Cyber security Analyst Resume

SUMMARY

Demonstrated leader in Information Technology with over 5 years of experience in Information Assurance, Governance Risk & Compliance and Organizational leadership.
Detail - oriented, problem solver with strong organizational and communication skills and the ability to adapt in changing environments.

AREAS OF EXPERTISE

Security Assessments
FEDRAMP, POA&M
System Security control documentation
Analyzing and validating vulnerability scan results.
Risk Assessments and the process(es) to track and report POA&Ms.
NIST rev4, FISMA, and FIPS 199, 200,
Implementing policies, standards, and guidelines related to data and system security.
Cyber Policy and Privacy
Outstanding written and verbal communication skills with proficiency in standard documentation
Conducting required Standard Operating Procedures (SOP) activities to include, information system identification and development of the risk assessment report and security assessment plan.

PROFESSIONAL EXPERIENCE

Confidential

Cyber security Analyst

Responsibilities:

Review cyber security policies to identify gaps, and make updates where necessary to maintain compliance to NIST guideline and organization requirement
Perform and review FIPS 199 categorizations for applicable information systems to determine impact levels based on NIST vol 2
Reviewed vulnerability scan results and worked with system administrators on remediation efforts to apply missing patches and resolve configuration issues.
Conduct security control assessments on controls derived from NIST rev 4 to determine if controls are functioning as intended
Tracked POA&M findings till remediation of POA&M and reviewed respective artifacts to ensure control implementation.
Review and update security control baselines to determine appropriate baseline controls to applicable systems based on the FIPS 199 categorization of the system
Review and update assessment result tables, ART, RAT and SAR to reflect findings during security control assessment for systems
Evaluated COTS products to determine security impact assessment SIA, and documented findings in the security impact assessment
Reviewed Privacy Threshold (PTA) and Privacy Impact Analysis (PIA) of applicable systems to determine if the systems Contains Personally Identifiable information (PII)
Lead kickoff briefing with key stake holders to understand the reporting requirement and assessment procedures for the applicable systems
Lead exit briefings with stakeholders on findings during the assessment and the review of the package

Confidential

Cyber Security Analyst

Responsibilities:

Updated control changes and control assessment changes from NIST rev 3 to NIST-800 53 rev 4
Performed FEDRAMP security control assessments for FEDRAMPED systems.
Led kick off briefings with key system stakeholders to discuss assessment activities ad expectations
Analyzed and defined security requirements for a variety of IT issues.
Reviewed privacy threshold analysis (PTA) and privacy impact assessment (PIA) for respective systems to determine if it processes PII
Updated and closed regional offices Findings/POA&M
Facilitated FISMA Continuous Monitoring Test Cases NIST Rev 4 Update.
Conducted Security Assessment on all new applications, IT Systems and vulnerability scans.
Ensured compliance with baseline security configurations, IT controls and policy standards.
Review and update security control baselines to determine appropriate baseline controls to applicable systems based on the FIPS 199 categorization of the system
Performed assessments, POAM Remediation, and document creation using NIST SP