Microsoft Office Suite, Xacta IA Manager, CSAM, LAN/WAN Network, PeopleSoft
Information Assurance Specialist
- Assist proper system categorization using NIST 800 - 60 and FIPS 199; implement appropriate security controls for information system based on NIST 800-53 rev 4 and FIPS 200.
- Work with system owners to develop, test, and train on contingency plans and incident response plans.
- Tests, assess, and document security control effectiveness. Collect evidence, interview personnel, and examine records to evaluate effectiveness of controls.
- Review and update remediation on plan of action and milestones (POA&Ms), in organization's cyber security and management (CSAM) system. Work with system administrators to resolve POA&Ms, gathering artifacts and creating mitigation memos, residual risk memos and corrective action plans to assist in the closure of the POA&M.
- Conduct security assessment interviews to determine the security posture of the System and to Develop a security Report (SAR) in the completion of the Security Test and Evaluation (ST&E) questionnaire using NIST SP 800-53A required to maintain Company Authorization To Operate (ATO), the Risk Assessment, System Security Plans, and System Categorization.
- Reviewing, maintaining, and ensuring all assessment and A&A) documentation is included in the system security package.
- Ensure vulnerabilities and risks are efficiently mitigated in accordance with the organization monitoring plan.
- Collaborate with ISSO colleagues on the planning and implementation of enhancements to the system's risk management processes.
Information Security Analyst
- Participate in the system authorization process by working with the key stakeholders to create complete and accurate Risk Management Framework (RMF) packages.
- Led in the development of Privacy Threshold Analysis (PTA) and Privacy Impact Analysis(PIA)by using NIST privacy handbook, and also working closely with the Information System Officers (ISSO's) the System Owners (SO) and the information owners(IO).
- Conducts Security Test and Evaluation (ST&E) using NIST 800 53A. Rev 4 and develop supporting documentation to the result based on security control requirement.
- Support Security Assessment and Authorization (SA&A) activities, by preparing the complete ATO package for the authorization official to make accreditation decision.
- Review and Updates System Security Plans using the NIST 800-18 as a guide.
- Collect, review, and update, and maintain IT Supporting artifacts.
Perform Security Assessment of the Federal systems and applications by NIST 800-54A Rev4 as guidance for current federal directives and policies.
- Ensure that system documents are created for POA&Ms and approved by ISD no less than 60 days prior to POA&M expiration.
- Provide reporting on POA&M remediation
Security Analyst Intern
- Researched on the various cyber security analysis techniques.
- Implemented some new features that can be used to improved performance of all automation tools.
- Collaborated with development and security analysis teams.
- Worked well within a team environment, meet critical deadlines and also participated in peer code reviews.
- Learn and maintain suitable knowledge of threats, risk assessment, remediation strategies, security tools, testing techniques, and security research.
- Prepare material on information security (reports, presentations, spreadsheets,etc)
- Assist in root cause analysis for incident management.