EXPERIENCE SUMMARY:

Highly motivated Information Security Analyst with 6+ years of experience in analyzing a variety of security related events, performing assessments and protecting enterprise information systems. Possess expertise in customer service management security & data protection, team leadership, project management, strategic planning, policy and procedure reinforcement.

MS Office Suites

Linux

Contingency Plan

ISCP

POA&M

RMF

Incident Response

TEXT

SOP

Nessus

Windows

PTA

NIST 800 Series

Vulnerability Management

ISO 27001

DRP

AREAS OF EXPERTISE:

PROFESSIONAL EXPERIENCE:

DT Tech Consulting 05/19 - Present

Cyber Security Analyst

Implements the Risk Management Framework (RMF) in accordance with NIST SP 800-37 Rev 1

Reviews security categorization of systems using FIPS 199 & NIST SP 800-60 Vol 2 Rev 1

Updates technical, operational and management control families and controls with guidance from NIST 800-53 Rev 4 and FIPS 200.

Work with a team of Developers, Information Security Owners, and System Engineers to select, implement, and tailor security controls to safeguard system information.

Reviews and updates SSP implementation statements of respective applicable control to assigned systems as need arises using NIST 800-18

Independently as put together a variety of Security Authorization deliverables including; System Security Plans, Security Assessments Reports, Risk Assessment Plans and POA&M.

Drafts, finalizes, and submit Privacy Threshold Assessments (PTA) s, Privacy Impact Analyses (PIAs), E-Authentication Assessments, System of Record Notices (SORNs) for annual review and recertification.

Continuously monitored security controls effectiveness using NIST SP 800-137 Rev 1 as a guide.

Defense Point Security 09/2018 – 05/19

Cyber Assurance Analyst (ISSO) @ DOL

Conduct self-assessments of security controls on various impact systems in accordance with agency guidelines to ensure compliance with NIST 800-53a.

Collaborate with System Owners, and security team members, to make sure security controls are updated properly, and have evidential material to support security control.

Ensure Security documentations (System Security Plan, Contingency Plan, Risk Assessments and Incident Response Plan, etc.) are reviewed, maintained and up to date for FISMA Compliance.

Work with a team of Developers, Information Security Owners, and System Engineers to select, implement, and tailor security controls to safeguard system information.

Create Standard Operating Procedures templates (SOPs) for assigned systems.

Provide support during ATO Assessments, providing evidence as needed.

Create and reviewed POA&Ms to ensure all POA&Ms have a documented path forward.

Collaborated with ISSO and security team to implement security controls selected in SSP Using NIST 800-18 as a guide to develop SSP.

Work with ISSO and Security team to access security controls selected, in updating SAP, ROE where Vulnerability scanning’s and penetration testing procedures are included in the assessment,

Conduct assessment meeting kickoff and security Control meeting with ISSO and System Owner Assessment finding result be reflected on the (RTM) or Test case and all weakness noted be reported in our SAR report.

Monitored security controls using NIST 800-137 as a guide by testing a portion one-third of the Applicable Security controls annually and performs periodic Vulnerability Scanning.

Washington Tech Solution 03/2013 - 09/2018

Information Security Analyst

Ascertained system vulnerabilities, recommend corrective measures and monitor effectiveness of security controls.

Analyzed and updated system categorization using FIPS 199 /NIST 800-60 vol1/vol2 based on CIA, initial risk assessment, E-authentication, SA&A packages, contingency plans (CP), privacy impact assessment (PIA) and risk assessment (RA) documents, SSP, SAP/SAR based on NIST SP 800-53, SP 800-53A.

Implemented real-time assessment support for development teams to integrate information assurance and security in the System Development Life Cycle ensuring proper configuration of major and minor application releases.

Created and tracked POA&M and monitor control post authorization to ensure compliance with FISMA-based security requirements.

Analyzed and classified risks associated with E-Authentication process to determine need for conduct of Private Impact Assessment.

Continuously monitored security controls effectiveness using NIST SP 800-137 as a guide.

Requested scans and later reviewed scan results for common vulnerabilities such as missing patches, weak password settings, unnecessary services not disabled, and weak configurations.

Collaborated with ISSO and security team to implement security controls selected in SSP Using NIST 800-18 as a guide to develop SSP.

Work with ISSO and Security team to access security controls selected, in updating SAP, ROE where Vulnerability scanning’s and penetration testing procedures are included in the assessment.

Trinitech Consulting 09/2010 - 03/2013

Unix/Linux System Administrator

Recorded and maintained inventory of software licensing using current management software as needed.

Remoted into computers and perform patches manually.

Performed other duties as assigned for including participating in after hours on call rotation.

Provided inside support to clients as needed.

Installed OS; configured SVM, LVM, ZFS and VERITAS volumes, Solaris zones; programmed recurrent jobs with crontab, patched servers and backed up data.

Established multiple sparse and whole root zones within one physical instance of Solaris 10. Analyzed and troubleshot performance issues led capacity planning for UNIX and Linux Servers.

Participated in the installation of Windows server 2008, and Active Directory

Troubleshot connectivity issues, administered user accounts; installed Windows 2008 servers. Provided backup/recovery of data; Installed pre-build repositories (EPEL) and attached NAS LUNs

EDUCATION AND CERTIFICATIONS:

University of Buea, B.S., Computer Science and Information Technology

Oracle Certified Associate Oracle Solaris 10 - Oracle University

Cloud Security Alliance V3 CCSK

CEH

CASP

CAP/CISSP in progress

Contact this candidate