Security Analyst Scrum Master

FRANKLINE AKWO

240-***-****

*******@*****.***

Landover, MD 20785

OBJECTIVE

Cyber Security Analyst with 5 years of experience in developing ATO packages, developing and remediating POA&M, conducting risk assessment, RMF process, vulnerability scanning and continuous monitoring. I’m teachable, problem solver, detail oriented and thrive under pressure in a fast – paced environment while directing multiple projects from concept to implementation and working to prevent cyber-attacks especially in business and corporate settings. Willing to Relocate if needed.

QUALIFICATION SUMMARY

Cyber Security Analyst with 5 years of Experience

Reviewed and updated some of the system categorization using FIPS 199, Initial Risk Assessment, E-authentication, PTA, PIA, SAR, SSP, SAP, POAM.

Experienced with NIST RMF/CSF, NIST SP 800-53 Security controls, FIPS 199.

Experience with security control assessment (SCA) using Requirement Traceability Matrix.

Knowledge of continuous monitoring and use of Vulnerability scanning tools like Nessus.

Provide security artifacts (screenshots) for audit purposes

Perform Incident response as part of a team using NIST -800-61 Rv2 as a guide. (Detection, Analysis, Triage).

Supported ISO 27001, PCI DSS, SOC 1 & 2, FedRAMP, NIST projects.

Professional Experience

Cyber Security Analyst

May 2019-presnt

Experience with security control assessment (SCA) using Requirement Traceability Matrix.

Experienced in IT documents (the development of system security plan (SSP), Security Assessment Report (SAR), Contingency plans, Disaster Recovery plans/ Training, and Configuration management plans, Change Management plans, system security checklist, Privacy Impact Assessment Draft Plan of Action and Milestones (POAM).

Experienced with Security Control Assessment and ATO packages

Assisted clients to keep current/updated A&A

packages, security policies and procedures,

POA&MS and assisted with their findings

remediation. This helped to improve their

overall FISMA failing scorecard to passing

scores.

AbiatechSolutions llc

Beltsville, MD

Participated in kick off meetings with the IT team to categorize systems according to NIST requirements of Low, Moderate or High using FIPS 199 baseline and populate the Requirement Traceability Matrix (RTM) per NIST SP 800-53A.

Assisted System Owners and ISSOs through Assessment and Authorization (A&A) Process, ensuring that Operational, management and technical control securing sensitive Security Systems are in place and being followed according to the Federal Guideline (NIST SP 800-53).

Assisted in enhancing client's overall security posture by identifying potential vulnerabilities through vulnerability scan as well as assessing controls' operating effectively through A&A services and with successful completion of concurrent re-authorization processes for two systems.

Developed and maintained technology policies, standards, procedures, and guidelines.

Supported the company wide commitment to risk management and protecting the integrity, confidentiality, and availability of systems and data.

Act as point of contact for technology focused external and internal audits and assessments (NIST Act as point of contact for technology focused external and internal audits and assessments (NIST, FedRAMP, SOC1&2, PCI DSS, & others)

Assist clients to keep current/updated A&A packages, security policies and procedures, POA&MS and assisted with their findings remediation. This helped to improve their overall FISMA failing scorecard to passing scores within six months.

Complete the A&A process ahead of schedule and minimized the system's vulnerability through the implementation of security controls tailored to the client's unique environment.

Completed the review and development of policies and procedures and developed A&A package in two months’ time frame and received a high-performance rating from our client.

Reviewed PCI DSS Compliance audit for commercial projects to confirm the design and operating effectiveness of the controls.

Developed and conducted Security Control Assessment (SCA), according to NIST SP 800-53A and performing on-site security testing using vulnerability tools such as a Nessus.

Create, facilitate, and managed risk identification and remediation processes. Ensured risk remediation plans exist and are sufficient; track remediation plans to completion and ensure remediation is on-time and sustainable; ensure action plans and remediation of issues by Risk Owner.

Performed Security Categorization (FIPS 199), Privacy Threshold Analysis (PTA), E-Authentication with business owners and selected stakeholders Developed and conducted Security Control Assessment (SCA), Security Assessment plan (SAP) according to NIST SP 800-53A.

Worked with business process owners to ensure timely identification and remediation of jointly owned risk related issues and action plans (POAM).

