Post Job Free
Sign in

Security Officer System

Location:
Washington, DC
Posted:
June 15, 2024

Contact this candidate

Resume:

Moses Panti

Email: ********@*****.*** Phone: 347-***-**** Location: Laurel, MD

Summary

Experienced cybersecurity professional with 8 years in the field, specializing in security compliance (NIST 800-37 RMF and other frameworks). Proficient in federal information systems, finance, and other industries. Extensive experience collaborating with all branches of the Department of Defense, Department of Energy, and Department of Veteran Affairs.

Work Experience

Cybersecurity Analyst

VMD Corp Inc / Remote, Maryland / 01/30/2022 – Current

Select and draft security control baseline in accordance with DOE guidance and FIPS 200.

Conduct a crosswalk review of the NIST SP 800-122 Privacy Controls by reviewing privacy overlays of security and privacy controls on a system.

Monitor and conduct Security Control Assessment to ensure all controls meet security requirements as Conducted RMF first step kick off meeting, initial risk assessment and categorization of information security system into Low, Moderate and High system centered on Confidentiality, Integrity, and Availability (CIA) of the information type referencing FIPS-199 and NIST 800-60.

Monitor and conduct Security Control Assessment to ensure all controls meet security requirements as stipulated in the SSP and NIST SP 800-53A Rev4.

Participate in ongoing meetings for systems undergoing the ATO (Authorization to Operate) process and the continuous monitoring of systems with full ATO.

Provide management and Ongoing Authorization (OA) Compliance Support to include Risk Management Framework (RMF) and FISMA compliance, Security Release management, Security Authorization and OA, and DOE policy Directives and Cyber Orders.

Participate in Change Control Board (CCB) briefings/meetings with all senior management.

Collaborate with ISSO to review and analyze security vulnerability scan results and coordinate the remediation response with system security administrators/engineering teams.

Develop and maintain Continuous-monitoring programs for the CSP solutions in line with organization ISCM policies, FISMA and FedRAMP requirements.

Assist Program Manager and Facility Security Officer in the preparation of Authority to Operate (ATO) documentation to support facility and system development efforts.

Represent the organization at the FedRAMP PMO meetings on Risk Assessment Report (RAR) and agency authorization process including Kick-off meetings.

Information System Security Officer (ISSO)

Criterion Systems Inc / Remote, Maryland / 05/17/2015 – 01/15/2022

Worked as an Information System Security Officer (ISSO) working on Risk Management Framework (RMF) System Security Plans for mission essential systems. Perform security assessment from the perspective of an SCA.

Conducts system security assessments. Created system security documents such as continuous monitoring documentation.

Primary point of contact for Plan of Action and Milestones (POA&M) findings. Tasked with updating data within the RCA Archer Integrated Risk Management system.

Conducted meetings with the IT team to gather documentation and evidence about their control environment.

Performed updates to SSP, Risk Assessments, Incident Response Plans, created Change Control procedures and drafted POA&Ms.

Performed Security Categorization (FIPS 199), Privacy Threshold Analysis (PTA), e-Authentication with business owners and selected stakeholders.

Developed and conducted Security Test and Evaluation (ST&E) according to NIST SP 800-53.

Ensured the implementation and effectiveness of security controls are in accordance with the organization’s Security Policy and Procedures as well as the adopted industry’s standard.

Participated in meetings to discuss vulnerabilities and potential remediation actions with system and application owners.

Reviewed vulnerability management processes and vulnerability scan reports and advised on the risk and remediation of security issues based on reports from vulnerability assessment scans.

Education

BS Information System Management, University of Maryland GC

Skills

NIST 800 Risk Management Framework

NIST Cybersecurity Framework (CSF)

ISO 27001

PCI DSS Assessment

Risk Assessment

Communication skills

Able to deal with difficult people.

Network scanners (Qualys, Nessus)

Cyber Threat Intelligence

Certifications

CompTIA Security+ CE

CompTIA Network+

AWS Certified Solution Architect – Associate

Certified Microsoft Certified – Power BI Data Analyst Associate

CISA



Contact this candidate