Information Technology Security Analyst

RICHARD

MD *****

************@*****.***

Dynamic and detail-oriented Information Technology Security Analyst professional with strong problem solving and project management skills knowledgeable in Risk Management Framework (RMF), Systems Development Life Cycle (SDLC), and Vulnerability Management, using FISMA and applicable NIST 800 series. ISO/IEC 27001 and 27002 Controls Compliance Standards.

PROFESSIONAL SKILL

Preparation of Security Assessment and Authorization (A&A) package

Risk Assessment and Risk Management (RMF Process)

Quality Assurance and Operations Management

Managing People, Team Collaboration, Coordination and Relationship building

Good knowledge of FISMA, RMF and NIST Special publication

Project Management and support – MS project

Vulnerability Assessment

Systems Development Life Cycle

Experience in the application of ISO/IEC 27002 Controls.

PROFESSIONAL EXPERIENCE

Aurotech LLC – Washington, DC June 2018 – Present

IT Security Analyst / Compliance

Provide input to management on the appropriate FIPS 199 impact level designations: using NIST 800 60 volume 2 as guide for Categorization of Systems.

Identify appropriate security controls baseline on Information Systems.

Conduct comprehensive assessments of the security controls employed within or inherited by an Information System to determine the overall effectiveness of the controls.

Provide IA Support and Risk Management Framework and Continuous Monitoring processes.

Develop and maintain artifacts supporting the Risk Profile SP, CP, CM,IR and POAM.

Review and Perform Security Impact Analysis (SIA) for all change requests in the environment.

Responsible for preparing all Assessment and Authorization (A&A) documentation, working very closely with the Information System Security Officer (ISSO), Information System Owner (SO) and the other members of the Information Assurance team.

Create, update and revise System Security Plans (SSP), FISMA and FISCAM audits, Contingency Plans (CP), Incident Reports and Plan of Action & Milestone (POA&M).

Document results of security assessment in a Security Assessment Report.

Ensure security assessment are completed for each of the information systems that the Authority to Operate (ATO) has expired or about to expire.

Develop System Security Plans (SSP) to provide an overview of system security requirements and describe the controls in place or planned by information system owners to meet those requirements.

Develop Security Assessment Report (SAR) detailing the results of the assessment along with Plan of Action and Milestones (POAM).

Prepare recommendation reports that are made available to system owners to remediate identified vulnerabilities during the risk assessment process.

Ensure identified weakness from vulnerabilities scans are remediated in accordance with the company’s defined time frames.

Cyber Coders - Ashburn, VA October 2015 – June 2018

IT Security Analyst / Assessor

Risk Management Framework (RMF) assessments and Continuous Monitoring: Perform RMF assessment on several different environment using both scanning tools and manual assessment. Assessments include initiating meetings with various System Owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls, and documenting findings of assessment.

POAM Remediation: Performed evaluation of policies, procedures, security scan results, and system settings to address controls that were deemed insufficient during Certification and Accreditation (C&A), RMF, and continuous monitoring.

Expertise in National Institute of Standards and Technology Special Publication (NIST SP) documentation: Performed assessments, POAM remediation and document creation using NIST SP 800-53 Rev.2 and NIST SP 800-53 Rev.3.

Developed solution to security weaknesses: Developed solutions to security weaknesses while working on POAM remediation and Corrective Action Plan (CAP). Assist ISSOs create solutions to weaknesses based on system functionality and pre-existing architecture.

Performed on-site security testing using vulnerability scanning tools such as Nessus.

Catholic Charities – Washington, DC June 2010 – October 2015

Desktop Support Officer

Set up and ensured the functionality of the corporate network.

IT data computation and any other IT related issues.

Regularly performed hardware and software maintenance.

Assisted staff with PC and desktop application issues.

Based on this experience and passion for IT, I developed interest to become an IT Security Specialist.

EDUCATION

University of Maryland, University College

Master of Science in Cyber Security (August 201)

Certification

CompTIA Security+

Professional Training

Information Systems Security Training 03/2016 – 09/2016

Contact this candidate