SUMMARY:

NIST 800 - 53, NIST 800-53a, Nessus, WebInspect, Splunk, DbProtect, Linux, Nmap, Metasploit, XACTA, Burp suite, POA&M, SAR, SSP

PROFESSIONAL EXPERIENCE:

Confidential

IT Security Analyst

• Assisted in conducting cloud system assessments
• Helped in updating IT security policies, procedures, standards and guidelines according to department and federal requirements
• Worked in multiple cloud security projects specifically with systems requiring to transition to AWS as a cloud service provider.
• Support Cyber Security analyst in conducting Vulnerability Management, Security Engineering, Certification and Accreditation, and Computer Network Defense.
• Perform risk assessments, update and review System Security Plans (SSP) using NIST 800-18 (Guide for Developing Security Plans for federal information systems) Plans of Action and Milestones (POA&M), Security Control Assessments, Configuration
• Perform vulnerabilities scan and monitor continuously using NIST 800-137 as a guide with the aid of Nessus

Confidential

IT Security Analyst

• Team leader of 5-7 people.
• Worked on multiple assessments simultaneously.
• Experience reviewing and interpreting Nessus Vulnerability and Compliance scans, WebInspect scans, IBM Guardian, Burpsuite and DbProtect scans.
• Provide technical analyses of security controls and provide implementation responses to meet requirements.
• Experience in cloud system assessments, primarily with AWS (Amazon Web Services) utilizing FedRAMP and NIST guidelines.
• Experience in executing Step 4 (Security Assessment) of the NIST Risk Management Framework (RMF).
• Experience developing and disseminating Security Assessment Plans (SAP).
• Experience interpreting and evaluating implementations of NIST 800-53 rev4 security controls.
• Documenting findings within Requirements Traceability Matrixes (RTMs) and Security Assessment Reports (SARs).
• Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
• Meet with stakeholders to discuss assessment findings and process remediation.
• Strong written and oral communication skills for use in preparing formal deliverables.

Confidential

IT Security Analyst

• Assisted updating security policies, procedures, standards and guidelines according to department as well as federal requirements.
• Experience working in a Security Operations Center (SOC) environment, assisted documenting and reporting Tier 1 vulnerabilities.
• Performed security and compliance monitoring tasks including access reviews, log reviews, and network vulnerability scans using NIST 800-137 as a guide.
• Performed assessments safeguarding Controlled Unclassified Information (CUI) which primarily deal with 14 control families.
• Assisted in cloud system assessments.
• Performed risk assessments, security control assessments and configuration.
• Developed, updated and reviewed Plan of Action and Milestones (PO&AM), System Security Plans (SSP) using NIST 800-18 (Guide for Developing Security Plans for Federal Information Systems) as a guide.
• Ability to execute Security Assessments, develop and deliver supporting documentation within aggressive timelines.
• Experience preparing documentation such as Risk Assessment Report (RAR), System Security Plans (SSP), Security Assessment Reports (SAR), and Plan of Action and Milestones (POA&Ms) to ensure compliance with government security policies and procedures.

Confidential

IT Security Analyst

• Established security baselines in accordance with NIST, FISMA, FIPS and industry best security practices.
• Performed vulnerability/risk assessment analysis using Nessus to detect potential risks across the network.
• Helped review and update Plans of Action Milestones (POA&M), Security Control Assessments, Configuration Management Plans (CMP), Contingency Plans (CP), Incident Response Plans (IRP)
• Updated documentation for Security Policies, procedures, standards and guidelines.
• Monitored and managed compliance of implemented enterprise information security controls.
• Participated in all phases of the System Development Life Cycle (SDLC) and project life cycles as needed.

Computer Enterprises

IT Security Analyst Intern

• Developed, reviewed and updated Information Security System Policies, established security baselines in accordance with NIST, FISMA, FIPS, and industry best security practices.
• Performed vulnerability scanning with the support of Nessus scanning tool to detect potential risks on single or multiple assets across the enterprise network.
• Updated IT security policies, procedures, standards, and guidelines per the respective department and federal requirements.
• Performed risk assessments, help review and update, Plans of Action and Milestones (POA&M), Security Control Assessments, (SA&A) Security Assessment and Authorization using NIST SP 800-53 rev4/FIPS 200 (Security Controls), NIST SP 800-53A rev4 (Assessing Security Controls).
• Monitored controls post authorization to ensure constant compliance with the security requirements

Confidential

IT Security Analyst

• Worked with network security (network administrator policies and procedures, firewalls, etc.
• Developed, reviewed and updated Information Security System Policies, established security baselines in accordance with NIST, FISMA, FIPS, and industry best security practices
• Policy writing and understanding of NIST publication
• Interned as an IT security analyst as well as worked with different SIEM tools