Cyber Security Analyst - -ISSO/SCA
Clarisse Hendje
Upper Marlboro, MD 00000000 ***************@*****.*** US Citizen - DoD Secret Clearance
SECURITY ANALYST
PROFESSIONAL PROFILE
Supporting the Department of Defense (DOD) through the RMF process Highly motivated and Cross-functional Cybersecurity professional with over 8 years’ experience thriving in an atmosphere of new challenges and time-critical projects. Meticulously detailed with sound written and verbal communication between team and senior leadership.
Experience working and documenting Risk Management Framework processing with end results achieving an Authority to Operate (ATO)
Solid experience with the NIST Risk Management Framework (RMF) process, risk assessment, and continuous monitoring.
Experience in performing vulnerability and risk analyses of applications during all phases of the system development life cycle.
Experience working on USE CASES, MFR (memorandum for record).
In-depth knowledge of all NIST publications like NIST SP 800-53 Rev4 and Rev5, NIST SP 800-37 Rev 2, NIST SP 800-171, NIST 800-18, NIST SP 800-53A, FIPS 199, FIPS 200. AREAS OF EXPERTISE and Tools
Risk Management Vulnerability Assessments Compliance & Remediation Information Assurance HIPAA and SORN analysis Continuous Monitoring Risk Acceptance Audit Support, PTA/PIA System Categorization POA&M Management FISMA Reporting Assessment & Authorization Jira Ticketing System Nessus/Qualys scan analysis Linux OS, Windows & SDL, eMASTER, STIG VIEWER,
VMware, eMASS, VRAM
Nessus, Web Inspect, Splunk,
Security Control, SOP, ASR
Archer, CSAM, Jira, ServiceNow,
Test Result Controls, HBSS
EDUCATION & CERTIFICATIONS
Bachelor’s degree in science
Graduated from the University of Yaoundé
Master's Degree in Progress
Security+ CE, CASP, CISM
Cyber Security Analyst - -ISSO/SCA
PROFESSIONAL EXPERIENCE
Serco Incorporated June 2022 to Present
Sr. Information System Security Engineer (ISSE)
Selects appropriate information security controls for Federal Information Security Systems using as a guide the NIST 800-37 rev 2, SP 800-53, FIPS 199, FIPS 200, and NIST SP 800-53A Revision 4 and Revision 5.
Assess security controls in accordance with the assessment procedures defined in the security assessment plan (SAP) through examination, interviews, and testing.
Conducts initial remediation actions on security controls based on the findings and a recommendation of the security assessment report and re-assesses remediated control(s), as appropriate.
Conducts security assessments by reviewing System Security Plans (SSP) to create Kick-Off Presentation Slides, Security Assessment Plans (SAP), and Security Control Assessment (SCA) matrices.
Uploads Plan of Action and Milestones (POA&Ms) into Enterprise Mission Assurance Support Service
(eMASS) and validates artifacts provided to remediate POA&Ms.
Creates POA&Ms at the Control Correlation Level (CCI), to document findings in the Policies and Procedures documents.
Implemented ACAS (Assured Compliance Assessment Solution): Conducted Vulnerability assessments and compliance scans using ACAS to identify potential security risks and vulnerabilities.
Developed and maintained ASRs (Annual Security Reports): Compiled and analyzed security metrics and data to provide insights and recommendations for security improvements.
Reports residual risk, security exposures, vulnerabilities, noncompliance, and maltreatment of information assets to IT security management.
Involve in reviews of projects, incident debriefs, and analysis findings to identify problems and gaps.
Works hand in hand with the ISSM/ISSO in reviewing Federal Information Systems prior to submittal through the Package Approval Chain (PAC) for ATO approval
Conducts continuous monitoring of Federal Information Systems to ensure that security controls operate effectively as designed by the requirements of NIST SP 800-137.
Searches solutions for continuous improvement and changes to improve communication and education plans. Ensures security controls are implemented according to the prepared implementation plan.
Participate actively in the development of security policies, principles, architecture, and standards.
