Post Job Free
Sign in

Security Officer Analyst

Location:
Bowie, MD
Salary:
125
Posted:
November 14, 2022

Contact this candidate

Resume:

Kay Thompson

Bowie, MD ***** Phone: 240-***-**** Email: ***************@*****.***

CYBER SECURITY PROFESSIONAL

Information Systems Security Officer * security Assessor * Security Analyst

Summary:

4 years of Dynamic, detail-oriented, Cyber Security Professional with experience in IT support and Information Security. Fulfilling Government compliance with frameworks and regulations such as FISMA, NIST (800-53, cybersecurity), and other security regulations. Identifying and analyzing security risks, conducting security assessments, and reviewing/editing information security related documentation. Hands-on experience assisting auditing security controls and conducting security tests and evaluations, performing risk assessments and vulnerability assessments of enclaves and automated information systems. Compliance management following Risk Management Framework (RMF) guidelines and reporting to include risk, System Security Plan (SSP) development, Security Assessment Reports, Vulnerability Assessment Reports, POA&M Management, Contingency Plans, Federal Information Processing Standards (FIPS), and FedRAMP Authorizations.

Core Competencies:

IT Security Analyst FISMA ● Nessus ● NIST 800 series ● Risk Management Framework ● Security Assessments.

Professional Experience:

Information Systems Security Officer/Assessor

DISA/DEPARTMENT OF DEFENSE/ASG, Inc.

FT. MEADE/LAUREL

03/21-present

•Manages Four (4) Security Systems.

•Updates Certification and Accreditation (C&A) documentation such as SSPs, SCDs, and JIRA Platform.

•Performs certification and accreditation initiatives in guidance.

•Analyzes, develop, and assist in the deployment of NIST aligned policies 800-37, guidelines, standards, certification, practice statements, and related documents.

•Administer development, and management of POA&M Analysis for Audit Findings and Tracking and Closeout Analysis for Audit Findings, while evaluating POA&Ms for feasibility and effectiveness.

•Supports all Security Authorization Process, Security Control Assessment and Ongoing Authorization activities as directed by the Federal Government for assigned systems.

•Reviews systems security procedures and guidance for systems processing multiple applications that require different security controls, and that are typically accessed by a large, distributed user community.

•Interprets IT security policy and implements corresponding security controls covering the management, operations.

•Reviews and evaluates security policies and identifying the need for change based on new security technologies or threats.

•Serves as the Point of Contact (POC) for all security matters related to the IT legacy system and ensures the implementation and maintenance of security controls in accordance with the Security Plan (SP).

Information Systems Security Officer/Security Assessor

Library of Congress/Tista Science & Technology Corporation

Washington, DC

01/19 - 02/21

Manages IT security of systems that anticipate, identify, evaluate, and minimize risks associated with IT system vulnerabilities.

•Provides authoritative guidance related to information system security planning and the coordination and development of specifications to meet security requirements.

• Reviews systems security procedures and guidance for systems processing multiple applications that require different security controls, and that are typically accessed by a large, distributed user community.

• Interprets IT security policy and implements corresponding security controls covering the management, operational, including continuous monitoring, compliance with and security education and training, and contractor security.

•Provides expert advice to help identify and evaluate findings based on operations and changing program requirements, identifies relevant issues. Collects relevant information from many varied sources, some of which are difficult to access making authoritative recommendations.

•Analyzed, developed, and assisted in the deployment of NIST aligned policies 800-37, guidelines, standards, certification, practice statements, and related documents.

Performed Risk Assessments of systems needing to be authorized. Planned, and maintained DoD C&A ATO packages under the NIST Risk Management Framework, using EMASS, STIG, ACAS scanners, for vulnerability Management.

•Performed risk assessments, analysis, and mitigation planning/implementation.

•Evaluated potential IA security risks and recommend appropriate corrective and recovery action.

•Analyzed patterns of non-compliance and identify programmatic actions to minimize security risks.

•Worked with privileged users to review IA problems.

•Performed on-site data gathering and security testing on multiple platforms and applications.

•Wrote response action plans for reaction to security incidents.

•Generated appropriate supporting IA Certification documentation according DMS requirements.

•Reviewed security policies, processes, and procedures.

•Identified IA vulnerabilities resulting from EMASS Compliance Scans. Creating Remediation Plans and POA&M items for findings.

•Reviews, analyzes and documents scan results and ensures immediate remediation of critical and high vulnerabilities.

•Supports the development of the following documentation: Contingency plans/test, Disaster Recovery (DR) plans, Continuity of Operations (COOP) plans, and Security Authorization and Assessment (SA&A).

•APPLICATIONS/TOOLS: EMASS, STIG, ACAS scanners.

Information Systems Security Officer

Sysnet Technologies /FAA

Washington, DC

01/18 -01/19

Providing support to the Office of the Chief Information Officer (OCIO) Mitigation Directorate. Performing all duties and responsibilities in accordance ISSO Guide, and NIST guidance.

•Manages Four (4) Security Systems.

•Supports all Security Authorization Process, Security Control Assessment and Ongoing Authorization activities as directed by the Federal Government for assigned systems.

•Reviews systems security procedures and guidance for systems processing multiple applications that require different security controls, and that are typically accessed by a large, distributed user community.

• Interprets IT security policy and implements corresponding security controls covering the management, operations.

•Reviewing and evaluating security policies and identifying the need for change based on new security technologies or threats.

•Serves as the Point of Contact (POC) for all security matters related to the IT legacy system and ensures the implementation and maintenance of security controls in accordance with the Security Plan (SP).

•Assist with development of NIST / FISMA SA& documentation for systems and networks undergoing certification and validation.

•APPLICATIONS/TOOLS: CSAM, Nessus Scanner, SMART, Web Inspect, AppDetective Scans.

C&A Analyst

Aspen Systems/ DHS

Washington, DC

02/2017 –01/18

Gave guidance on security threats, standards, and practices being applied in other government and commercial enterprises in order to evolve the client's information security program.

•Updated Certification and Accreditation (C&A) documentation such as SSPs, SCDs, and ISCM.

•Performed certification and accreditation initiatives in guidance.

•Analyzed, developed, and assisted in the deployment of NIST aligned policies 800-37, guidelines, standards, certification, practice statements, and related documents.

•Administered development and management of POA&M Analysis for Audit Findings and Tracking and Closeout Analysis for Audit Findings, while evaluating POA&Ms for feasibility and effectiveness.

•Managed Federal Security document collections, for accuracy. Supported the analysis and review of information security programs and systems to ensure compliance to Federal agency policies.

•Identified areas of improvement in agency's overall security posture by revealing ineffective security controls and ISS vulnerability scanner such as Retina.

•Conducts annual Security Risk Assessment and update annual IV&V assessments.

•Ensures vulnerabilities are identified, documented, and remediated through the process of POA&Ms, and waivers.

•Performs risk assessments, analysis, and mitigation planning/implementation.

•APPLICATIONS/TOOLS: SMART, McAfee Enterprise Security Center, Nessus Scanning Center

Clearance:

SECRET & CBP

Clearable to the Top-Secret Level

Certifications:

Security +

Technical Skills:

Executing Risk Management Framework System Definition/Initiation

verification/security certification

validation/security accreditation

re-accreditation/continuous monitoring

updating, evaluating, describing C&A documentation

testing and authorizing systems prior to and after systems are in operation

Nessus

ACAS Monitoring Scans

Linus

Oracle

Red Hat

Apache

Windows Servers

Applications/Tools:

Archer

Nessus Scanning Center

Jira

Smart

eMass



Contact this candidate