Tech Support Security Analyst

Donna Herbert

240-***-****

**********@*****.***

Career Objective:

Cybersecurity Quality Assurance Analyst conduct system Risk Management Framework (RMF) Assessment and Authorization (A&A), Assess Only, Platform Information Technology (PIT) and Reciprocity for various government agencies. Performed system reviews, self- assessment annual reviews, manage and coordinating system accreditation through the Enterprise Mission Assurance Support Service (eMASS) and XACTA, safeguard information against accidental or unauthorized modification and monitor security relevant events.

CLEARANCE LEVEL: Secret Clearance - Active

CERTIFICATION: CompTIA Security +CE

EDUCATION & SPECIAL TRAINING:

Strayer University, B.S. Degree - Major Networking, Minor Internetworking Technology

U.S Navy NAVSEA – eMASS Training, Risk Management Framework (RMF), DIACAP Implementation, DoD Information Assurance Training, FedRAMP Training, DoD Cyber Awareness Training, Annual Security Refresher Training, Cyber Security Insider Threat, and eMASSTer tool training.

Federal Virtual Training Environment – CISSP Training, Assured Compliance Assessment Solution (ACAS), Cybersecurity for Manager, Cybersecurity for Technicians, Security + 401, Cloud Computing Training.

Amazon Web Services (AWS) Cloud Training: Cloud Practical Training certificates.

PROFESSIONAL EXPERIENCE:

RTL Networks Cybersecurity Quality Assurance Analyst November 2022 - Present

Provide Cybersecurity Quality Information Assurance supports to Joint Service Provider cybersecurity division.

Performed Risk Management Framework (RMF) support through eMASS system.

Review Assessment and Authorization (A&A) packages and Assess only AWS Cloud system for accreditation through eMASS.

Review documentation such as, e-Authentication, Privacy Impact Assessment, Security Assessment Plan, System Security Plan and Contingency Plans,

Review IA Controls self-assessment and eMASS test results.

Work with tech support team to insure continuous monitor and annual reviews are conducted.

Worked with tech support team to ensure ISCP documents are developed, Contingency Plan testing conduct and all required documents are completed by the tech support team and in accordance with government requirements.

Worked with ISSM on Program Management Project (PMP) timeline.

Monitor system status using Splunk ConMon visibility dashboard for system devices visibility, ACAS performance, and CCRI score.

Prepared RMF weekly system status updates.

Maintain and track work orders in Remedy database.

Schedule weekly meeting to discuss ongoing action items and upcoming items.

Serco, Inc. Information Assurance/Cyber Security Analyst August 2019 – October 2022

Provide Information Assurance support for the Department of Navy in support of the NAVSEA Cybersecurity operation mission.

Review Risk Management Framework (RMF) Assessment and Authorization (A&A) packages through eMASS system.

Provide information assurance support to the Information System Security Manager.

Analyze system accreditation in eMASS system registration, categorization, FIPS 199/200, information data types and system descriptions.

Review documentation such as, e-Authentication, Privacy Impact Assessment, Security Assessment Plan, System Security Plan, Contingency Plans, Plan of Action and Milestones (POA&M).

Provide Senior Manager with IA progress report and updates on upcoming task.

Review weekly vulnerabilities in VRAM and notify responsible entities to take action.

Review and analyze ACAS scans and ensure the vulnerabilities are recorded on the POA&M. by the ISSE.

Assist with assigning daily and weekly task to Information Assurance team members.

Maintain DADMS database to ensure systems, hardware and software are register.

Develop and maintain weekly project schedule and timeline.

Conduct continuous monitor, annual reviews and cybersafe assessment.

Brief Program Manager on upcoming, ongoing and past due projects..

Provide new team members with Risk Management Framework process, tools and useful website.

Attend weekly and monthly meeting to support NAVSEA mission.

ManTech, Inc. Cybersecurity Analyst November 2018 – August 2019

Provide cybersecurity support of the United States Naval Observatory (USNO) Information Assurance divisions, review and prepared cyber security documents.

Provide support to the USNO department head Risk Management Framework system package accreditation and process.

Prepared and review system maintenance, personnel security, media protection, and audit accounting policies.

Ensure required eMASS artifacts are available for review.

Assist the Information System Security officer work in Vulnerability Remediation Assurance Management (VRAM) system, acknowledge, comply information assurance vulnerability (IAVAs) and vulnerability tracking to ensure patches were installed and security updates.

Record and maintain POA&M accreditation timeline.

Booz Allen Hamilton Cyber Security Analyst September 2017 – November 2018

Provided cybersecurity support of the United States Naval Observatory (USNO) Information Assurance divisions, review and prepared A&A packages for the classified and unclassified enclave thought the e MASS system.

Worked with the software development team to inquired system application artifacts and update the eMASS system.

Worked on accrediting USNO Site Facility package in eMASS system (Step 1 through 3).

Worked in Vulnerability Remediation Assurance Management (VRAM) system and send out weekly vulnerability notices to the responsible entities for action.

Reviewed and analyzes topology/network diagrams for technical accuracy and relevance based NTD 08-08 (diagrams, accreditation boundaries, and ports and protocol identification. Ensure the accreditation boundary are aligns with the hardware and the software application is documented.

Access ACAS to review asset vulnerability status for each system.

Work with the Navy Cyber Defense Operation (NCDOC) team concerning Incident report and ensure the incidents were address, provide report and close the ticket upon resolution.

Attend weekly and monthly meeting to support USNO mission.

ISHPI Information Technologies Information Assurance Lead November 2014 – September 2017

Provide IA leadership support for the United State Coast Guard (USCG) in the support of the Information Assurance Management and operations within the division.

Developed and assigned daily and weekly task to Information Assurance team members.

Develop and maintain weekly project schedule for the projects.

Brief Information System Security Manager on all upcoming and ongoing projects.

Develop and maintain IA action items events and requests for leadership meeting.

Review and analyze A&A packages, and security documentation through eMASS and XACTA system.

Review documentation such as, e-Authentication, Privacy Impact Assessment, FIPS 199, Security Assessment Plan, System Security Plan, Contingency Plans, Plan of Action and Milestones (POA&M) according to Risk Management Frame guideline.

Analyzes topology/network diagrams for technical accuracy accreditation boundaries, and ports and protocol identification. Ensure the accreditation boundary are aligns with the hardware and the software application is documented.

Skills

eMASS System

XACTA

Microsoft Office Professional

Windows 10

ACAS

VRAM

DADMS Database

Splunk

Remedy

Contact this candidate