Post Job Free

Resume

Sign in

Security Officer Analyst

Location:
Bethesda, MD
Posted:
March 11, 2024

Contact this candidate

Resume:

Aurelien Tabue Foto, Sec+, AWS (Dev, Arch), OCI, CEH, CISA, CISSP

Germantown, MD 202-***-**** ad39kz@r.postjobfree.com

ISSO/Cyber security Analyst

Diligent Cybersecurity professional with over 7 years of experience securing systems and data. Over 3+ years experiences planning, designing, implementing, and maintaining system applications in AWS Cloud in Windows and Linux environments and overall 10+ years IT related experience. Solution-oriented, highly analytical IT security professional with expert level knowledge and experience in RMF, vulnerability management, process analysis, cyber security administration, and technical writing. Experience working in Agile Scrum Software Development Life Cycle with respect to delivering operations, Experience in maintenance and configuration of user account for dev, QA and production servers and created roles for EC2, RDS, S3, Cloud Watch. Experience in migrating and implementation of multiple applications from on premise to cloud using AWS services like SMS, DBMS CloudFormation, S3, Route 53, Glacier, EC2, RDS, SQS, SNS, Lambda, and VPC

Skills Summary

Bash

RMF

Kinesis

IAAS, PAAS, SAAS

NIST 800 Series

POA&Ms

MS. Office Apps.

ISO 27001

FISMA

FIPS 199 & 200

Cloud Watch

Splunk

FedRAMP

Categorization

Nessus

Risk Management

Cloud Trail

ATO Package

Crowd strike

IDS/IPS

Professional Overview

TERACORE INC Washington, DC March 2020 - PRES

ISSO

Oversee and manage relationships for assigned systems that may be contractor owned and contractor operated, ensuring vendors comply with agency security and privacy requirements.

Support the development and maintenance of all security documentation such as the System Security Plan, Privacy Impact Assessment, Configuration Management Plan, Contingency Plan, Contingency Plan Test Report, POA&M, annual FISMA assessment, and incident reports.

Research assigned IT security systems to provide insight on IT security architectures and IT security recommendations for assigned systems.

Develop and maintain the Plan of Action and Milestones and support remediation activities

Validate those protective measures for physical security are in place to support the systems security requirements

Maintain operational security posture for an information system or program to ensure information systems security policies, standards, and procedures are established and followed

Assist with the management of security aspects of the information system and perform day-to-day security operations of the system

Evaluate security solutions to ensure they meet security requirements for processing classified information

Perform vulnerability/risk assessment analysis to support certification and accreditation.

Provide configuration management (CM) for information system security software, hardware, and firmware

Perform risk analyses to determine cost-effective and essential safeguards

Conduct Independent scans of the application, network, and database (where required)

Oversee and manage relationships for assigned systems that may be contractor owned and contractor operated, ensuring vendors comply with agency security and privacy requirements.

Support the development and maintenance of all security documentation such as the System Security Plan, Privacy Impact Assessment, Configuration Management Plan, Contingency Plan, Contingency Plan Test Report, POA&M, annual FISMA assessment, and incident reports.

Research assigned IT security systems to provide insight on IT security architectures and IT security recommendations for assigned systems.

RAYTHEON TECHNOLOGIES Arlington, VA Aug 2017 - March 2020

CYBERSECURITY ANALYST/ISSO

Conduct Certification and Accreditation (C&A) on major applications following the Risk Management Framework (RMF) from Categorization through Continuous Monitoring using the various NIST Special Publications in order to meet Federal Information Security Management Act (FISMA) requirements.

Develop SSP’s, SARs, and POA&Ms which were presented to the Designated Approving Authorities (DAAs) to obtain the Authority to Operate (ATO).

Conduct security assessments on major applications, updated POA&Ms with findings, and monitored for remediation deadlines.

Provide weekly status reports on ongoing tasks and deliverables.

Perform risk assessment to identify the risk level associated with findings.

Review artifacts regarding POA&Ms created by ISSO before closing.

Ensure compliance with protection requirements, control procedures, incident management reporting, remote access requirements, and system management for all systems under scope. Assisted in updates of IT security policies, procedures, standard, and guidelines according to department and federal requirements.

Support cyber security analysis by conducting Vulnerability Management, Security Engineering, Certification and Accreditation and Computer Network Defense.

Monitor controls post authorization to ensure constant compliance with the security requirements.

Conduct annual assessments based on NIST SP 800-53A.

Developing and maintaining all security documentation for systems under their purview. Documentation including Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), System of Record Notices (SORNs), Business Impact Assessments (BIA), Contingency Plan and Tests (CP and CPT), Security Authorization Briefing.

PLEIOTEK - Bethesda, MD Jan 2012 - Aug 2017

AWS Solution Architect

Responsible for launching Amazon EC2 Cloud instances using Amazon Web Services (Linux) and configuring launched instances with respect to specific applications and regions. Installed applications on AWS EC2 instances and configured the storage on S3 buckets.

Responsible for S3 buckets creation, policies and the IAM role-based policies.

Built servers using AWS, importing volumes, launching EC2, RDS, creating security groups, auto-scaling, load balancers (ELBs) in the defined virtual private connection.

Responsible for creating monitors, alarms and notifications for EC2 hosts using Cloud Watch.

Involved in the migration and implementation of multiple applications from premise to cloud using AWS services like SMS, DBMS, CloudFormation, S3, Route53, Glacier, EC2, RDS, SQS, SNS, Lambda, Kinesis and VPC.

Built and configure virtual Data Centre in the AWS cloud to support Enterprise Data Warehouse hosting including Virtual Private Cloud.

Assisted in using Sage Maker to build and train machine models to directly deploy them into production-ready hosted environment.

Education And Certifications

University of Maryland University College Shady Grove, MD Master in Cybersecurity-Present

University of Maryland University College– Shady Grove, MD B.S – Cybersecurity

Montgomery College, Rockville, MD Associates Degree - Cybersecurity

Certified Information System Security Professional (CISSP)

Certifications

AWS Developer

AWS Certified Solutions Architect

CEH Certified Ethical Hacker

CISA Certified Information Systems Auditor

CompTIA Security +Certified Information System Security Professional (CISSP)

Oracle Certified Associate 12c

Oracle Certified Oracle Cloud Infrastructure

FTK (Forensic Tool Kit)

Certified Scrum Master

Certified SAFe 5.0 Practitioner



Contact this candidate