PROFESSIONAL SUMMARY:

• I am an Information Security Analyst with over 7years experience in Cybersecurity and over 10years experience delivering a full range of IT services to government and commercial clients and all phases of project and engagement management.
• I have experience in performing Security Assessment & Authorization (A&A) and Routine support of IT Security Program to ensure Security objectives of Confidentiality, Integrity and Availability of information and information systems.
• With my years of Security Control Testing and consulting experience, I have knowledge and experience in assessing Information Systems such as Microsoft Windows, Microsoft SQL Server, Salesforce, SAP, PeopleSoft, etc.
• I am a strong team player with problem solving and strategic thinking skills. In addition to my IT security skills, I also have experience in Administering Microsoft SQL Server 2008/2012/2014 Databases.

KEY SKILLS:

FISMA, FISCAM, NIST SP 800: 53 Revision 3 & 4, NIST SP 800 - Series, COBIT, SSAE 16/SAS 70, A-123 Assessment, Use of Nessus as a Vulnerability Scan tool, MS Office applications (Excel, Word, Power Point), Windows Server R2 administration

PROFESSIONAL EXPERIENCE:

Information Security Analyst

Confidential, Laurel, MD

Responsibilities:

• Performed Security Assessments on different clients to determine if controls were implemented correctly, operating as normal and meeting desired objectives.
• Assisted in defining, implementing, and maintaining information security policies, standards and procedures.
• Performed vulnerabilities scans for Databases, Network, and Web Applications for different clients using Tenable Nessus and performed remediation.
• Implement appropriate security controls to mitigate threats, risks and vulnerabilities in the system.
• Gather data to complete Security Test & Evaluation ( Confidential & Confidential ) required managing risks and threats in systems.
• Provide expert analysis and advice on systems and programs related to IT Security problems and provide recommendations.
• Conduct audits of network configuration to ensure compliance in Organization regulatory standards.
• Develop policy and procedural controls relating to Management, Operational and Technical Controls.
• Manage IT Projects throughout the System Development Life cycle (SDLC)
• Applying Industry standards like; ISO, and COBIT to keep risks at acceptable level within the Information System.
• Formulate security assessment reports and recommendations for mitigating vulnerabilities and exploits in the system.
• Develop test plans and test analysis summaries.
• Create ATO package documents; SSP, RA, SAR, POAM reports, etc., based on the security assessments performed on systems.
• Perform the Assessment & Accreditation (A&A) on General Support Systems (GSS), Major Applications and Systems to ensure that such environments are operating within strong security posture.

Information System Security Officer

Confidential, Beltsville, MD

Responsibilities:

• Performed Assessment & Accreditation (A&A) on General Support Systems (GSS), Major Applications and Systems to ensure that such environments are operating within strong security posture.
• Performed vulnerabilities scans for Databases, Network, and Web Applications for different clients using Tenable Nessus and performed remediation.
• Implement appropriate security controls to mitigate threats, risks and vulnerabilities in the system.
• Assisted in defining, implementing, and maintaining information security policies, standards and procedures.
• Gathered data to complete Security Test & Evaluation ( Confidential & Confidential ) required managing risks and threats in systems.
• Provide expert analysis and advice on systems and programs related to IT Security problems and provide recommendations.
• Formulated security assessment reports and recommendations for mitigating vulnerabilities and exploits in the system.
• Developed test plans and test analysis summaries.
• Created ATO package documents; SSP, RA, SAR, POAM reports, etc., based on the security assessments performed on systems.
• Provided superior customer service to clients, including response to escalations, proactively notifying customers of security issues, and assessing and communicating business impact

Information System Security Officer

Confidential, Laurel, MD

Responsibilities:

• Formulated and update Organization's security policies, Standards, Processes and Procedure
• Worked with stakeholders to resolve security gaps and document results
• Performed internal security risk assessment audits for the network and business applications
• Provided expert analysis and advice on systems and programs related to IT Security problems and provide recommendations.
• Conducted audits of network configuration to ensure compliance in Organization regulatory standards.
• Developed policy and procedural controls relating to Management, Operational and Technical Controls.
• Managed IT Projects throughout the System Development Life cycle.
• Applied Industry standards like; ISO, and COBIT to keep risks at acceptable level within the Information System.
• Formulated security assessment reports and recommendations for mitigating vulnerabilities and exploits in the system.
• Developed test plans and test analysis summaries.
• Created ATO package documents; SSP, RA, SAR, POAM reports, etc., based on the security