We provide IT Staff Augmentation Services!

Information System Security (isso Support) Resume

Mechanicsburg, PA

SUMMARY:

  • 6 years experience in Information Security including implementing security controls and the entire Risk Management Framework; managing and protecting Enterprise Information Systems, Network Systems and Operational processes through Information Assurance controls, Compliance verifications, Risk Assessment, Vulnerability Assessment in accordance with NIST, FISMA, OMB with industry best Security practices. Expertise in directing a board range Corporate Initiatives while participating in planning analysis, implementation of solutions and software testing. Looking to adequately utilize my vast experience as an Information System Security Officer coupled with Linux System Administrator experience in a professional environment.
  • Implementation of security Controls, Security Infrastructures and the entire Risk Management Framework.
  • Experience with Federal Information Processing Standards (FIPS) 199 System Categorization, System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), Risk Assessment (Impact Analysis), Continuous Monitoring and the Plan of Action & Milestone (POAM).
  • Experience in aspects of Security Authorization and Continuous Monitoring process using National Institute of Standard Publications (NIST) 800 - 30, 800-37 Rev 1, 800-60, 800-53A, 800-53 Rev- 3 & 4, FIPS 199 FIPS 200, OMB A-130 App. III.
  • Proficient in the use of Web Application Pen Testing tools like Burp Suite, Acunetix, Cyber Security Assessment and Management (CSAM) tool, Vulnerability Scanning tools such as Tenable Nessus Pro and Security Center coupled with analyzing security scan reports for necessary action.
  • Excellent organizational, communication (verbal & written), presentation, analytical, and planning skills.
  • Extensive knowledge of Microsoft Windows, MS Office Suite (MS Word, MS Excel, Outlook and PowerPoint) and UNIX platforms and ability to learn and adapt to new technologies.
  • Good Knowledge of System Development Lifecycle, Software Testing Lifecycle, and software testing methodologies/techniques.

TECHNICAL SKILLS:

Software Testing Tools: Burpsuite, Acunetix, CSAM, Microsoft Test Manager (MTM), Quality Center (QC)

Scanning Tools: Tenable Nessus Pro, Security Center

Application Packages: MS Office Suite (Word, Excel, PowerPoint, Outlook), MS Visio

Operating Systems: Windows 95/98/NT/2000/XP/8/10, Linux, UNIX, Mac

Programming Languages: SQL, Java, Visual Basic, C++

Databases: MS Access, Oracle, MySQL

Web Browsers: Internet Explorer, Firefox, Google Chrome, Safari

PROFESSIONAL EXPERIENCE:

Confidential, Mechanicsburg, PA

Information System Security (ISSO Support)

Responsibilities:

  • Prepared and updated IT security policies, procedures, standards, and guidelines in accordance with department and federal requirements to safeguard organizational assets, ensure data integrity, availability and confidentiality.
  • Selected security controls that apply security protections to systems, processes, and information resources using the NIST family of security controls based on NIST SP 800-53a.
  • Developed and review System Security Plans (SSP), Plans of Action and Milestones (POAM), Configuration Management Plan (CMP), Contingency Plans (CP), Incident Response Plans (IRP), and other tasks and specific security documentation in accordance with NIST SP 800-37 rev 1, 800-18, 800-53 rev 4 and 800-34.
  • Worked with IT Operations and Network Engineers and other stakeholders to mitigate system vulnerabilities discovered in network devices (routers, switches, VPN Concentrator), servers, and workstations.
  • Performed information security risk assessments and assist with the internal auditing of information security processes. Assess threats, risks, and vulnerabilities from emerging security issues.
  • Used CSAM for POAM management and report generation and analyzed security reports for security vulnerabilities.
  • Involved in client facing interviews and meetings to determine the Security posture of the System and to assist in the completion of the Security Assessment Plan using NIST SP 800-53a test required to maintain Company Authorization to Operate (ATO), the Risk Assessment, System Security Plans, and System Categorization.
  • Monitored security infrastructure for policy violations or security events, and participated in problem management activities.
  • Performed monthly vulnerability scans, maintenance and expansion of related tools, identification of new issues, tracking of remediation efforts using vulnerability scanning tools (e.g. Tenable Nessus Pro, Nessus Security Center).
  • Supported business continuity and ensured compliance with all government and industry regulations.
  • Performed web application Pen testing with Burp Suite tool and regression testing using MTM test management tool.

Confidential, Las Vegas, NV

Information System Security (ISSO Support)

Responsibilities:

  • Prepared and updated IT security policies, procedures, standards, and guidelines in accordance with department and federal requirements to safeguard organizational assets, ensure data integrity, availability and confidentiality.
  • Developed and review System Security Plans (SSP), Plans of Action and Milestones (POAM), Configuration Management Plan (CMP), Contingency Plans (CP), Incident Response Plans (IRP), and other tasks and specific security documentation in accordance with NIST SP 800-37 rev 1, 800-18, 800-53 rev 4 and 800-34.
  • Worked with IT Operations and Network Engineers and other stakeholders to mitigate system vulnerabilities discovered in network devices (routers, switches, VPN Concentrator), servers, and workstations.
  • Performed information security risk assessments and assist with the internal auditing of information security processes. Assess threats, risks, and vulnerabilities from emerging security issues.
  • Deep understanding, management and use of CSAM for POAM management and report generation.
  • Performed security investigations, coordinated incident response and a nalyzed security reports for security vulnerabilities.
  • Selected security controls that apply security protections to systems, processes, and information resources using the NIST family of security controls based on NIST SP 800-53a.
  • Monitored security infrastructure for policy violations or security events, and participated in problem management activities.
  • Performed monthly vulnerability scans, maintenance and expansion of related tools, identification of new issues, tracking of remediation efforts using vulnerability scanning tools (e.g. Tenable Nessus Pro, Nessus Security Center).

Confidential

System Security Assurance Analyst (Assessor)

Responsibilities:

  • Conducted security assessment interviews to determine the Security posture of the System and to develop a Security Assessment Report (SAR) in the completion of the Security Test and Evaluation (ST&E) questionnaire using ISO 27001
  • Assisted with the internal auditing of information security processes. Assess threats, risks, and vulnerabilities from emerging security issues and also identify mitigation requirements.
  • Performed security scan on system using vulnerability scanning tools using Tenable Nessus.
  • Analyzed security reports for security vulnerabilities in support of security control assessments.
  • Worked with support and security coordination team to ensure compliance with security processes and controls.
  • Responsible for developing Security Authorization documents and also ensures System Security Plan, Security Assessment Plan, Plan of Action and Milestones (POAM), Contingency Planning and artifacts are maintained and updated in accordance with ISO guidelines.

Confidential

Junior Linux System Administrator

Responsibilities:

  • Built and installed multiple physical and virtual Red Hat Enterprise Linux machines.
  • Set up and administered user and group accounts, setting file and directory permissions.
  • Troubleshooting Local Area Networks using commands like ifconfig, PING, netcat, tcpdump, etc.
  • Administered local and remote servers using Secure Socket Shell (SSH) utility on a daily basis.
  • Performed patch management tasks.
  • Liaised with branch offices to service their computer hardware and network devices.

Hire Now