SUMMARY:

• US Permanent Resident with Seven (7) years of experience in Information Technology, 5+ years of experience as a dedicated and proactive Cyber Security Analyst Goal - oriented self-starter with ability to multi-task and juggle competing priorities utilizing critical problem solving seeking a challenging position as an Expect Cyber Security Analyst/Information Security Analyst with an Organization where I can utilize my expertise and allow me an opportunity for growth while adhering to the C.I.A of the Organization
• Overall 7 years of Experience in Information Technology Industry, with 5 including Cyber Security Project Management, Assessment & Authorization Process working with Government, Healthcare, Finance and Contractor industries
• Expertise working on various projects such as completing system authorization packages including SSP, SAR, CP, PTA, PIA, and SSP
• Exposure in working in different teams (ATO Team; Contingency Planning Team; Interconnection Security team) performing tasks such as ATO Package Documents Revision, Compliance Documents Revision, POA&M Revision
• Advanced and skilled in utilizing nessus scanner for Vulnerability management, and high ability in reporting and tracking vulnerability using Jira.
• Strong ability to work under strict government contract guidelines to ensure successful project completion within limited time constraints
• Experienced in developing and updating System Security Plan (SSP), Privacy Impact Analysis (PIA), System Security Test and Evaluation (ST&E) and the Plan Of Actions and Milestones (POA&M)
• Experienced developing and maintaining security artifacts from scratch like SSP, SAR, POA&M
• Experience in the application of FISMA guidelines including the NIST special publications 800-18, 800-30, 800-37, 800-39, 800-53, 800-53A, and 800-60, FIPS 199 & 200
• Expect in creation of documents for FEDRAMP A&A process to retrieve ATO through GSA
• Thorough knowledge of all Penetration Testing phases with strong ability to perform vulnerability scanning Using Nessus scanner to intelligently manage vulnerabilities with expectation of reviewing Scanning documents for accuracy
• The ability to communicate complex security risks to non-technical staff
• Ability to work with multiple clients in a trusted advisory capacity to ensure that all PCI DSS requirements are in place and are functioning as intended with Strong Ability in preparing reports for (PCI DSS, ROC and AOC)
• Extensive experience in writing and executing Test cases and Test Scripts, mentoring customer's staff, working with overall team to meet project goals
• Knowledge of Several Computer Environments: Performed evaluation and guidance on security control implementation on multiple environments include Windows server, Windows 7, Windows XP, RedHat, Linux & Unix, Oracle, Cisco IOS, custom created applications, and COTS applications
• Extensively experienced to work with various defect tracking tools like ALM/Quality Center, Clear Quest, Jira, and thorough knowledge of entire SDLC phases
• Familiar with different standard like CMMI, IEEE and ISO standard
• Excellent Organizational ability, Communication skills, analyzing skills, technical documentation and reporting skills
• Strong communicator and skillful in working closely with customers to identify and resolve problems

PROFESSIONAL EXPERIENCE:

Confidential, Chantilly VA

System Security Analyst (Vulnerability Management)

• Assess information systems to make sure the controls are implemented correctly and performing their assigned functions following NIST 800 special publications especially NIST 800-53 and Federal Information Processing Standards (FIPS).
• Perform information system controls assessment on various platforms and devices to include Windows, Linux, UNIX operating systems, Databases and Networks devices.
• Monitor Client organization’s network and systems for security breaches or intrusion
• Support the team in time planning, prioritizing tasks, and managing resources to ensure effective delivery of resources.
• Experience reviewing security artifacts including, but not limited to, System Security Plans, inventories, screenshots of technical files, Scan data, requirement traceability matrices, control allocation tables, and security assessment reports.
• Conducted regular assessments of assigned systems to ensure renewal of systems ATO.
• Responsible for investigating and remediating alerts generated by information security monitoring/protection tools (Trend Micro, Splunk)
• Utilize splunk to proactively detect and identify suspicious activity.
• Support vulnerability management by perform vulnerability scan using tools (Nessus Security Center, Jira, Jira Confluence), retrieve scan results, researching and analyzing vulnerabilities, identifying relevant threats, providing corrective action recommendations, summarizing and reporting results.
• Teamed up with ISSO's to create and manage POA&Ms for identified system vulnerabilities and track findings to ensure that they are remediated and closured.
• Thoroughly read and review information system documents like System Security Plans (SSP), Security Assessment Reports (SAR) and Executive Summaries to ensure FISMA compliance.
• Worked as a team with co-workers to ensure that deliverables were completed with the highest quality and submitted on time as required by FISMA.
• Provide continuous monitoring support for control systems in accordance to FISMA guidelines and conduct FISMA-based security risk assessments.

