milestone (POA&M) and Security Assessment Report (SAR), eMass/ CSAM/ ServiceNow, NESSUS Tenable (Security Center) / Tripwire / iPOST Vulnerability scanners

PROFESSIONAL EXPERIENCE:

Confidential

Sr. Cyber Security Analyst

Responsibilities:

• Lead large/complex security assessments of customer systems, services, and programs
• Support and interact with customers, at the highest levels, as well as providing oversight to less experienced staff
• Analyze customer processes and configurations to verify that previously identified flaws have been corrected, and document the results
• Develop approaches for industry-specific threat analyses, application-specific penetration tests, and the generation of vulnerability reports
• Develop detailed remediation reports and recommendations for compliance and security improvements across industries based on changing threats
• Develop and update a consistent approach to information security programs and adherence with best practices
• Articulate requirements and other information in written documentation and effectively communicate technical and non-technical concepts to a variety of audiences
• Demonstrated strong organizational and time-management skills: multitasking, working individually and with a team, having a positive attitude, being self-motivated and reliable, being trustworthy, having strong interpersonal and diplomatic skills, and being able to handle stress in a professional manner

Confidential

Information Security Analyst - Functional Area Manager

Responsibilities:

• Ensure program has an Information Assurance (IA) strategy that is consistent with Confidential policies, standards, and architectures
• Ensure business process or mission function supported by the proposed acquisition has been designed for optimum effectiveness and efficiency
• Ensure Analysis of Alternative (AoA) has been conducted
• Ensure economic analysis and life cycle cost estimates are provided
• Determine if any private sector or other government source can better support the function
• Ensure Acquisition performance measures are clearly established and provide accountability for program progress
• Provide disposition recommendation for all non-weapon systems IT procurement
• Conduct an annual review and assess performance of the IT program
• Coordinate the analysis and evaluation of systems, applications, databases, and networks to optimize performance
• Conduct daily login into Confidential to evaluate the accuracy of posted document for a given program
• Review registered IT programs accounts in Confidential for Compliance
• Evaluate IT programs for vulnerability to the network
• Analyze IT accounts to ensure they are properly registered in Confidential
• Work with Functional Area Manager ( Confidential ) to provide guidance and oversight on data requirements throughout the project lifecycle
• Coordinate with Program Managers to share the analysis and evaluation of a given program
• Analyze and evaluate complex data processing systems, both current and proposed, translating business area customer information system requirements into detailed system/program requirements.
• Perform and/or direct project planning, scope, control, management, tracking, or review
• Ensure compliance with and/or develop the standards and organization requirements relative to specific assignment

Confidential, Ft. Detrick, MD

IA Analyst

Responsibilities:

• Provided input and drafted cyber security documentation and carry out activities leading to security certification or accreditation of medical equipment information systems and devices.
• Obtained information regarding medical device security from medical device manufacturers.
• Evaluated medical technology cyber security readiness and assist with protecting Confidential / Confidential information resources and assets from attack and/or compromise.
• Assisted with selecting the security control baseline for medical technologies.
• Assisted with entering and maintaining medical technologies within the Enterprise Mission Assurance Support Service (eMASS).
• Assembled cyber security documentation and/or packages for medical devices and submit them for consideration and approval.
• Kept abreast of Confidential and Confidential IT and cyber security policy changes and how they affect medical technology procurement and deployment.

Confidential, Silver Spring, MD

Information Security Analyst

Responsibilities:

• Reviewed and updated remediation on (POAMs), in organization's Cyber Security Assessment and Management (CSAM) system.
• Worked with system administrators to resolve POAMs, gathered artifacts and created mitigation memos, residual risk memos, and corrective action plans to assist in the closure of the POA&M
• Managed vulnerabilities with the aid of Retina and Nessus vulnerability Scanners to detect potential risks on a single or multiple assets across the enterprise network
• Performed configuration management reviews
• Ensured implementation of appropriate security control for Information System based on Confidential Special Publication 800-53 rev 4, FIPS 200, and System Categorization using Confidential 800-60, and FIPS 199.
• Applied appropriate information security control for Federal Information System based on Confidential 800-37 rev1, SP 800-53 rev4, FIPS 199 and FIPS 200.