Cybersecurity Analyst Resume
5.00/5 (Submit Your Rating)
Streamwood, IL
SUMMARY:
Over 6 years of IT Security Assessment and Authorization; Risk Assessment and Management; Plan of Action and Milestone (POA&M) Management; Policy & Procedure creation and Management; Vulnerability Scanning and Analysis; Security Operation Center (SOC) Management, and Penetration Testing.
SKILL:
OS Platforms: Linux, Windows Server
Language: Python
EXPERIENCE:
Confidential, Streamwood, IL
Cybersecurity Analyst
Responsibilities:
- Perform (A&A) processes using NIST and observe the required 7 RMF steps.
- Ensure RMF steps are prepared from an organization and system - level perspective by determining the type of information processed, common control and system boundary.
- Create and update Security Assessment Plan, System Security Plan, and (POA&M) using CSAM and Xacta.
- Execute security controls assessments on technical, management, and operational control groups.
- Perform risk and vulnerability assessments for planned and in place information systems to identify vulnerabilities, and report findings in SAR.
- Establish assessment implementation by Examine, interview and testing security controls using NIST A as a guide.
- Perform routine support of system security programs to ensure security objectives for Confidentiality, Integrity, and Availability.
- Review system security plans (SSP), contingency plans (CP), and privacy threshold analysis documents (PTA) using NIST guidelines.
- Support information system and review ATO created with FedRAMP template.
- Perform risk assessments on a regular bases; ensure measures raised in assessments were implemented in accordance with the risk profile, and root-causes of risks were fully addressed following NIST .
Confidential, Baltimore, MD
Cybersecurity Defense Specialist
Responsibilities:
- Performed Credential/Non-credential security testing using vulnerability scanning tools such as NESSUS, WebInspect, and AppDetective.
- Scrutinize all mitigations for vulnerability, apply appropriate mitigation to systems, and report compliance in the vulnerability management tool.
- Performed all-inclusive vulnerability scan on static code using tools like FORTIFY and write reviews for management, operational and technical controls for audited applications and information systems.
- Developed Test Plans; Testing Procedures and documented test results and exceptions.
- Conducted meetings with the IT team to gather documentation and evidence about their control environment.
- Reviewed logs and provide documentation guidelines to business process owners and management using SIEM tool like SPLUNK.
- Monitored and analyze Intrusion Detection Systems (IDS/IPS) tools like Bro and Onion to identify and prevent security issues for remediation.
- Ensured that penetration testing was performed on systems to see if systems were safe from a network attack.
Confidential, Laurel, MD
Information System Security Officer
Responsibilities:
- Updated and maintained Plan of Action and Milestones (POA&M) of all accepted risks upon completion of the system (A&A).
- Utilized processes within the Security Assessment and Authorization environments such as system security categorization, development of security and contingency plans, security testing and evaluation, system accreditation and continuous monitoring.
- Developed and reviewed policy and procedure, regulations and technical advances in IT Security Management.
- Updated and reviewed security documents such as Privacy Threshold Analysis (PTA), e-Authentication, SAR, CP, CPT, and ATO.
- Reviewed Information Assurance Compliance Validation Tests and Reports.
- Assisted with analyzing, developing, implementing, integrating, and maintaining secure Agency IT solutions.
- Maintained document repository where A&A project documentation is stored.
- Responded to audit enquiries and request from the security control assessment team.