A self - motivated, self-starter, organized professional with a blend of experience and expertise in Cyber Security and Program Management.
SUMMARY OF SKILLS:
Technical Experience: FIPS 199, FIPS 200, Confidential Rev 4, Confidential, Confidential, Confidential, E-Authentication, Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), Risk Assessment (RA), SSP, ISCP, ST&E, SAR (Plan of Action and Milestones (POA&M), Authorization to Operate (ATO) Letter, MS Office, Visio, SharePoint, Access, PeopleSoft, Nessus Vulnerability Scanning Tool, WebInspect, Splunk, DbProtect.
Project Management / Office Management Tools: Microsoft SharePoint, Microsoft Project 2013, Microsoft Office Suite (Excel, Word, PowerPoint), Office 365 Online, PC and Mac Pro computers.
Information Assurance Specialist
Confidential, Columbia, MD
- Conduct Cloud System assessments by utilizing FedRAMP.
- Document Confidential security control compliance findings within Requirements Traceability Matrixes (RTMs) and Security Assessment Reports (SARs).
- Review and interpret Tenable Nessus Vulnerability and Compliance scans.
- Develop and disseminate Security Assessment Plans.
- Execute Security Assessments and develop and deliver supporting documentation within aggressive timelines.
- Perform full and partial assessments. (Annually and every 3 years).
- Conduct ongoing authorizations assessment.
- Execute Step 4 (Security Assessment) of the Confidential Risk Management Framework (RMF).
- Perform vulnerabilities scan analysis and monitor continuously using Confidential as a guide with the aid of Nessus.
- Conduct trending and analysis of monthly results to identify high risk vulnerabilities impacting the network and ensure proper security confidential from confidential vulnerability management standpoint.
- Perform vulnerability and risk analysis, and participate in confidential variety of computer security penetration studies.
- Provide enterprise-wide technical analysis and direction for problem definition, analysis and remediation for complex systems and enclaves.
- Recommend solutions to meet security requirements.
- Identify risk to information assets and data systems.
- Conduct assessments and audits to ensure confidential compliance following confidential approach to information security.
- Develop & document policies and procedures for the use of vulnerability assessment tools and methodologies.
Information Technology Specialist
Confidential, Hanover, MD
- Assisted in assessing cloud systems.
- Helped in updating IT security policies, procedures, standards and guidelines according to department and federal requirements.
- Support Cyber Security Analysts in conducting Vulnerability Management, Security Engineering, and Accreditation, and Computer Network Defense.
- Worked with clients in safeguarding CUIs (Controlled Unclassified Information) by performing the necessary assessments which primarily deals with 14 control families.
- Performed risk assessments, update and review System Security Plan (SSP) using Confidential (Guide for Developing Security Plan for federal information systems), Plan of Action and Milestones (POA&M), Security Control Assessments, and Configuration.
- Performed vulnerabilities scan and analysis and monitor continuously using Confidential as a guide with the aid of Nessus.
Junior Information Assurance Specialist
Confidential, Arlington, VA
- Conducted findings meeting with stakeholders.
- Conducted assessments utilizing Confidential a.
- Created SAR and provided detailed explanation about findings.
- Helped in developing, reviewing and updating Information Security System Policies.
- Assisted team in performing vulnerability scanning with the support of Nessus scanning tool to detect potential risks on a single or multiple asset across the enterprise network.
- Updated IT security policies, procedures, standards, and guidelines per the respective department and federal requirements.
- Performed risk assessments, Plan of Action and Milestones (POA&M), Security Control Assessments, and specific security documentations, (SA&A) Security Assessment and Authorization using Confidential SP rev4/FIPS 200 (Security Controls), Confidential SP A rev4 (Assessing Security Controls).
- Assisted in monitoring controls post authorization to ensure constant compliance with the security requirements.
Confidential, Quantico, VA
- Responsible for monitoring and troubleshooting the electronic security systems (ESS).
- Supervised 4 Operators on each shift.
- Monitored multiple accounts across agencies, and used open sources tools to determine potential threats for the network.
- Monitored and updated incoming/assigned tickets.
- Utilized SNORT for packet logging and traffic analysis.
- Performed scanning using scanning tools such as Nessus, DBProtect, and WebInspect.
- Managed electronic security equipment including surveillance cameras.
- Worked on various types of communication and electronic data processing equipment.
- Received and transmit routine and emergency call in the Security Operations Center, administer routine and emergency call assignments and operations.
- Provided analysis and trending of security log data from a large number of heterogeneous security devices.
- Provided Incident Response (IR) support when analysis confirms actionable incident.
- Provided threat and vulnerability analysis as well as security advisory services.
- Analyzed and responded to previously undisclosed software and hardware vulnerabilities.
Grants Management Specialist
Confidential, Rockville, MD
- Prepared, reviewed and examined grant applications and documents including subcontracts arrangements.
- Prepared Notice of for the continuation of existing and new grant programs through IMPAC system and SAMHSA Grants Information Management System.
- Prepared Notices of for Post actions and high risk status for several Grant Programs.
- Initiated Close-Out procedures of grant program that involves reviewing reports of expenditures for accuracy, appropriate costs and disposition of unobligated balance.
- Uploaded Post actions into Share Point System, maintained records for active/pending grants using Payment Management System (PMS).