We provide IT Staff Augmentation Services!

Senior It Security Analyst Resume

Arlington, VA

TECHNICAL SKILLS:

FIPS 199, FIPS 200, NIST 800: 53 Rev4, NIST 800 - 30, NIST 800-37, NIST 800-39, SSP, ST&E, SAR, Plans of Action and Milestones (POA&M), Authorization to Operate (ATO) Letter, MS Office, SharePoint, Access, PeopleSoft, NessusVulnerability Scanning Tool, Splunk, Scan Analysis, Risk Management Framework (RMF), CSAM, XACTA

PROFESSIONAL EXPERIENCE:

Confidential, Arlington, VA

Senior IT Security Analyst

  • Conduct interviews with selected personnel, document and evaluate business processes, and execute audit test programs to determine the adequacy and effectiveness of internal controls and compliance with regulations
  • Analyze and update System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M)
  • Performed vulnerability scanning with the support of Nessus scanning tool to detect potential risks on a single or multiple asset across the enterprise network.
  • Conduct cloud system assessments, primarily with AWS (Amazon Web Services) by utilizing FedRAMP and NIST guidelines
  • Developed, reviewed and updated Information Security System Policies, established security baselines in accordance with NIST, FISMA, FIPS, and industry best security practices
  • Document findings within Requirements Traceability Matrix (RTMs) and Security Assessment Reports (SARs).
  • Review and analyze Nessus Vulnerability and Compliance scans for possible remediation.
  • Create standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages
  • Provide weekly status reports on ongoing tasks and deliverables
  • (SA&A) Security Assessment and Authorization using NIST SP 800-53 rev4/FIPS 200 (Security Controls), NIST SP 800-53A rev4 (Assessing Security Controls).
  • Monitored controls post authorization to ensure constant compliance with the security requirements
  • Review and analyze Nessus Vulnerability and Compliance scans, WebInspect scans and DbProtect scans for possible remediation.
  • Assess systems of varying scope and complexity and comprised of various technologies.
  • Create standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages

Confidential

IT Security Analyst

  • Conducted Certification and Accreditation (C&A) on major applications following the Risk Management Framework (RMF) from Categorization through Continuous Monitoring using the various NIST Special Publications in order to meet the necessary Federal Information Security Management Act (FISMA).
  • Developed System Security Plan (SSP), Security Assessment Report (SAR) and POA&Ms that are presented to the Designated Approving Authority (DAA) in order to obtain the authority to operate (ATO).
  • Conducted security assessments on major applications, updated POA&Ms with findings and monitored for remediation deadlines.
  • Provide weekly status reports on ongoing tasks and deliverables Performed risk assessments to identify the risk level associated with the findings
  • Reviewed artifacts regarding Plans of Action and Milestones (POA&M) created by ISSO before closing
  • Helped in updating IT security policies, procedures, standards and guidelines according to department and federal requirements
  • Helped with updating IT security policies, procedures, standards, and guidelines per the respective department and federal requirements.
  • Cloud and non-cloud system assessments
  • Support Cyber Security analyst in conducting Vulnerability Management, Security Engineering, Certification and Accreditation, and Computer Network Defense.
  • Monitored controls post authorization to ensure constant compliance with the security requirements
  • Conduct Annual Assessment based on NIST SP 800-53A
  • Document findings within Requirements Traceability Matrix (RTMs) and Security Assessment Reports (SARs).
  • Review and analyze Nessus Vulnerability and Compliance scans for possible remediation.

Confidential

Junior IT Security Analyst

  • Developed, reviewed and updated Information Security System Policies, established security baselines in accordance with NIST, FISMA, FIPS, and industry best security practices.
  • Helped with updating IT security policies, procedures, standards, and guidelines per the respective department and federal requirements.
  • Assisted in Updating IT security policies, procedures and standards according to NIST.
  • Worked in a SOC environment in order to conduct scans and identify vulnerabilities
  • Worked with network security (network administrator policies and procedures, firewalls, etc.)
  • Assisted in technology management
  • Troubleshot hardware and software
  • Installing New Local and Network Printers and configurations
  • Proactively and reactively research the root cause of and provide solutions or known work-arounds for Problems in the Enterprise environment. Assisted cyber team in conducting Assessments and Reports of systems
  • Updated IT security policies, procedures, standards, and guidelines per the respective department and federal requirements.
  • Performed risk assessments, reviewed and updated, Plans of Action and Milestones (POA&M), Security Control Assessments.
  • Monitored controls post authorization to ensure constant compliance with the security requirements
  • Performed risk assessments to identify the risk level associated with the findings

Hire Now