PROFILE:

• Skilled Information Security Analyst with expertise in risk management framework (RMF), systems development life cycle (SDLC), risk management, and vulnerabilities management of a wide range of vulnerabilities and threats.
• Well - versed in direct and remote analysis with strong critical thinking communication and people skills.
• Able to thrive in fast-paced and challenging environments where accuracy and efficiency matter.
• Recommended IT security improvements, to achieve systems Confidentiality, Integrity and Availability
• Assisted the system owners and ISSO in the preparation of Assessment and Authorization (A&A) package for Information systems and developed Security Test and Evaluation controls (ST&E) on select system
• Over 5 years’ experience in providing IT security expertise and guidance in support of security assessments and continues monitoring for government (FISMA & NIST) and commercial clients
• A proven project and A&A team lead
• Excellent communication skills and analytical ability
• Excellent written, proofreading, and verbal communication skills
• Detail oriented, organized with the ability to multi-task

SKILL:

• Ability to establish and maintain effective working relationships with clients and co-workers
• Skills in interviewing users to help analyze and resolve issues
• Strong organizational, analytical and planning skills
• Ability to read and interpret system security policies, rules and regulations
• Ability to communicate security and risk-related concepts to both non-technical and technical audiences
• Strong communication (verbal & written) and presentation skills

FUNCTIONAL AREAS OF EXPERTISE INCLUDE:

• Assessment and Authorization (A&A)
• IT Security Compliance
• Vulnerability Assessment
• Vulnerability Scanning
• Security Test and Evaluation (ST&E) and Accreditation (C&A)
• Risk Assessment
• Systems Development Life Cycle
• Technical Writing
• Project Management and Support

TECHNICAL SKILLS:

Nessus Vulnerability Scanner, Mac, Microsoft Windows, Excel, Word, PowerPoint, Access, MS Project, MS Visio, and VMware, Oracle virtual box, CSAM, Accellion/WatchDox secure file solution.

PROFESSIONAL EXPERIENCE:

IT Security Analyst

Confidential, Beltsville, MD

Responsibilities:

• Supported client Security policies and activities for networks, systems and applications including Vulnerability Management, Incident Reporting, Mitigation, and Continuous Monitoring
• Supported all Assessment and Authorization (A&A) phases and processes
• Proven ability to support the full life-cycle of the Assessment and Authorization (A&A) process
• Developed, reviewed, and updated Information Security System Policies, System Security Plans, and Security baselines in accordance with NIST, FISMA, OMB App. III A-130 and industry best security practices
• Applied appropriate information security control for Federal Information System based on Confidential rev1, SP, FIPS 199, FIPS 200 and OMB A-130 Appendix III
• Direct experience with formatting, customizing, and providing feedback for documentation relating to Information Assurance & IT Security Vulnerability
• Provided security expertise and guidance in support of security assessments.
• Supported A&A (C&A) activities according to the A&A project plan
• Review, analyze and evaluate business system and user needs, specifically in Authorization and Accreditation (A&A)
• Perform internal audits of the systems prior to third party audits
• Reviewed authorization documentation for completeness and accuracy for compliance
• Facilitated Security Control Assessment (SCA) and Continuous Monitoring Activities
• Executed examine, interview, and test procedures in accordance with Confidential SP A Revision 4
• Ensured cyber security policies are adhered to and that required controls are implemented
• Validated information system security plans to ensure Confidential control requirements are met
• Developed resultant SCA documentation, including but not limited to the Security Assessment Report (SAR)
• Authored recommendations associated with findings on how to improve the customer’s security posture in accordance with Confidential controls
• Assisted team members with proper artifact collection and detail to clients examples of artifacts that will satisfy assessment requirements
• Reviewed security logs to ensure compliance with policies and procedures and identifies potential anomalies
• Updated and reviewed A&A Packages to include Core Docs, Policy & Procedures, Operations and Maintenance Artifacts, SSP, SAR, FIPS 200, FIPS 199, POA&M, CPTPR, BIA, PTA, PIA, and more
• Collected Operation and Maintenance artifacts on an ongoing basis so that Security Control Assessment (SCA) is seamless
• Uploaded supporting docs in the System’s Artifact Libraries, Google Docs, and CSAM
• Updated, reviewed, and aligned SSP to the requirements in NIST, rev4; so that assessments can be done against the actual requirements and not ambiguous statements
• Managed vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple assets across the enterprise network
• Reviewed SAR post assessment; created and completed POAM’s milestones to remediate findings and vulnerabilities
• Monitored security controls post authorization to ensure continuous compliance with the security requirements

IT Security Analyst

Confidential, Washington, DC

Responsibilities:

• Supported client Security policies and activities for networks, systems and applications including Vulnerability Management, Incident Reporting, Mitigation, and Continuous Monitoring
• Supported all Assessment and Authorization (A&A) phases and processes
• Proven ability to support the full life-cycle of the Assessment and Authorization (A&A) process
• Managed vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple assets across the enterprise network
• Reviewed SAR post assessment; created and completed POAM’s milestones to remediate findings and vulnerabilities
• Monitored security controls post authorization to ensure continuous compliance with the security requirements
• Developed, reviewed, and updated Information Security System Policies, System Security Plans, and Security baselines in accordance with NIST, FISMA, OMB App. III A-130 and industry best security practices

Project Manager (Intern)

Confidential, Upper Marlboro, MD

Responsibilities:

• Assisted and supported division(s) in development of business projects, Business Communications, Analytics, and General Business
• Prepare spreadsheets with data interpretation
• Performed related duties in support of project efforts, such as design, monitoring, data extraction, research and reporting in areas of performance monitoring, outcomes and compliance with policies and rules.
• Provided support with project meetings by scheduling project meetings, assisting with project documentation, documenting meeting minutes, and project action/task items.
• Created and analyzed process workflows to increase efficiency with cross-functional divisions and departments; communicate project/program manager requirements; analyzing data trends, and creating reports.