Resume

Sign in

Security Information

Location:
Columbia, Maryland, United States
Posted:
December 19, 2018

Contact this candidate

Resume:

OBJECTIVE

Pursuing a challenging career opportunity in Information Security, Governance & Assurance that would leverage my technical skills

PROFESSIONAL PROFILE

Confidentiality of organization and client information of supreme importance

In-depth knowledge and experience with standards and requirements outlined by FISMA, NIST, OMB and experience in the NIST Risk Management Framework (RMF)

Ability to communicate effectively with all levels of employees and clients. Exceptional ability to work well as a team player and efficiently independently. Present information in clear, easy to understand language

Knowledge and experience in phases of the Software Development Life Cycle (SDLC) waterfall and agile methodologies

Aptitude for investigating issues and asking the right questions to gain understanding of all aspects prior to suggesting and implementing remediation efforts

WORK EXPERIENCE

Reality-Technology Washington, DC

May 2018- Present

Security Analyst

Developing and managing Plan of Action Milestone based on the security Assessment Report

Entering results of Security Control Assessment into Cyber Security Assessment Management

Preparing Plan of Action Milestone reports and record system deficiencies

Remediating Plan of Action Milestones vulnerabilities

Producing and or reviewing security artifacts such as Privacy Impact Assessment (PIA), Privacy Threshold Analysis (PTA), System of Record Notice (SORN), System Security Plan (SSP), Security Assessment Report (SAR), Business Impact Analysis (BIA), Contingency Plan (CP), Risk Assessment Report (RAR), Risk Traceability Matrix (RTM), Concept of Operations (CONOP), Web Hosting Plan, and Security Scan Reports

Implementation of Risk Management Framework; system categorization in accordance to Federal Information Processing Standards and NIST 800-53

PWC, Vienna, VA

January 2017 -Present

Security Control Assessor

Responsible for ensuring that all systems are Authorized and Accredited using the 6 Steps of the Risk Management Framework (RMF) System Development Lifecycle (SDLC) using the NIST 800 series documents

Provide consultation at customer sites and provide advice to system owners, application developers, network administrators and system administrators

Generate Plan of Actions & Milestones (POA&Ms) for each non-compliant control for all managed IT System using proper documentation

Support vulnerability scanning activities for external audits (FISMA)

Support the preparation of security test plans, execute and assess the security control effectiveness using security control test procedures, and create Security Assessment Reports (SAR) based on assessment findings

Support development of Plan of Action Milestone (POAM) containing corrective actions required for unacceptable system and enterprise level risk

Review system security body of evidence documentation for accuracy and completeness

Conduct security impact analysis of security controls based on proposed system changes

Conduct continuous monitoring and reporting of security controls implementations

Provided subject matter expertise to technical, operational, and management teams to meet the respective security requirements of the clients RMF based in NIST’s 800-37

Utilized FIPS 199 to categorize the system impact level

Prepares security evaluation documents in support of Security Authorization

Prepares remedial options and supervises correction of information security vulnerabilities

KFORCE Fairfax, VA,

November 2015- March 2017

Cyber Security Documentation Specialist

Responsible for understanding and implementing proper Incident Handling procedures

Corresponding with Information Security Officer’s (ISSO) on a weekly basis to ensure task/action items are being completed while taking notes on any new task that are distributed

Reviewing Interconnection Service Agreement (ISA) to ensure affiliates are inside of our accreditation boundaries

The ability to recognize vulnerabilities and publicly known attack traffic patterns

Provide security monitoring to ensure no malicious activity is on the system utilizing Q-Radar SEIM console

Evaluating and determine if/when information security violations have occurred through network or device logs, open source research, vulnerability and configuration scan data, and user provided reports

The ability to demonstrate understanding and in-depth knowledge of security threats and applying actionable data to processes and procedures

Coordinate response efforts with various departments within the organization in a cooperative and beneficial manner

Possess the ability to Maintain situational awareness reports for advanced threats such as Advanced Persistent Threat (APT) and Focused Operations (FO) incidents

