It Security Analyst Resume
2.00/5 (Submit Your Rating)
SUMMARY:
NIST 800 - 53, NIST 800-53a, Nessus, WebInspect, Splunk, DbProtect, Linux, Nmap, Metasploit, XACTA, Burp suite, POA&M, SAR, SSP
PROFESSIONAL EXPERIENCE:
Confidential
IT Security Analyst
- Assisted in conducting cloud system assessments
- Helped in updating IT security policies, procedures, standards and guidelines according to department and federal requirements
- Worked in multiple cloud security projects specifically with systems requiring to transition to AWS as a cloud service provider.
- Support Cyber Security analyst in conducting Vulnerability Management, Security Engineering, Certification and Accreditation, and Computer Network Defense.
- Perform risk assessments, update and review System Security Plans (SSP) using NIST 800-18 (Guide for Developing Security Plans for federal information systems) Plans of Action and Milestones (POA&M), Security Control Assessments, Configuration
- Perform vulnerabilities scan and monitor continuously using NIST 800-137 as a guide with the aid of Nessus
Confidential
IT Security Analyst
- Team leader of 5-7 people.
- Worked on multiple assessments simultaneously.
- Experience reviewing and interpreting Nessus Vulnerability and Compliance scans, WebInspect scans, IBM Guardian, Burpsuite and DbProtect scans.
- Provide technical analyses of security controls and provide implementation responses to meet requirements.
- Experience in cloud system assessments, primarily with AWS (Amazon Web Services) utilizing FedRAMP and NIST guidelines.
- Experience in executing Step 4 (Security Assessment) of the NIST Risk Management Framework (RMF).
- Experience developing and disseminating Security Assessment Plans (SAP).
- Experience interpreting and evaluating implementations of NIST 800-53 rev4 security controls.
- Documenting findings within Requirements Traceability Matrixes (RTMs) and Security Assessment Reports (SARs).
- Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
- Meet with stakeholders to discuss assessment findings and process remediation.
- Strong written and oral communication skills for use in preparing formal deliverables.
Confidential
IT Security Analyst
- Assisted updating security policies, procedures, standards and guidelines according to department as well as federal requirements.
- Experience working in a Security Operations Center (SOC) environment, assisted documenting and reporting Tier 1 vulnerabilities.
- Performed security and compliance monitoring tasks including access reviews, log reviews, and network vulnerability scans using NIST 800-137 as a guide.
- Performed assessments safeguarding Controlled Unclassified Information (CUI) which primarily deal with 14 control families.
- Assisted in cloud system assessments.
- Performed risk assessments, security control assessments and configuration.
- Developed, updated and reviewed Plan of Action and Milestones (PO&AM), System Security Plans (SSP) using NIST 800-18 (Guide for Developing Security Plans for Federal Information Systems) as a guide.
- Ability to execute Security Assessments, develop and deliver supporting documentation within aggressive timelines.
- Experience preparing documentation such as Risk Assessment Report (RAR), System Security Plans (SSP), Security Assessment Reports (SAR), and Plan of Action and Milestones (POA&Ms) to ensure compliance with government security policies and procedures.
Confidential
IT Security Analyst
- Established security baselines in accordance with NIST, FISMA, FIPS and industry best security practices.
- Performed vulnerability/risk assessment analysis using Nessus to detect potential risks across the network.
- Helped review and update Plans of Action Milestones (POA&M), Security Control Assessments, Configuration Management Plans (CMP), Contingency Plans (CP), Incident Response Plans (IRP)
- Updated documentation for Security Policies, procedures, standards and guidelines.
- Monitored and managed compliance of implemented enterprise information security controls.
- Participated in all phases of the System Development Life Cycle (SDLC) and project life cycles as needed.
Computer Enterprises
IT Security Analyst Intern
- Developed, reviewed and updated Information Security System Policies, established security baselines in accordance with NIST, FISMA, FIPS, and industry best security practices.
- Performed vulnerability scanning with the support of Nessus scanning tool to detect potential risks on single or multiple assets across the enterprise network.
- Updated IT security policies, procedures, standards, and guidelines per the respective department and federal requirements.
- Performed risk assessments, help review and update, Plans of Action and Milestones (POA&M), Security Control Assessments, (SA&A) Security Assessment and Authorization using NIST SP 800-53 rev4/FIPS 200 (Security Controls), NIST SP 800-53A rev4 (Assessing Security Controls).
- Monitored controls post authorization to ensure constant compliance with the security requirements
Confidential
IT Security Analyst
- Worked with network security (network administrator policies and procedures, firewalls, etc.
- Developed, reviewed and updated Information Security System Policies, established security baselines in accordance with NIST, FISMA, FIPS, and industry best security practices
- Policy writing and understanding of NIST publication
- Interned as an IT security analyst as well as worked with different SIEM tools