We provide IT Staff Augmentation Services!

It Security Analyst Resume

Beltsville, MD

PROFILE:

  • Skilled Information Security Analyst with expertise in risk management framework (RMF), systems development life cycle (SDLC), risk management, and vulnerabilities management of a wide range of vulnerabilities and threats.
  • Well - versed in direct and remote analysis with strong critical thinking communication and people skills.
  • Able to thrive in fast-paced and challenging environments where accuracy and efficiency matter.
  • Recommended IT security improvements, to achieve systems Confidentiality, Integrity and Availability
  • Assisted the system owners and ISSO in the preparation of Assessment and Authorization (A&A) package for Information systems and developed Security Test and Evaluation controls (ST&E) on select system
  • Over 5 years’ experience in providing IT security expertise and guidance in support of security assessments and continues monitoring for government (FISMA & NIST) and commercial clients
  • A proven project and A&A team lead
  • Excellent communication skills and analytical ability
  • Excellent written, proofreading, and verbal communication skills
  • Detail oriented, organized with the ability to multi-task

SKILL:

  • Ability to establish and maintain effective working relationships with clients and co-workers
  • Skills in interviewing users to help analyze and resolve issues
  • Strong organizational, analytical and planning skills
  • Ability to read and interpret system security policies, rules and regulations
  • Ability to communicate security and risk-related concepts to both non-technical and technical audiences
  • Strong communication (verbal & written) and presentation skills

FUNCTIONAL AREAS OF EXPERTISE INCLUDE:

  • Assessment and Authorization (A&A)
  • IT Security Compliance
  • Vulnerability Assessment
  • Vulnerability Scanning
  • Security Test and Evaluation (ST&E) and Accreditation (C&A)
  • Risk Assessment
  • Systems Development Life Cycle
  • Technical Writing
  • Project Management and Support

TECHNICAL SKILLS:

Nessus Vulnerability Scanner, Mac, Microsoft Windows, Excel, Word, PowerPoint, Access, MS Project, MS Visio, and VMware, Oracle virtual box, CSAM, Accellion/WatchDox secure file solution.

PROFESSIONAL EXPERIENCE:

IT Security Analyst

Confidential, Beltsville, MD

Responsibilities:

  • Supported client Security policies and activities for networks, systems and applications including Vulnerability Management, Incident Reporting, Mitigation, and Continuous Monitoring
  • Supported all Assessment and Authorization (A&A) phases and processes
  • Proven ability to support the full life-cycle of the Assessment and Authorization (A&A) process
  • Developed, reviewed, and updated Information Security System Policies, System Security Plans, and Security baselines in accordance with NIST, FISMA, OMB App. III A-130 and industry best security practices
  • Applied appropriate information security control for Federal Information System based on Confidential rev1, SP, FIPS 199, FIPS 200 and OMB A-130 Appendix III
  • Direct experience with formatting, customizing, and providing feedback for documentation relating to Information Assurance & IT Security Vulnerability
  • Provided security expertise and guidance in support of security assessments.
  • Supported A&A (C&A) activities according to the A&A project plan
  • Review, analyze and evaluate business system and user needs, specifically in Authorization and Accreditation (A&A)
  • Perform internal audits of the systems prior to third party audits
  • Reviewed authorization documentation for completeness and accuracy for compliance
  • Facilitated Security Control Assessment (SCA) and Continuous Monitoring Activities
  • Executed examine, interview, and test procedures in accordance with Confidential SP A Revision 4
  • Ensured cyber security policies are adhered to and that required controls are implemented
  • Validated information system security plans to ensure Confidential control requirements are met
  • Developed resultant SCA documentation, including but not limited to the Security Assessment Report (SAR)
  • Authored recommendations associated with findings on how to improve the customer’s security posture in accordance with Confidential controls
  • Assisted team members with proper artifact collection and detail to clients examples of artifacts that will satisfy assessment requirements
  • Reviewed security logs to ensure compliance with policies and procedures and identifies potential anomalies
  • Updated and reviewed A&A Packages to include Core Docs, Policy & Procedures, Operations and Maintenance Artifacts, SSP, SAR, FIPS 200, FIPS 199, POA&M, CPTPR, BIA, PTA, PIA, and more
  • Collected Operation and Maintenance artifacts on an ongoing basis so that Security Control Assessment (SCA) is seamless
  • Uploaded supporting docs in the System’s Artifact Libraries, Google Docs, and CSAM
  • Updated, reviewed, and aligned SSP to the requirements in NIST, rev4; so that assessments can be done against the actual requirements and not ambiguous statements
  • Managed vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple assets across the enterprise network
  • Reviewed SAR post assessment; created and completed POAM’s milestones to remediate findings and vulnerabilities
  • Monitored security controls post authorization to ensure continuous compliance with the security requirements

IT Security Analyst

Confidential, Washington, DC

Responsibilities:

  • Supported client Security policies and activities for networks, systems and applications including Vulnerability Management, Incident Reporting, Mitigation, and Continuous Monitoring
  • Supported all Assessment and Authorization (A&A) phases and processes
  • Proven ability to support the full life-cycle of the Assessment and Authorization (A&A) process
  • Managed vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple assets across the enterprise network
  • Reviewed SAR post assessment; created and completed POAM’s milestones to remediate findings and vulnerabilities
  • Monitored security controls post authorization to ensure continuous compliance with the security requirements
  • Developed, reviewed, and updated Information Security System Policies, System Security Plans, and Security baselines in accordance with NIST, FISMA, OMB App. III A-130 and industry best security practices

Project Manager (Intern)

Confidential, Upper Marlboro, MD

Responsibilities:

  • Assisted and supported division(s) in development of business projects, Business Communications, Analytics, and General Business
  • Prepare spreadsheets with data interpretation
  • Performed related duties in support of project efforts, such as design, monitoring, data extraction, research and reporting in areas of performance monitoring, outcomes and compliance with policies and rules.
  • Provided support with project meetings by scheduling project meetings, assisting with project documentation, documenting meeting minutes, and project action/task items.
  • Created and analyzed process workflows to increase efficiency with cross-functional divisions and departments; communicate project/program manager requirements; analyzing data trends, and creating reports.

Hire Now