Netcom Technology, Washington, DC 2001

November 2013 –November 2015

Helpdesk

Created folders in AD groups and assigned read/write permission, disabled/enabled accounts/devices and managed policies

Interacted weekly with customers via VoIP & remotely to ensure resolution of any product issues

Perform DNS Add/Change/Delete requests and DNS trouble-shooting tasks

Programed NRAS tokens via LDAP & SECDOC Server’s and push certificates via HDE Server for end users working remotely

Responsible for installing various software applications including antivirus, pushed patches & ensured maintenance of end user workstations and peripheral devices

Remotely wiped devices that were lost or stolen and created report documenting the acts that lead up to the lost or stolen device

Transition (C:) to the Cloud

Utilize Microsoft Azure to reset cloud passwords and unlock accounts

Connect manage and install Cloud printers

Backed up data on external hard drive (HDD) before imaging then restore

Bradley Technologies, Inc Silver Spring, MD 20910

April 2011 –November 2013

Operations Analyst

Adhered to administrative and service desk standards

Provide Audiovisual Support to end user for teleconferences; supporting set up delegations, troubleshooting connectivity issues as well as performing routine preventative maintenance support on all Audio-Visual devices specified by the manufacturer and or local operating instructions

Utilizing SharePoint for setting permissions to folders; recovered deleted files utilizing audit logs & MS365 Protection Center; uploaded and modified documents & permission levels, stored organized and access client’s information

Moved data files; maintained and managed electronic and hard copy (PII) data

Utilized MS Outlook calendar; created shared files with-in outlook for scheduled task delegated by management

Manage VoIP phones

Utilized MS Excel to create template

Ensured all request for services were followed-up in a timely manner via email, VOIP telephone, and in person

Provided excellent communication, documentation, and customer service

Provided people skills, attention to detail, multi-tasking and professionalism

CONTINUING EDUCATION

Prince Georges Community College, Upper Marlboro, MD 20774

AA Cybersecurity

Ace Training Academy, Greenbelt, MD 20770

Certified Ethical Hacker

Bowie State University, Bowie, MD 20715

CERTIFICATIONS

Security + Certification 2018

MTA Certification 2014

A+ Certification 2015

CEH Certification 2018

TECHNICAL EXPERIENCE

Operating Systems: Windows, UNIX

Management: Microsoft Project

Process/ Standard: FedRAMP, FISMA, Vulnerability Management NIST SP 800-40, Security Risk Assessment /Security Attestation - NIST SP 800-30, Business Continuity Planning /Disaster Recovery NIST SP 800-34, NIST SP 800 -84,

Ability to perform GAP analysis, SWOT analysis, Risk analysis and User Acceptance Testing (UAT).

Proficient in all Tenable Security Center (Vulnerability Management), Kace (patch management) Envision (IDS) and many other intrusion detection software tools.

Utilizing vulnerability scan reporting via IBM Security web scan & Nessus Professional Feed.

ACTIVE DIRECTORY (AD)

Managing users, Enabled/disabled user accounts, adding users to groups/removing users from group, Viewing PC’s in AD, Closing active roles.

RISK MANAGEMENT FRAMEWORK (RMF)

Memorandum of Understanding/Interconnection Security Agreement (ISA) Categorize and determine baseline IT Security requirements in accordance with FIPS 199

Identify and visually demonstrate system boundaries, select security controls, and ensure implemented controls are adequate for proprietary web applications and provided recommendations as necessary to meet or improve controls

Ensure security policies are developed, maintained and updated to meet IT security best business practices and standards, including Federal Info Security Management Act (FISMA), and National Institute of Standards and Technology (NIST) 800-53-IPS federal info processing standard.

Review security scans, and advise on triaging vulnerabilities, enabling me to provide recommendations on mitigating security risk

SYSTEM CENTER CONFIGURATION MANAGER (SCCM)

Push software

Push Patches

SHAREPOINT

Recover moved and or deleted files

Setting permissions for document/templates in the library

Upload documents into Shared database

Adding Metadata & Tag documents

.



Contact this candidate