PROFESSIONAL SUMMARY:

• Well versed with Confidential Special Publications (such as Confidential SP 800 - 18, SP 800-37 rev 1, SP 800-53/53A rev 4, SP 800-30 and SP 800-60), FIPS 199/200, OMB circulars and memoranda, FISMA compliance, FedRAMP publications and their requirements for federal information systems.
• Experienced in Risk Assessment, Risk Management Framework (RMF), identifying network vulnerabilities, risks and Security Assessment and Authorization process (SA&A).
• Experienced in the development and review of System Security Plans (SSP), Contingency Plans, Disaster Recovery Plans, Incident Response Plans/Training, and Configuration Management Plans, System Security Checklists, Privacy Impact Assessments, POA&Ms, Requirement Traceability Matrix (RTM) and have some working knowledge of HIPAA.
• Experienced in the implementation of intrusion-detection systems and security assurance- IDS/IPS, TCP/IP, DLP, SIEM, vulnerability-scanning, Web gateway, proxy appliances and antivirus tools. Familiar with VMware and other Virtual Machine Applications.
• Proficient in explaining technical information, resolutions, documentations, and presentations to clients and non-technical personnel at all levels of the organization or enterprise.
• Thrive in a highly collaborative, fast-paced work environment and multidisciplinary team setting where leveraging technology for continuous business improvement is the ultimate goal.

TECHNICAL SKILLS:

• Wireshark
• Nessus
• Splunk
• APP Detective
• Maltego XL Data Analyzer
• NMAP
• Metasploit and Kali Linux
• Microsoft Office Suite

WORK EXPERIENCE:

Information Security Analyst

Confidential, MD

Responsibilities:

• Assist the Information System Owners with system categorization of applications or information systems appropriate with the FIPS 199/200 impact level and in according with Confidential SP 800-60 guidelines.
• Develop and review Security Authorization packages, including System Security Plans (SSPs), Security Assessment Reports (SARs), Plan of Action and Milestones (POA&Ms) and continuous monitoring plan/assessment schedule.
• Create and maintain security artifacts such as Contingency Plans, Disaster Recovery Plans, Incident Response Plans/Training, and Configuration Management Plans and System Security Checklists as well as Standard Operating Procedures (SOPs).
• Work with the Agency Privacy Officers to develop and review Privacy Threshold Analysis (PTA) and Privacy Impact Assessments (PIA).
• Ensure system security authorization controls contain accurate implementation statements in response to control requirements and valid supporting evidence.
• Present executive briefing on the progress of the systems under me to the government client management as well as kickoff meetings when new systems are assigned.
• Hands-on experience with Confidential standard on cyber security and incident handling using 800-63 & 800-61

Information Assurance Analyst

Confidential, Baltimore, MD

Responsibilities:

• Drafted, reviewed, and commented as directed by the government POCs on translating federal requirements into agency policies and requirements, including, but not limited to Confidential 800 special publications, FISMA, and OMB guidance and requirements.
• Ensured component security authorization boundaries were properly defined and captured in SSPs, and that all interconnection agreements (MOUs/ISAs) were in place and current.
• Part of a team member that conducted security and internal control reviews of information systems in preparation for an independent assessment by a third party.
• Ensured all audit notification of findings and recommendations are captured on CSAM as a POAM as well as confirmed that POAMs have appropriate milestones, accurate description of the weaknesses and remediation actions, task owners, estimated cost to completion and realistic due dates.
• Prepared necessary documentation to support ATO process, including assessments, analysis reports, executive summaries of cyber threats, and formal and informational briefings to IT professional staff.
• Provided advice and insight into the overall management and evaluation of the system security posture.

Information Assurance Officer

Confidential

Responsibilities:

• Assisted in the preparation, coordination, distribution, and maintenance of various plans, policies, instructions and guide on the relevant operating policies and procedures that need to be adhered by.
• Monitoring and optimizing the performance of the database - Microsoft SQL Server to ensure performance and tuning to ensure optimum performance.
• Assurance Vulnerability Management (AVM) - scanning of networks to ensure network integrity, availability, and accountability.
• Provided customer end-to-end training and awareness capability including the development, deployment and analysis of security training across the organization.
• Perform and document Contingency Planning, Annual Security Control Testing, Security reviews.
• Primarily responsible for the security and integrity of the information and periodically testing a backup and recovery plan for the database, restoring and troubleshooting.