Post Job Free
Sign in

Security Control Analyst/Assessor

Location:
Forney, TX
Posted:
September 09, 2020

Contact this candidate

Resume:

OBJECTIVE

A Cyber Security professional with over 10 years overall IT experience and 5 years of experience in vulnerability management, security control implementation, assessment and authorization, POA&M management, continuous monitoring, and Risk Management Framework, Authentication & Access Control, System Monitoring and Regulatory Compliance, performing system Certification and Accreditation with all required security controls in accordance with NIST, OMB, FISMA, FedRAMP and industry best security standards. Very Dynamic individual, critical thinker, excellent team player with great interpersonal skills and the ability to adapt well to changing environments and interact well at all levels. Proven ability to lead and direct, solve problems creatively, and make strategic decisions in fast paced environments.

Skills Summary

Data Analysis

RMF

Linux

IAAS, PAAS, SAAS

NIST 800 Series

POA&Ms

MS. Office Apps.

ISO 27001

FISMA

FIPS 199 & 200

OSI Model

Vulnerability ASMT

Visio

FedRAMP

ATO Package

SAP/SAR

AWS/EC2/S3

Windows Server 2003

RabbitMQ

Nessus

Vulnerability Management

Writing Code

Red hat Linux 6-7

Big Data

Nagios

TCP/IP

Risk Assessment

ATO Package

Networking & switches

Metasploit

Wireshark

Networking

Web Inspect

DB Protect

Project leadership

CentOS

Ubuntu

VirtualBox

PROFESSIONAL EXPERIENCE

SECURITY CONTROL ASSESSOR

DELTAAH TECH CONSULTING March 2014 - PRES

Maintain operational security posture for an information system or program to ensure information systems security policies, standards, and procedures are established and followed.

Assist with the management of security aspects of the information system and perform day-to-day security operations of the system.

Evaluate security solutions to ensure they meet security requirements for processing classified information.

Provide support for proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies.

Evaluate compliance with mandatory OMB regulations and NIST guidance in risk analysis/vulnerability assessment, security control implementation and testing, and risk management.

Prepare for and conduct assessments in compliance with Federal Guidelines (NIST 800-53, 800-53A, 800-37, etc.) and client requirements.

Review information system security controls and impact of system changes on security.

Review system security plans (SSP) for areas requiring updates, and provide advice to system owners on maintaining accurate and comprehensive documentation.

Lead kickoff meetings and conduct follow-up interviews with stakeholders.

Prepare Security Assessment Plans (SAP) to document test and assessment procedures.

Assess security controls according to NIST 800-53A to ensure they continue to perform as intended.

Test security controls of major IT systems in accordance with NIST Special Publications (NIST 800-53 rev 4, 800-53A, 800-18, 800-30, 800-60, 800-137, and FIPS 199).

Collect artifacts as proof that security controls are performing effectively.

Prepare and deliver Security Assessment Reports (SAR).

Record assessment results in the client GRC tool.

Information System Security Officer (ISSO)

TEKsystems Washington DC August 2012 – February 2014

Performs the ongoing RMF/A&A/ATO projects in support of client security systems using NIST SP 800-37 Rev 1 as a guide.

Extensive knowledge in Categorizing Information Systems (using FIPS 199 and NIST SP 800-60 Vol 2 Rev 1 as a guide)

Selects and implements applicable security controls (technical, operational and management) using NIST SP 800-53 Rev 4 as a guide.

Create, update and revise System Security Plans, Contingency Plans, Incident Reports and Plan of Action & Milestones (POA&Ms).

Prepares information systems’ artifacts (SSP, SAR and POA&Ms) for ATO.

Reviews Privacy Impact Assessment (PIA) document after a positive PTA is created and ensure PII findings are recorded in the System of Record Notice (SORN)

Generate, review and update System Security Plans (SSP) against NIST 800-18 and NIST 800 53 requirements.

Performs ongoing continuous monitoring using NIST 800-137 Rev 1 as a guide.

Drafted, finalized, and submitted Privacy Threshold Assessments (PTA)s, Privacy Impact Analyses (PIAs), E-Authentication Assessments, System of Record Notices (SORNs).

Monitors, evaluates and reports on the status of information security systems and directs corrective actions to eliminate or reduce risks.

SECURITY CONTROL ASSESSOR (SCA)

American Systems Washington DC June 2010 – July 2012

Performed security controls assessments using NIST SP 800-53A as a guide by means of the assessment methods such as Interview, Examination and Testing.

Develop and conduct ST&E (Security Test and Evaluation) and perform on-site security testing using vulnerability scanning tools such as Nessus.

Determined effectiveness of Technical, Operational and Management security controls by assessing whether controls are implemented correctly, operating as intended, and meeting security requirements.

Scheduled assessment kick-off meetings with assessors and Security Control Interview meetings with the ISSO, System Owners and Common Control Providers.

Created Requirement Traceability Matrix (RTM) and documented whether controls being assessed passed or fail using NIST SP 800-53A as a guide.

Created and finalized Security Assessment Report (SAR) and give recommendations to ISSO on how to mitigate or remediate reported weaknesses and vulnerabilities.

Reviewed A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, e-Authentication Assessment, PTA, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT)

EDUCATION.

Bachelor of Science (BSc), 2010.

CERTIFICATIONS.

(ISC)2 CAP (Active).

(ISC)2 CISSP (Course in Progress).



Contact this candidate