SUMMARY:

• An Information System Security Analyst proficient in building security authorization packages using NIST Publications A 0 - 60, FIPS 199, FIPS 200, OMB A-130 APP. III. Vast knowledge of Federal Information Processing Standards (FIPS) 199 System Categorization, System Security Plan (SSP), Security Assessment Plan (SAP), Plan of Action &Milestone (POA&M), Risk Assessment (Impact Analysis) and Contingency Planning

PROFESSIONAL EXPERIENCE:

Confidential, MD

Information Security Analyst

• Ensure proper system categorization using NIST and FIPS 199; implement appropriate security controls for information system based on NIST rev 4 and FIPS 200. Conduct security assessment interviews to determine the Security posture of the System and to Develop a Security Assessment Report (SAR) in the completion of the Security Test and Evaluation (ST&E) questionnaire using NIST SP A required to maintain Company Authorization to Operate (ATO), the Risk Assessment, System Security Plans, and System Categorization.
• Reviewing, maintaining, and ensuring all assessment and authorization (A&A) documentation is included in the system security package.
• Perform information security risk assessments and assist with the internal auditing of information security processes. Assessed threats, risks, and vulnerabilities from emerging security issues and identified mitigation requirements.
• Work with system owners to develop, test, and train on contingency plans and incident response plans.
• Tests, assess, and document security control effectiveness. Collect evidence, interview personnel, and examine records to evaluate effectiveness of controls.
• Review and update remediation on plan of action and milestones (POA&Ms), in organization’s cyber security assessment and management (CSAM) system. Work with system administrators to resolve POA&Ms, gathering artifacts and creating mitigation memos, residual risk memos and corrective action plans to assist in the closure of the POA&M.
• Assist team members with proper artifact collection and detail to client’s examples of artifacts that will satisfy assessment requirements.
• Review security logs to ensure compliance with policies and procedures and identifies potential anomalies.
• Update and review A&A Packages to include Core Docs, Policy & Procedures, Operations and. Maintenance of Artifacts, SSP, SAR, FIPS 200, FIPS 199, and POAM
• Collect Operation and Maintenance artifacts on an ongoing basis so that Security Control Assessment (SCA) is seamless.
• Upload supporting documentations into the System’s Artifact Libraries, Google Docs and CSAM.

Confidential, MD

Cyber Security / Compliance Analyst

• Performed Federal Information Security Management Act (FISMA) audit reviews using NIST rev 1
• Participate in client interviews to determine the security posture of the System.
• Supported the Information Assurance (IA) team to conduct risk assessments, documentation for Security Control Assessment, vulnerability testing and scanning.
• Prepare and submit Security Assessment Plan (SAP) to CISO for approval.
• Develop and update Security Plan, Plan of Action and Milestones (POA&M).
• Monitor controls post authorization to ensure continuous compliance with the security requirements.
• Prepare and update the Security Assessment Report (SAR)
• Analyze and perform technical and non-technical security risk assessments of computer and network systems via network scans, interviews, documentation review and walk-through of both new and existing federal information systems for FISMA compliance using NIST guidelines and controls.
• Knowledge of IT security architecture and design (firewalls, Intrusion Detection Systems (IDS), Virtual Private Networking (VPN), Security Monitoring Tools and Intrusion Prevention Systems (IPS).
• Conduct Risk Assessment on all system changes.
• Re-assess remediated controls for effectiveness.

Confidential, MD

Information Security Analyst

• Participate in client interviews to determine the security posture of the System.
• Supported the Information Assurance (IA) team to conduct risk assessments, documentation for Security Control Assessment, vulnerability testing and scanning.
• Prepare and submit Security Assessment Plan (SAP) for approval.
• Conducted initial assessment, and performed continuous monitoring of security control post assessment.
• Worked with System Owner to develop and perform periodic testing of contingency and disaster recovery plan.
• Develop and update Security Plan, Plan of Action and Milestones (POA&M).
• Monitor controls post authorization to ensure continuous compliance with the security requirements.
• Identify new, maintain and disposal of information system inventory in accordance with established policies and procedures, ensure accurate configuration management and property accountability.
• Modify and maintain procedures, operational process document, change control document, operational checklist, detailed system specifications and procedures.
• Develop training materials for employees on data protection.
• Conducted security assessment interviews to determine the Security posture of the System and to develop a Security Assessment Report (SAR) in the completion of the Security Test and Evaluation (ST&E) questionnaire using NIST SP A required to maintain Company Authorization To Operate (ATO), the Risk Assessment, System Security Plans, and System Categorization.
• Performed information security risk assessments and assist with the internal auditing of information security processes. Assessed threats, risks, and vulnerabilities from emerging security issues and also identified mitigation requirements.
• Exposed to Vulnerability scanning and assessment tools such as Retina, Nessus and CSAM.