Standards/ Controls/ Artifacts / Framework Awareness

Compliance Testing, Vulnerability Scans, Risk Assessment, Change Management, Configuration Management, Contingency Planning; Policies and Procedures, Implementation; Incident Response, Media Protection, Physical Security, Computer operations, Environmental Security, System Security, Personnel Security, SSP,E-Authorization, PIA, PTA, SORN, POA&,M,SAR, SAP, CMP, MOU. OMB Circular A-123 Appendix A, NIST 800-53, NIST 800 53A, FIPS 199, FISMA, Fed RAMP, ISO/IEC 27002:2015 (Information Security Management), SAS-70/ SSAE 16, Access Control, Audit and Accountability, Security Assessment and Authorization,

Education / Certification

Security+ Ce - CompTIA

CAP – Certified Authorization Professional - Candidate

Northern Virginia Community College (NOVA)

AS Cyber Security

WORK EXPERIENCE

Information System Analyst June 2015 - Date

RISGROUP Virginia

Risk Management Framework / C&A / Security Awareness

Assist System Owner and ISSO in preparing Authorization Package for Major/Minor Application systems, making sure that security controls adhere to a formal and well-established security requirement referencing SP 800-53 rev4.

Collaborating with ISSO to review and analyze security vulnerability scan results and coordinating the remediation response with system security administrators/engineering teams.

In coordination with other team members, we ensure that during the C&A process, the appropriate RMF launch steps are taken in the implementation of the Risk Management Framework (RMF) throughout the complete process cycle, from the system categorization step through to continuous monitoring.

Participated in Change Control Board (CCB) briefings/meetings with all client/system senior management.

Conducts RMF first step kick off meeting, initial risk assessment and categorization of information security system into Low, Moderate and High system centered on Confidentiality, Integrity and Availability (CIA) of the information type referencing FIPS-199 and NIST 800-60.

Prepare and produce e-authentication artifact identifying the appropriate authentication mechanism base on risk level (single or multifactor) referencing SP 800-63.

Select and draft security control baseline in accordance with SP 800-53 rev 3/ rev 4 and FIPS 200.

Prepare security authorization (C&A) documentation including system security plan (SSP), Security Control Test and Evaluation (SCT&E), Security Assessment Report (SAR), Contingency Plan (CP) and other artifacts required for the ATO package, referencing SP 800-18, SP 800-30, SP 800-34 respectively.

Support the configuration management team that is responsible for the creation of system configuration baseline and implementing change process using SP 800-128.

Initiate, update, coordinate and track the patching and remediation of security weaknesses as they are documented in the Plan of Actions and Milestones (POA&M).

Update, retrieve and upload all necessary authorization related documentation into Cyber Security Assessment Management (CSAM) using approved templates and procedures.

Performs vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle.

Create and develop security documents and relevant artifacts to support Fed RAMP. Identify gaps between Cloud Service Provider (CSP) package and system requirements.

Conduct Systems Risk Assessment through Risk Analysis, assessed the various assets within the systems authorizing boundaries and rigorously identified all possible vulnerabilities that exist within the system.

Monitored and review Information Assurance Vulnerability Management (IAVM) Alerts, Bulletins, and Technical Advisories to ensure patches were applied to assigned systems.

Cyber / Information Security Analyst Sept 2013 - June 2015

G4S Secure Solutions Virginia

Risk and Information Assurance Management

Conducted FISMA-based security control assessments for various application systems - including interviews, testing and examinations; Developed assessment reports and recommendations; conducted out-briefings. (NIST 800 53A processes and controls).

Reviewed and updated some of the system categorization using FIPS 199, Initial Risk Assessment, E-authentication, PTA, PIA, SAR, SSP, SAP& POA&M.

Documented and reviewed security plans (SP), contingency plans (CP), contingency plan tests (CPT), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines for various government agencies.

Monitored controls post authorization to ensure continuous compliance with the security requirement.

Assisted in the review of policies, security alerts, guidance, regulations and technical advances in IT Security Management.

Utilized processes within the Security Assessment and Authorization environment such as system security categorization, development of security and icontingency plans, security testing and evaluation, system accreditation and continuous monitoring.

Contributed to initiating FISMA metrics such as Annual Testing, POA&M Management, and Program Management.

Communicated effectively through written and verbal means to co-workers, subordinates and senior leadership.

Employed knowledge of established Federal standards such as the Federal Risk and Authorization Management Program (FedRAMP), to ensure the confidentiality, integrity, and availability (CIA) triad is implemented and operating as intended for each assigned information system.

Worked with and understands contemporary security architectures/devices such as ASA firewalls, routers, switches, load balancers, remote access technologies, anti-malware, SIEM and AV.

IT Helpdesk Specialist Oct 2011- Sept 2013

MANAV consulting Group, Inc Virginia

Provided support for application software installation and use.

Act as an advocate for the office in the resolution of any and all computer-related problems or issues.

Assisted in the delivery, installation, and use of systems and services, (e.g., Washington to district office connectivity, Internet, remote access, etc.).

Provided front line phone, Live Chat, and Remote Desktop support, may be required to resolve requests via on-site visit(s). Provide Hardware/Software Installation and Setup support.

Troubleshoot and solve common network issues using physical and logical diagnostic tools.

Troubleshoot basic technical issues over the phone or by logging in remotely to their computers

Escalate serious technical issues to engineering staff by relaying information from customer to help diagnose the problem.

TECHNICAL SKILLS / TOOLS

Tools Proficiency: CSAM, MS Office, Microsoft Windows, MS Visio, E-Auth, Nessus, SharePoint. System's Artifact Libraries, Google Docs, Active Directory.

Contact this candidate