SUMMARY:

• Over six years working Knowledge of Cyber Security, FedRAMP, RMF, Security Analyst, Privacy and Data. Protection, Security Management & Operations, Vulnerability scanning, Security testing, Certification and Accreditation (A&A), NIST 800 - 53 rev1 and rev4 and NIST SP 800-37 rev 1, 800-18, 800-53 rev 3 and 800-34, FIPS, FISMA, Security Content Automation Protocol, NIST family of security controls, POA&M, A&A Package, Incident and Contingency planning, Knowledge of Security Standards and Controls, Research Analysis, Risk management, Costs planning and, Project scheduling and Planning.
• Three years of Computer Support Technician with work experience in the administration, configuration, troubleshooting and installation of network systems. Strong hands on technical knowledge of firewalls, LAN/WAN network systems and infrastructures, WIN7, WIN8, WIN10, Servers Desktop and laptop expert Microsoft Office Suite.

TECHNICAL QUALIFICATIONS:

Operating Systems: Windows 7, Windows 8, Windows 10

Software Applications: MS Office Suite; installing drivers; virus removal software (i.e. toolkits); Ant - virus (Norton, MSE. Windows)

Technology: Internet Applications, Words, Excel, MS Project and PowerPoint, MS Visio, Access, SharePoint, Nessus, CSAM

WORK EXPERIENCE:

Confidential, Laurel, MD

System Security Officer

Responsibilities:

• Preform detail Security Assessment on HUBZone, DataPipe, Salesforce and MS Azure cloud systems by ensuring that costumer responsibility statement and FedRAMP packages are well implemented.
• Preform continuous monitoring on the AWS, HUBZone, DataPipe, Salesforce and MS Azure cloud systems, remediating all vulnerability and closing of all open POA&Ms.
• Develop deliverables associated with a FedRAMP security authorization package (System Security Plan, Information System Contingency Plan, Security Assessment Plan, Security Assessment Report, Authorization to Operate (ATO), Risk Assessment Report, Business Impact Analysis, Privacy Impact Analysis, Contingency Plan, Contingency Plan Testing and Plan of Action & Milestones (POA&Ms).
• Work closely with Engineer to deliver FedRAMP requirements and perform FedRAMP advisory engagements to ensure mitigation of System findings, updating POA&Ms.
• Work with clients to produce FedRAMP-compliant System Security Plans and all required documents. Assisting clients with the maintenance and monitoring of controls and required FedRAMP artifacts and submissions.
• Establish, monitor, and re-assess systems Plan of Action and Milestones (POA&Ms) to effectively address systems weakness or vulnerabilities.
• Provide ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, OMB, FISMA.
• Perform and manage C&A tasks, including FIPS 199 categorization, selecting of security controls using NIST 800 53 as a guide, writing of implementation statements and assessment.
• Work with the client, SaaS providers and internal development team to identify security gaps and resolve them to protect client data
• Review all preexisting systems categorization using FIPS 199 and NIST 800 60 vl.2 as a guide to ensure all details and relevant information are captured.
• Preparing & overseeing documentation for systems that need decommissioning, ATO extensions, System migrations and Standalone accreditations.
• Collaborate with Information System Owners, Joint Staff Admins, A&A personnel to ensure all necessary IA documentation are provided for major transition to the Cloud System.
• Collaborate with Engineers to ensure mitigation of System findings, updating POA&MS, and backing up packages in event of System outages.
• Establish, monitor, and re-assess systems Plan of Action and Milestones (POA&Ms) to effectively address systems weakness or vulnerabilities.
• Work closely with System Owners and Technical Point of Contacts for assigned systems to develop and/or maintain the following Security Assessment & Authorization Artifacts: System Security Plan, Risk Assessment Report, Business Impact Analysis, Privacy Impact Analysis, Contingency Plan, Contingency Plan Testing and Plan of Action & Milestones (POA&Ms).

Confidential, Glenarden, MD

Information Security Analyst

Responsibilities:

• Develop and update System Security Plan, Privacy Impact Analysis, System Security Test and Evaluation and the Plan of Actions and Milestones (POA&M)
• Reviewed policy and procedural controls relating to Management, Operational and Technical Controls for the Organization.
• Update IT security policies, procedures, standards, and guidelines according to department and federal requirements.
• Carried continuous monitoring after authorization (ATO) to ensure continuous compliance with the security requirements.
• Conducted kick-off meetings to collect systems information and categorize systems based on NIST SP 800-60 vl2. Met with the system team to collect evidence, develop test plans and procedures and document test results.
• Created and updated the following Security Assessment and Authorization, artifacts; FIPS 199, Risk Assessments Report, Privacy Threshold Analysis, Privacy Impact Analysis, Contingency Plan, Security Test and Evaluations, E-Authentication, Plan of Action and Milestones (POA&Ms).
• Preform detail Security Assessment on HUBZone, DataPipe, Salesforce and MS Azure cloud systems by ensuring that costumer responsibility statement and FedRAMP packages are well implemented.
• Preform continues monitoring on the HUBZone, DataPipe, Salesforce and MS Azure cloud systems, remediating all vulnerability and closing of all open POA&Ms.
• Conducted FISMA complaint security control assessments to ascertain the adequacy of management, operational, technical privacy controls.
• Interviewed ISSOs, System Owners System Engineers and reviewed existing system documentations to make an objective assessment if the system complied with established
• Presented diligence findings to senior management through both written reports and oral presentations, focused on the key issues impacting project requirements and execution.

Confidential, Rockville, MD

Information Security Analyst

Responsibilities:

• Assist System Owners and ISSO in preparing Assessment and Authorization Package for IT systems, ensured management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53.
• Initiate, coordinate and track the patching and remediation of security weaknesses as they are discovered, via a "Plan of Actions and Milestones" (POA&M).
• Participate in the development or revision of system-specific security safeguards and local operating procedures that are based on NIST and industry leading cyber security practices.
• Communicate and enforce security policies, procedures and safeguards for all system and staff, based upon NIST.
• Developed Security Authorization documents and ensures System Security Plan, Security Assessment Plan, Plan of Action and Milestones (POA&M), Contingency Planning and artifacts are maintained and updated in accordance with NIST guidelines.
• Work with the client, SaaS providers and internal development team to identify security gaps and resolve them to protect client data.
• Reviews and maintain information assurance policies, procedures, and Certification & Accreditation of systems.
• Assists System Administrators in security, analyses, and risk/vulnerability assessments.
• Establishing, monitoring, and re-assessing systems Plan of Action and Milestones (POA&Ms) to effectively address sy1stems weakness or vulnerabilities.
• Work closely with System Owners for assigned systems to develop and/or maintain the following Security Assessment & Authorization Artifacts: System Security Plan, Risk Assessment Report, Business Impact Analysis, Privacy Impact Analysis, Contingency Plan, Contingency Plan Testing and Plan of Action & Milestones (POA&Ms).
• Maintain A&A project documentation in CSAM and update the documents on an annual basis as part of the continuous monitoring RMF requirement. Perform independent compliance reviews, tracking, and continuous monitoring of RMF A&A packages.
• Advise and assist with the Lifecycle Assessment and Authorization process and developing a Systems Security Plan.