Post Job Free
Sign in

Security Information

Location:
Hyattsville, MD
Salary:
110000
Posted:
December 09, 2020

Contact this candidate

Resume:

CONGRAT FON

Hyattsville, MD ***** 240-***-****

***********@*****.***

US CITIZEN

Active SECRET CLEARANCE

Professional Profile

US Army Veteran with 7+ years of experience in Information Technology working as a CYBERSECURITY ANALYST and a SECURITY CONTROL ASSESSOR. I have acquired excellent practical skills in performance, implementation, development and also experienced in analyzing information requirements and delivering cost effective solution in diverse background which include solid knowledge, security planning management, C&A package, A&A process and POA&M. FIPS, FISMA Security Content, NIST Family of Security Controls, System Security Plan, Incident Response and Contingency Planning etc. Always ready to learn and grow…

Education

A.A.S. in Cybersecurity at PG Community College, Largo, Md 20774.

10/2017 – Present.

GPA 3.7

Bachelor’s of Science in Biochemistry (University of Buea 2010 – 2013)

Certifications

CompTIA Security + CE Certified

CCNA Certified

CEH Certified (In Progress….)

CISSP (In Progress…..)

Skills

Knowledge of cyber threats, vulnerabilities, hardware, software, firmware, operating systems, encryption, hashing algorithms, adversarial tactics, and server virtualization.

Knowledge Network Security, TCP/IP, IPS/IDS, Firewalls, Routers, Switches, Servers, and Tools.

Knowledge of Nessus, AppDetective, WebInspect, Nmap, Wireshark, XACTA, CSAM, GRC, eMASS, STIGs, ACAS, HBSS, Splunk

Skills of Microsoft office suite, Networking and tools, Data entry, Documentation, Good communication skills, Multi-tasking, Strong problem solving and analytical skills.

NIST/ FISMA/ FIPS, FedRAMP, OMB, POA&M.

Red Hat Linux RHEL 5/6/7 and Windows 2008, 2012.

Oracle 10g, 11g and 12C, My SQL

PROFESSIONAL EXPERIENCE

Perspecta, DC. Security Control Assessor

03/2020 – Present

I perform FISMA Risk Management Framework (RMF), SA&A/ A&A, and system control assessment processes using FIPS NIST SP 800-60, NIST SP 800-53r4/53A, preparing and reporting SSP, SAP, ST&E, POA&M.

Performed Continuous Monitoring of Security Controls by using NIST 800-137 as a guide for testing a portion one-third of the Applicable Security controls Annually and performing periodic and Testing Controls.

Provided services as security control assessors (SCAs) and I am an integral member of the team that performed the Assessments and Authorizations process to include A&A, documentation, reporting and analysis requirements.

Understanding of Cloud Service Models (PaaS, SaaS, IaaS) and protections as described in FedRAMP

Documented and Reviewed security plans (SP), contingency plans (CP), privacy threshold analysis (PTA) privacy impact assessments (PIA), system of record notice (SORN) and risk assessment (RA) documents per NIST 800 guidelines for various agencies.

Facilitated Security Control Assessment, performed internal audits of the systems prior to external auditing and Continued Monitoring Activities.

I worked with ISSO and Security team to Access Security Controls selected and assess the finding and the result be reflex on the (RTM) or Test case and all weakness noted be reported in the SAR.

Conduct assessments of information security controls in order to measure the effectiveness of controls and identify any gaps.

Experience using Security Content Automation Protocol (SCAP) vulnerability management, measurement, and policy compliance evaluation.

Hands on experience implementing DISA Security Technical Implementation Guides (STIGs) and translating security requirements into technical configurations.

Can perform security control assessment planning and execution in compliance with client policies and procedures.

Can conduct walkthroughs of the systems being assessed to collect all required artifacts to support assessment findings.

Can develop all required assessment deliverables (including Security Assessment Report, filling out of all test cases, updating POA&M document).

Develops and documents security evaluation test plans and procedures.

Can provide threat analysis based on identified security vulnerabilities

Can conduct hands on security testing, analyzing results, documenting risks, and recommending countermeasures.

Can develop risk assessment reports based on review of security plans and interviews with developer/customer assess systems against information assurance policies, regulations and instructions.

Contegix, PA. Cybersecurity Analyst

09/2016 – 03/2020

Construct thorough and complete security documentation to include, but not limited to, System Security Plans (SSP), Plan of Action and Milestone (POA&M), and any other artifacts to support the Body of Evidence.

Developed and conducted ST&E (Security Test and Evaluation) according to NIST SP 800-53A and performed on-site security testing and reviewed vulnerability scan results.

Address vulnerabilities and maintain product security posture.

Knowledge of FISMA tracking systems/tools to implement six steps NIST RMF aim at managing, monitoring and tracking ATO, POA&M, continuous assessment and ongoing authorization.

I developed plan of action and milestones (POA&Ms), security vulnerabilities and mitigation strategies; and also developed security A&A artifacts, to include but not limited to, sensitivity assessments, SSP, POA&Ms, and ATO and SAR.

Review, prepare, and update RMF authorization packages and other security documents as required.

Performed Vulnerability management and used a range of vulnerability tools to Scan the system, Identified trends and root causes of system failures. Worked on remediation and proposed mitigation strategies not addressed in the SSP

Monitor and make recommendations regarding the Information Assurance Vulnerability Management (IAVM) reporting and patch management for all Research systems.

Monitor Assured Compliance Assessment Solution (ACAS) remediation reports. This report contains Critical, High, and Medium vulnerabilities for Research IT systems.

Monitor and make recommendations regarding the Information Assurance Vulnerability Management (IAVM) reporting and patch management for all Research systems.

Monitor Assured Compliance Assessment Solution (ACAS) remediation reports. This report contains Critical, High, and Medium vulnerabilities for Research IT systems.

Provide timely status updates/reporting on assessments and assigned projects.

Assist in the development of rules of engagement document to facilitate the scanning of Agency network and vulnerabilities.

Identified trends and root causes of system failures or vulnerabilities using NESSUS Vulnerability Scanner, Nmap to scan ports, weak configuration and missing patches.

Broadcom Inc, CA. Security Control Assessor

03/2013 – 09/2016

Develop Body of Evidence Guidance, Rules of Engagement, Security Assessment Plan, and Assessment/Deliverable Schedules

Experience conducting hands on security testing, analyzing results, documenting risks, and recommending countermeasures

Experience developing risk assessment reports based on review of security plans and interviews with developer/customer assess systems against information assurance policies, regulations and instructions

Experience providing threat analysis based on identified security vulnerabilities

Develops and documents security evaluation test plans and procedures

Experience testing security architectures of cloud-based systems and applications, identifying vulnerabilities and providing security remediation

Evaluate information system security readiness and supports cybersecurity functions

Perform onsite and remote testing of FISMA requirements

Perform annual assessments that support the continuous monitoring strategy for all systems with ATO



Contact this candidate