Post Job Free
Sign in

Security Analyst Information

Location:
Bowie, MD
Posted:
January 19, 2022

Contact this candidate

Resume:

OBJECTIVE:

Skilled and result-oriented Information System Security Officer/Cyber Security Analyst with experience supporting cloud and on-prem federal information Systems with Assessment, Authorization and continuous monitoring tasks.

Qualification Summary

Worked with NIST 800 series (60 v1&2, 18, 30,34, 39, 53, 137, 115, 53A, FIPS 199 & 200 to provide compliance with FISMA guideline

Developed and reviewed security documents, some of which include: System Security Plan (SSP), Incidence Response plan, Contingency plan (CP), Disaster Recovery Plan, and Security Assessment Report (SAR).

In-depth knowledge of HIPAA, RMF, and DIACAP methodologies for compliance.

Reviewed CSP documentation for completeness and FedRAMP ATO package.

Completed Agency Cloud system’s assessment, Authorization and Continuous monitoring.

Completed comprehensive Security Control Assessment (SCA) based on NIST 800-53A Rev. 4.

Experienced working with NIST 800-53 controls, NIST RMF, and FIPS for FISMA compliance.

FISMA Reports, Standard Operating Procedures (SOP) in accordance with Federal, Agency and Organizational policy, to include FISMA, NIST, OMB, FIPS instructions

Conducted EIT (Interviews, Examination &Testing) using NIST SP 800-53

Possess in-depth ability to perform information Security Risk Assessments and Analysis, Risk Mitigation in large-scale network application environments.

Experienced creating POA&M using Cyber Security Assessment and Management(CSAM) for the remediation of findings

Experienced with ISO 27001 controls and SANS-20 critical security controls

Experienced developing organizational policies and procedures using NIST 800-53 control document as a guide.

Able to work under fast pace terrain and meet deadlines in required time frames

Maintained an excellent working relationship with both internal and external customers

Professional Experience

ISSO – NetSecurity

August 2019 - Present

Duties included:

Complete Assessment for agency Federal FedRAMP information Systems and obtained agency Authorization to Operate (ATO).

Review FedRAMP SSPs to ensure Security controls have been/level Implementation

Review all system Change requests submitted for system updates and changes, providing approvals.

Supports and completes all steps involved in the Risk Management Framework (RMF) process using NIST 800 Special Publications such as 60 v 2, 53 Rev 4, 53A, 34, 18, 34, and 61. the accreditation process of a system and determines the security controls for the protection of an information system

Organize System review and update meetings with Stakeholders

Develop system security documentation such as SSP, PTA, PIA, CP, CPT and ensure the documents are up-to-date.

Collaborate with System engineers and points of contacts to develop and maintain the System Security Plan and all associated documentation

Create and manage Plan of Action and Milestones (POA&M) for findings uncovered in vulnerability scans, penetration testing, and Assessment.

Complete Assessment kick-off/preparation meetings for new initial system Assessments and reassessments.

Document risk waivers for systems findings not addressed within the remediation timeline.

Complete Assessment and Authorization for Cloud /FedRAMP applications on AWS and Azure IaaS, PaaS, and SaaS.

Perform and complete vulnerability and risk assessments, ensure all vulnerabilities identified are addressed on time.

Organize CP and IR training and tabletop activities for Federal Information systems undergoing Assessment and Authorization.

Create, update and ensure security processes and procedures align with information security policies and standards.

ISSO – US TECH

April 2014 to July 2019

Duties included:

Developing, reviewing, and updating system authorization packages according to required strategies to comply with FISMA.

Complete categorization of information system using FIPS 199 and PTA/PIA meetings with Privacy officials and Stakeholders.

Complete security control reviews and document failed controls in the Risk mitigation plan.

Document implementation statement for passed security controls.

Review and validate network change requests submitted

Accurately completed Risk Acceptance Letters for vulnerabilities that cannot be mitigated within the remediation timeline.

Conducted kick-off meetings to categorize agency's systems according to NIST requirement of Low, Moderate, or High impact level

Actively participating in Assessment and Authorization Process, ensuring Operational, Management and Technical controls securing sensitive Security Systems are in place and being followed according to the Federal Guideline (NIST SP 800-53).

Developed, updated and reviewed security documents/artifacts such as SSP, SAP, SAR,RAR, CP, CPT, IRP, SLA, MOU and for correctness and completeness.

Conducted the ST&E and developed Requirements Traceability Matrix (RTM) according to NIST SP 800-53A.

Review and update security policies and procedures following NIST 800-53 and NIST 800-53A.

Conduct a thorough review of A&A documentation, including NIST and FedRAMP.

Assessed security control from the Control Implementation Summary (CIS) to determine rules that are the sole responsibilities of the Customer and CSP.

Managed POA&Ms to ensure all opened are closed within scheduled completion dates or document reasons for the delay.

Perform comprehensive Security Controls Assessment (SCA) and write reviews of management, operational, and technical security controls for audited applications and information systems.

Upload security documentation in the agency's artifact repository.

Reviewed and validated change requests submitted for new and existing connections.

Continuously monitor information systems for compliance using NIST 800-137 as guide.

Organized and chaired system updates and security control meetings with system owners and stakeholders.

Global Solutions Inc – Information Security Analyst

From September 2012-March 2014

Duties:

Scheduled and organized meetings with internal and external personnel

Managed, updated, and reviewed POA&M to mitigate findings.

Conduct the ST&E Kick-off Meeting and populate the Requirements Traceability Matrix (RTM) according to NIST SP 800-53A.

Developed and reviewed ATO package documentation required to otain system ATO

Maintained an up-to-date ATO package and meet with designated officials for signatures.

Conducted in-depth review of systems and provided feedback and recommendations on Intrusion Detection Systems (IDS), firewall, system hardening, and general security best practices.

Support the development and maintenance of system security plans and contingency plans for all systems.

Completed, reviewed and updated system security artifacts and ensured ann security documents are up-to-date.

Reviewed logs and provided documentation guidelines to business process owners and management

Reviewed and updated policies and procedures.

Reviewed files, records, and documents to obtain information to respond to requests.

EDUCATION&CERTIFICATIONS

Master’s in cyber security and information Assurance: In progress.

CISSP – In progress

Security +

CAP

Technical Skills:

NESSUS scanner

Splunk

Microsoft suits



Contact this candidate