Utilized processes within the Security Assessment and Authorization environment such as system security categorization, development of security and contingency plans, security testing and evaluation, system accreditation and continuous monitoring.

Determined Security Categorizations using the FIPS 199 as a guide, Reviewed Privacy Impact Assessment (PIA) and System of Record Notice (SORN).

Developed system security plan (SSP) to provide an overview of system security requirements and describe the controls in place or planned by the information system owner to meet those requirements.

Reviewed and updated System Security Plan (SSP) using NIST SP 800-18 guidelines.

Performed Incident response as part of a team using NIST -800-61 Rv2 as a guide. Implement, reviewing, maintaining, and monitoring Information Security Management Systems involved in International and Commercial projects in accordance with Sans-20 critical controls.

Review and update A&A package; SSP, System security Categorization, E-authentication, PTA, PIA, CP, SAP, RTM, POAM and ATO.

Assessed security controls using NIST SP 800-53A as a test guide and using the assessment method E.I.T.

Conducted risk assessments regularly; ensured measures raised in assessments were implemented in accordance with risk profile, and root-causes of risks were fully addressed following NIST 800-30and NIST 800-37.

Working knowledge of FEDRAMP Cloud Security, ISO 27001, SOC 1&2, Risk Assessment, Vulnerability management and Incident Response.

Developed policies, procedures, and standards such as Data Handling, Guide, and Data classification policy based on NIST 800-SP series.

Reviewed PCI DSS Compliance audit for commercial projects to confirm the design and operating effectiveness of the controls.

Monitored Information Security Management Systems involved in International and commercial projects in accordance with ISO/IEC 27000 series.

Performed risk assessments for various government contracting organization and application systems including reviewing evidence, interviewing personnel, tests and inspections, producing assessment reports and recommendations.

Reviewed and updated some of the systems categorization using FIPS 199, Risk Assessment, E-authentication, PTA, PIA, SAR, SSP, SAP, POA&M.

Developed NIST Compliant vulnerability assessments, technical documentation, and Plans of Action and Milestone (POAM), and addressed system weaknesses.

Provided input to management on appropriate FIPS 199 impact level designations and identified appropriate security controls based on characterization of the general support system or major.

Security Documentation: Performed updated to System Security Plans (SSP), Risk Assessments, and drafting Plan of Action and Milestones (POAMs).

Ensured customers are in compliance with security policies & procedures and following NIST 800-53 and NIST 800-53A.

Communicated effectively through written and verbal means to co-workers, subordinates, and senior leadership.

Conducted meetings with the IT team to gather documentation and evidence about their control environment.

Performed Security Categorization (FIPS 199), Privacy Threshold Analysis (PTA), E-Authentication with business owners and selected stakeholders.

Prepared and reviewed Assessment and Authorization package documentation (SSP, SAR, POA&M).

Security Operation Center Analyst (SOC) Fresenius Technology/Fusion PPT

September 2017 - March 2019 Vienna, VA

Analyzes, selects, and recommends installation of moderately complex security software, locks, alarm systems, and other security measures to prevent hackers from infiltrating company information

Investigates attempted efforts to compromise security protocols. Escalates issues to higher level associates; recommends and implements safeguards and solutions

Reviews computer logs and messages to identify and report possible violations of security. Coordinates, documents, and reports on internal investigations of security violations

Conducts tests on existing complex data security architecture to determine degree of stability

Monitors and analyzes moderately complex security systems for routers, switches, and firewalls to ensure proper connectivity and configuration

Interacts with client management to understand their security needs. Assists in defining and developing safeguards and solutions based on client's needs; implements procedures to accommodate them

Reviews security status reports to oversee system status and potential and actual security violations. Writes reports and communicates to management/client findings

EDUCATION/CERTIFICATION

Bachelor’s degree in Education

Certified Scrum Master Certification

CompTIA Security+ Certification

TECHNICAL SKILLS/ ABILITIES

Vulnerability Scanning: NESSUS

Knowledge of Linux

NIST CFS/RMF, SCA, POAMs, SSP SAR, CP, SAP.

Familiar with RMF process, FISMA, NIST SP 800 Series, FedRAMP.

Good team Player, Great communication skills, problem solving skills, work under pressure.

Contact this candidate