Security Analyst Cyber

Ray Iyok

Cyber Security Analyst

Raleigh, NC Area C: 984-***-**** *******@*****.***

PROFESSIONAL SUMMARY

A dedicated Cyber Security Analyst with over five years of professional experience, specializing in Security Assessment & Authorization(A&A), System Development Life Cycle(SDLC), and System Security Monitoring. Skilled in guiding systems undergoing Authorization to Operate (ATO) and Information Security Continuous Monitoring (ISCM) processes using the NIST Risk Management Framework (RMF). Proficient in all phases of RMF implementation, including Categorization through Continuous Monitoring, as well as FedRAMP. Additionally, adept at developing and reviewing various security documentations such as SSP, SAR, SAP, CMP, CP, IRP, SCRTM, POA&M, SOPs, and other Policies & Procedures. Known for a strong work ethic and the ability to quickly grasp and adapt to new technologies and environments. SKILLS

• Ability to effectively present information verbally and in writing

• Threat detection and prevention

• Security Incident response

• Communication and Critical Thinking

• Fast learner and Team member

• Microsoft Office, Word, Excel, Powerpoint

EXPERIENCE

Nov, 2019 to Present Cyber Security Analyst

RTI International

● Continuously overseeing the end-to-end ATO (Authority to Operate) process for both new and existing systems, collaborating with System Owners, Technical Teams, Infrastructure Teams, SOC Teams, ISSMs, PM, and other stakeholders.

● Responsible for the development and maintenance of Plan of Action and Milestones (POAMs), facilitating remediation efforts, and conducting continuous monitoring activities utilizing existing ISCMP and NIST 800-137 Rev 1 guidelines.

● Proficient in updating system categorization levels using FIPS 199/NIST 800-60, selecting controls via NIST 800-53/FIPS 200, implementing controls, and crafting key deliverable documents such as SSP and others.

● Possess a deep understanding of creating, reviewing, and updating security artifacts and documentation, including SSP, POA&M, CP, CMP, PIA, and PTA. Provides guidance to management on emerging security regulations and policies, while staying abreast of NIST guidance updates that may impact ongoing system management.

● Conducts reviews of Privacy Impact Assessment (PIA) documents post-positive PTA creation, ensuring accurate recording of PII findings in the System of Record Notice

(SORN).

● Compiling Assessment and Authorization (A&A) packages for systems, ensuring adherence to formal security requirements authorized by NIST 800-53r4 and proper implementation of all controls to meet these requirements.

● Acting as the primary point of contact for IT security for designated systems to ensure compliance with relevant policies.

● Guaranteeing the integration of security activities throughout the System Development Life Cycle (SDLC) process.

● Ensuring adherence to documented security policies and procedures throughout the lifecycle of systems, including Assessment & Authorization (A&A), operation, maintenance, and disposal.

● Overseeing and managing relationships for assigned systems that may be contractor owned and contractor operated, ensuring vendors comply with agency security and privacy requirements.

● Supporting the development and upkeep of various security documents such as System Security Plans, Privacy Impact Assessments, Configuration Management Plans, Contingency Plans, Contingency Plan Test Reports, POA&Ms, annual FISMA assessments, and incident reports.

● Facilitating Information Security Awareness and training initiatives.

● Conducting research on designated IT security systems to offer insights into security architectures and recommendations.

● Supporting FedRAMP security assessments, ensuring compliance with government standards for cloud service providers.

● Coordinating with internal and external stakeholders to ensure cloud solutions align with FedRAMP High, Moderate, or Low baselines.

● Conducting continuous monitoring activities for cloud-based systems to maintain FedRAMP compliance.

● Performed risk assessments and vulnerability management for cloud infrastructure and services in AWS and Azure.

● Managing security event logging, monitoring, and incident response in AWS and Azure environments, ensuring quick identification and remediation of security incidents.

● Ensured cloud-based systems remained compliant with NIST SP 800-53, FISMA, and FedRAMP security requirements.

CHARACTERISTICS/ABILITIES

● Proficient in interpersonal communication, adept at managing sensitive and confidential situations and documents.

● While working remotely, ensuring consistent communication, availability, and collaboration. Remaining reachable via phone, email, or messenger during scheduled work hours and promptly responding to all correspondence.

● Skilled at planning and coordinating multiple projects concurrently with minimal supervision. ● Capable of engaging with personnel across all organizational levels.

● Thrive in fast-paced, dynamic environments, demonstrating a proven ability to meet deadlines and adapt to shifting priorities efficiently.

● Possess an energetic and forward-thinking approach, guided by high ethical standards.

● Team player, trustworthy, and willing to share information.

● Skilled in conflict resolution and adept at fostering positive working relationships.

● Promoting a workplace atmosphere aligned with the company's core values and mission as directed by its leadership.

ACADEMIC BACKGROUND

2019 - Bachelor’s degree in Electrical and Electronic Engineering CERTIFICATIONS

● CompTIA Security+ (Active)

Contact this candidate