H: 336-***-**** E: email@example.com
IT Security professional with experience and expertise as a security analyst, security assessor with emphasis on privacy and data security, management and operations.
Authorization professional, Insightful, results-driven with notable success directing a broad range of corporate IT security initiatives while participating in planning, analyzing, security control assessments and implementing solutions in support of business objectives.
Security and Risk Management-Splunk Enterprise Security
Security event log reviews
Security Assessment and Authorization
Business Continuity Planning
Disaster Recovery Planning
Vulnerability Management & Scanning
System categorization (FIPS 199 & NIST 800-60)
Role based Access Control
Security control testing
Security control selection (FIPS 200 & NIST 800-53)
CYBER SECURITY ANALYST 02/2017 to Current
Mastec Advanced Technologies - Greensboro, NC
Perform security analysis of operational and development environments, threats, vulnerabilities and internal interfaces to define and assess compliance with accepted industry and government standards.
Conduct security control assessments of agency defined information systems, major applications and general support systems (GSS) to determine compliance with NIST SP 800-53A security requirements.
Work as a key team member of the RMF process for assigned systems to ensure that the controls are adequately categorized, selected, implemented, assessed, authorized and monitored.
Ensure risk assessments and Assessment of key Controls for assigned systems are completed to determine cost-effective and essential safeguards.
Reviewed and assessed systems of different classification, scope, and mission and determined residual risk and mitigation methods to ensure the system was operating in its most secure state.
Select baseline security controls; applied tailoring guidance and supplemental controls as needed based on risk assessments.
Performed data gathering techniques (e.g. questionnaires, interviews and document reviews) in preparation for assembling C&A/A&A packages.
Updated Plan of Action & Milestones (POA&M) and Risk Assessment based on findings assessed through monthly updates.
Oversee configuration management of assigned systems; auditing systems to ensure security posture integrity
Conduct risk assessments and investigations, execute appropriate risk mitigations, and oversee incident response activities
Conduct periodic hardware/software inventory assessments
Interface with the appropriate government customers, suppliers, and company personnel to implement protective mechanisms and to ensure understanding of and compliance with cybersecurity requirement.
Review all proposed change requests related to system design / configuration and perform security impact analysis.
INFORMATION SECURITY ANALYST 02/2015 to 02/2017
USIC Locating Services - Greensboro
Served as the IT risk management Subject Management Expert (SME) on various projects, as needed.
Participated in system categorization while utilizing NIST 800-60 and FIPS 199.
Participated in documentation to include System Security Plans (SSPs), Risk Assessment Reports, and other needed artifacts for assessment and authorization tasks.
Worked with business units to assess the impact of strategic business directions on information security threats, vulnerabilities, and risks.
Documented, audited and reported on security compliance with the business units and information security management.
Reviewed 2009 through 2017 Federal Information Security Management Act (FISMA) requirements and associated controls and made recommendations for improvements that are being adopted as 2017 its governance and information assurance initiatives.
Reviewed and made recommendations for accreditation, authorization, and authority to operate for cloud service providers.
Conduct log analysis using designated Security Information & Event Management (SIEM) platform.
Conducted vulnerability analysis and remediation.
Supported security authorization activities in compliance with Risk Management Framework (RMF).
Conducted internal and external control assessment of all third parties to ensure control effectiveness.
IT Support Rep, Greensboro NC- May 2014 to Feb 2015
Monitor Help Desk Queue for tickets and process first-in first-out based on priority along with proper group assignment, categorization
Makes routine and non-routine decisions under close supervision, applying limited discretion within role except for matters of significance which affect the business as a whole or a significant part of it, in accordance with established procedures/guidelines.
Applies core knowledge obtained for the role to ensure the proper day-to-day operation of technology applications and equipment.
Escalates network, application and telecommunication issues to maintain the highest level of system availability for the business.
Provides basic second level support for VPN connected client to site and site to site connections.
Provides support to employees or internal customers in resolving escalated technology issues in a timely fashion.
Provides routine telephone, remote and on-site support to users.
Escalates technology problems when necessary providing a consistent model for support across the enterprise.
Responds to, diagnoses and resolves problems and tickets that are assigned via the Service Desk
Supports back office servers and systems including mobile devices and OSD process for imaging of computers.
Supports and promotes change management and/or departmental/enterprise initiatives within assigned area(s) of responsibility.
Education and Training
North Carolina A&T State -Greensboro, NC EXPECTED
Engineering Technology, Cyber Security
References available upon request