Information Systems Security Analyst with over 10 years of professional experience in the Information Systems sector with over 5 years emphasis in Information Assurance, Security Control Assessment, Vendor Security Assessment, Policy Implementation and Security Documentation. Rich experience in providing subject matter expertise in developing, implementing, and assessing Information Security programs to validate compliance with FISMA. Renee has intensive knowledge in Security Assessment and Authorization, Certification and Accreditation, Security Planning, Vulnerability Scanning, Business Continuity Planning, Risk Assessments and Vulnerability Management, Renee has intensive work experience in managing and maintaining firewalls, including creating and managing firewall rules, the ability to troubleshoot potential issues on the network relating to availability issues from security devices. She has experience in managing Security Event and Incident Management (SEIM) systems - including monitoring and responding to alerts, the ability to determine network and system baselines and ensure monitoring and alerting is established, experience in managing anti-virus products, IDS/IPS, and Web Application Firewalls.
Active U.S Secret Clearance under DOD
Risk Assessment, Vulnerability Scanning, IT Security Compliance, Vulnerability Assessment, Impact Analysis, procedures, policies, methodologies, frameworks.
Assessment & Authorization, Security Control Assessment, Security Control Assessment.
Nessus Vulnerability Scanner, RMF, eMass, NIST 800 series, FISMA, DISA IA Policy.
Software: Wireshark, Nmap, Zenoss, Cain & Abel, Nessus, Snort/ACID, Splunk,John the Ripper, Cryptool, ArcSight, Firewalls, Proxies, IDS/IPS
July 2017 - present
Information Systems Security Analyst
Develop Document Security Authorization packages, including Security Plans (SSP's), Contingency plans, and SOP's for accreditation of Information Systems.
Develop System Security documentation in compliance with RMF and FISMA guidelines
Conduct Security Authorization reviews and Security Audits in compliance with Risk Management Framework (RMF) Steps 1-6
Perform the updating and tracking of POA&Ms, SAR, SOP etc.
Monitor and analyse network traffic, Intrusion Detection Systems (IDS), security events and logs.
Perform incident response to investigate and resolve computer security incidents.
Prepare and review documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs).
Lead, perform, review or track security incident investigations to resolution.
Lead, perform or review root cause analysis efforts following incident recovery.
Compose security alert notifications and other communications.
Stay up to date with current vulnerabilities, attacks, and countermeasures.
Develop follow-up action plans to resolve reportable issues and communicate with the other Analysts to address security threats and incidents.
Continually develop new use cases for automation and tuning of security tools.
Define and create privacy and security reportable issues metrics and reports.
Contribute to security strategy and security posture by identifying security gaps, evaluate and implement enhancements.
Prioritize and differentiating between potential intrusion attempts and false alarms
Vantraq Corporation (Subcontractor at State Department Project) Washington DC
Cyber Security Analyst July 2018 to December 2019
Perform ongoing Assessment and Authorization projects in support of client security systems and ensuring quality control of A&A documents.
Implementing and managing NIST 800-53 Rev. 4 Security Controls.
Work with analysts, engineers, and other security personnel to identify manage incidents impacting or threatening the organizations information assets.
Gather the Stig-viewer checklist for STIG requirement.
Ensure SLA, SOX and compliance standards are met in all work performed.
Conduct risk assessments and collaborate with clients to provide recommendations regarding critical infrastructure, network security operations and continuous monitoring process.
Experience with network investigations reviewing endpoint logs, network traffic logs, and security solutions.
Create, update and revise System security Plans, Contingency Plans, Incident Reports and Plan of Action & Milestone.
Review privacy Impact Assessment (PIA) document after a positive PTA (Privacy threshold Analysis) is created and ensure PII findings are recorded in the System of Record Notice (SORN)
Extensive knowledge in Categorizing Information Systems (using FITPS 199 as a guide).
●Master’s in Business Management University Of Maryland Business School Robert Smith
●Bachelor of Science (BS) in Computer Sciences, at Strayer University
●Scrum Master Certificate Accredited
*References available upon request