SUMMARY

• Detailed knowledge of security tools, technologies and best practices with more emphasis on FISMA/NIST, FedRAMP and Sarbanes - Oxley 404.
• Over five years of experience in system security monitoring, auditing and evaluation, C&A, cloud services and Risk Assessment of GSS (General Support Systems) and MA (Major Applications).
• Perform Certification and Accreditation documentation in compliance with company standards.
• Develop, review and evaluate System Security Plan based NIST Special Publications
• Perform comprehensive assessments and write reviews of management, operational and technical security controls for audited applications and information systems
• Develop and conduct ST&E (Security Test and Evaluation) according to NIST SP 800-53A
• Compile data to complete Residual Risk Report and to insert contents into the POA&M
• Strong knowledge in Cloud concept
• Ability to multi-task, work independently and as part of a team
• Strong analytical and quantitative skills
• Effective interpersonal and verbal/written communication skills

TECHNICAL SKILLS

Security Technologies: Retina Network Security Scanner, Nessus, Nmap, Nsat, Anti-Virus Tools

Systems: Unix-Based Systems, Windows 9X/NT/2000/XP

Networking: LANs, WANs, VPNs, Cisco Routers/Switches, Firewalls, TCP/IP

Software: MS Office (Word, Excel, PowerPoint, Access, Outlook)

PROFESSIONAL EXPERIENCE

Confidential, Chevy Chase, MD

Lead Security Analyst

Responsibilities:

• Create and update System Security Plan (SSP), Risk Assessment (RA), Privacy Threshold Analysis, Privacy Impact Assessment (PIA), SORN, MOU, ISAs, Incidence Response, IT Policies and Procedures, User Guide, Rules of Behavior and Integrated Inventory Workbook.
• Analyze System Security test and Evaluation (ST&E) and the Plan Of Actions and Milestones (POA&M)
• Assist System Owners and ISSO in preparing certification and Accreditation package for companies IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security
• Perform Vulnerability Assessment. Make sure that risks are assessed, evaluated and a proper actions have been taken to limit their impact on the Information and Information Systems
• Create standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages
• Conduct IT controls risk assessments that include reviewing organizational policies, standards and procedures and provides advice on their adequacy, accuracy and compliance with the Payment Card Industry Data Security Standard
• Perform IT risk assessment and document the system security keys controls
• Meet with IT team to gather evidence, develop test plans, testing procedures and document test results and exceptions
• Design and Conduct walkthroughs, formulate test plans, test results and develop remediation plans for each area of the testing
• Develop a Business Continuity Plan and relationship with outsourced vendors
• Develop a Configuration Management Plan and Contingency Plan.
• Create update Standard Operating Procedure (SOP) for process flows and quality enhancements
• Ensure compliance to guidance, standards and regulations such as NIST Special Publications, FIPS, FedRAMP, and other federal regulations and policies

Confidential, Washington, DC

IT Security Analyst

Responsibilities:

• Analyzed and updated System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan Of Actions and Milestones (POA&M)
• Assisted System Owners and ISSO in preparing certification and Accreditation package for companies IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53 R4
• Designated systems and categorize its C.I.A using FIPS 199 and NIST SP 800-60
• Conducted Self-Annual Assessment (NIST SP 800-53A)
• Performed Vulnerability Assessment. Make sure that risks are assessed, evaluated and a proper actions have been taken to limit their impact on the Information and Information Systems
• Created standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages
• Conducted IT controls risk assessments that included reviewing organizational policies, standards and procedures and provided advice on their adequacy, accuracy and compliance with the Payment Card Industry Data Security Standard
• Performed IT risk assessment and document the system security keys controls
• Met with IT team to gather evidence, develop test plans, testing procedures and document test results and exceptions
• Designed and Conducted walkthroughs, formulate test plans, test results and develop remediation plans for each area of the testing
• Wrote audit reports for distribution to management and senior management documenting the results of the audit
• Participated in the SOX testing of the General Computer Controls
• Developed a Business Continuity Plan and relationship with outsourced vendors
• Evaluated clients key IT processes such as change management, systems development
• Computer / data center operations and managing security at database, network and application layers