TECHNICAL SKILLS:

• Risk Management Framework
• NIST 800 - 53 Rev4
• Nessus
• FIPS 199, FIPS 200
• Confidentiality
• Compliance
• Analytic Skills
• Interpersonal Skills
• NIST 800-30, NIST 800-37
• Scan Analysis
• SAR
• SAP

PROFESSIONAL EXPERIENCE:

Confidential, Fairfax, VA

IT Security Analyst

• Assisted in conducting cloud system assessments
• Helped in updating IT security policies, procedures, standards and guidelines according to department and federal requirements
• Developed, reviewed and updated Information Security System Policies, established security baselines in accordance with NIST, FISMA, FIPS, and industry best security practices.
• Performed vulnerability scanning with the support of Nessus scanning tool to detect potential risks on a single or multiple assets across the enterprise network.
• Updated IT security policies, procedures, standards, and guidelines per the respective department and federal requirements.
• Performed risk assessments, help review and update, Plans of Action and Milestones (POA&M), Security Control Assessments.
• (SA&A) Security Assessment and Authorization using NIST SP 800-53 rev4/FIPS 200 (Security Controls), NIST SP 800-53A rev4 (Assessing Security Controls).
• Monitored controls post authorization to ensure constant compliance with the security requirements
• Conduct Annual Assessment based on NIST SP 800-53A
• Document findings within Requirements Traceability Matrix (RTMs) and Security Assessment Reports (SARs).
• Review and analyze Nessus Vulnerability and Compliance scans for possible remediation.
• Assess systems of varying scope and complexity and comprised of various technologies.
• Create standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages
• Provide weekly status reports on ongoing tasks and deliverables

Confidential, Springfield, VA

IT Security Analyst

• Supports the Security Assessment and Authorization process of the clients’ systems as a technical Security Analyst
• Developed, reviewed and updated Information Security System Policies, established security baselines in accordance with NIST, FISMA, FIPS, and industry best security practices.
• Performed vulnerability scanning with the support of Nessus scanning tool to detect potential risks on a single or multiple assets across the enterprise network.
• Helped with updating IT security policies, procedures, standards, and guidelines per the respective department and federal requirements.
• Performed risk assessments to identify the risk level associated with the findings
• (SA&A) Security Assessment and Authorization using NIST SP 800-53 rev4/FIPS 200 (Security Controls), NIST SP 800-53A rev4 (Assessing Security Controls).
• Monitored controls post authorization to ensure constant compliance with the security requirements
• Reviewed artifacts regarding Plans of Action and Milestones (POA&M) created by ISSO before closing
• Document findings within Requirements Traceability Matrix (RTMs) and Security Assessment Reports (SARs).
• Review and analyze Nessus Vulnerability and Compliance scans for possible remediation.
• Assess systems of varying scope and complexity and comprised of various technologies.
• Provide weekly status reports on ongoing tasks and deliverables

Confidential, Falls Church, VA

Junior IT Security Analyst

• P erformed vulnerability scanning with the support of Nessus scanning tool to detect potential risks on a single or multiple asset across the enterprise network.
• Updated IT security policies, procedures, standards, and guidelines per the respective department and federal requirements.
• Performed risk assessments, help review and update, Plans of Action and Milestones (POA&M), Security Control Assessments.
• C loud and non-cloud system assessments
• Helped in updating IT security policies, procedures, standards and guidelines according to department and federal requirements
• Support Cyber Security analyst in conducting Vulnerability Management, Security Engineering, Certification and Accreditation, and Computer Network Defense.
• Perform risk assessments, update and review System Security Plans (SSP) using NIST 800-18 (Guide for Developing Security Plans for federal information systems) Plans of Action and Milestones (POA&M), Security Control Assessments, Configuration
• Perform vulnerabilities scan and monitor continuously using NIST 800-137 as a guide with the aid of Nessus

Confidential

Helpdesk/Junior Information Security Analyst

• Policy writing and understanding of NIST publication
• Assisted in Updating IT security policies, procedures and standards according to NIST.
• Worked in a SOC environment in order to conduct scans and identify vulnerabilities
• Worked with network security (network administrator policies and procedures, firewalls, etc.
• Assisted in technology management
• Troubleshot hardware and software
• Installing New Local and Network Printers and configurations
• Proactively and reactively research the root cause of and provide solutions or known work-arounds for Problems in the Enterprise environment. Assisted cyber team in conducting Assessments and Reports of systems
• Utilized tools such as Burpsuite, Nessus and Snort