Confidential, Washington, DC

Cyber Security Analyst

• Risk Management Framework (RMF) Using NIST 800-37 as a guide, assessments and Continuous Monitoring: Performed RMF assessment included initiating meetings with various System Owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls, and documenting findings of assessment.
• Knowledge of Several Computer Environments: Performed Update, Install, Configure, evaluation and guidance on security control implementation on multiple environments include Windows server, Windows 7, Windows XP, Red Hat 6/7 and Centos 6/7.
• Security Documentation: Perform updates to System Security Plans (SSP) Using NIST 800-18 as a guide to develop SSP, Risk Assessments, and Incident Response Plans, create Change Control procedures, and draft, review, update Plans of Action and Milestones (POAMs).
• POA&M Remediation: Performed evaluation of policies, procedures, security scan results, and system settings to address controls that were deemed insufficient during Certification and Accreditation (C&A), RMF, continuous monitoring, and FISCAM audits.
• Expertise in National Institute of Standards and Technology Special Publication (NIST SP) documentation: Performed assessments, POAM Remediation, and document creation using NIST SP 800-53 Rev.1 and NIST SP 800-53 rev.4.
• Developed Solution to Security weaknesses: Developed solutions to security weaknesses in the Requirement Traceable Matrix (RTM) and SAR, while working on POA&M remediation and Corrective Action Plan (CAP. Assisted ISSOs create solutions to weaknesses based on system functionality and pre-existing architecture and an Audit liaison officer with respect to respond to auditor.
• Communications between multiple clients to perform POA&M remediation for CAP remediation.
• Handled internal communications within Office of Information Security and external communications with several different divisions daily. Maintain excellent working relationships with both internal and external customers using communication skills.
• Provided services as security controls assessors (SCAs) and perform as an integral part of the Assessments and Authorizations process to include A&A scanning, documentation, reporting and analysis requirements.
• Analyzed current threats to information security and systems. Analyze security findings and data. Published reports and keeps metrics for client systems.

Confidential, Reston, VA

Quality Control Engineer

• Based on Software Development Life Cycle (SDLC) designed written and implemented Software test plans, Test design specifications and Test cases.
• Prepared Industries standard checklists and templates required for CMMI compliance QA processes for project, as well audit the project
• Develops Inspection requirements for products, work in-process and procured components.
• Performed Smoke, Functional, Integration, System, UAT, Usability testing, regression testing on the various applications
• Develop, debug, execute and maintains automated test scripts. Also ensures consistency with the manual scripts.
• Managed multiple projects using Quality Center to manage the test cases, test scripts, test results and defects for all phases of QA process.
• Developed SQL queries and stored procedures to check data integrity.
• Created SQL scripts to test the stored procedures by sending different sets of input parameters.
• Performed backend testing using SQL queries to retrieve and verify information in the database.
• Involved in converting manual test cases into automated scripts on UFT/Quick Test Pro (QTP).
• Created reusable actions in UFT/QTP to determine the environment (QA/UAT/Prod) by itself each time when we ran the scripts; which helped in running the same test scripts in various environments.
• Prepared detailed data requirements for initial and on-going tests, bugs-tracking and reporting using Test Management and Defect Tracking Tool ALM/Quality Center.
• Generated reports and graphs to provide the end results to management team using Quality Center.
• Conducted and closely interacted with clients for User Acceptance Testing (UAT).
• Generated and presented weekly project status reports with various test metrics.
• Provide testing status on daily scrum call, and create issue, track issue using JIRA

Environment: ALM/Quality Center, UFT/QTP, MS Office, MS SharePoint, Bugzilla, SQL, PL/SQL, Oracle, DB2Education & Certifications: