- SQA Testing & Methodologies;
- Test Plans, Cases & Processes
- Testing Tools - QTP, Selenium, Test Director, Quality Center
- Functional Testing, Autosys
- Data Driven and System Testing
- Regression & Negative Testing
- UI & Compatibility Testing
- Data Interface & Migration Testing
- End-to-End User Acceptance Testing
- Defect/Bug Tracking
- QA & QC Standards
- Metrics and Dashboards
- Windows, Unix (AIX)
Cyber Security Risk Analyst
Confidential, Washington DC
- Perform Analysis on the assigned systems utilizing documents provided in Intake Form.
- Apply information security in accordance with VA directives security policy including NIST SP 800-30, NIST 800-37, NIST 800-53a
- Assess the VA medical devices VA 6550 requirements and MDS2 and record the security impacts on the VA Network. Record the Accepted Mitigating Factors for the VA Medical device
- Support program and customer management, and government Authorizing Official (AO) for all information security status, policies, and procedures
- Assist government personnel in preparing and presenting Enterprise Risk assessment report packages to the Control Assessor (SCA).
- Verify if the system topology diagrams match with the ports and protocols.
- Review the system inventory to ensure it matches the system analysis.
- Analyze the system and co-ordinate with the system owners to determine the system risks.
- Document and communicate any high-risk systems.
- Involved in the preparation of Risk analyst SOP.
- Track the changes and update the Master record for weekly system status
- Submit a LEAF request for the analyzed system for approval from the authorizing officer.
Confidential, Baltimore, MD
- Manage system information and categorization based on SP 800-60, FIPS 199 controls baseline
- Develop Security control baseline and test plans to assess security controls
- Manage Process Plans of Action and Milestones (POA&Ms) and Risk Acceptance documentation
- Maintain Security Impact Analysis document
- Review POA&Ms and Risk Acceptance documentation for clarity, detail, and technical accuracy
- Tested the Drupal Active directory integration procedure
- Follow security compliance creating user ID, roles and responsibilities reporting along with testing different user roles and there corresponding privileges
- Identify risks in security systems and collaborate with technical experts to resolve security issues
- Manage vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple asset across the enterprise network
- Implement, examine, interview and test procedures in accordance with NIST SP 800-53A Revision 4 created and completed POA&Ms milestones to remediate findings and vulnerabilities
- Independently review complex security analysis of existing systems for compliance with security requirements
- Monitor security controls post authorization to ensure continuous compliance with the security requirements
- Understanding of the NIST National Vulnerability Database (NVD) and CVSS scoring.
- Understanding in tracking and patching software vulnerabilities
- Communicate with my ISSOs on continuous monitoring activities related to Plan of Action and Milestone closures, waivers and exception coordinating with the client on identifying false positives and suggesting remediation strategies
Confidential, Herndon VA
- Managed tests within an agile continuous integration environment and facilitated user stories grooming sessions
- Analyzed Business Requirements (BR) and Application design documents and created Traceability Matrix interlinking the test requirements and test cases
- Performed Functional, GUI, Integration, Regression and System Testing.
- Created, executed and verified database test scenarios, test cases in HP Quality Center
- Managed defect tracking and bug reporting through Quality Center.
- Maintained regression test cases to reuse them for periodic releases
- Identified risks in security systems and aided in resolution
- Managed vulnerability scans and reviews vulnerability assessment reports
- Defined, implemented and maintained corporate security policies and systems specific security documentation for multiple information systems
- Recommended modifications to systems and software to ensure alignment with organizational risk tolerance