SUMMARY:

• Detailed knowledge of security tools, technologies and best practices. In - depth knowledge in the application of the FISMA Risk Management Framework and Ongoing Authorization processes to protect government Information Systems. Experienced in system and network administration and engineering, hardware evaluation, project management, systems and network security, incident analysis and recovery.
• Perform Security Assessment and Authorization (SA&A) documentation
• Develop, review and evaluate System Security Plan
• Perform comprehensive assessments and write reviews of management, operational and technical security controls for audited applications and information systems
• Develop and conduct ST&E (Security Test and Evaluation) according to NIST SP 800-53A
• Excellent with NIST RMF and Ongoing Authorization process.
• Knowledgeable about NIST publication including FIPS 199, SP 800-60, SP 800-53rev4, SP -800-137
• Develop and update POA&M
• Ability to multi-task, work independently and as part of a team
• Strong analytical and quantitative skills
• Effective interpersonal and verbal/written communication skills
• Strong background in Linux Systems Administration and Networking
• Experience with vulnerability scanners including Nessus
• Familiar with SIEM tools including Splunk and ArcSight, twistlock

PROFESSIONAL EXPERIENCE:

Confidential

Information Systems Security Officer

• Complete and maintain the following SAP documentation at least annually or as their respective systems changes:
• FIPS 199, E-Authentication Worksheet, Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA) & System of Records Notice (SORN) - as required, Security Plan (SP), Contingency Plan (CP) & Contingency Plan Test Results (CPTR), and all other required security documentation for the two Major application Systems that I preside over as an ISSO.
• Complete and maintain Interconnection Security Agreements (ISAs) for any connections outside of USCIS network boundary.
• Complete and maintain any required Memorandum of Agreement/Understanding (MOA/MOU) or copies of these agreements applicable to my systems.
• Ensure security controls are met at inception and throughout system development
• Ensure systems are properly patched and hardened according to USCIS/DHS requirements
• Ensure Rules of Behavior are signed for all system users.
• Complete Waivers and Accepted Risks (WEAR) as required to be presented to the Authorization Official.
• Conduct POA&M reviews and complete remediation plans for all POA&Ms
• Maintain and manage the required security documents such as security plan, POA&Ms, PIA’s CPs, CPT’s FIPS 199 security categorization MOUs, and SSA’s using IACS (information Assurance and Certification System-same as CSAM.
• Co-ordinate and responses to various adhoc IT security data calls from the Information security division of USCIS
• Conduct incidence response activities and analyze events to specific incidents.
• Review Audit Logs on a weekly basis using Splunk, and recording the findings in an Audit Log Review Tracker
• Review system accounts monthly using splunk, and recording the findings in an Account Management Review Tracker
• Review questionnaires, Checklist, and ICCB plans as part of change management processes and approving change requests
• Perform manual penetration testing of systems and web applications to discover vulnerabilities
• Running Nessus Security Center 5 scans on weekly basis to reveal vulnerabilities, patches, and updates that due and then work closely with System engineers and Solution architects to fix the issues.
• Review DbProtect and WebInspect, fortify, twistlock scans on monthly basis for Web and Database vulnerabilities, and providing guidance to the application engineering team for remediation.
• Coordinate with Departmental agency staff as necessary to provide guidance on the process of conducting risk analysis and computer security reviews, security assessments, the preparation of Disaster Recovery Plans in the Continuity of Operations (COOP) plans, security plans, and the processes involved in the DOL required activities for the Certification and Accreditation of Major Information and General Support Systems (MIS/GSS)

Confidential

Financial Analyst

• Provide robust modeling and reporting to facilitate executive-level decision making.
• Strong analytical skills; support operations through analysis of key performance indicators and trends.
• Consensus-driven communicator; liaise across various business units and promote organizational success.
• Rapidly adapt to new technologies and possess expertise with MS Word, PowerPoint, Excel, Access, and broad range of statistical software.
• Assisted with financial analysis, forecasting and risk assessment for a boutique investment firm, supported, collaborated with senior Financial Analyst in executing buy-sell process.
• Led the preparation and distribution of monthly financial statements and other financial reporting for management.
• Prepared variance and other analysis of results

Confidential

Information Security Analyst

• Worked with Windows and UNIX network administration teams to complete vulnerability and patch management assessments and implementation releases.
• Recommended and provided approvals for network security policies, standards and protocols to prevent unauthorized use, modification and destruction of the organization information.
• Utilized Nessus Security Center 4 (SC4) vulnerability scanning tool ensure compliance objectives are met while providing mitigation strategies and guidance for discovered vulnerabilities.
• Perform code review to push codes into production using fortify to check for buffer overflows, mistakes, weaknesses and policy violations in application’s deployment configuration files
• Performed vulnerability assessments, remediation and security hardening.
• Performed enterprise wide vulnerability assessment on the VA systems and developed Plan of Action and Milestones (POA&M).
• Developed Security Assessment Report (SAR) detailing the results of the assessment along with Plan of Action and Milestones (POA&M).
• Assisted ISSOs in reviewing and submitting Artifacts to justify POA&M Closure.
• Supported process, technical and R&D activities