SUMMARY

• Highly experienced with 10 years + experience with exceeding record of client expectation and great problem solver with skill knowledge in System Development Life Cycle as an Information Assurance Analyst, security associate and information technology specialist and applying the FISMA Risk Management Framework using NIST 800 Standards as well as the VA 6500 guidelines in the Ongoing Authorization processes to protect government information systems.
• Hardworking and goal oriented professional with extensive knowledge in information system.
• Excellent communications skills, Fluent in English and grammar.
• Experience as a Security consultant in Risk and Compliance
• Knowledgeable in Security Assessment and Authorization (SA&A) documentation as well as reviewing and updating System Security Plan (SSP), Security Test and Evaluation (ST&E) and Security assessment Report (SAR) according to NIST SP A
• Knowledge of security audit and accreditation processes
• Knowledge of the security countermeasures and overall RMF and NIST compliance with in depth knowledge and application of NIST publications; FIPS 199, SP, SP rev4, SP, SP, and etc. to drive the FISMA RMF program, HIPPAA, COBIT framework
• Experience in working with security mgt including information governance and compliance
• Good understanding of Assurance Practices and Risk Management, hands on experience in POAM development and closure procedures.
• Able to communicate with OCISO Delivery system stakeholders in the execution of security and compliance requirements
• Experienced in the use MS Office applications including Excel, Word, Outlook, and Visio, Power Point, Share Point, Microsoft Teams and Microsoft Baseline Security Analyzer(MBSA).
• Experience in the use of security vulnerability tools including Nessus, GRC Risk Vision, eMASS, Db Protect, and OWASP Zap for vulnerability remediation and management
• Understands how cyber security GRC requirements fit within or interface with the sales of other solutions in HPE and HP's partner strategies
• Understands federal security and regulations impacting security requirements to develop strategies for supporting internal USPS operations
• Strong analytical and quantitative skills with problem solving abilities including meeting deadlines for different project and assignments

PROFESSIONAL EXPERIENCE

Cyber Security Analyst II

Confidential, Fairfax, VA

Responsibilities:

• Responsible for executing and reviewing of RMF security controls to ensure FISMA and NIST compliance.
• Analyze and update the SSP, RAR, PIA, ST&E and POA&M’s, SOP and VA handbook 6500.
• Support leadership to identify capability gaps in vulnerability management by analyzing POA&M’s associated with Veterans affairs.
• Maintain knowledge of current RMF security trends to effectively communicate to client.
• Document NIST security control compliance findings within SAR, VAR and ATO brief decks to include identified vulnerabilities and the corresponding recommended risk mitigations.
• Conduct security controls assessment to ensure controls are implemented to comply with NIST standards.
• Research policies, procedures, standards and guidance and recommend needed changes under specific conditions for the protection of information and information systems.
• Conduct IT control risk assessment that includes reviewing organizational policies, standards and procedures and provide advice on their adequacy, accuracy and compliance with FISMA standards.
• Opportune to be on the CRISP RSS project that was awarded for the second time an Award of exceptional Contractor Performance Assessment Reporting System (CPARS) of which I was part of the team and am very proud of it.

Cyber Security Analyst

Confidential, Virginia, MD

Responsibilities:

• Reviewing security controls and provide implementation responses as to if/how the systems are currently meeting the requirements.
• Develop NIST - compliant vulnerability assessments, technical documentation, and Plans of Action and Milestone (POA&M), and address system weaknesses.
• Perform specific quality control for packages validation on the SP, RA, RTM, PIA, SORN, E-authentication assessment and FIPS-199 categorization.
• Maintain inventory of all Information Security Systems Assigned.
• Develop and Implement FISMA ISSM Validation processes.
• Document and review System Security Plan(SSP), Security Assessment Report (SAR), Plan of Action and Milestones (POA&M), Authorization letter/memorandum (ATO).
• Generate, review and update System Security Plan (SSP) against NIST and NIST requirements. Provide continuous monitoring support for control systems in accordance to FISMA guidelines and conduct FISMA- base Security Risk Assessment
• Perform Security Categorization( FIPS 199), review and ensure Privacy Impact Assessment (PIA) document after a positive PTA is created.
• Document and finalize Security Assessment Report (SAR) and communicate a consolidated risk management activities and deliverables calendar.
• Performing Security Categorization using FIPS 199 and NIST volume 2.
• Conducting meetings with the IT team to gather documentations and evidences (Kick-off meeting) about the control.
• Developed and determined incident response procedures and standards based on industry and management best practices.
• Tests and Implements technology required PCI DSS compliance such as Splunk event logging, firewall rules compliance toolset, vulnerability assessments and IDS/IPS.

Information security Analyst

Confidential, Rockville, MD

Responsibilities:

• Reviewing, maintaining, and ensuring all Assessments and Authorizations (A&A) documentation are included in system security package.
• Ensure Implementation of appropriate security control for Information System based on NIST Special Publication rev 4, FIPS 200, and System Categorization using NIST, and FIPS 199.
• Review and update remediation on (POAMs), in the Organization Security Assessment and Management (CSAM) system.
• Work with system administrators to resolve POAMs, gathering artifacts and creating mitigation memos and corrective action plans to assist in the closure of the POA&M.
• Review scan results and document findings in POA&M.
• Collaborate with system administrators to remediate (POA&Ms) findings. Ensure vulnerabilities and risks are efficiently mitigated in accordance with the organization's continuous monitoring Plan.
• Monitor controls post authorization to ensure continuous compliance with the security requirements.
• Conducted SecurityAssessment interviews to determine the Securityposture of the System and to develop a Security Assessment Report (SAR) in the completion of the SecurityTest and Evaluation (ST&E) questionnaire using NIST SP A required to maintain Company Authorization to Operate (ATO), the Risk Assessment, System SecurityPlans, and System Categorization.
• Performed information securityrisk assessments and assist with the internal auditing of information securityprocesses. Assessed threats, risks, and vulnerabilities from emerging securityissues and also identified mitigation requirements.

Windows System Administrator

Confidential, Baltimore, MD

Responsibilities:

• Installed of latest versions of Operating Systems on demand, per requirements of the clients.
• Sorted complex issues pertaining to hardware and network failure - Monitored both Hardware and Software systems for errors and updated them regularly to maintain proper functioning and flow of information.
• Performed security monitoring tests to identify intrusions.
• Provided Tier 2 and Tier 3 technical support.
• Deployed performance enhancing/monitoring tools.
• Recommended new updates and changes required by the clients.
• Produced new system and network designs for clients.
• Documented the new Windows server settings that have been applied to the network.