Montess Ivette

Beltsville, MD

ad4v6n@r.postjobfree.com

443-***-****

Professional Summary:

Results-oriented A Cybersecurity Analyst with over six (6) years of professional experience in Security Assessment & Authorization (A&A), System Development Life Cycle (SDLC), and System Security Monitoring.

Support systems undergoing Authorization to Operate (ATO) and Information Security Continuous Monitoring (ISCM) process following the NIST Risk Management Framework (RMF).

Experience in implementing all phases of the RMF process from Categorization through Continuous Monitoring process. Dedicated professional with an excellent work ethic.

Experienced in supporting A&A activities to include security control assessment, continuous monitoring, and vulnerability management leveraging applicable NIST guidelines and standards such NIST SP 800-37, NIST SP 800-53rev4, NIST SP 800-53a rev4, NIST SP 800-137 and more.

Certifications:

CompTIA Security+ CE

CISM

CISSP (IN Progress)

Education

Bachelor of Arts (B.A.) and Political science from University of BUEA, Cameroon - (2013)

.

Skills & Competencies:

MS Office 365

NIST

FISMA

FedRAMP

CSAM

Xacta 360

Nessus

ISVM

STIGs

System Security plan (SSP)

Plan of Actions & Milestones (POA&Ms)

Security Operation Center (SOC)

SCAP Compliance Checker (SCC)

Risk Management Framework (RMF)

Standard Operating Procedures (SOP’s)

Assessment and Authorization (A&A)

Incidence Response Plan (IRP)

Authorization to Operate (ATO)

Information Security Continuous Monitoring (ISCM)

Professional Experience:

WHITNEY, BRADLEY, & BROWN (WBB) - Reston, VA

Information Assurance Analyst Mar 2018 – Present

Prepared systems Assessment and Authorization (A&A) packages making sure that management, operational, and technical security controls adhere to a formal and well-established security requirement authorized by NIST 800- 53r4. Ensure that all controls are properly implemented to address requirement.

Developed and updated security documents such as the System Security plan (SSP), Contingency Plan (CP), Incidence Response Plan (IRP), Configuration Management Plan (CMP) utilizing necessary NIST special publications such as 800-53r4, 800-34, 800-61, etc.

Experience with vulnerability scanning tools such as Tenable Nessus, Tenable.IO, and Tenable.SC, Qualys Guard, etc.

Worked with System Admin and developers to ensure required security patches are updated with the organization defined time-period. Follow-up with stakeholders for updates on patches.

Analyzed vulnerability scan result such as Nessus to identify systems compliance risk levels, identify non-compliance issues, security vulnerabilities, and manage remediation activities.

Performed annual security control self-assessment to ensure controls continue to be effective and work with stakeholders to remediate failed controls due to existing open POA&Ms.

Ensured all software/firmware and code changes to the information systems are reviewed and approved through organization approved review board prior implementing such change on the information system.

Worked with Security Engineer in conducting security impact assessments on change to their respective FISMA systems and ensure proper security requirements are implemented to mitigate risks.

Reviewed and validated Plan of Actions & Milestones (POA&Ms) for non-compliant controls associated with IT systems and ensure necessary remediation tasks are performed to prior to authorizing closure.

Managed and coordinated system security continuous monitoring activities such as vulnerability scanning and audit log review and analysis.

Collaborated with Data Center / Security Operation Center (SOC) team in reviewing vulnerability and compliance scan results at an agreed upon frequency. Ensure identified vulnerabilities are tracked and remediated.

Aerotek Technology - Washington, DC

Information Security Assessor Dec 2016 - Feb 2018

Participated in the implementation of new system requiring ATO to provide support such as categorizing information systems and developing system and technical descriptions.

Selected security controls for the information system based on NIST 800-53 rev4 as well as tailoring and supplementing to determine control applicability and type.

Provided ongoing Assessment and Authorization (A&A) support for systems undergoing continuous monitoring by managing and accessing changes to information system in order to determine the security impact to those changes and providing necessary recommendations.

Experience with vulnerability scanning tools such as Tenable Nessus, Tenable.IO, and Tenable.SC, Qualys Guard, etc.

Performed ongoing review and updates of security documentations annually and when required due to changes to the information system such System Security Plan (SSP), Contingency Plan (CP), Incidence Response Plan (IRP), Configuration Management Plan (CMP), Standard Operating Procedures (SOP’s), Hardware inventory, Software inventories, Ports Protocol and Service Management (PPSM), and other policies as needed.

Performed annual security control self-assessment to ensure controls continue to be effective and work with stakeholders to remediate failed controls due to existing open POA&Ms.

Reviewed and analyzed vulnerabilities on the systems and recommend weakness remediation to necessary stakeholders such as the System Administrator (SA), System Owners (SO), Information Systems Security Officers (ISSO), and Developers as needed.

Plan, develop, and conduct contingency plan testing and risk assessment on client’s information systems. Analyze results to identify and mitigate risk to IT systems, and update and improve information systems documentation in accordance with client’s IT security policies and System Security Plan (SSP).

Additional Skills as a SOC Analyst (3 Years +)

Experience with vulnerability scanning tools such as Tenable Nessus, Tenable.IO, and Tenable.SC, Qualys Guard, etc.

Knowledge of networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc.)

Configuration/Patch/Vulnerability Management

Moderate knowledge of the current threat landscape (threat actors, APT, cyber-crime, etc.)

Moderate knowledge of Firewalls, endpoint security, IAM products, vulnerability management products

Knowledge of DDoS mitigation techniques, of penetration techniques.

Knowledge of audit requirements (PCI, HIPPA, SOX, etc.)

Good understanding of system log information and what it means, where to collect specific data/attributes as necessitated per Incident Event (host, network, cloud, etc.)

IDS monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarms.

Contact this candidate