SUMMARY:

• Dedicated and motivated security analyst professional with strong experience in security controls testing, vulnerability assessment, policies and procedures development, POA&M management and NIST 800 - 53 compliance.

TECHNICAL SKILLS:

• Information Technology
• Certification and Accreditation (C&A)
• Project Management
• Risk Management
• FISMA
• NIST 800-53
• NIST 800-53a
• NIST 800-37
• Cyber Security
• Compliance
• PMI / PMO
• Vulnerability scanning (Nessus)
• POA&M Management (CSAM)
• Privacy Threshold Identification (PTI)
• Personal Identifiable Information (PII)
• Microsoft Project
• PowerPoint and Word; MAC OS; Windows/Vista

PROFESSIONAL EXPERIENCE:

Confidential

Cybersecurity Analyst

Responsibilities:

• Deliver Cyber Security Vulnerability Management solutions for the Department of Energy CFO division by ensuring that CFO complies with Federal and Departmental regulations including OPM, FISMA, and NIST security requirements.
• Lead team members in the collection, review, analysis, and follow-up metrics of CFO Plans of Action and Milestones.
• Conduct security control assessments to assess the adequacy of management, operational, privacy, and technical security controls implemented. A Security Assessment Reports (SAR) is developed detailing the results of the assessment.
• Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, weak cryptography, authentication flaws etc.
• Conduct monthly vulnerability scans and brief results to the director and technical stakeholders.
• Work directly with the CISM to mature the program cybersecurity processes.
• Brief management on the overdue findings in the monthly POA&M meeting.
• Conduct monthly AO briefing on assessment Results and Program-wide vulnerabilities.
• Participates in security related projects including planning, research, testing and implementation.
• Ensured security artifacts were maintained and updated in accordance with NIST guidelines and organizational defined policies.
• Work with various stakeholders to remediate vulnerability, resolve and close past findings (POAMs).
• Led the assessment and evaluation of unsupported software components.

Information Security Analyst

Responsibilities:

• Serves in a dual capacity as an information System Security Officer and Assessor while creating, updating, or assessing system documentation not limited to System Characterization Document (SCD), Plans of Action and Milestones (POA&M), System Security Plan (SSP), Security Assessment Report (SAR) and Executive Summary (ES).
• Conducted a kick off meeting in order to categorize FAA's systems according to NIST requirements of Low, Moderate or High system.
• Assist in establishing an ongoing Authorization (OA) program design to review the security posture of the designated systems on a continual basis.
• Develop, maintain, and communicate a consolidated risk management activities and deliverables calendar.
• Performed security test and evaluation assessment on several different environment using both scanning tools and manual assessment.
• Contribute to initiating FISMA metrics such as Annual Testing, POA&M Management and Program Management.
• Developed resultant SCA documentation, including but not limited to the Security Assessment Report (SAR).
• Executed examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4.
• Ensured cyber security policies are adhered to and that required controls are implemented.
• Assist System Owners in preparing certification and Accreditation package for companies IT systems.

Cyber Security Analyst

Responsibilities:

• Perform and manage C&A tasks, including FIPS 199 categorization, security controls testing, vulnerability assessment and policy and procedures development.
• Prepare and supervise execution of Plan of Action and Milestones (POA&M) for the mitigation of vulnerabilities found in systems.
• Responsible for the preparation of the security documentation (ex. System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), Contingency Plan (CP), Privacy Impact Assessment (PIA).
• Support the risk management process by determining and assigning risk impact ratings for systems in accordance with Federal Information Processing Standards (FIPS) 199, which determines the level of effort required for the certification and accreditation process of a system and determines the security controls for the protection of an information system.
• Provide review of security controls employing NIST 800-53 recommended security controls.
• Perform Vulnerability scanning and prepare Assessment Reports (VAR).
• Manage various systems security artifacts within POA&M tracking tools like Trusted Agent FISMA (TAF) and RMS on a daily basis for validate remediation of security weaknesses.
• Perform continuous monitoring on asset vulnerabilities and C&A documentation.
• Expertise in NIST SP documentations.

C&A Analyst

Responsibilities:

• Worked closely with project managers to integrate the RMF process into their System Development Life Cycle (SDLC).
• Responsible for status reports on all C&A documentation.
• Ensure all POA&M actions are completed and tested manage the C&A process for new, existing, and legacy.
• Reviewed all Cyber Security Assessment and Management (CSAM) documentation for compliance, completeness, and validity within each USDA agency.