Cybersecurity Analyst Security

Gerald Fru

Cybersecurity Analyst

advttb@r.postjobfree.com

Mobile: 240-***-****

Silver Spring MD

I'm a dedicated, passionate and accomplished individual with about years’ experience in Information System Security Analyst with a proven track record of technical and professional skills in vulnerability management, security control implementation, assessment and authorization, POA&M management, continuous monitoring, and Risk Management Framework, Authentication & Access Control, System Monitoring and Regulatory Compliance in accordance with NIST, OMB, FISMA, FedRAMP and industry best security standards. Dynamic IT professional with the ability to adapt well to changing environments and interact well at all levels. Proven ability to lead and direct, solve problems creatively, and make strategic decisions in fast paced environments. I am a US Citizen with a Public Trust clearance.

Cybersecurity Analyst:

W.T Solutions - Greenbelt, MD February 2018 – Present

Responsibilities:

Develops risk assessment reports, identifying threats, and vulnerabilities applicable to the system.

Evaluates the likelihood that vulnerabilities would be exploited and assess the impact associated with this threat and vulnerabilities.

Develops maintain and manage Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), POA&Ms, and other relevant security documentation for existing and new systems.

Conducts both technical and non-technical internal audits and testing to validate system operational requirements compliance.

Conduct security incident management.

Work closely with stakeholders to best align business needs with technical capability/feasibility.

Use workflows to develop security artifacts.

Documents, organize and implement security control requirements.

Conducts kick-off meetings to categorize the system according to NIST requirements of low, Moderate or High System. FIPS 199 and SP 800-60 Vol 1&2.

Conducts Security control Assessment to assess the adequacy of management, operational, privacy and technical security controls implemented.

Monitor, report and respond to security events.

Collaborates with engineers and internal business teams to analyze, design, & deliver innovative technology solutions for a wide variety of business challenges.

Develops security documentation such as System Security Plans from artifacts and assessments provided by third parties.

Provide Business Impact Analysis and Business Continuity assessments and updates.

Analyze and update system security plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System

Experience working in or familiarity with popular cloud platforms and applications such as Azure and AWS.

Review, analyze, discuss, and evaluate the implementation of security controls in multiple information system environments, including dynamic cloud services (IaaS, PaaS, & SaaS)

Implement secure solutions to take advantage of new features and functionality available in cloud environments.

Effective verbal, written, and listening communications skills.

Security Control Assessor

MBA TECH, Upper Marlboro, MD. December 2016 - January 2018

Responsibilities:

Conducted system security control assessment in accordance with NIST SP 800-53 Rev4, control selection/implementation, and NIST SP 800-53a, security control assessment, to determine control implementation and effectiveness.

Review IS security plans and other A&A documents for all applications to determine if mandated procedures and tasks are followed, such as using IACS.

Developed and prepared the Security Assessment Plan (SAP), Security Assessment Report (SAR), POA&M.

Developed and distributed the Security authorization schedule, based on timeline criteria, reauthorizations, and obtain required signatures for system stakeholders.

Prepare written justification, when appropriate, to obtain a written waiver of policy for mandated security features.

Conduct comprehensive reviews of security authorization documents to ensure the appropriate NIST security guidelines were used during the assessments and the selections of security controls are relevant to the confidentiality, integrity, and availability of the systems

Develop a preliminary Security Assessment Report (SAR).

Ensure that all required security authorization activities are completed, and the results are documented in the Information Assurance Compliance System IACS / XACTA tool

Provided ATO document review for systems undergoing security authorization, including the: Security Plan, Contingency Plan, Contingency Plan Test, Configuration Management Plan and Remediation Plan, etc.

Strong understanding of the NIST SP 800-3X series and SP 800-18, and a working knowledge of all other NIST FISMA issues, as well as federal statute, security-relevant OMB circulars and memoranda, federal information processing standards, and other federal security doctrine.

Excellent verbal and written communication skills with the ability to read and analyze data

effectively to write cogent reports on assessment findings with sound recommendations.

Supported the PM by providing information for status reports, status briefings, schedules, project plans, etc., both in written and oral form.

Coordinated and worked with the infrastructure and security team in gathering and documenting required artifacts.

Education:

Bachelors in Computer Science, University of Yaoundé 1 Nguakele, Cameroon.

Certification

CompTIA Security +, CAP (in Progress)

Skill/Tool

Microsoft office (word, PowerPoint, Excel, Outlook) Xacta 360, Splunk, IPS/IDS Snort, Nessus, McAfee, Nmap, Web Inspect, POA&M tools like TAF, & CSAM, GRC, Wireshark.

Contact this candidate