Prepares Federal Information systems for Independent Verification and Validation (IV&V) using a customized checklist
Submits Federal Information Systems through the Package Approval Chain (PAC), for ATO and ATO-C consideration
Apply appropriate information security control for Federal Information Security System using as a guide the NIST 800-37 rev 2, SP 800-53, FIPS 199, FIPS 200, and NIST SP 800-53A Revision 4 and 5.
Performed RMF assessment which includes participating in meetings with various System Owners (SO) and Information System Security Officers (ISSO).
Created change control procedures, drafted, reviewed, and updated Plans of Action and Milestones (POA&Ms).
Expertise in National Institute of Standards and Technology Special Publication (NIST SP) documentation.
Cyber Security Analyst - -ISSO/SCA
Performed assessment, Managed POA&M in eMASS, documenting, findings, mitigation and milestones to maintain continuous monitoring and ATO compliance. Conducted technical assessments against NIST SP 800-53 Rev 4 and Rev 5, validating implementation for AU, CM and SC control families across DOD systems.
Assessed DOD systems against NIST 800-53 Rev 5 and DOD CNSSI 1253 baselines, including Navy overlay requirements.
Performed vulnerability Scans and STIG compliance checks using ACAS/ Tenable.sc and DISA SRIG Viewer; analyzed results and coordinated remediation with system administrators.
Generated and reviewed Emass compliance reports to ensure accuracy of control inheritance, artifact alignment, and POA&M status prior to SCA reviews and CCRIs.
Provided direct technical support to ISSOs for RMF package development, evidence collection, and system categorization in accordance with DOD/DoN policy. Huntington Ingalls Industries Mar 2016– April 2022 Information System Security Officer
Prepare Assessment and Authorization packages for IT systems, making sure management, operational, and technical security controls adhere to a well-established security requirement authorized by NIST SP 800-53.
Update and document the System Security Plan (SSP), Risk Assessment Report (RAR), Authorization Memorandum, and Plan of Actions and Milestones (POA&M).
Support the full life cycle of the assessment and authorization (A&A) process by updating the following documents: Disaster Recovery Plan, Incident Response Plans, Business Impact Analysis, Configuration Management Plans, Risk Assessment, and E-authentication.
Participate in the development of the Contingency Plan (CP) and Contingency Plan Test (CPT - Table Top).
Update and maintain Contingency Plans and Incident Response Plans.
Perform security control assessments using NIST 800-53A guidance and Review Vulnerability scan results and ensure that risks are assessed and evaluated. •
Created Authorization Boundary diagrams: Designed and developed Authorization Boundary diagrams to illustrate the system's security boundaries and ensure compliance with security requirements.
Determine and assign risk impact ratings for systems in accordance with Federal Information Processing Standards (FIPS) 199.
Provide continuous monitoring support for control systems in accordance with FISMA guidelines and conduct FISMA-based security risk assessments.
Responsible for all Security Packages and perform any modifications throughout the lifecycle of the IT system. Perform Security Categorization (FIPS 199) using NIST SP 800- 60.
Generate a Plan of Action & Milestones (POA&Ms) for each non-compliant control for each managed IT System.
Provide support for all Office of the Inspector General (OIG) and other external audit activities.
Conduct vulnerability scans using Nessus and Web Inspect to assess security systems and applications while Monitoring systems for compliance and vulnerabilities.
Audit systems to ensure the integrity of security posture utilizing SIEM tools like Splunk.
Conduct monthly security audits and ensure that audit trails are reviewed, and audit records archived in accordance with security requirements. Cyber Security Analyst - -ISSO/SCA
Renowned Systems LLC Jun 2015– Feb 2016
Document Review Specialist
Assisted in quality control reviews of deliverable packages: - CP / CPT Contingency, System Security Plan, Contingency Plan, Disaster Recovery Plan, Incident Response Plans, Business Impact Analysis, Configuration Management Plans, Risk Assessment, E-authentication, and Plan of Actions and Milestones (POA&M).
Tracked remediation activities in Plan of Action and Milestones (POA&M).
Participated in Quality Control and discussed findings and recommendations for resolving noncompliance.
Researched common security vulnerabilities and their remediation solutions.
Prepared the package for delivery to management to obtain a signature from Authorizing Official, for authorization to operate the system.