Cybersecurity Analyst with DoD Secret Clearance

*

Anita Asare

Germantown, MD

Email: *******@*****.***

Tel: 401-***-****

Clearance: Active DoD Secret Clearance

Qualifications

A Self-motivated and highly steadfast IT individual specialized on diversified Information Assurance with focus on system security compliance; Authorization and Monitoring; Risk Assessment: Audit Engagements; and Testing IT Security Controls to ensure Confidentiality, Integrity, and Availability of the system resources, possessed strong analytical and problem-solving skills.

Experience

TIAG, Inc. Jan 2024-Present

Cybersecurity Analyst

Providing support to Medical Readiness Command-East (MRC East) FT Belvoir, VA.

• Support Medical Readiness Command, East in RMF compliance and system accreditation.

• Conduct vulnerability assessments, STIG reviews and POA&M development.

• Manage IA controls in eMASS and provide technical guidance on security implementation

• Review and assess existing networks and systems to identify and understand vulnerabilities to create a POA&M or work with the technical team to mitigate the vulnerability.

• Contribute to research and analysis and translate security policy and requirements to define best methods and practices.

• Assists with risk mitigation through management of the Plan of Action and Milestones (POA&M) process. Verifies actions taken by internal IT support teams satisfy risk mitigation.

• Assists in the development and implementation of information assurance policies and procedures to ensure compliance with organizational and regulatory requirements.

• Provide technical guidance on the implementation of security mechanisms and controls.

• Support in the development of System Security documentation, including FIPS-199 determination, e- authentication, privacy threshold analysis, privacy impact assessment, system security plans (SSP), IA policies, Rules of Behavior, security test and evaluation (ST&E) plans, risk assessment plans and reports, business continuity plans, disaster recovery plans, incident response plans, contingency plan, contingency plan test report, plans of action and milestones (POA&M) development, exception and waiver letters development, annual security control self-assessment, and continuous monitoring activities.

• Conduct regular evaluations of SIEM rules to ensure their effectiveness in detecting potential security threats and improving overall alert fidelity.

• Collaborate with project managers and technical leads to align security posture with mission objectives. AGO Worldwide Consulting Mar 2019 - Jan 2024

Security Control Assessor

Severn, MD

• Scheduled Kick off meeting with system owners to help identify assessment scope, system boundary, the information system’s category and attain any artifacts needed in conducting the assessment.

• Updated and reviewed Security Assessment Plan (SAPs) and conduct assessment of security control selections on various Moderate impact level systems to ensure compliance with the NIST SP 800-53A. 2

• Conducted security control interview meeting and artifact gathering meeting with various stakeholders using assessment methods of interview, examination, testing.

• Documented assessment findings in a security assessment report (SAR) and recommended remediation actions for controls that failed and vulnerabilities,

• Reviewed A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, e-Authentication Assessment, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT)

• Performed vulnerability assessment of information systems to detect deficiencies and validate compliance using POA&M tracking tool.

• Requested scans and later reviewed the scan results for common vulnerabilities such as missing patches, weak password settings, unnecessary services not disabled, and weak configurations.

• Served as liaison with clients, participating in meetings to ensure client needs are met. Geekview Tek Solutions Sep 2018 - Mar 2019

Information Assurance Analyst

Leesburg, VA

• Update and review A&A Packages to include Core Docs, Policy & Procedures, Operations and maintenance Artifacts, SSP, SAR, FIPS 200, FIPS 199, and POA&M.

• Review and update remediation on plan of action and milestones (POA&Ms), in organization's XACTA 360.

• Work with system administrators to resolve POA&Ms, gathering artifacts and creating mitigation memos, residual risk memos and corrective action plans to assist in the closure of the POA&M.

• Conducted vulnerability analysis of workstations and servers to ensure they are hardened.

• Performed network and log analysis for potential on-going attacks against customer sites.

• Worked with technical leads in various organizations and overseeing critical aspects of driving verification on their software, firmware and hardware Cybersecurity designs and implementations. • Assessed assigned products to determine product security status. Designs and recommends security policies and procedures to implement; ensures compliance to policies and procedures.

• Responded to more complex queries and request for product security information and reports from both internal and external customers.

• Provided product recommendations of security packages to product teams; Reviews vendor products and makes recommendations as appropriate.

• Ensured that the implementation of Cybersecurity aspects of our products and solutions are sound and that can scale to meet our customers’ needs.

Education

• M.S. Cybersecurity Management and Policy, University of Maryland Global Campus – March 2022

• B.A. Business Administration (Finance), Christian Service University College – April 2018 Certifications

• CompTIA Security+ - January 2023

• Certified Information Security Manager (CISM) – May 2023

Contact this candidate