Risk Management Cybersecurity Analyst

Fidelis Chendi

Location: Houston, TX Email: ************@*****.*** Contact: 832-***-****

Secret Clearance

SUMMARY

Skilled Cybersecurity Analyst with seven years of experience and a military veteran with an active security clearance. Expert in fortifying sensitive information through meticulous risk management. Proven leader in implementing advanced security controls and conducting thorough assessments. Committed to maintaining the highest confidentiality and security standards in dynamic environments.

SKILLS

Security Information and Event Management (SIEM)

Security Implementation

Security Incident Management

Intrusion Detection and Prevention Systems (IDS/IPS)

Security Assessment Tools (Nessus, eMASS, WebInspect, CSAM)

Threat Intelligence

Vulnerability Management and Risk Assessment

Web Application Security

Security Testing Methodologies (e.g., OWASP)

Network Security Assessment

MS Office 365, Slack, ServiceNow, Power BI

Audit Reports

EDUCATION

Bachelor of Science in Chemical Engineering Prairie View A&M University

Master of Science in Cybersecurity (Ongoing) American Military University

Certifications:

CompTIA Security+ CE (IAM Level II)

CompTIA Pentest+ CE

CompTIA A+ CE

CompTIA Network Vulnerability Assessment Professional (CNVP)

Certified Information Systems Auditor (CISA) (IAM Level III)

EXPERIENCE

Sev1Tech (Woodbridge, VA)

Information System Security Engineer (ISSE) May 2024 - Present

Independently provides support in defining and implementing system security requirements, designs security architecture, and develops a security design for program platforms up to and including classified networks.

Leverage security products and technologies to protect the organization’s systems and information and enable the achievement of the organization’s objectives.

Begin and maintain accreditations during the continuous monitoring stages of the Risk Management Framework (RMF).

Review and evaluate the security impact of changes to authorized systems and provide technical guidance focused on information security architecture.

Review and author System Security Plans (SSPs) and other supporting evidence documentation.

Participates in the development or revision of security-related policies and procedures, conducts Federal Information Security Management Act (FISMA) evaluations annually on accredited systems, and completes/updates Plan of Action and Milestones (POA&Ms) as appropriate

Perform or assist in certain cybersecurity efforts, ex, Critical Functionality Analysis (CFA), Supply Chain Risk Management (SCRM), Critical Components and Critical Program Information (CPI) evaluations, and Cybersecurity Strategy development.

Experience developing and implementing new security systems, security programs, protocols, and maintenance of existing systems

Ensure compliance with internal security policies and external regulations.

Prepare technical documents, incident reports, vulnerability assessments, and other situational awareness information for key stakeholders.

Conduct system vulnerability scanning, configuration assessment, and remediation to maintain system integrity and security.

Workiva (Ames, IA)

Cybersecurity Analyst (ISSO)/SCA May 2019 – May 2024

Engage in ongoing RMF, A&A, and ATO projects, adhering to FISMA and NIST SP 800-37 Rev 2 guidelines for client security systems.

Categorize Information Systems using FIPS 199 and NIST SP 800-60 Vol 2 Rev 4.

Select and implement security controls (technical, operational, and management) based on NIST SP 800-53 Rev 4/5.

Prepare and review FedRAMP ATO packages for IaaS, SaaS, and PaaS systems.

Conduct a comprehensive review of AWS, Azure, and Google Cloud Systems for Agency Authorization using FedRAMP standards and provide Authorization recommendations.

Create, update, and revise ATO documentation such as system security plan (SSP), contingency plan (CP), disaster recovery plan (DRP), incident response plan (IRP), risk assessment (RA), business impact analysis (BIA), Configuration Management Plan (CMP), and plan of action & milestone (POA&M).

Implement privacy controls and create privacy threshold analysis (PTA), privacy impact assessment (PIA), and system of record notice (SORN) privacy documentation.

Generate, review, and update System Security Plans (SSP) against NIST 800-18 and NIST 800-53 requirements.

