- Active Investigation Secret Security Clearance
- Nessus Vulnerability Scanning Tool, WebInspect, Splunk, DbProtect, FIPS 199, FIPS 200, NIST 800 - 53 Rev4, NIST 800-37, NIST 800-39, E-Authentication, Privacy Impact Assessment (PIA), Risk Assessment (RA), SSP, ST&E, SAR, Plans of Action and Milestones (POA&M), Authorization to Operate (ATO) Letter, MS Office, SharePoint.
- Perform Security Assessments on assigned systems using the Risk Management Framework (RMF) guidelines.
- Reviewed technical security controls and provide implementation responses to meet requirements
- Meet with client to discuss findings and process of remediation
- Review provided or requested Artifacts and Plan of Action & Milestones (POAMs) to determine if controls are implemented correctly.
- Utilizes NIST 800-53A and NIST 800- 53 rev-4 to review implemented controls and enter information into the Requirements Traceability Matrix (RTM) and findings into the Security Assessment Report (SAR).
- Collaborate with other team members and system owners/ technical managers to schedule and conduct Kick-off meetings and interviews to discuss findings.
- Provide weekly status reports.
- Assisted in conducting cloud system assessments
- Helped in updating IT security policies, procedures, standards and guidelines according to department and federal requirements
- Support Cyber Security analyst in conducting Vulnerability Management, Security Engineering, Certification and Accreditation, and Computer Network Defense.
- Perform risk assessments, update and review System Security Plans (SSP) using NIST 800-18 (Guide for Developing Security Plans for federal information systems) Plans of Action and Milestones (POA&M), Security Control Assessments, Configuration
- Perform vulnerabilities scan and monitor continuously using NIST 800-137 as a guide with the aid of Nessus
Entry level/Junior IT Security Analyst
- Developed, reviewed and updated Information Security System Policies, established security baselines in accordance with NIST, FISMA, FIPS, and industry best security practices.
- Performed vulnerability scanning with the support of Nessus scanning tool to detect potential risks on a single or multiple asset across the enterprise network.
- Updated IT security policies, procedures, standards, and guidelines per the respective department and federal requirements.
- (SA&A) Security Assessment and Authorization using NIST SP 800-53 rev4/FIPS 200 (Security Controls), NIST SP 800-53A rev4 (Assessing Security Controls).
Help Desk Support
- Assist for Windows Server, VM, Active Directory and networking experience as well as a laptop/desktop break fix background.
- Assisted the SOC team in documenting and reporting vulnerabilities by utilizing tools such as Splunk and SNORT.
- Worked with network security (network administrator policies and procedures, firewalls, etc.
- Responsible for conducting analysis of security incidents. Perform investigations of unauthorized disclosure of PII. Responsible for reporting findings and provide status to senior leadership.
- Policy writing and understanding of NIST publication
- Interned as an IT security analyst as well as worked with different SIEM tools
- Customer service and problem solving,
- Provide all first level technical support and escalate as needed.
- Providing 2nd line technical support,
- Answering support queries via phone & email.