Post Job Free
Sign in

Security Analyst Officer

Location:
Frederick, MD
Salary:
150
Posted:
May 09, 2023

Contact this candidate

Resume:

Rebecca N. Marai

Cell: 240-***-****

**************@*****.***

Professional Summary

A competent Information System Professional with vast experience in Managing and Protecting Enterprise Information Systems, Network Systems, and Operational processes through Information Assurance Controls, Compliance Verifications, Risk Assessment, and Vulnerability Assessment in accordance with NIST, FISMA, OMB and industry best Security practices. Organized and detail-oriented individual who demonstrates professionalism and ability to multi tasks.

Work Experience

Paragon Systems May 2016 – Present

Information Security Analyst

•Works with ISSOs to complete A&A artifacts including System Security Plans, Security Assessment Report, Plan of Actions and Milestones, Incident Report Plans and any other documents referenced in the SSP.

•Create and update the following Security Assessment and Authorization (SA&A) artifacts; FIPS 199, Risk Assessments Report (RAR), Privacy Threshold Analysis (PTA), Privacy Impact Analysis

(PIA), Contingency Plan, Security Test and Evaluations (ST&Es), E-Authentication, Plan of Action and Milestones (POA&Ms) and any other documents referenced in the SSP.

•Perform Federal Information Security Management Act audit review using NIST 800-37.

•Conduct FISMA complaint security control assessments to ascertain the adequacy of management, operational, technical and privacy controls.

•Review and updated System Security Plan (NIST SP 800-18), Risk Assessment (NIST SP 800-30), and Security Assessment Report (NIST SP 800-53A).

•Evaluates POA&M activities to ensure identified vulnerabilities and risk are managed efficiently.

•Assists in developing the ATO package for accreditation decision to be made.

•Perform ongoing gap analysis of policies, procedures, and practices as they relate to established guidelines outlined by NIST, OMB, and FISMA.

•Involve in security incident management to mitigate or resolve events that have the potential to impact the confidentiality, availability, or integrity of information technology resources

•Overseeing the development of mitigation strategies against validated exploits to prevent future compromise.

Initiate, direct and participate in the life cycle of cyber security assessment and network penetration testing of worldwide and operationally diverse agency facilities

. Monitor security artifacts through the Risk Management Framework, tracking progress, and ensuring that Authorization to Operate (ATO) is obtained and maintained for all networks.

Ensuring the integration of IT programs and services and developing solutions to integration/interoperability issues; developing and managing information system programs that meet current and future business requirements that apply and extend, enhance, are optimize existing architectur

Assess the security effectiveness of installed systems based on analysis of reported security problems and implement modifications to minimize vulnerabilities.

Coordinating with organizational manpower stakeholders to ensure appropriate allocation and distribution of cyber workforce assets.

Ensures the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools.

- Planning and coordinating the installation of new products or equipment, resolving installation problems, identifying and mitigating security vulnerabilities and risks, and maintaining server integrity and availability.

Evaluate system security plans and procedures, and assist in managing and directing the operations and functions of the office support contractors, addressing IT out-of-compliance issues, preparing, implementing, monitoring, and updating the project plan.

Compliance, and risk mitigation. Collaborates with system stakeholders and other cyber security personnel on system security risk management processes to address security & privacy

Conducts privacy assessments of systems and policies in accordance with existing privacy-related government regulations such as the Privacy Act.

Collaborate with senior leadership, departmental and contractor managers and staff in scheduling, planning, coordinating, and implementing the Independent Oversight Cyber Security Appraisal Program

Mubuxx LLC Jun 2015 – May 2016

IT Security Analyst

•Monitored, identified, and reported on security incidents, and work with appropriate personnel to develop corrective action plans to resolve the incidents.

•Reviewed the preparation of comprehensive and Executive Certification & Accreditation (C&A) packages for submission to the Information Assurance Program Office for approval of an Authorization to Operate (ATO).

•Worked with the other members of the information assurance team to plan and conduct meetings with system owners where information about the systems and security is gathered and reviewed in accordance to the Risk Management Framework (RMF) authorization process.

•Performed comprehensive Security Control Assessment (SCA) and prepare report on management, operational and technical security controls for audited applications and information systems.

•Assisted with conducting Vulnerability Scans on system infrastructure and applications using Nessus.

•Provide recommendations on implementation strategies and policy recommendations based on industry best practices and governing directives.

•Identify security control weaknesses; compile them in a POAM document and track their remediation with system owners.

•Reviewed the preparation of comprehensive and Executive Certification & Accreditation (C&A) packages for submission to the Information Assurance Program Office for approval of an Authorization to Operate (ATO).

•Conducted annual assessment, updated existing Artifacts and worked with ISSO to secure information systems.

•Perform security inspections and prepares reports that include findings and recommendations for correction of deficiencies,

Advanced Technologies Inc. Apr 2012 - Jun 2015

Cyber Security Analyst

•Worked with information assurance team to review security policies and ensure that they are designed and are functioning in accordance with NIST guidelines.

•Supported security tests and evaluations (ST&Es) and generated security documentation including Security Assessment Report; Requirement Traceability Matrix (RTM); Contingency Plans; Disaster Recovery Plans; Risk Assessment (RA); Privacy Impact Assessment (PIA), and POA&M.

•Performed tests and monitored activities to ensure that information systems are in compliance in order to obtain and maintain Authority to Operate (ATO) status.

•Assisted in developing the appropriate documentation and reports necessary to validate systems that meet security and privacy requirements in accordance to the Risk Management Framework (RMF) authorization process.

•Collaborated with Information System Security Officer (ISSO) in performing key role of NIST Certification and Accreditation (C&A) and Documentation and Continuous monitoring.

Analyzed results from vulnerability scanning tools such as Nessus.

Assists with federal and corporate information security and privacy reporting and data collection requirements. Collaborates with stakeholders to integrate divisional considerations into business impact analyses (BIAs), security categorization, and continuity planning activities for systems and subsystems.

Defining baseline security requirements in accordance with applicable guidelines

Works with the Information Security Manager (ISM) to review information security documents, processes and procedures.

Analyzing data and establishes plans of action for process improvements. Analyzes existing and planned IT applications (hardware and software), to determine current and future potential for enhancements.

Ensuring the implementation of the goals and objectives for the segment(s) or function(s) of the IT security system program.

Evaluate the impact of new and proposed applications on the operating environment; and recommend changes to ensure the functionality and stability of the operating environment.

EDUCATION

Bachelor of Science Major: HealthCare Administrator

Certifications

EC-Council - Certified Ethical Hacker

Google Cloud – Associate Cloud Engineer

CompTIA – Security+ ce

ISACA – CISM

PMI- PMP

Skills and Expertise

•Knowledgeable in the application of the Risk Management Framework to secure systems.

•Knowledge in AWS Cloud Computing Services.

•Extensive knowledge of FISMA, NIST 800 series special publications.

•Good understanding of IT Infrastructure & Network Protocols.

•Experience in vulnerability scanning, compilation of weaknesses, POAM management, waivers and exceptions.

•Experience in assisting stakeholders in system categorization using FIPS 199.

•Experience in assessing security controls.

•Proficient in Microsoft Office Suite.

•Excellent team player, customer service and fast learner.

•Excellent written and verbal communication as well as analytical skills.



Contact this candidate