We provide IT Staff Augmentation Services!

Security Control Assessor Resume

Washington, DC

SUMMARY:

Competent IT Security Analyst with 6 years of experience in Information Security with focus on Confidential, Confidential Risk Management Framework(RMF), System categorization, security control selection, implementation, assessment, authorization and Monitoring security controls respectively; in an effort to mitigate risk and vulnerability of the system.

PROFESSIONAL EXPERIENCE:

Security Control Assessor

Confidential, Washington, DC

Responsibilities:

  • Operate Risk Management Framework using Confidential 800 - 37 as Confidential guide and FIPS 199 as Confidential guide to categorize information systems.
  • Classify information Systems using the RMF processes to ensure system Confidentiality, Integrity and Availability.
  • Select security controls using Confidential 800-53 Rev 4 as guidance base on system security categorization.
  • Document selected security controls in the SSP that was earlier created using Confidential 800-18.
  • Determine likelihood of risk occurrence using Confidential 800-30 as Confidential guide
  • Most of my current projects are focused on RMF phase 4 (Assessing security controls)
  • Effectively engage in the assessment processing & preparing for assessment, conducting assessment, communicate assessment results, and maintain the assessment.
  • Coordinate, participate and attend weekly Confidential forums for security advice and updates.
  • Use the implementation section of the (SSP) System Security Plan in addressing how each control is implemented (frequency of performing the controls, control types and status).
  • Create SAP (to document assessment schedules, control families to be assessed, control tools and personnel, client’s approval for assessment, assessment approach and scope, ROE if vulnerability scanning is involve).
  • Determine assessment method (examining policies and procedures, interviewing personnel and testing technical controls), using Confidential 800-53A as Confidential guide.
  • Create (R TM) and Risk Traceable Matrix in which to document assessment result (pass/fail)
  • Prepare Security Assessment Reports (SAR) in which all the weaknesses are reported.
  • Create Plans of Actions and Milestones to tracing corrective action and resolving weaknesses and findings.
  • Conduct Confidential Privacy Threshold Analysis ( Confidential ) and Privacy Impact Analysis (PIA) where necessary by working closely with the Confidential and the System Owner.
  • Review Confidential & Confidential package items .
  • Set- up and participate in the Assessment Kick-up meetings per Confidential SP 800-53A.
  • Prepare Confidential package documents (SSP, SAR, POAM reports, and Confidential & Confidential package) to enable the Authorizing officer to make Confidential risk-base decision to sign the Authorization to Operate ( Confidential )
  • Determine threat sources and applying security controls to reduce risk impact.
  • Conduct risk management by identifying, assessing, responding and monitoring risk respectively.
  • Use POA&M tracking tools like CSAM (Cyber Security Assessment and Management), Excel spread sheet to make sure the POA&M is not in delay status.
  • Ensure that controls are implemented correctly, functioning as intended and producing the right results.

Cyber Security Analyst

Confidential Technologies, Washington, DC

Responsibilities:

  • Conducted assessment on Management, operational and technical Security Controls.
  • Determined security categorization using Confidential 800-60 vol. 2 as information guide.
  • Selected security controls using Confidential 800-53 Rev 4 as guidance base on system security categorization.
  • Prepared Security Assessment Reports (SAR) in which all the weaknesses are reported.
  • Created (RTM) Risk Traceable Matrixes in which Pass/fail assessment results were documented.
  • Worked with Confidential and the Security assessment team to Access Security Controls selected.
  • Review Privacy Impact Assessment (PIA) documents after Confidential positive Confidential were created and ensure PII findings are recorded in the System of Record Notice (SORN).
  • Provided audit briefings to agency and Information Systems Security Officer ( Confidential ), ensuring that all findings are documented in the POA&M within their Trusted Agent Confidential (TAF) tool.
  • Applied Risk Assessment to system security and likelihood of risk occurrence using Confidential 800-30 to determine.
  • Managed Security Control Assessment schedules for the client’s systems to ensure system remain compliant with Confidential and Continuous Monitoring requirements.
  • Prepared and updated the Confidential requirements in the Confidential & Confidential package ready for system authorizing officer to make Confidential risk-base- determination base on the risk level reported.
  • Performed Confidential Government-wide program that provides Confidential standardized approach for security assessment, authorization, and continuous monitoring for cloud products/ computing services on multi-agency systems in accordance to Confidential security control baselines.
  • Conducted Security Assessments to determine if controls were implemented correctly, operating as intended and meeting desired objectives/results.
  • Examined policies and procedures, interviewed personnel on tested controls and conducted screenshot testing of system configuration of technical controls.
  • Managed vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on Confidential single or multiple assets across the enterprise network.
  • Determined sources of threat and weaknesses to the system.
  • Performed vulnerability testing (looking for missing patches, weak password setting, configuration from retention system's default access password and unnecessary services not disabled).
  • Monitored controls post authorization to ensure continuous compliance in accordance to Confidential guidelines in Confidential 800-137 for security control continuous monitory.
  • Managed vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on Confidential single or multiple assets across the enterprise network.

Hire Now