Post Job Free
Sign in

Information Security Analyst

Location:
Frederick, MD
Posted:
June 26, 2025

Contact this candidate

Resume:

BRIDGET FONJAH

Woodbridge, VA ***** 571-***-****.

********@*****.***

US CITIZEN (Eligible for Active Public Trust Clearance) Professional Summary

• Detail-oriented and highly skilled Cyber Security Analyst with over 4 years of experience with focus on the Federal Information Security Act (FISMA) Compliance, NIST Cybersecurity Risk Management Framework (RMF).

• Experience in working in OWASP Top10 standards.

• Exceptional understanding of the information security domain.

• Experience using Burp suite pro and OWASP ZAP.

• Practical experience with manual Web application security.

• Experience in finding ciphers related vulnerabilities.

• Knowledge and ability to use computer operating systems/tools such as Microsoft Office Suite.

• Ability to write succinct briefings, presentations, and reports to convey analysis, threat trends, threat actor profiles, indicator bulletins, vulnerability details, and mitigation strategies.

• Assisted in complex risk and vulnerability assessments, including development of risk mitigation strategies.

• Contributed assessments of system configurations and installed security tools, scans systems to determine compliance and report results and evaluate products and various aspects of system administration.

• Review trends, patterns, or actionable information and assess incidents to identify types of attacks, collect evidence, and assess impact to report accordingly.

• identified cybersecurity system issues and corresponding mitigation solutions.

• Experience in different web application security testing tools like Acunetix, Metasploit, Burp Suite, SQLmap, OWASP ZAP Proxy and HP Fortify. Skills

OPERATING SYSTEMS: Windows server, Kali

Linux, Window 7, Windows10

PROGRAMMING LANGUAGES: Basics of C,

SQL, HTML.

NETWORKING TOOLS: Kali Linux, Wire shark,

NMAP, Nessus, Acunetix

SECURITY TOOLS: Nmap, Nessus, Acunetix,

OWASP ZAP, Burp Suite Professional, Wireshark

Metasploit, harvester, sublist3r, recon-ng,

netdiscover, Nikto, Wpscan.

FOUR YEARS INFORSEC SKILLS SUMMARY

Daily working knowledge of the entire Risk Management Framework (RMF) process using NIST 800- series SPs: 18, 37, 137, 53, 53, 60 Vol 1&2, FIPS 199, FIPS 200 publications and standards with Federal and private agencies for FISMA compliance.

Understanding and experience with the System Development Life Cycle (SDLC).

Possess in-depth ability to create, review, update security artifacts, and documentation such as SSP, SAP, SAR, POA&M, PIA, PTA, CP & CPT.

Very acquainted with vulnerability scanning and penetration testing tools (Nessus) as well as POA&M automated tracking tools (SAM), GRC Archer, and TAF.

Good tood team Player, quick learner, very dependable, proactive, pays attention to detail and can work under difficult conditions to meet deadlines and make the client happy.

Excellent communication, customer service, analytics, problem solving, writing/documentation, time management, and interpersonal skills.

Experience

Cyber Security Analyst 02/2022 to Current

CACI Chantilly, VA

● Provided insight and seek support from Cyber Security teams to inform and align with the business team strategies.

● Provided support for Windows 2012/2016/2019 server- Forest, Domain trust, AD, DFS, DNS, WINS, DHCP, Group Policy, Distribution lists, Windows folder security, and IP filter.

● Performed Web Application Vulnerability Assessment & Penetration Testing.

● Monitored and analyzed log events generated from a variety of platforms including SEIM, IDS/IPS, Firewalls, WAFs, Endpoint Security and application logs.

● Prepared daily, weekly, and monthly database security reports.

● Configured the Web application assessment tools like Burp suite Pro, Nmap, and OWASP ZAP.

● Respond to crisis or urgent situations within the network to mitigate immediate and potential cyber threats.

● Utilized Web Application Vulnerability Assessment & Penetration Testing.

● Vulnerability Assessment & Penetration Testing of Networks and Network architecture redesigning with security as primary point of consideration.

● Performed complete security audit (both black box and white box) for clients.

● Provide Information Assurance and consultative advice in information security.

● Analyzed information security events, including threat model development, and resulting security risk analysis of systems.

● Communicate with stakeholders on risk and security related issues.

● Utilized Ethical Hacking procedures to ensure proper handling of false positives.

● Participate in data security incident response, malware analysis, and the development of corrective and preventive activities.

Security Analyst 07/2020 to 01/2022

Leidos Annapolis Junction, MD

● Performed security research, analysis, and design for all client computing systems and the network infrastructure.

● Security assessment of online applications to identify vulnerabilities in different areas. categories like Input and data Validation, Authentication, Authorization, Auditing, & logging.

● Vulnerability Assessment of various web applications used in the organization using Paros Proxy, Burp Suite, Web Scarab, HP Web Inspect, and Qualys.

● Coordinate with the dev team to ensure closure of reported vulnerabilities by explaining the ease of exploitation and the impact of the issue.

● Security testing of APIs using SOAP UI, OWASP Mobile Top Ten vulnerabilities.

● Experience using Kali Linux to do web application assessment with tools like Dirbuster, Nikto, and Nmap.

● Good knowledge of IBM AppScan to enhance web application security.

● Perform security code review of JAVA, .Net, PHP code using static code analysis tools e.g., HP Fortify and IBM source edition.

● Help the team to remediate security issues with sample code using Fortify Static Code Analyzer

(SAST).

● Good knowledge on Tenable network security.

● Training the development team on the most common vulnerabilities and common code review issues and explaining detailed guidance for remediation.

● Good knowledge in programming and scripting in .net, Java.

● Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure.

● Strong experience in Web technologies like HTTP, HTML, CSS, Forms, and Database Connectivity.

● Ensuring SDLC to be a Secure SDLC.

● Manual (DAST) security testing on running web applications against OWASP top 10 standards. Education

Information Technology

George Mason University

Bachelor’s degree in Cybersecurity.

Certifications

● CompTIA Security+

● Scrum Master



Contact this candidate