EXPERIENCE SUMMARY:

• Over 8 years of experience in Information Technology, 6 years experience as Security Analyst, Data Protection and Privacy, RMF, Security Management & Operations, Vulnerability scanning, Security testing, Certification and Accreditation (A&A), Project Management, Change Management, NIST 800 - 53 rev1 and rev4 and NIST SP 800-37 rev 1, 800-18, 800-53 rev 3 and rev 4, NIST 800-34,NIST 800-53A rev4, FIPS 199, 200, FISMA,OMB, SecurityContent Automation Protocol, NIST family ofsecuritycontrols, POA&M, A&A Package, ATO package which includes (SSP, SAR and POA&M),
• Incident and Contingency planning, Knowledge of ISO 27001 and ISO 2702SecurityStandards and Controls, Knowledge of the System Development Life Cycle (SDLC), Risk management, Costs planning and, Project scheduling and Planning, General Management, Communication, Fed RAMP packages, Negotiation, Mediation Facilitation, Leaderships and Organization.
• Excellent communication skills and a great team player wif a fast learning curve, who can work perfectly under very stressful conditions where speed and accuracy are necessary for mission critical databases. Self-motivated and exceed ongoing and overlapping deadlines in fast-paced environments.

PROFESSIONAL EXPERIENCE

Senior Information Security Analyst

Confidential, Bethesda, MD

Responsibilities:

• Experienced developing and maintaining security artifacts from scratch like SSP, SAR, and POA&M.
• Experience in the application of FISMA guidelines including the NIST special publications 800-18, 800-30, 800-37, 800-39, 800-53, 800-53A, and 800-60
• Understanding of the NIST Supplemental guidance for Ongoing Authorization
• Experienced selecting security controls for a Low, Medium and High systems from NIST 800-53rev 3 and 4
• Experience in performing gap analysis between NIST 800-53rev3 and NIST 800-53rev4.
• Worked wif business process owners to ensure timely identification and remediation of jointly owned risk related issues and action plans.
• Managed the development of System Security Authorization Agreements and performed threat vulnerability assessments and provided security test and evaluation support.
• Development and maintenance of Plan of Action & Milestones (POA&M)
• Provided input to management on appropriate FIPS 199 impact level designations and identify appropriate security controls based on characterization of the general support system or major applications.
• Oversaw the preparation of a Comprehensive and Executive Certification & Accreditation (C&A) packages for submission to the Information Assurance Program Office for approval of an Authorization to Operate (ATO).
• Reviewed security controls and provided implementation responses as to if/how the systems are currently meeting the requirements.
• Ensure customers are in compliance wif security policies and procedures following NIST 800-53 and NIST 800-53A.
• Perform specific quality control for packages validation on the SP, RA, RTM, PIA, SORN, E-autantication assessment and FIPS-199 categorization

Information Security Analyst

Confidential, Fort Lee, NJ

Responsibilities:

• Strong understanding of Plan of Action and Milestone Process (POA&M) and Remediation procedures
• Solid understanding of Access Control, Audit and Accountability, Configuration Management, and, Identification and Autantication control families in NIST SP 800-53.
• Planed, assigned and performed security validation review for C&A documentation, and supervised team members. Developed NIST-compliant vulnerability assessments, technical documentation, and Plans of Action and Milestone (POA&M), and address system weaknesses.
• Provided POA&M Quality and Management (review, update and validate on behalf of the CISO. Reviewed and uploaded deliverables in C&A repositories TAF and RMS.
• Performed Security Categorization (FIPS 199), Privacy Threshold Analysis (PTA),
• E-Autantication wif business owners selected stakeholders.
• Developed and conducted Security Test and Evaluation (ST&E) according to NIST SP 800-53A rev 3 and rev 4.
• Assisted wif review of policy, security alerts, guidance, regulations and technical advances in IT Security Management
• Utilized processes wifin the Security Assessment and Authorization environment such as system security categorization, development of security and contingency plans, security testing and evaluation, system accreditation and continuous monitoring.
• Contributed to initiating FISMA metrics such as Annual Testing, POA&M Management, and Program Management.
• Develop and maintain policy and procedures includes SSP, CP and RAR
• Experience in developing SAP, ST&E for assessment using NIST 800-53A rev4.
• Understanding of the NIST Supplemental guidance for Ongoing Authorization
• Experienced selecting security controls for a Low, Medium and High systems from NIST 800-53rev 3 and 4
• Experience wif NIST SP 800-115 for conducting technical assessment.
• Developed Ongoing Authorization Process for all systems.
• Performed Risk Assessment after assessing each system.
• Experience in routing ATO packages to the AO.
• Helped ensure a system gets its ATO.
• Worked on assessing privacy controls.
• Experience reviewing FedRAMP packages to make sure they are FISMA compliant.
• Experience in performing gap analysis between NIST 800-53rev3 and NIST 800-53rev4..

