Post Job Free
Sign in

Security Analyst

Location:
Dumfries, VA
Salary:
115,000
Posted:
June 27, 2020

Contact this candidate

Resume:

Shazia Williams

Address: Alexandria, VA Email: ******.********@*****.*** Cell: 202-***-****

A well-versed subject matter expert with over 5+ years in Compliance Risk Management/Mitigation and Information Assurance. A diverse background as Client Support Specialist, Information Assurance Analyst, Security Analyst, and Educator. Possess the ability to adjust to any working environment, while motivating peers to creatively strategize policies, procedures, and techniques to properly secure system vulnerabilities. Help bridge the gap between end-users and security operations on company supported database systems. Able to thrive, motivate, and cultivate peers and team members in every work endeavor possible. Experienced in applying RMF foundations using NIST, FIPS, and FedRAMP regulations and procedures.

Areas of Expertise

Authorization & Authentication (A&A), Risk Management Framework (RMF), NIST 800’s, FIPS 199 & 200’s, FedRAMP, Cyber Analyst, Develop and Implement IT security Policies and Procedures, Nessus Vulnerability Scanning, Security Assessment Reports (SARS), Information Assurance Analyst, Compliance & Risk Management/Mitigation, Security Control Assessments, Vulnerability Management & Security Engineering

PROFESSIONAL EXPERIENCE

MINDPOINT GROUP Springfield, VA 10/2016-Present

IT Security Analyst

Oversee the monitoring, investigating, and reporting of security related events mainly red-flags to lead system analysts. Assist team members in the daily coordination and remediation of all security incidents ranging from low, medium, high, and critical. Implement updates and manage execution of security assessments and analysis of systems on a daily, weekly, monthly, quarterly, and annual basis. Ensure that company meets all security standards for internal and/or external audits. Develop, review, and update Information Systems Security Policies and establish security baselines using outlined NIST,FISMA, and FIPS requirements.

•Perform vulnerability scanning using Nessus scanning tools to detect potential risks on a single or multiple asset across the enterprise network.

•Manage and address system vulnerabilities and weaknesses uncovered through continuous monitoring assessments.

•Draft and monitor Plan of Action and Milestones (POA&Ms) when required to monitor system compliance.

•Conduct Annual Assessment based on NIST SP 800-53A and document findings within Requirements Traceability Matrix (RTMs) and Security Assessment Reports (SARs).

•Assess systems of varying scope and complexity and comprised of various technologies.

•Create standard templates for all required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages.

•Provide weekly status reports on ongoing tasks and deliverables.

MNS GROUP Washington, DC-Baltimore Area 10/2014 – 10/2016

IT Security Analyst

Managed processes and procedures of security system databases, software, and hardware. Monitored System Development Life Cycle according to business methodologies and established company regulations to ensure proper compliance of systems. Supported the Security Assessment and Authorization process of the clients’ systems as a technical Security Analyst. Assessed system vulnerabilities and Performed risk assessments to identify the risk level associated with the findings.

•Provided assessments and solutions information in updating IT security policies, procedures, standards, and guidelines.

•Monitored controls post authorization to ensure constant compliance with the security requirements

•Reviewed artifacts regarding Plans of Action and Milestones (POA&M) created by the organization Information System Security Officer (ISSO) before closing of information system auditing reports.

•Documented findings within Requirements Traceability Matrix (RTMs) and Security Assessment Reports (SARs).

•Reviewed and analyzed Nessus Vulnerability and Compliance scans for possible remediation.

•Assessed systems of varying scope and complexity and comprised of various technologies.

•Provided weekly status reports on ongoing tasks and deliverables.

CAPITAL ONE Washington, DC-Baltimore Area 05/2013-10/2014

Information Assurance Analyst

Designed, displayed, and deployed changes to current software architecture. Planned to address system vulnerabilities and risks based on measure of criticality and need-base. Help assist in the design of system security architecture to protect company’s digital assets from unauthorized access. Monitored system applications and hardware mainly using (Nessus) for any abnormal activity on company databases.

Mitigated damages and patched software during current cyberthreats.

•Assisted in conducting cloud system assessments.

•Designed system architectures that monitored cyber threat data breaches and traffic spikes and still allowed employees to work without interruption.

Client Support Specialist

Analyze and Innovate in consulting and client relationship building while maintain support tasks to monitor and mitigate risk compliance. Supported Analysts in bridging the gap between end-user support and security operations.

•Assisted in updating IT security policies, procedures, standards and guidelines according to department and federal requirements

•Supported Cyber Security analyst in conducting Vulnerability Management, Security Engineering, Certification and Accreditation, and Computer Network Defense.

•Assisted analysts in addressing security incidents.

•Performed investigations of unauthorized disclosure of Personal Identifiable Information (PII).

•Responsible for reporting findings and providing status of reports to senior leadership mainly the company Information System Security Managers/Officers (ISSM/ISSO).

•Performed vulnerability scans and monitored status continuously using NIST 800-137 as a guide with the aid of Nessus Vulnerability software system.

EDUCATION

Business Administration and Management, General

The Art Institutes

Robinson Secondary School- Diploma 2008

TECHNICAL SKILLS

Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA), Risk Assessment (RA), System Security Plans (SSP), EMASS familiarity, SharePoint, PeopleSoft, Nessus Vulnerability Scanning Tool, Visio, MS Office, Authorization to Operate (ATO) Certifications, & Plans of Action and Milestones (POA&M)

CERTIFICATIONS

CASP+

AWS Certified Solutions Architect



Contact this candidate