Post Job Free
Sign in

Cyber Security Analyst

Location:
Schertz, TX
Salary:
150,000
Posted:
January 21, 2025

Contact this candidate

Resume:

PROFESSIONAL SUMMARY

Senior Cybersecurity Analyst with experience in both the Government (DoD) and Private sectors looking for continued opportunities to assist organizations in increasing their cybersecurity posture and decreasing overall risk.

CAREER OVERVIEW

Senior Cyber Security Analyst (June 2022 – Present)

IBM/Octo Consulting

Team member of the Sustainment and Continuous Monitoring (ConMon) team who provides Risk Management Framework (RMF) support to update and perform sustainment actions for VA and FedRAMP sponsored SaaS applications (ie RMF Step 6 Sustainment).

Utilize the VA instance of Enterprise Mission Assurance Support Service (eMASS) as the central repository for data tracking and reporting.

Track vendor artifacts and documentation expiration statuses in eMASS and OMB MAX repository (max.gov) and engage the vendor for renewals.

Coordinate with the Cloud Security team to conduct monthly ConMon meetings with Cloud Security Providers (CSP) and report continuous sustainment efforts.

Create monthly Plan of Action and Milestones (POAMs) for each eMASS package to reflect the status of the monthly vulnerability scans performed by the vendor.

Continuously maintain the security controls within eMASS in alignment with the status of the FedRAMP package.

Coordinate with ConMon personnel on Significant Changes, Deviation Requests, and Operational Requirements in the vendors FedRAMP package.

Attend and report in bi-weekly meetings with Senior Leadership to discuss achievements, blockers, or updates in regards to packages and/or sustainment methodologies.

Senior Process Analyst (Jan 2022 – April 2022)

BSI Solutions

Senior Process Analyst supporting the Veterans Administration (VA) Enterprise Security Architecture (ESA) Modernization Support project as a member of the Performance Measures and Metrics Team (Px2M).

Responsible for the creation, collection, and documentation of requirements information from various ESA work streamsfor the tracking and measuring of metrics.

Assisted the Px2M team in development of the ESA Metrics and Performance Measures dashboard which provides transparency and ownership of metrics to leadership.

Summarized findings and developed welcome content for the Knowledge Service Page, Governance Functional statement, and ESA Metrics Users Guide.

Conducted requirements elicitation sessions of various types with key process stakeholders to understand their needs.

Cyber Security Analyst (August 2021 – Dec 2021)

Armavel, LLC

Team member of the Sustainment and Continuous Monitoring (ConMon) team who provided Risk Management Framework (RMF) support to update and perform sustainment actions for VA sponsored SaaS applications.

Utilized the VA instance of Enterprise Mission Assurance Support Service (eMASS).

Updated artifacts and documentation required to maintain the Authorization to Operate (ATO) for various SaaSapplications.

Conducted monthly ConMon meetings with various stakeholders to report continuous efforts.

Conducted bi-weekly meetings with Senior Leadership to discuss achievements, blockers, or updates in regards to packages and/or sustainment methodologies.

Senior Cyber Security Analyst (April 2019 – Aug 2021)

Air Education and Training Center (AETC), Randolph Air Force Base

Datum Software

Provide Risk Management Framework (RMF) support to update and sustain the existing Air Force Learning System Ecosystem (AFLSE).

Utilize the Air Force instance of Enterprise Mission Assurance Support Service (eMASS).

Responsible for determining Security Categorization, identifying Common Controls and provide an analysis of Security Control selections.

Lead remediation and mitigation activities to strengthen the Ecosystem’s security posture and degree of control compliance.

Utilized Veracode application to conduct Static code analysis of the Total Force Training Records (TFTR) application.

Conducted migration of applications to the Azure GovCloud environment.

Conduct independent security control assessments IAW NIST SP 800-53, 800-53A, CNSSI 1253, NIST SP 800-37 and the DoD Cloud Computing Security Regulations Guide (SRG).

Perform duties as the Information System Security Manager for the DevNet and O365 applications.

Perform duties as the Information System Security Officer for ServiceNow, OutSystem, Erwin DC, DBSign.

Works directly with the A6 to provide Security Assessment & Authorization (A&A) documentation including security checklists, system security plans (SSP), and Cybersecurity Impact Analysis.

Works with the Office of Personnel Management (OPM) to develop and implement a Continuous Monitoring strategy post transition of ATO.