Perform ongoing system monitoring using NIST 800-137 Rev 4 throughout the ATO lifecycle.

Create Splunk dashboards to capture customized logs from systems and applications.

Assist with compliance reviews and audits to maintain information system authorization baselines.

Stay current with vulnerabilities, attacks, and countermeasures, engaging in research and development activities.

Analyze vulnerabilities, databases, DISA STIGs, and application assessments. Collaborate with tech partners to resolve SLA/SLO vulnerabilities.

Monitored DLP information security alerts, analyzed event/alert patterns, and prioritized threats accordingly.

Create tabletop/functional tests for CP-test, IRP-Test, and DRP-Test exercises.

Ensure risk mitigation activities are carried out, validating appropriate documentation from project teams or customers.

Ensure controls are fully implemented with evidence within eMASS. Update the system architecture, data flow, network, hardware, and software in SSP.

Accenture (Houston, TX)

Information Security Analyst Nov 2018 - May 2019

Establish and maintain Configuration Management for documentation for our Energy client.

Identify, assess, and document threats and risks to designated systems.

Capture and manage information system security artifacts.

Conducted cybersecurity tests and assessments, providing results to the ISSM of the energy client.

Evaluate security impacts and recommend implementation strategies for significant changes.

Identify cybersecurity training needs and conduct information system risk assessments.

Respond to and report incidents related to assigned information systems.

Develop security processes and procedures supporting the ISSM’s Cyber Security Program.

Create and maintain disaster recovery and incident response plans, participating in associated training.

Proficient in formally and informally presenting information in group and individual settings.

McKinsey and Company (Houston, TX)

SOC Analyst Jan 2018 - Nov2018

Continually investigate and escalate in compliance with protocols and contractual SLAs with minimum oversight.

Responding to cyber-threats as occurrences by evaluating logs from numerous sources and submitting tickets through a ticketing queue (e.g., phishing, lost laptop, multiple country login, etc.) Execute the appropriate reaction according to the runbook methods.

Performing proactive security monitoring of SIEM events for cyber threats while offering detailed observation and escalation as needed.

Work with TCP/IP, network fundamentals, network security, NetFlow, and tools such as Wireshark, Snort IDS, Twin Wave, Splunk, Investor Inquiry, Phantom, Proofpoint, and Active Directory.

Monitor the Symantec DLP console, look for connections, take notes, investigate, and escalate incidents as needed.

Security technologies such as security information and event management (SIEM), intrusion detection and prevention systems (IDS/IPS), Data Loss Prevention (DLP), proxy, Web Application Firewall (WAF), endpoint detection and response (EDR), anti-virus, sandboxing, and network and host-based firewalls.

Conduct Splunk searches to check proxy/firewall status using Splunk search and reporting.

United States Navy Reservist (San Diego, CA)

Petty Officer Second Class June 2015 - Present

Led and supervised a team of engineers in operating, maintaining, and repairing shipboard propulsion systems, auxiliary machinery, and related equipment.

Conduct routine inspections, troubleshooting, and preventive maintenance to ensure optimal performance and reliability of engines and associated systems.

Provide technical expertise and guidance to junior personnel in diagnosing and resolving complex mechanical issues.

Coordinate with other departments to ensure seamless integration of engineering operations with overall ship operations.

Maintain accurate records of maintenance activities, equipment status, and inventory to support operational readiness.

COMPLIMENTARY SKILLS

Excellent interpersonal skills and ability to communicate effectively with all levels of the organization’s workforce while maintaining appropriate confidentiality.

Great ability to function in a fast-paced environment, perform under stress, and adapt to emergencies.

Ability to resolve complex problems using analytical skills, technical expertise, or research and deliver innovative, cost-effective solutions.

Familiarity with ISO 27001, SOC, and PCI DSS compliance.

Ability to collaborate with technical and non-technical personnel.

Possess a high degree of integrity, trust, and ability to work independently.

Contact this candidate