Security Analyst It

RAPHAEL ADESOJI

Laurel, Maryland 240-***-**** *********@*****.***

PROFESSIONAL PROFILE

Skilled Information Security Analyst, knowledgeable in risk management framework (RMF), systems development life cycle (SDLC), security life cycle, and vulnerabilities management using FISMA, FedRAMP, and applicable NIST standards. Organized, Solutions-focused, deadline-focused, team oriented, work well independently, or in team providing all facets of computer supports with in-depth knowledge and understanding of numerous software packages and operating systems. A proven project and team lead with aptitude for good customer service, leadership, excellent communication (both oral and written), and presentation skills. Specialized in providing IT security expertise and guidance in support of security assessments and continues monitoring for government and commercial clients.

Functional areas of expertise include:

• Assessment and Authorization (A&A)

• IT Security Compliance

• Vulnerability Assessment

• Vulnerability Scanning

• Security Test and Evaluation (ST&E)

• Certification and Accreditation (C&A)

• Risk Assessment

• Systems Development Life Cycle

• Technical Writing

• Project Management and Support

TECHNICAL SKILLS

Nessus Vulnerability Scanner, Microsoft Visio, Excel, Word, PowerPoint, Access, Mac, Microsoft Windows, Linux, VMware, Oracle virtual box, CSAM, eMASS, RSAM, Tripwire, Accellion/WatchDox secured file solution, Data Analysis, RMPS, Remedy, ServiceNow, Splunk, Active Directory, Trend Micro, and more. PROFESSIONAL EXPERIENCE

IT Security Analyst 07/2021 – PRESENT

PANTHERGON IT & CYBER SECURITY SOLUTIONS, LLC

- Supports client’s security policies and compliance activities of vulnerability management, incident reporting, risk mitigation, Assessment & Authorization (A&A), Authorization to Operate (ATO), and continuous monitoring for systems, components, networks, and applications.

- Provides security expertise and guidance in support of full life cycle of security & privacy compliance, security assessments, and Authorization to Operate (ATO) process.

- Supports Assessment & Authorization (A&A)/ (C&A) activities according to the project plan.

- Reviews authorization documentation for completeness and accuracy for compliance.

- Facilitates Security Control Assessment (SCA) and Continuous Monitoring Activities.

- Executes, examine, interview, and test procedures in accordance with NIST SP 800-53A.

- Ensures cyber security policies are adhered to and that required controls are implemented correctly.

- Validates information system security plans to ensure NIST control requirements are met.

- Author recommendations associated with findings on how to improve the customer’s security posture in accordance with NIST controls.

- Assists team members with proper artifact collection and detail to clients’ examples of artifacts that will satisfy assessment requirements.

- Reviews security logs to ensure compliance with policies and procedures and identifies potential anomalies.

- Develop, updates, and review A&A Packages to include Core Docs, Policy & Procedures, Operations and Maintenance Artifacts, SSP, SAR, FIPS 200, FIPS 199, POA&M, CPTPR, BIA, PTA, PIA, and more.

- Collects Operation and Maintenance artifacts on an ongoing basis so that Security Control Assessment

(SCA) is seamless.

- Updates, reviews, and align SSP to the requirements in NIST 800-53; so that assessments can be done against the actual requirements and not ambiguous statements.

- Manages vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple assets across the enterprise network.

- Reviews SAR post assessment; creates and completes POAM’s milestones to remediate findings and vulnerabilities.

- Independently reviews complex security analysis of existing systems for compliance with security requirements.

- Monitors security controls post authorization to ensure continuous compliance with the security requirements.

IT Security Engineer 10/2019 – 07/2021

XZENTIA, LLC

- Provided security expertise and guidance in support of security assessments

- Supported A&A (C&A) activities according to the A&A project plan

- Held kick-off meetings with SO and systems stakeholders prior to assessment engagements

- Develop and update security plan, plan of action and milestone (POA&M)

- Monitor controls post authorization to ensure continuous compliance with the security requirements

- Manage vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple assets across the enterprise network

- Prepared and reviewed documentation to include SSP, SAP, SAR, POAM Packages

- Created reports detailing the identified vulnerabilities and the steps taken to remediate them

- Developed, evaluate and implemented information security governance processes, including policies, standards, procedures and risk management practices EDUCATION

- Bachelor of Science (BSc) in Banking & Finance University of Ado, Ado-Ekiti Graduated with Honor (HONS)

CERTIFICATIONS

- Certified in Governance, Risk Management & Compliance (CGRC), formerly CAP - Active

- CompTIA Security Plus - Active

- CISSP – In progress

SKILLS & COMPETENCIES

- Ability to establish and maintain effective working relationships with clients and co-workers.

- Skills in interviewing users to help analyze and resolve issues.

- Strong organizational, analytical and planning skills.

- Ability to read and interpret system security policies, rules and regulations.

- Ability to communicate security and risk-related concepts to both non-technical and technical audiences

- Strong communication (verbal & written) and presentation skills.

Contact this candidate