Information Security Analyst

Confidential, Hartford, CT

Responsibilities:

• Performed Security Categorization (FIPS 199), Privacy Threshold Analysis (PTA),
• E-Autantication wif business owners selected stakeholders.
• Developed and conducted Security Test and Evaluation (ST&E) according to NIST SP 800-53A rev 3 and rev 4.
• Carried continuous monitoring after authorization (ATO) to ensure continuous compliance wif the security requirements.
• Develop Security Assessment Plan (SAP) to initiate Security Assessment for low, moderate and high control information systems.
• Update IT security policies, procedures, standards, and guidelines according to department and federal requirements.
• Reviewed and updated some of the system categorization using FIPS 199.
• Conduct Security Control Assessment on General Support Systems (GSS), Major Applications and Systems to ensure dat such Information Systems are operating wifin strong security posture.
• Developed policy and procedural controls relating to Management, Operational and Technical Controls for the Organization.
• Designate systems and categorize its C.me.A using FIPS 199 and NIST SP 800-60
• Develop and update System Security Plan (SSP), Privacy Impact Analysis (PIA), System SecurityTest and Evaluation (ST&E) and the Plan Of Actions and Milestones (POA&M)
• Develop, review and update Information Security System Policies, System Security Plans (SSP), and Security baselines in accordance wif NIST, FISMA, OMB, NIST SP 800-18 and industry best security practices.
• Experienced developing and maintaining security artifacts from scratch like SSP, SAR, POA&M.
• Experience in the application of FISMA guidelines including the NIST special publications 800-18, 800-30, 800-37, 800-39, 800-53, 800-53A, and 800-60

Oracle Database Administrator

Confidential, Silver spring, MD

Responsibilities:

• Troubleshooting backup/recovery issues
• Cloning and Refresh using RMAN
• Implementing database changes - schema, configuration etc
• Patching databases - CPU/PSU/Security Patches
• Performance tuning of long SQL queries
• Set up of Data Guard for High Availability databases
• Auditing databases for use of privileged access
• Performing database switch over for maintenance
• Planning and implementing RMAN backup policies
• Monitoring and troubleshooting database jobs and cron jobs
• Shell scripting for monitoring database health

TECHNICAL SKILLS

Platforms: RHEL 5.X/4.X, Windows 7/8/8.1/10, Windows Server 2012 R2, Windows 2016 nano server, UNIX (Solaris, HP-UX),Linux (Red Hat,Ubuntu), Mac OS, Android, iOS.

Tools: SQL*Loader, TKPROF, Toad, OEM, Toad EXPLAIN PLAN, STATSPACK, AWR, ADDM, ASH, SQL, Developer, Grid Control, MS PowerShell, Symantec Endpoint Protection, Command Workstation, VMware, MS Hyper-V Microsoft Office Suite (Word,Excel, Access, Powerpoint,Outlook), Snort, Splunk, Wireshark, CSAM, NESSUS

Networking: LAN / WAN Administration,VPN, TCP/IP, Novell, SMS/SQL, NAT, Subnetting, Cisco Routers & Switches, Firewall, Encryption, Windows active director

Protocols: IPSec, DNS, SSH, TLS, SSL, TCP/IP, HTTPS, SCP, ICMP, IPv4, IPv6, FTP, Telnet, SFTP, LDAP