SUMMARY:

• A Cyber Security Analyst/Information Security Analyst, with exceptional experience looking for an opportunity, that will not only utilize my knowledge but also give me an opportunity to grow in the knowledge of leading - edge technologies.
• Excellent problem-solving ability.
• Excellent communication skill (oral and writing).
• Managing multiple projects simultaneously.
• Team player and a quick learner.
• Expert in risk management and mitigation.
• TI systems Administration.
• Knowledge of Microsoft word, Power Point, Publishers and Excel and Visio.
• Involved with the planning and engineering an enterprise infrastructure.
• Experienced in Service Now and HP Service Manager Ticketing Systems.
• Experienced in Federal Government Contracts.
• Understanding of FISMA standards and the Certification and Accreditation Process and have developed appropriate documents
• Experienced in documentations.
• Experienced with ticketing tools.

PROFESSIONAL EXPERIENCE:

Confidential, Washington DC

Information System Security Officer

• Conduct IT-Security standards/compliance audits and assessments using NIST, RMF (Risk Management Framework).
• Create and disseminate monthly security reports and trend analysis to the CISO.
• Create a security dashboard for executive stakeholders to utilize for accurate and up to date incident response information on demand.
• Developing and updating security authorization packages in accordance with the client’s requirement and compliant with FISMA.
• Drafting and updating Core documents such as the System Security Plan, Risk Assessment Report, Security Assessment Plan and Report, Contingency Plan, Incident Response Plan.
• Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc.
• Develop and maintain the Plan of Action and Milestones and support remediation activities.
• Validate that protective measures for physical security are in place to support the systems security requirements.
• Developing, coordinating, testing and training on Contingency Plans and Incident Response Plans.
• Support Incident Response and Contingency activities.
• Perform security control assessment in using NIST 800-53A guidance.
• Conduct Independent scans of the application, network and database (where required).
• Provide continuous monitoring to enforce client security policy and procedures and create processes that will provide oversight into the following activities for the system owner.
• Draft Organizational policies, SOP&s and guidelines.
• Assess security controls through document reviews, interviews and tests to ensure compliance with FISMA and NIST standards.
• Working knowledge of duties required implementing information security controls and leading information security initiatives.
• Ability to translate business requirements into control objectives.
• Analyzed security requirements to determine if they meet government-mandated security policies.
• Assisted in the development of an information security continuous monitoring strategy.
• Developed Security Assessment Report (SAR) detailing the results of the assessment along with Plan of Action & Milestones (POAM).
• Developed a security baseline controls and test plan that was used to assess implemented security controls using NIST 800-53 r4.
• Developed System Security Plan (SSP) to provide an overview of the system security requirements.
• Conducted Security Controls assessment to identify system threats, vulnerabilities and risk, and generate security assessment reports.

Confidential, Alexandra, VA.

Cyber Security Analyst/Assessor

• Perform initial and ongoing Security Assessment and Authorizations in support of client's on-premise, FedRAMP Cloud Authorized (leveraged authorizations) and Shared Services (multi-agency) information systems while ensuring quality control of A&A documents.
• Completed numerous risk assessments and collaborated with DOC System Owners, and IT support staff to provide recommendations regarding critical infrastructure, network security operations and continuous Monitoring processes and improvements.
• Extensive knowledge and experience with the Risk Management Framework (RMF). Created, updated and revised System Security Plans, Contingency Plans, Incident Response plans/reports, and Plan of Action & Milestone.
• Developed and completed Security Assessments Kick-off Meetings Briefings and populated the Security Requirements Traceability Matrix (SRTM) and Document Request Lists (DRLs) per NIST SP 800-53
• Reviewed Privacy Impact Assessment (PIA) and PTA and ensured System of Record Notice (SORN) were published.
• Assembled Security Assessment Packages to include Security Assessment Reports (SARs), Risk assessment Reports (RARs), Security Controls Assessments (SCA) Reports and POA&Ms.
• Briefed Authorizing Official on information systems risks and vulnerabilities in support of the Security assessment and Authorization process.
• Participated security controls assessment efforts to determine effectiveness (i.e., controls implemented correctly, operating as intended, and meeting security requirements).
• Evaluated vulnerabilities and risks based on Tenable, Nessus and HP Inspect scans reports.
• Executed Security Impact Analysis/Risk Assessments/Subsystem Addendums in support of new on-premise and Cloud based applications/application systems.
• Participated in Configuration Management (CM) activities and weekly Change Control Board (CCB) Meetings in support of changes to the authorized baselines for information systems.
• Provide audit Pre-briefings to agency and Information Systems Security Officer's, to assist in the preparation of independent and FISMA audits.
• Supported POA&M Management and Artifacts Management via the use of CSAM.
• Developed NIST-compliant vulnerability assessments, technical documentation, and Plans of Action and Milestone (POA&M), and address system weaknesses.
• Monitored controls post authorization to ensure continuous compliance in accordance to FISMA guidelines.
• Ensured all POA&M actions are completed and tested in timely fashion to meet client deadlines.
• Participated and attended weekly ISSO forums for security advice and updates and, conduct meetings with the IT team to gather documentation and evidence about their control environment.
• Applied appropriate information security control for Federal Information System based on NIST SP 800-53, FIPS 199, FIPS 200 and OMB A-130 Appendix III.
• Executed examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4.
• Managed vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple asset across the enterprise network .

Confidential, Beltsville MD.

Information Security Analyst

• Managed vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple asset across the enterprise network.
• Monitored security controls post authorization to ensure continuous compliance with the security requirements.
• Created, updated and revise System security Plans, FISMA and FISCAM audits, Contingency Plans, Incident Reports and Plan of Action & Milestone.
• Authored recommendations associated with findings on how to improve the customers security posture in accordance with NIST controls.
• Proven ability to support the full life-cycle of the Assessment and Authorization (A&A) process.
• Supported client security policies and activities for networks, systems and applications including Vulnerability Management, Incident Reporting, Mitigation, and Continuous Monitoring.
• Reviewed and updated some of the system categorization using FIPS 199, Initial Risk Assessment, E-authentication, PTA, PIA, SAR, SSP, SAP& POA&M.
• Ability to translate business requirements into control objectives.
• Assess security controls through document reviews, interviews and tests to ensure compliance with FISMA and NIST standards.
• Assisted in the development of an information security continuous monitoring strategy.
• Developed contingency planning and Tabletop Exercise for Disaster Recovery testing of an information system.
• Analyzed the Security Assessment Reports (SAR) and provided artifacts to assessors to justify each passing failing security controls.
• Maintained security information records - the System Security Plan (SSP), Business Impact Analysis (BIA), Privacy Impact Analysis (PIA), and Privacy Threshold Analysis (PTA) for the annual Continuous Monitoring Assessment (CMA).