SUMMARY:

Confidential is an Information Security Professional with over 10 years of proven experience in Risk Management Framework (RMF), Systems Development Life Cycle (SDLC), and Risk Assessment using industry frameworks such as OMB, FISMA, Health Insurance Portability and Accountability Acts (HIPAA), and applicable NIST special publications. Other areas of proficiencies include Customer Relation Management, Emotional Intelligent competencies and Team Building capabilities.

TECHNICAL SKILLS:

• Assessment & Authorization
• System Security
• Artifacts
• Documentation
• POA&M Management
• Risk Assessment & Management
• Systems Development Life Cycle
• Information Assurance
• FISMA
• FedRAMP

PROFESSIONAL EXPERIENCE:

Confidential

Information System Security Officer/Team Lead

Responsibilities:

• Support the Federal Lead to ensure customer systems maintain their Authority to Operate (ATO) with security posture in accordance with NIST SP 800 - 53A Rev4.
• Support customer systems through the Risk Management Framework (RMF) process using NIST SP 800-37 Rev1and Rev2.
• Support in developing and maintaining documentations for the Certification & Accreditation (C&A) now the Assessment & Accreditation (A&A) Process based upon the industry and Federal standards.
• Ensuring that the C&A or A&A documents such as System Security Plan (SSP), Privacy Impact Assessment (PIA), e-Authentication, FIPS-199, Contingency Plan etc., is kept up to date.
• Ensures that the Plan of Action & Milestone (POA&M) and other compliance and vulnerability issues are remediated in a timely manner.
• Creates POA&Ms, generating POA&M Reports, collaborating with the POA&M person of contact (POC) for remediation and closure.
• Maintaining traditional and Cloud Systems through the CSAM, XACTA, GRC etc.,
• Conduct annual self-assessment of the controls as part of the Continuous Monitoring Process and for ATO readiness.
• Provide Team leadership such through time card approval, goal setting, site onboarding of new employees, performance reviews, HR issues, Weekly Touchpoint etc.,
• Initiate series of Kick-off meetings, Collaborative Sessions, on-site or via Skype with POCs to resolve systems concerns.

Confidential

Cyber Security Analyst

Responsibilities:

• Employed NIST SP 800-60 and FIPS 199 to categorize information and information systems to Low, Moderate or High in order to determine the potential adverse impact for each security objective (CIA).
• Used Risk Management Framework (NIST 800-37 rev4) to help different system stakeholders to develop and maintain Authorization to Operate (ATO) packages for their information systems such as System Security Plans (SSPs), SARs & Plan of Actions and Milestones (POA&Ms).
• Created and reviewed security artifacts such as Contingency plans (CP), Contingency Plan Tests (CPT), Configuration Management (CM), Privacy Impact Assessment (PIA), Incident Response (IR) etc., per NIST 800 guidelines for various agencies.
• Monitored controls post authorization to ensure continuous compliance with the security requirements by regularly reviewing the Nessus scan results and collaborating with the IT team for mitigation actions.
• Troubleshot functions, installation and checking of the firewalls.
• Documentation of attacks and contributing to mitigations for future attacks of a similar nature.
• Followed Security Operations Center policies of different agencies and procedures for incident reporting and management.
• Created and reviewed detailed Incident Reports and contribute to lessons learned for continuous improvement.
• Monitored open source and commercial threat intelligence, new vulnerabilities, software weaknesses, and other potential threats through continuous testing using SIEM software.
• Trained and guided clients using (NIST 800-37 rev4) on the process of obtaining and maintaining ATO and the required security documentation.
• Hosted and facilitated kick-off meetings and presentations with system stakeholders/clients on the operational security posture for the systems in their purview and on security related policies.

Confidential

Cyber Security Analyst

Responsibilities:

• Worked with Assessment and Authorization team; to perform risk security control assessments (SCAs), update SSP, CPs, and POA&M.
• Reviewed and interpreted the vulnerability scanned reports, created, tracked and closed POA&M on the weaknesses.
• Employed applicable NIST documents to develop ATO package documents such as SSP, SAR and POA&M, RA, MOUs/ISAs for information systems to ensure they are in compliance with organization’s information security requirements.
• Conducted in-house SCA using NIST 800. 53A rev4 with system engineers and stakeholders for the continuous monitoring of the system security controls in order comply with post ATO requirements.
• Troubleshot functions, installation and checking of the firewalls.
• Documentation of attacks and contributing to mitigations for future attacks of a similar nature
• Followed Security Operations Center policies of different agencies and procedures for incident
• Primarily responsible for researching and evaluating relevant information security policies, guidance, and best practices, including NIST, FISMA, and OMB circulars for applicability to IT systems security.

Confidential

Information Security Associate

Responsibilities:

• Performed Software/Hardware installation, Maintenance, repair, Update and testing.
• Performed routine troubleshooting of connectivity, authentication, Password reset issues etc., for the organization.
• Scheduled, conducted and attended security briefings for the organization in consultation with the IT supervisor, IT Manager, Information System Security Manager (ISSM).
• Scheduled and attended weekly meetings for audits, POA&M findings and after-action review.
• Created, tracked and updated relevant security documents such as CPs, Incident Reports and POA&M, based on the organization handbook.
• Resolved and updated IPS and IDS reports in a timely manner but in consultation with the IT supervisor and managers.
• Reviewed and recommended NIST and FIPS documents for adoption as organization’s security documents in addition to that International Organization for Standardization (ISO).
• Performed Tier 2/3 trouble shooting using error logs, Windows Event Viewer, and Command Line diagnostic tools.
• Configured new client hardware using with Symantec Ghost Imaging software.