SUMMARY:

• I am a Cyber Security Analyst with six years of experience in more than one of the responsibilities of the CAP Domains, and in - depth knowledge of Risk Management Framework (RMF)

SKILLS AND ATTRIBUTES

• Perform duties as related to Authorization and Accreditation (A&A) and the Risk Management Framework lifecycle.
• Analyze and implement information security infrastructure framework.
• Monitor the use of data files and establishing access-control criteria to safeguard information system.
• Perform security oversight on Information Systems to ensure compliance of security Policies and Procedures.
• Perform comprehensive assessment and write reviews of management, operational and technical security controls on information systems.
• Knowledge of cryptography, enterprise risk assessment, and intrusion detection and prevention technologies.
• Maintain effective interpersonal relationships with colleagues to facilitate a productive and friendly team.
• Able to multi-task, work independently and as part of a team.
• Develop, review and evaluate System Security Plan based on NIST Special Publication Guidelines.
• Implement Network & System Security, Authentication and Access Control.

PROFESSIONAL EXPERIENCE:

Confidential, MD

Cybersecurity Analyst

Responsibilities:

• Develop, review and update Information Security System Policies, System Security Plans (SSP), and Security baseline in accordance with NIST, FISMA, OMB App. III A- 130, NIST SP 800- 18 and industry best security practices.
• Develop policy and procedural controls relating to Management, Operational and Technical Controls for the Organization.
• Advise Government Service Units and System Owners in the security of their IT infrastructure based on the guidelines of the Organization’s IT Security Directives and NIST Special Publication 800-53 Revisions 4 Standards.
• Develop SSPs for Low, Moderate and High information systems and selecting appropriate controls with regards to the system’s categorization using NIST SP 800- 18 & NIST SP 800- 53 rev 4.
• Conduct Security Control Assessments for Low, moderate and high systems using NIST SP 800-53A rev 4 as a guide and assessment methods like: Interview, Examine and Testing and used ST&E worksheet to input control assessment results on General Support Systems (GSS), Major Applications and Systems to ensure that such environments are operating within strong security posture
• Put together Authorization Packages (SSP, POA&M and SAR) for Information systems Authorization for the Authorization Officer.
• Create System Security Plans, Risk Assessment, Security Assessment Report and Plan of Action & Milestones Report and Authorizing Official’s Briefing Report.
• Apply appropriate information security control for Federal Information System based on NIST SP 800-37 rev1, SP 800-53 rev4, FIPS 200 and OMB A-130 Appendix III.
• Update IT security policies, procedures, standards, and guidelines according to department and federal requirements.
• Remediate failed controls in POA&M (Plan of Action and Milestones).
• Review and update some of the system categorization using FIPS 199.
• Create and update Contingency plans and Disaster recovery plans for information systems using NIST SP 800-34.
• Conduct continuous monitoring after authorization(ATO) to ensure continuous compliance with the security requirements.

Information Security Analyst

Responsibilities:

• Performed security risk assessments, developed security risk mitigation recommendations, and identified security controls for systems and networks.
• Developed and modify Organization’s Security Policies, Standards, Processes and Procedures.
• Formulated security assessment reports and recommendations for mitigating vulnerabilities and exploits in the system.
• Conducted Security Assessments on General Support Systems (GSS), Major Applications and Systems to ensure that such environments are operating within strong security posture and to determine if controls were implemented correctly, operating as normal and meeting desired objectives.
• Created ATO packages documents; SSP, RA, SAR, POA&M reports, etc., based on the security assessment performed o systems.
• Performed the role of Security Control Assessor by reviewing the artifacts and implementations statements provided by the ISSO on a system to determine if the security controls are being met.

Unix Administrator

Responsibilities:

• Built, configured, secured and deployed brand new Solaris 10, RHEL 6, CentOS 6.4, Windows 2008, Windows 2012 virtual and physical servers to the network: OS installation and configuration - working knowledge advanced (net installation and jumpstart, kickstart)
• Proficient in server administration tasks (user and security management) for both Unix and Linux server infrastructure
• Patched Unix and Linux servers. Patched Solaris 10 servers (using 10- Recommended patches), and upgrades release on standalone servers (using single user mode), and on production servers (live upgrade).
• Configured and troubleshoot TCP/IP, DHCP, DNS, NFS, and Samba servers in a multiplatform LAN
• Reset root password and performed disaster recovery on Unix and Linux servers.
• Performed tasks using Command Line Interface (CLI) and Graphic User Interface (GUI).
• Managed using native Solaris utilities for archiving, compression.
• Installed and maintained the operating system and related software products