We provide IT Staff Augmentation Services!

It Cyber Security Analyst Resume

4.00/5 (Submit Your Rating)

Washington, DC

SUMMARY:

  • Skilled Information Security Analyst with expertise in risk management unauthorized access viruses and a wide range of vulnerabilities and threats. Well - versed in direct and remote analysis with strong critical thinking communication and people skills. Able to thrive in fast-paced and challenging environments where accuracy and efficiency matter.
  • A Information Assurance Risk Assessment Systems Development Life Cycle Technical Writing Project Management and Support Project evaluations Analysis and reporting ssessment and Authorization (A&A)
  • Certification and Accreditation (C&A)
  • IT Security Compliance
  • Vulnerability Assessment
  • Vulnerability Scanning
  • Database Administration
  • Information gathering

TECHNICAL SKILLS:

Microsoft WCF and .NET Framework, HP Fortified, JIRA, Nessus Vulnerability Scanner, Oracle Database, Microsoft SQL, LINUX/UNIX OS, Access, MS Project, MS Visio, and VMware, Oracle virtual box, CSAM, Accellion/WatchDox secure file solution, Microsoft SQL Server Management Studio, Xactimate, NextGen

PROFESSIONAL EXPERIENCE:

IT Cyber Security Analyst

Confidential, Washington, DC

  • Capture, document, and report discovered or suspected security, privacy, confidentiality incidents
  • Ensure cyber security policies are adhered to and that required controls are implemented
  • Validate information system security plans to ensure NIST control requirements are met
  • Assess and identify additional security issues with existing systems (that may not be explicitly identified)
  • Support systems architect and systems integrator in creating at least two to-be architectural alternatives for a new system that will meet current security requirements
  • Navigate the system, team, and customer through the Authority to Operate (ATO) process on a Secret/Classified system
  • Understand known security issues with existing systems and support design of the to-be architecture that resolves these security issues
  • Recommend tools for security scanning and testing, including network, operations, and coding
  • Recommend and create processes for security controls, processes, and best practices
  • Provide time estimates at various levels of confidence for tasks from initiation through development
  • Identify dependencies across programs, milestones, systems, and solutions
  • Coordinate effort across business, technical, and program teams

IT Security Control Assessor

Confidential, Washington, DC

  • Supported client Security policies and activities for networks, systems and applications including Vulnerability Management, Incident Reporting, Mitigation, and Continuous Monitoring
  • Prepared Security Assessment and Authorization (SA&A) packages for information systems in compliance with Federal Information Security Management Act (FISMA) utilizing National Institute of Standards and Technology (NIST) Special Publications (SP) 800 series
  • Worked closely with the Office of Chief Information Security Officer to keep the systems complaint with information system continuous monitoring reporting requirements
  • Prepared and update system security plans on a regular basis to provide an accurate up to date overview of the information systems
  • Prepared information system categorization for information systems using Federal Information Processing Standard Publication and NIST SP
  • Conducted security control assessment; prepare security assessment plans, reports, and plan of action and milestones
  • Prepared privacy threshold analysis and privacy impact assessment utilizing e-Government act of 2002
  • Prepared business impact assessment and contingency plans; provide contingency plan training and testing
  • Developed procedures and methodologies for Security Authorization activities
  • Reviewed application change requests to assess security impacts to the application and organization
  • Conducted compliance reviews of the security authorization packages prepared by other organizations and provide a report to the office of the Chief Information Officer (CIO)
  • Reviewed security logs to ensure compliance with policies and procedures and identifies potential anomalies
  • Managed vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple assets across the enterprise network
  • Reviewed SAR post assessment; created and completed POAM's milestones to remediate findings and vulnerabilities
  • Updated, reviewed, and aligned SSP to the requirements in NIST, rev4; so that assessments can be done against the actual requirements and not ambiguous statements
  • Monitored security controls post authorization to ensure continuous compliance with the security requirements

IT Security Analyst

Confidential, Beltsville, MD

  • Supported the full life-cycle of the Assessment and Authorization (A&A) process
  • Developed, reviewed, and updated Information Security System Policies, System Security Plans, and Security baselines in accordance with NIST, FISMA, OMB App. III A-130 and industry best security practices
  • Applied appropriate information security control for Federal Information System based on NIST rev1, SP, FIPS 199, FIPS 200 and OMB A-130 Appendix III
  • Formatted, customizing, and providing feedback for documentation relating to Information Assurance & IT Security Vulnerability
  • Provided security expertise and guidance in support of security assessments.
  • Reviewed authorization documentation for completeness and accuracy for compliance
  • Executed examine, interview, and test procedures in accordance with NIST SP A Revision 4
  • Developed resultant SCA documentation, including but not limited to the Security Assessment Report (SAR)
  • Authored recommendations associated with findings on how to improve the customer's security posture in accordance with NIST controls
  • Assisted team members with proper artifact collection and detail to clients examples of artifacts that will satisfy assessment requirements
  • Updated and reviewed A&A Packages to include Core Docs, Policy & Procedures, Operations and Maintenance Artifacts, SSP, SAR, FIPS 200, FIPS 199, POA&M, CPTPR, BIA, PTA, PIA, and more
  • Collected Operation and Maintenance artifacts on an ongoing basis so that Security Control Assessment (SCA) is seamless
  • Uploaded supporting docs in the System's Artifact Libraries, Google Docs, and CSAM

IT Security Analyst

Confidential, Elkridge, MD

  • Investigated use and configuration organizationally of multiple business process tools, and create gap analysis on current solution vs. ideal solution
  • Communicated analysis, design, and specifications both functional and technical to all supporting organizations
  • Collaborated and direct efforts within Quality Assurance to ensure desired results
  • Developed innovative solutions to meet the needs of the business that can be reused across the enterprise creating the environment for consolidation of tools to robust, customizable solutions
  • Supported client Security policies and activities for networks, systems and applications including Vulnerability Management, Incident Reporting, Mitigation, and Continuous Monitoring
  • Supported all Assessment and Authorization (A&A) phases and processes
  • Supported the full life-cycle of the Assessment and Authorization (A&A) process
  • Developed, reviewed, and updated Information Security System Policies, System Security Plans, and Security baselines in accordance with NIST, FISMA, OMB App. III A-130 and industry best security practices

Subrogation Advocate Associate

Confidential, Columbia, MD

  • Used the NextGen Information System Portal to assign claim ID numbers to each claim issue and manage the lifecycle of claim files
  • Worked independently to research solutions, prioritizing responsibilities, and managing workloads in order to resolve claim issues
  • Monitored, analyzed, and evaluated open/closed claim issues and develop courses of action for subrogation opportunities
  • Created assignment tickets using the Xactimate software system for 3 party vendors to perform repairs and services
  • Worked collaboratively with a team on a case by case basis to retrieve the best return of satisfaction to impact business goals and objectives
  • Develop procedures, prepare presentations, and correspondence to present to executive level management
  • Performed claim issue review and analysis to determine which claims present the best likelihood of success in recovery of fees as a result of a negligent third party
  • Performed basic and advanced levels of document review, legal research, and case management
  • Collected evidence, prepared correspondence and pursued subro-able interests on the company's behalf
  • Assumed responsibility for all subrogation pursuit on claim issues that have been identified as possessing "subro" potential
  • Logged and maintained all subrogation issues in NextGen to provide an efficient and productive resource saving time and money

We'd love your feedback!