We provide IT Staff Augmentation Services!

Snr Security Analyst Resume

4.00/5 (Submit Your Rating)

SUMMARY

  • Information Security Professional with 6+ years of experience in IT compliance, vulnerability assessments and management.
  • Specialties in Risk Management, Certification & Accreditation (C&A), Information Assurance,
  • National Institute of Standards & Technology (NIST), Federal Information Processing Standards (FIPS) and SP - 800 Series Guidance,
  • Federal Information Security Management Act (FISMA), Sarbanes Oxley Act (SOX) 404, FEDRAMP, HIPAA, S
  • ystem Security Monitoring and Auditing, Audit engagements, Testing of Information Technology controls and developing Security policies, procedures and guidelines.

PROFESSIONAL EXPERIENCE

Confidential

Snr Security Analyst

Responsibilities:

  • Prepared and submitted Security Assessment Plan (SAP) to CISO for approval
  • Performed IT risk assessment and documented the system security keys controls
  • Designed and Conducted walkthroughs, formulated test plans, tested results and developed remediation plans for each area of the testing
  • Wrote audit reports for distribution to management and senior management documenting the results of the audit.
  • Performed Information Technology Risk analysis and assessments
  • Analyzed and defined Security Requirements for a variety of IT issues.
  • Developed, analyzed and implemented security specifications in line with NIST, FISMA.
  • Applied appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53 rev4, FIPS 199, FIPS 200 and OMB 130 Appendix III
  • Conducted systems and network vulnerability scans in order to identify and remediate potential risks.
  • Conducted Security Assessment using NIST 800-53A.
  • Developed SCA as part of annual security assessment for applicable systems.
  • Developed SAR as the final risk assessment report based on findings and vulnerabilities from assessment.
  • Developed security authorization package prior to ATO outbrief with AOs and system personnel.
  • Collaborated with system personnel as part of a dry-run process to go over mitigation strategies for all findings.
  • Attend ATO briefings to present findings and vulnerabilities associated with operating applicable systems or application to stakeholders.

Confidential

Security Engineer

Responsibilities:

  • Analyse and update System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan Of Actions and Milestones (POA&M)
  • Assist System Owners and ISSO in preparing certification and Accreditation package for IT systems, to ensure management, operational and technical security controls are adhere to.
  • Utilizing NIST SP 800-53 Revision 4 and NIST SP 800-53A Revision 4 and conducted security control assessments
  • Reviewed Vulnerability Assessment Report and made sure that risks are evaluated and proper action taken to limit their impact on the Information and Information Systems
  • Created standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages.
  • Understand and consider industry trends, customer needs, business risk tolerance, and business environments relating to information security.
  • Was responsible for the completion of each assessment. A Composite Report was developed detailing the results of the assessment by location along with plan of action and milestones (POA&M).

Confidential

Fisma Analyst

Responsibilities:

  • Performed IT risk assessment and documented the system security keys controls
  • Designed and Conducted walkthroughs, formulated test plans, tested results and developed remediation plans for each area of the testing
  • Wrote audit reports for distribution to management and senior management documenting the results of the audit
  • Developed a Business Continuity Plan and relationship with outsourced vendor
  • Performed Information Technology Risk analysis and assessments
  • Analyzed and defined Security Requirements for a variety of IT issues.
  • Developed, analyzed and implemented security specifications in line with NIST, FISMA.
  • Applied appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53 rev4, FIPS 199, FIPS 200 and OMB 130 Appendix III
  • Conducted Security Assessment using NIST 800-53A
  • Developed and Conducted Contingency Plan and Test
  • Developed and updated System Security Plan (SSP), Plan of Action and Milestone (POA&M)
  • Ensured that established internal control procedures were in compliance by examining reports, records, documentation and operating practices

Confidential

I.T Security Analyst

Responsibilities:

  • Conducted kick off meetings using the approved IT security framework, FIPS 199/NIST 800-60 to categorize information and information system.
  • Conducted IT Controls risk assessment to identify system threats, vulnerabilities and risk, and generate reports
  • Developed and Conducted Security Test and Evaluation (ST&E) according to NIST SP 800-53A.
  • Developed a security baseline controls and test plans that was used to assess implemented security controls
  • Developed System Security Plan (SSP) to provide an overview of the system security requirements and describe the controls in place
  • Developed Security Assessment Report (SAR) detailing the results of the assessment along with Plan of Action & Milestones (POAM)
  • Created standard templates for required security assessment and authorization documents; Risk Assessment (RA), System Security Plan (SSP), Contingency Plan (CP) and Security Plan (SP)
  • Involved in third party contract evaluation, Review information security accreditation request
  • Conducted periodic IT Risk Assessment and Reviewed IA controls for any deficiencies and reported to the ISSO for appropriate mitigation actions.
  • Assisted in the development of an information security continuous monitoring strategy.

DESKTOP SUPPORT

Confidential

Responsibilities:

  • Handle technical troubleshooting with an enterprise environment including systems crashes, slow-downs and data recoveries
  • Engage and track priority issues with responsibility for the timely documentation, and escalation
  • Provide information and/or technical assistance to users concerning the development and maintenance of the computer network or for resolution of special problems
  • Earn recommendation for teamwork, flexibility and work excellence in providing IT support to students and faculty

We'd love your feedback!