INFORMATION ASSURANCE ANALYST Resume

SUMMARY:

Experienced Cyber Security Analyst with diverse industry experience in healthcare and government. Professional expertise includes systems application support, Risk Management Framework (RMF), vulnerability analysis, incident management, Nessus, Splunk, compliance assessment, and reporting. I provide expert consultation across a wide range of cross - functional areas of IT security services as well as provide project planning, guidance and technical expertise in the following areas: program, policy, process, and planning; risk management, auditing, and assessments; Assessment and Authorization (A&A).

TECHNICAL SKILLS:

Familiar with Risk Management Framework (RMF)
Familiar with TCP/IP, UNIX, Windows
OS, Web servers, databases, and mobile applications related STIGS & SRG's
Familiar with industry IT Security & SCC tools; ACAS (Nessus), STIGS using STIG Viewer, SCAP
Perform Certification and Accreditation documentation in compliance with company standards.
Develop, review and evaluated System Security Plan based NIST Special Publications.
Perform comprehensive assessments and write reviews of management, operational and technical security controls for audited applications and information systems.
Develop and conduct ST&E (Security Test and Evaluation) according to NIST SP A.

EXPERIENCE:

INFORMATION ASSURANCE ANALYST

Confidential

Review and update System Security Plans (SSP) and Security baselines in accordance with NIST, FISMA, OMB, NIST SP and industry best security practices.
Review and update System Security Plan (SSP), Privacy Impact Analysis (PIA), System Security Test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M)
Review and update procedural controls relating to Management, Operational and Technical Controls for the Organization.
Monitor and analyze Intrusion Detection Systems (IDS) to identify security issues for remediation.
Conduct Security Control Assessment on General Support Systems (GSS), Major Applications and Systems to ensure that such Information Systems are operating within strong security posture. Update IT security policies, procedures, standards, and guidelines according to department and federal requirements.
Carried continuous monitoring after authorization to operate(ATO) to ensure continuous compliance with the security requirements.
Put together Authorization Packages (SSP, POA&M and SAR) for Information systems to the Authorization Officer.
Develop Security Assessment Plan (SAP) to initiate Security Assessment for low, moderate and high control information systems.

CYBER SECURITY ANALYST

Confidential

Used and applies knowledge of C&A policies, guidelines, and regulations in the assessment of IT systems and the documentation and preparation of related documents.
Executed vulnerability assessment and vulnerability scanning tools such as Retina, on a challenging and complex systems-wide information assurance/ system security environment requiring analysis of user, operational, policy, regulatory, and resource demands.
Analyzed and updated System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M).
Assisted System Owners and ISSO in preparing certification and Accreditation package for company’s IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP R4.
Perform Vulnerability Assessment. Made sure that risks are assessed, evaluated and proper actions had been taken to limit their impact on the information and information Systems.
Created standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages.
Conducted I.T controls risk assessments that included reviewing organizational policies, standards and procedures and provided advice on their adequacy, accuracy and compliance with the NIST Guidelines.