Security Assessor/it Security Analyst Resume
5.00/5 (Submit Your Rating)
Silver Spring, MD
SUMMARY:
A highly motivated and adaptive seasoned IT Security Analyst with expertise in Risk and Compliance, with a solid reputation for accessing and managing security controls. Proven ability to deliver excellence against hard deadlines in multiple projects with rapidly changing priorities. Excellent balance of communication, analytical, interpersonal, and technical skills
AREAS OF EXPERTISE:
- Preparation and update Assessment and Authorization (A&A/C&A) package, RMF.
- Analyze vulnerability scanning
- Review NIST guidance/compliance/FIPS 199
- Review/update IT Security policies and procedures
- Performance security documents (SAP, SSP, RTM, SAR, POA&M)
- Performance security control assessment (SCA/ST&E)
- Performance continuous monitoring testing/projects
- Conduct E - Authentication Assessment
- Leadership/Teamwork/ Collaboration
- Communication
TECHNICAL SKILLS:
OS: Windows 2008 and Windows 2012, Unix servers, Mainframe servers
Databases: SQL Server 2008, SQL Server 2012 and SQL Server 2014.
Network: Active Directory, Firewall, Routers, Switch, Hub, Proxies, DNS, TCP/IP
Software: Microsoft Office (Word, Excel, PowerPoint, Project, Access Windows Server) Remedy Ticketing System(BMC) SIEM, Anti-virusSAP, PeopleSoft.
Tools: Nessus, HP fortify, HP Web Detective, HP Web Inspect
PROFESSIONAL EXPERIENCE:
Confidential - SILVER SPRING, MD
Security Assessor/IT Security Analyst
- Assist System Owners and ISSO in preparing Certification and Accreditation package for companies IT systems, making sure that management, operational and technical security controls adhere to formal and well - established security requirement authorized by NIST SP 800-53
- Conducted Security Assessment and Authorization (SA&A) activities in accordance with NIST and departmental policies
- Developed and maintained security test plans and results
- Developed POA&M to address identified vulnerabilities and track POA&Ms for remediation
- Developed and documented security related processes/procedures
- Contribute to initiating FISMA metrics such as Annual Testing, POA&M Management, and Program Management.
- Assist with review of policy, security alerts guidance, regulations and technical advances in IT Security Management.
- Perform ST&E according to NIST SP 800-53A and recommended solutions
- Perform vulnerability scanning with Nessus
- Review artifacts and removed any PII (Personal Identifiable Information) for audit requests
- Update and Review standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages
- Evaluate threats and vulnerabilities of each system and ensure proper safeguards are in place to protect information systems
- Document and/or reviewed System Security Plan (SSP), finalized Security Assessment Report (SAR), Security Plan of Action and Milestones (POA&M) and Authorization letter Memorandum (ATO).
- Working knowledge of the Information Systems Security Authorization process, performing Security Authorization activities using National Institute of Standards and Technology (NIST) Special Publication 800-Series guidelines and processes, as well as DoD Information Assurance Certification and Accreditation Process (DIACAP) DoD 8510.01, and FISMA policies and guidelines
- Communicate effectively through written and verbal means to co-workers, subordinates, clients, and leads.
- Intrusion detection/ Prevention system (IDS/IPS)
Confidential, LAUREL, MD
INFORMATION ASSURANCE ANALYST
- Conducted meetings with the IT team to gather documentation and evidence about their control environment
- Reviewed and ensured correctness of Privacy Impact Assessment (PIA) document after a positive PTA was created.
- Ensured the Contingency Plan Test was done annually.
- Performed Vulnerability Assessment; ensured that risks were assessed, evaluated and a proper actions taken to limit their impact on the Information and Information Systems
- Ensured all POA&M actions are completed and tested in timely fashion to meet client deadlines
- Drafted, finalized, and submitted Privacy Threshold Assessments (PTA)s, Privacy Impact Analyses (PIAs), E - Authentication Assessments, System of Record Notices (SORNs)
- Performed security categorization of systems using FIPS 199 and NIST SP 800-60
- Conducted Assessment and Accreditation (A&A), including oversight and development of POA&M's, and performing all continuous monitoring functions and marinating Systems Authorization to Operate (ATO).
- Developed and updated RTM, SAR, SSP,CP & POA&M
Privacy Policy
Resume Categories
- .NET Developers/Architects Resumes
- Java Developers/Architects Resumes
- Informatica Developers/Architects Resumes
- Business Analyst (BA) Resumes
- Quality Assurance (QA) Resumes
- Network and Systems Administrators Resumes
- Help Desk and Support specialists Resumes
- Oracle Developers Resumes
- SAP Resumes
- Web Developer Resumes
- Datawarehousing, ETL, Informatica Resumes
- Business Intelligence, Business Object Resumes
- MainFrame Resumes
- Network Admin Resumes
- Oracle Resumes
- ORACLE DBA Resumes
- Other Resumes
- Peoplesoft Resumes
- Project Manager Resumes
- Quality Assurance Resumes
- Recruiter Resumes
- SAS Resumes
- Sharepoint Resumes
- SQL Developers Resumes
- Technical Writers Resumes
- WebSphere Resumes
- Hot Resumes
