Post Job Free
Sign in

Security Officer Analyst

Location:
Lanham, MD
Posted:
March 26, 2023

Contact this candidate

Resume:

LUCKY AGARY ( Security+, SSM)

301-***-**** ***********@*****.*** Clearance level: Active Public Trust

PROFESSIONAL SUMMARY

Goal-oriented individual with a pleasant personality and a tenacity that knows no restrictions. A multitasking information systems analyst considered highly ambitious, willing to meet or exceed expected goals of my organization and critical thinking skills to enhance productivity and resolution to technical or management issues.

SKILLS/ABILITIES

● User interface understanding

● Interpersonal and written communication

● Great troubleshooting skills

● Team leadership

● Strong verbal communication

● Worked with vulnerability tool both for web and Network using Retina, and Nessus.

● Extremely organized

● Self-motivated

● Assessment and Authorization processing using applicable publications to guide mapping the process.

● Skilled in A+, basic networking, basic linux fundamentals, windows server 2008,2010, windows OS.

● strong understanding of RMF and NIST/FIPS 199/200 publications.

. Microsoft Office

. Jira, Confluence

. FedRAMP

WORK HISTORY

INFORMATION SYSTEMS SECURITY ANALYST, SECURITY ASSESSOR

HANAGROUP WASHINGTON DC 08/2016 – Present

Engaged in SDLC to develop security assessment plan (SAP) to document the assessment scope, schedule, tools, and personnel for a security assessment and authorization (A&A) process throughout the SDLC cycle.

● Conduct kickoff meeting as part of security assessment and authorization (A&A) processing.

● Conduct annual security control assessment in accordance with the assessment procedures defined in the security assessment plan (SAP) as part of ongoing monitoring activities

● Test cases with the security control assessment results as populated in RTM.

● Prepare the security assessment report (SAR) for documenting the issues, findings, and recommendations from the security control assessment.

● Support the Information System Security Officer (ISSO)/System POCs during the Assessment and Authorization (A&A) process to ensure assigned systems have the proper Authorization to Operate (ATO) using the NIST SP 800-37 Risk Management Framework (RMF) guidance.

● Support the ISSO/System POCs to conduct risk and vulnerability assessments of information systems to identify vulnerabilities and reduce them.

● Provide weekly status report on assigned systems and working with System POCs to ensure assigned systems documents are current and maintain the accredited security posture

● Assist system owners in developing security authorization packages such as system security plan (SSP), security assessment report (SAR), and plan of action and milestones (POA&M) that are fully compliant with National Institute of Standards and Technology (NIST) guidelines as required by Federal Information Security Management Act (FISMA)

● Assist in developing and maintaining security documentation including the System Security Plan, Privacy Impact Assessment, Configuration Management Plan, Contingency Plan, Contingency Plan Test Report, and POA&M

● Conduct effective mapping of the identified vulnerabilities to the security controls

● Review and analyze the automated scan results from 3 months back.

● Participate in POA&M remediation activities to correct noted findings which enhanced organization FISMA Compliance scorecard through subject matter expertise advice and recommendations

● Review artifacts and perform POA&M closure validation to ensure no system weakness remediation milestone is in delay status

● Communicate with ISSOs on continuous monitoring activities related to POA&M closures, waivers, and exceptions

● Perform annual review and update of system security plan and contingency plan for each system and makes recommendations to address significant deficiencies

● Conduct review of security documents such as Security Policies and Procedures, System's FIPS 199 categorization, Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), E-Authentication Assessment, Contingency Plan (CP), Contingency Plan Test (CPT) for FISMA compliance

● Vulnerability scanning tools using Nessus(Tenable), Metasploitable, Nmap and CIS-CAT full, Retina etc to help update the security enterprise architecture of the information and information system.

SECURITY CONTROL ASSESSOR 09/2014 to 08/2016

CYBERSOFT TECHNOLOGIES, LANHAM MD

Developed, reviewed and updated Information Security System Policies, System Security Plans and Security baseline in accordance with NIST, FISMA, OMB App. III A-130 and industry best security practices. Applied appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53 rev4, FIPS 199/200 and OMB 130 Appendix III. Conducted systems and network vulnerability scans in order to identify and remediate potential risks. DUTIES

● Coordinated and manage team activities during assessment engagement.

● Established schedules and deadlines for assessment activities were met.

● Hold kick-off meetings with PM and ISSO’s and system stakeholders prior to assessment engagements.

● Prepared and submitted Security Assessment Plan (SAP) to CISO for approval.

● Conducted Security Assessment using NIST 800-53A

● Developed and updated system security plan (SSP), plan of action and milestone (POA&M).

● Monitored controls post-authorization to ensure continuous compliance with security requirements.

● Managed vulnerabilities using Retina, Nessus vulnerability scanners to detect potential risks on a single and multiple assets across the enterprise network.

● Created reports detailing the identified vulnerabilities and the steps taken to remediate them.

EDUCATION

General Certificate Of Education (GCE)

● Training Certificate, Risk Management Framework/ Pre-Cyber Security (Jlglobaltech)

● A+ Cybersoft Technologies

● ISC2 TRAINING IN CAP(Certified Authorization Professional (Jlglobaltech)

CERTIFICATIONS

Security +, SSM, PSM1& PSM11

PMP (In Progress)

CLEARANCE LEVEL:

Active Public trust. Secret clearable

References upon request.



Contact this candidate