Officer Security Analyst

aku fowler

Houston, TX ***** • Cell: 346-***-**** • *********@*****.***

SUMMARY

Information System Security Officer Security Control Assessor Cyber Security Analyst

Highly motivated and dedicated Cyber Security Professional with over 5 years of experience and exposure with focus on NIST Cyber Security Risk Management Framework (RMF), System Security Monitoring and Auditing, Risk Assessments, Security Control Assessment (SCA) and Developing Authorization Packages – SSP, SAR, POAM, Security Policies, Procedures according to NIST Standards and guidelines.

Areas Of Focus

Security Monitoring

Security Assessment

Security Authorization

Control Assessment

RMF/FISMA/NIST

POA&M Remediation

Vulnerability Management

MS Office

Incident Investigations

Report Writing

Client & Vendor Relations

DevOps

Recent Work Experience

Information System Security Officer 06/2017-present

Quarantyne Technologies – Reston VA

●Working with Management in determining and recommending Information assurance policy & procedure, compliance & implementing large scale identity management using SaliPoint & Tivoli.

●Developing, reviewing and updating information system policies & procedures, compliance & governance security best practices for assigned systems.

●Creating, reviewing and updating ATO package documents such as SAP, SSP, SAR, POA&M. [IR, SAP, DRP, BIA, PTA, PIA, RA, ISCP, and CPT.]

●Extensive Experience with conducting Risk Assessment (RA) and completing Risk Management Framework (RMF) process to obtain ATO.

●Performing security packages validation to ensure completeness on Risk Assessment, (RA), FIPS-199 Security Categorization, PTA, PIA, SORN, and E-authentication.

●Monitor controls post authorization to ensure continuous compliance with the security requirement.

●Work with ISSOs to ensure documenting and remediating audit findings, security planning and reporting, and mitigation of security vulnerabilities are completed in a timely manner.

●Leads a team of 5 Analysts

●Strong understanding of TCP/IP networks, DNS, DHCP, FTP.

●Ensures that systems stakeholders adhere strictly to the government regulatory standards and guidance such as FISMA.

●Perform risk assessments for on diverse application systems - including reviewing evidence, interviewing personnel, tests and inspections, producing assessment reports and recommendations.

●Evaluate security assessment documentation and provide written recommendations for security authorization to the AO.

●Conducts weekly Security Tag up presentation meetings to upper management

●Conducting Vulnerability scanning and assessment of report using tools such as Tenable Nessus, Qualys, HP WebInspect and HP Fortify.

●Developed the vulnerability threat matrix and the POAM based on the assessment report. This helps in keeping visibility (Tracking) of the remediation plan and process

●Experience using centralized security document repository such as MS SharePoint, CFACTS, Modulo etc. to manage deliverables.

Information Security Analyst 06/2015 – 06/2017

TighTech Consulting – Riverdale MD

●Conducted Assessment & Authorization (A&A) Kick-off Meetings.

●Conducted IT Controls risk assessment to identify system threats, vulnerabilities, risks, and generate reports. Develop and Conduct Security Test and Evaluation (ST&E) according to NIST SP 800-53A.

●Developed, reviewed and updated security Policies and Procedure.

●Updated and Monitored Security controls pre/post authorization to ensure compliance and governance with all necessary security standards.

●Performed GAP analysis to identify controls changes from NIST-800 53 rev 3 to NIST-800 53 rev 4 and updated security plans and relevant documents to reflect the changes.

●Helped facilitate and support the Ongoing Authorization Program for the organization.

●Reviewed completed security documentation for completeness, accuracy, and quality.

●Provided support to configuration management and control processes to integrate security and risk management.

●Conducted security impact analyses of security controls based on proposed system changes.

●Documented the application level controls that include security controls in a narrative format.

●Supported the preparation of security test plans, executed and assessed the security control effectiveness using security control testing procedures, and created Security Assessment Reports (SAR) based on assessment findings.

●Familiar with NIST Publications SP 800-18, SP 800-30, SP 800-37 rev 1, SP 800-53 rev 4, SP 800-53A, SP 800-60 and FIPS 199 and FIPS 200.

●Assisted the system owner with defining security objectives and system performance requirements.

●Worked with the system administrators to examine and test the security posture of the systems and applications

●Conducted Security Assessment via document examination, interviews, manual and automated testing.

●Created, reviewed and updated POA&M documents especially supporting patching artifacts.

●Implemented, reviewed, maintained and continuously monitored control systems in accordance with FISMA guidelines, NIST 800-137.

Education & Qualifications

BBA in Information Security and Assurance

Kennesaw State University Pending

Certification: Certified Scrum Master (CSM), SaFE Certified Scrum Master (SSM)Certifications:

CompTIA Security + In View

CAP Certified Authorization Professional In View

Contact this candidate