We provide IT Staff Augmentation Services!

Cyber Security Analyst/security Control Assessor Resume

Chantilly, VA

SUMMARY:

I am an IT security professional with over 10 years of aggregate experience, areas including security operation center and compliance, with extensive knowledge in the risk management framework. I have developed, reviewed ATO packages and remain FISMA compliant by applying Confidential framework as a guide. Performed remediation of failed security controls/vulnerabilities via Plan of Action & Milestones (POA&Ms). Completed task in software engineering. I am able to work perfectly and effectively under conditions where speed and accuracy matters.

TECHNICAL SKILLS:

  • Use Confidential, Nmap scan tool for scanning for vulnerabilities.
  • Log management tool such as Splunk for investigation and data presentation
  • Analyzed logs utilizing tools like Wireshark, IDS/IPS and firewalls
  • Tableau for presentation of data visualization.
  • Understanding of different operating system, such as windows, Linux, Unix (AIX).
  • Understanding of security baseline specifications (CIS, USGCB, HIPPA).
  • Knowledgeable with TCP/IP routing protocol and the OSI model.
  • Tracked the workflow of POA&Ms on GRC
  • Utilizes the TRM for software submission.
  • Utilizes SEIM tool such as alien vault for analysis of network.

PROFESSIONAL EXPERIENCE:

Confidential, Chantilly, VA

Cyber Security Analyst/Security Control Assessor

Responsibilities:

  • Maintains the Security Authorization Certification and Accreditation for assigned systems and remain FISMA compliant applying Confidential Risk Management Framework (RMF) as a guide.
  • Ensure that artifacts are maintained and updated in accordance with Confidential guidelines and organizational policies.
  • Perform security controls assessments and baseline validations of accredited systems to identify vulnerabilities and control deficiencies as part of continuous monitoring program.
  • Performs security/privacy control assessment using Confidential r4a and VA Handbook 6500.
  • Coordinate and track remediation of security weaknesses as uncovered via the Plan of Actions and Milestones (POA&M).
  • Use FIPS 200 as a guide for minimum security requirements for federal and information systems.
  • Supported the review of FedRAMP packages for Cloud Service Providers (CSP).
  • Use scanning tools like Confidential and Nmap for vulnerability assessment.
  • Utilize the GRC to manage the workflow in POAM management tracking.
  • Work with the ASD team to managed the unmanaged software in the VA environment.
  • We realized a remarkable drop of unmanaged software which was not accounted at the end of the project.
  • Utilizes the BDNA as resource to research for software’s which are not licensed in the VA environment but might be of important.
  • Track network/enterprise changes to determine what software programs are running on the network against an approved list (TRM).

Confidential, Beltsville, MD

Cyber Security Analyst

Responsibilities:

  • Performs onsite security testing using vulnerability scanning tools such as Confidential and Nmap.
  • Ensuring security policies, procedures, and recommendations comply with Confidential, FISMA, organizational guidelines, and technical best practices.
  • Responsible for ensuring that Security Authorization documents, such as the System Security Plan, Security Assessment Plan, Plan of Action and Milestones (POA&M), Contingency Planning and artifacts are maintained and updated in accordance with Confidential guidelines.
  • Utilizes the Cyber Security Assessments and Management (CSAM) to record, manage, and assess and remediate vulnerabilities.

Confidential, Dallas, TX

SOC Analyst

Responsibilities:

  • Reviewed log generated from IDS and IPS to investigate suspicious traffic.
  • Utilizes Log management tool such as Splunk to investigate failed logins
  • Performed vulnerability scanning using tools such as Confidential and Nmap
  • Analyzed pcap files using Wireshark tool.
  • Support the risk and compliance teams with standards - based approach to vulnerability anticipation and remediation.
  • Use ticketing system such as ServiceNow to respond to tickets.
  • Utilized Tableau application to display data in different visualization for clarity.
  • Perform continuous monitoring using SIEM tools such as alien vault to analyze and detect Malwares

Confidential, Dallas, TX

System analyst

Responsibilities:

  • Provided onsite support to review documentation for password guides lines
  • Expanded awareness on current attack trends and protection against attacks
  • Reviewed logs to make sure proper documentation of related securities baseline are met.
  • Reviewed to make sure users were actually working within their role-based privileges’
  • Assisted in monitoring system-controlled areas to make sure only assigned or authorized personnel to get access to.

Confidential

Communications and Network Security Engineer

Responsibilities:

  • Coordinated with team in internal compliance review and monitored activities for Network Operations, including periodic reviews of departments within the Network Operations functional unit and collaborated with Internal Audit
  • Assisted in planning and monitoring networks, systems and controlled areas
  • Conducted vulnerability assessments and audits of network devices
  • Specified, installed, configured and used hardware and software diagnostic tools required to determine the adequacy and/or operational capabilities of network security processes
  • Assigned group policy to users on the network. Ensured that user privileges are in accordance to the company’s security policy.

Hire Now