Security Officer System

Michelle Koundou

301-***-**** Burtonsville, Maryland 20866 adzxue@r.postjobfree.com

PROFESSIONAL SUMMARY

Competent and bilingual Information System Security Officer (ISSO) with 8+ years’ experience in the information security sector with a strong emphasis in information assurance, security control assessments, policy implementation, and security documentation. Experienced in providing subject matter expertise in developing, implementing, and assessing information security programs to validate compliance with FISMA, FedRAMP and OMB. Direct work experience in conducting assessments of management, operational, and technical security controls employed within or inherited by information systems to determine the overall effectiveness of the controls. PROFESSIONAL EXPERIENCE

Information System Security Officer (ISSO) October 2015 – Present MiTech Specialist Solutions Silver Spring, MD

• Develops and updates security authorization packages in accordance with the client’s requirements and FISMA compliance: System Security Plan (SSP), Risk Assessment Report

(RAR), Security Assessment Plan (SAP), Security Assessment Report (SAR), Contingency Plan

(CP), Incident Response Plan (IRP), Standard Operating Procedures (SOP), Plan of Actions and Milestones (POA&M), Remediation Plan(s), Configuration Management Plan (CMP), etc.

• Develops and maintains POA&Ms and supports remediation activities.

• Provides continuous monitoring to enforce client security policy and procedures and creates processes that provide oversight.

• Maintains an inventory of hardware and software for information systems.

• Provide technical expertise and oversight to manage the daily administration of security

• protection measures

Performs security control assessments using NIST SP 800-53A guidance. Plan, coordinate, and oversee the execution of Contingency Plan (CP) exercises. Prepare test results and maintain Contingency Plans.

• Responsible for the enforcement of security policies and procedures by administering and

• monitoring security profiles, review security violation reports and investigate possible security

• exceptions

Infos Pro Solutions Fort Washington, MD February 2012 – October 2015 SOC Analyst

• Led ongoing research to identify, recommend, and implement new concepts in security operations center (SOC) operational analytics and organizational performance management.

• Identified and evaluated data sources to support the SOC data analytics function and recommended the implementation of new data collection instruments to support the program’s continuous improvement.

• Implemented automated data collection and aggregation from a variety of sources such as Security Information and Event Management (SIEM) tools, case management and ticketing tools, and other in-house databases.

• Conducted the analysis of SOC operations and value generation using a variety of statistical methods such as queuing theory, probability theory, and linear programming.

• Transformed raw data and analysis into data visualizations and interactive dashboards using dashboard tools.

• Derived insights from data analysis, conducted root-cause analysis of operational issues identified by the data, and provided recommendations to remediate operational issues.

• Provided training on the use of interactive, self-service dashboards to senior executives, SOC management, and SOC team leads.

• Developed documentation on the requirements for analytics work products, data models, and the process for testing and distributing work products. SOC Analyst Intern

• Utilized state of the art technologies (FTK, Encase, and Splunk) to examine endpoint and network-based data.

• Conducted malware analysis, forensics, log analyses, and triage in support of incident response.

• Recognized attackers and Advanced Package Tool (APT) activity, tactics, and procedures as indicators of compromise (IOCs) to improve monitoring, analysis, and incident response.

• Developed and built security content, scripts, tools, and methods to enhance the incident investigation processes.

• Worked with stakeholders to implement remediation plans in response to incidents.

• Effectively investigated and identified root cause findings and communicated findings to stakeholders.

• Created Standard Operating Procedures (SOPs) and training documentation.

• Generated end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty.

EDUCATION

Bachelor of Science in Business Administration (Management of Information System) Bowie State University May 2020

Associate of Arts in Business Administration

Montgomery Community College December 2016

CERTIFICATIONS

CompTIA Security+

TECHNICAL SKILLS

Risk Management Framework (RMF), Tenable Nessus, Splunk, CSAM, OMB, AWS, Azure, System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), Plan of Action and Milestones (POA&M), Risk Assessment, Authorization to Operate (ATO), NIST 800-53a Rev 4, NIST 800-37, FIPS 199, FIPS 200, Windows, Mac, LAN, QuickBooks, Google Suite, Adobe Creative Cloud, Salesforce, Tableau

Contact this candidate