Resume

Sign in

Security Analyst Impact Assessment

Location:
Springfield, VA, 22150
Posted:
September 10, 2021

Contact this candidate

Resume:

NELLY FINEGHANG

682-***-****

adomng@r.postjobfree.com

Cyber Security Analyst

Performance-driven Cyber Security Analyst with over 6 years’ experience managing and defending enterprise information systems, network system and operational processes through risk management, assessment of internal/external security vulnerabilities, information assurance, develop security control policies and procedures, implementing and testing security controls. Knowledgeable ensuring compliance with industry standard regulations: FISMA/NIST 800 series, ISO 27001, PCI DSS, SOX, HIPAA and processes.

CORE COMPETENCIES

Experience in developing documentations such as SSP, SAP, PTA, PIA, E-Authentication, SAR, SRTM, etc.

Good knowledge of RMF processes and compliance with NIST publications and standards: - NIST 800-53 Rev 5 and NIST SP 800-37 rev 2, 800-18, 800-53A, 800-30, 800-137, FIPS199 & 200, SOX, GBLA, PCI DSS, HIPAA, FEDRAMP

Performing daily ongoing (A&A) Assessment and Authorization projects in support of findings.

Experience in developing and conducting ST&E (Security Test and Evaluation) according to NIST SP 800-53A and perform on-site security testing and reviewing vulnerability scan results.

Good knowledge of Security Control Assessment, internal audits as part of Information System Continuous Monitoring activities prior to external auditing

Experience using and analyzing technical assessment tools such as Nessus, Wireshark, Snort and Nmap.

Good Knowledge of networking technologies (including OSI Model, TCP/IP, DNS, WAN/LAN/VLAN, IDS/IPS, Switches, Routers

Problem solving skills identifying issues and determining the reliability and significance using sound judgment to review, evaluate alternatives and make recommendations

Knowledge of SIEM tools – Splunk, to perform searches, and create reports, alerts and dashboards, GRC tools e.g CSAM and Vulnerability Scanning tools: Acutinex, Tenable, Web Scanner.

PROFESSIONAL EXPERIENCE

Security Control Assessor

DelTaahTech Consulting Feb 2018 - Present

Coordinating client interview (Working Sessions) to determine system security posture and assisting in package/completion of the system security Assessment Plan using NIST SP 800-53A needed to maintain organization’s Authorization to Operate (ATO)

Preparing Security Assessment and Authorization package which consists of Requirement Traceability Matrix, Risk Exposure Table, SAR, and POA&Ms Report in compliance with FISMA, NIST and OMB A-130 appendix III

Conducting technical and non-technical security risk assessments on network systems via document review, network vulnerability scans, and walk through of new and existing information for FISMA compliance using NIST guidelines and controls

Reviewing technical Security Controls and providing implementation responses as to if/how systems are currently meeting the requirements

Conducting Information Systems Security Audits and Certification and Accreditation (C&A) Test in compliance with the NIST standards

Providing POA&Ms quality and management review, update and validate on behalf of the CISO

Performing analysis with Security Information and Event Management (SIEM) software products

Conducting vulnerability management strategic testing and techniques

Providing continuous monitoring support for Information Systems in accordance with FISMA guidelines and conducting FISMA-based security risk assessments

Participating in System Security Categorization (FIPS199), reviewing Privacy Impact Assessment (PIA) document after a positive PTA is created

Information Security Analyst

DelTaahTech Consulting April 2015-Jan 2018

Coordinated implementation and improvement of enterprise-wide security standards, policies, and procedures (manage Active Directories and user permissions within a cloud-based environment, user log-on and authentication rules, security breach escalation procedures, security auditing procedures and use of firewalls and encryption routines)

Coordinated periodic compliance scans, host discovery scans, web searches for related URLS, and maintain an accurate documentation

Developed, reviewed, and updated Information Security Systems policies, established security baselines in accordance with NIST, FISMA, FIPS, and industry best security practices

Performed vulnerability scanning using Nessus scanning tool to detect potential risks on a single/multiple assets across the enterprise network

Performed vulnerability/risk analyses of information systems and applications during the assessment phase of the system development

Conducted trend analysis of monthly vulnerability assessment results to identity high risk vulnerabilities impacting information assets and coordinated proper remediation accordingly

Performed risk assessments, reviewed and updated Plans of Action and Milestones (POA&Ms), Security Control Assessments, and specific security document. (SA&A) Security Assessment and Authorization using NIST SP 800-53 rev 5, FIPS 200 (Security Controls), NISP SP 800-53A rev 5(Assessing Security Controls)

Analyzed and defined security requirements for information systems and network infrastructure

Performed continuous monitoring functions, including coordinating mitigation of gaps, findings, and other security issues; and other required testing

Responded and participated in resolving security incidents, failed log on attempts, failed port connections to the network and investigates and escalates

Analyze scan data to determine if its false positive or actual alert and suggest ways to remediate issues discovered

Documented all activities during an incident and provided leadership with status update during the life cycle of the incident

Coordinated implementation of security policies and procedures by monitoring security profiles, reviews security violation reports and investigates possible security exceptions

Coordinated audits and security logs to detect possible security violations

EDUCATION

ACCOUNTANCY

University of Bamenda Cameroon

CERTIFICATE

Certified in Risk and Information Systems Control (CRISC)

CompTIA Security

SKILLS/TOOLS

Tenable Nessus, SIEM tools: Splunk,

Service-Now, Microsoft Office (, MS Word,, Excel, Microsoft Share



Contact this candidate