Manages Assess and Authorize (A&A) packages, completes assessments, and facilitates eMASS migration to Cloud Solution Provider (CSP) Microsoft Azure through efficient use of IaaS, PaaS, and SaaS service models.

Works along-side the Army Research Lab (ARL) as the Cloud Security Service Provider (CSSP).

Cybersecurity Analyst (Sept 2017 – April 2019)

MEDCOM Headquarters CIO/G-6, Fort Sam Houston

TUVA, LLC

Served as a MEDCOM Cybersecurity analyst within the Program Management Office (PMO) responsible for reviewing partner connection architecture, DMZ, STIGs, Validation Reports, Vulnerability scans, Plan of Action and Milestones (POA&M) documentation and security for medical devices. Migration of medical devices within Military Treatment Facilities from an on-prem to cloud-based Electronic Health Records (MEDCOI) for legacy and new equipment required cloud-based cybersecurity framework methodology.

Prepared information system registration with a thorough understanding of the Defense Health Agency (DHA) Information Assurance (IA) process of Risk Management Framework (RMF) by the collection/development of key system compliance artifacts (boundary diagrams, inventories, compliance scans, etc.).

Utilized the Defense Information Systems Agency’s (DISA) solution Enterprise Mission Assurance Support Service (eMASS) to provide cyber security management and reporting.

Prepared and submitted Security Plans for approval through the review and creation of system packages for complete RMF approval to include testing, evaluation, assessments and authorization.

Reviewed Assessment and Authorization (A&A) Plan, identify any issues with the Security Plan and Procedures; execute the Validation Plan and Procedures; review POA&Ms; develop Risk Assessments for medical devices in the DOD and Army environment.

Desktop Applications Project Manager / Systems Engineer (Jan 2015- Sept 2017)

Brooke Army Medical Center (BAMC)

FreeAlliance, LLC/ ActioNet, LLC

Information Technology (IT) Specialist within the Systems Engineering/Integration team responsible in developing, testing, and implementing software and systems installations and modifications for end point technologies.

Tested and prepared software packages for installation on networked and standalone end user devices.

Verified that all software applications meet the Certificate of Networthiness (CoN) as dictated by NetCom; provided direction to end-users for new CoN submittal.

Participated in the planning and execution of unit and systems testing, installing applications and images remotely, providing technical support on execution problems, troubleshooting applications packages, and modifying applications as necessary.

Coordinated with BAMC IT customers to install and monitor specific software packages deployed to the end user systems.

Frequently reported to branch and section chiefs and Functional Area Information Management Specialists (FAIMS) on Desktop Management functions to enhance knowledge of Army and SAMMC policies, thus affording the ability to accomplish their duties more effectively.

As an INFOSEC administrator, performed duties required to conduct IAVM network security scanning using the Assured Compliance Assessment Solution (ACAS) scan tool.

Responsible for scanning of all End User Devices (EUD) on the NIPRNET to validate compliance in accordance with the IAVA program. Managed specialty filters, sensors and/or devices (both network and host based) designed to monitor and/or counter specific threats.

Project Manager (Dec 2010- Jan 2015)

Brooke Army Medical Center (BAMC)

CGI Federal, Lockheed Martin, Modis

Technical Project Manager for various modalities within San Antonio Medical BRAC Integration Office (SAMBIO), Joint Medical Facilities Office (JMFO), Clark/Hunt Construction and the United States Army Corp of Engineers (USACE).

Design Engineer responsible for integrating Audio/Video and Video-Teleconferencing (VTC) Technology within the newly constructed Consolidated Tower (CoTo) for an additional 80 new Conference Rooms with an influx of over 2000 new personnel (Military & Civilian).

Managed installation for new Distributed Antennae System (DAS) within CoTo and Central Energy Plant.

Utilized Project Management Principles from the Project Management Body of Knowledge (PMBOK) to meet schedule, budget, and scope constraints.

EDUCATION & CREDENTIALS

Master of Science in Management (MSM June 2008

Colorado Technical University Online, Colorado Springs, Colorado

Bachelor of Science in Electrical Engineering (BSEE) June 1997

Temple University, Philadelphia, PA

CompTIASecurity+ Cert ID Number COMP001020487636

Cybersecurity Training Certification

2017 – Defense Information Security Agency (DISA)

Risk Management Framework (RMF) Training Certification



Contact this candidate