Livecareer-Resume

Cybersecurity Analyst Resume Example

Love this resume?

By clicking Build Your Own Now, you agree to our Terms of Use and Privacy Policy

Jessica Claire
Montgomery Street, San Francisco, CA 94105
Home: (555) 432-1000 - Cell: - resumesample@example.com - -
Professional Summary
Experienced Information Assurance Analyst committed to maintaining cutting edge technical skills and up-to-date industry knowledge.  Offering a diverse security background in information security, supporting system control assessments/testing, along with implementing Certification and Accreditation / Security Assessment and Authorization (SA&A) support following the guidelines of NIST, FISMA, Internal Revenue Service (IRS) IRM's, DIACAP and OMB. Assisting in the development of Business Continuity Plan, Continuity of Operations Plan, Disaster Recovery Plans, and Incident Response Plans. In addition, offering a technical background in computer networking, along with Microsoft and Network training. Accompanied by a professional work ethic, strong attention to detail, and an ability to produce top-quality results in deadline driven environments.
Skills
  • NIST 800 Special Publications
    • 800-53 Rev 3/4
    • 800-37
    • 800-34
    • 800-18
  • FIPS 199/200
  • Risk Management Framework (RMF)
  • Enterprise Continuous Monitoring (eCM)
  • Security Control Assessments (SCA)
  • Certification and Accreditation (C&A)
  • Security Assessment and Authorization (SA&A)



  • DIACAP DoD Directive 8500.1 and 8500.2
  • Policy and Procedure Development
  • Vulnerability Scanning
  • Business Impact Assessment
  • Disaster Recovery
  • Contingency Planning
  • GAO Federal Information System Controls Audit Manual (FISCAM)
  • Windows/Linux
  • Privacy Impact Assessments (PIA)
  • Personally Identifiable Information protection
  • Proposal Development
Work History
2014 to Current
CyberSecurity Analyst Adp Aurora, CO,
    Currently supporting the IRS  SA&A, SCA, Enterprise Continuous Monitoring (eCM) and Enterprise Continuous Monitoring Reauthorization (eCM-r) activities for multiple General Support Systems and Major Applications.

    Responsibilities:
  • SA&A management and support using NIST, OMB and IRS IRM guidance to integrate risk-based security principles throughout the program implementation life cycle for medium-scale systems deployments.
  • Execute SA&A process including pre-certification, certification, accreditation, and post accreditation. 
  • Security Control Assessment (SCA) Testing, Enterprise Continuous Monitoring (eCM), Enterprise Continuous Monitoring Reauthorization (eCM-r) 
  • RISK MANAGEMENT FRAMEWORK (RMF) 
  • Categorize the information system and the information processed, stored, and transmitted by that system based on an impact analysis. 
  • Select an initial set of baseline security controls for the information system based on the security categorization; tailoring and supplementing the security control baseline as needed based on organization assessment of risk and local conditions.
  • Implement the security controls and document how the controls are deployed within the information system and environment of operation.
  • Assess the security controls using appropriate procedures to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
  • Authorize information system operation based upon a determination of the risk to organizational operations and assets, individuals, other organizations and the Nation resulting from the operation of the information system and the decision that this risk is acceptable. 
  • Monitor and assess selected security controls in the information system on an ongoing basis including assessing security control effectiveness, documenting changes to the system or environment of operation, conducting security impact analyses of the associated changes, and reporting the security state of the system to appropriate organizational officials.
  • Work with Chief Information Officers (CIO), Information Security Officers (ISO), and Security Administrators to assess system security controls or to define security and functional system requirements. This involves the development of security related documentation to include policy development, procedural testing, risk assessments, Assessment control plans, security requirement definition, and security metrics measurement, to support FISMA / NIST C&A/SA&A activities.
  • Combine pieces of information from the results of system testing to outline general rules or conclusion
  • Characterize the system, as well as organize each security control associated with that system 
  • Perform system tests, present implementation recommendations, identify and track vulnerabilities, systems integration, and provide technical advice based on those reviews.
  • Coordination of certification and accreditation activity for project teams.
  • Evaluation of information assurance technologies for application to the projects and systems.
  • Planning and support of security engineering.
  • Policy, procedure, and documentation development
  • Quality control: Standard Operating Procedures (SOPs), SCA Testing, NIST/IRM Module Development 
  • Implemented company policies, technical procedures and standards for preserving the integrity and security of data, reports and access.
  • Recommended network security standards to management.
  • Proposal development
  • Consistently met deadlines and requirements for all production work orders.
10/2012 to 2014
Information Assurance Analyst Leidos Holdings Inc. Worcester, MA,
Supported the IRS Affordable Care Act (ACA) Information System (IS), ACA Information Returns (AIR) application, and the Affordable Care Act (ACA) Verification Service (AVS) application.

Responsibilities:  
  • SA&A management and support using NIST, OMB and IRS IRM guidance to integrate risk-based security principles throughout the program implementation life cycle for medium-scale systems deployments. 
  • Execute SA&A process including pre-certification, certification, accreditation, and post accreditation. Conducted Security Control Assessments  
  • Supporting RISK MANAGEMENT FRAMEWORK (RMF)
  • Categorize the information system and the information processed, stored, and transmitted by that system based on an impact analysis (1). 
  • Select an initial set of baseline security controls for the information system based on the security categorization; tailoring and supplementing the security control baseline as needed based on organization assessment of risk and local conditions (2). 
  • Implement the security controls and document how the controls are deployed within the information system and environment of operation. Assess the security controls using appropriate procedures to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system (3).
  • Authorize information system operation based upon a determination of the risk to organizational operations and assets, individuals, other organizations and the Nation resulting from the operation of the information system and the decision that this risk is acceptable (4). 
  • Monitor and assess selected security controls in the information system on an ongoing basis including assessing security control effectiveness, documenting changes to the system or environment of operation, conducting security impact analyses of the associated changes, and reporting the security state of the system to appropriate organizational officials       
  • Worked with Chief Information Officers (CIO), Information Security Officers (ISO), and Security Administrators to assess system security controls or to define security and functional system requirements. This involves the development of security related documentation to include policy development, procedural testing, risk assessments, ST&E plans, security requirement definition, and security metrics measurement, to support FISMA / NIST C&A/SA&A,activities.   
  • Combine pieces of information from the results of system testing to outline general rules or conclusion Characterize the system, as well as organize each security control associated with that system Perform system tests, present implementation recommendations, identify and track vulnerabilities, systems integration, and provide technical advice based on those reviews. 
  • Coordination of assessment activity for project teams. Evaluation of information assurance technologies for application to the projects and systems. 
  • Planning and support of security engineering. 
  • Development of System Security Plan (SSP), Information System Audit Plan, Security Control requirements for Moderate Information Established compatibility with third party software products by developing program for modification and integration. 
08/2009 to 05/2012
Information Systems Security Officer (ISSO) Rtx Littleton, CO,
Supported Certification and Accreditation (C&A) and security engineering activities for Bank of New York Melon and government clients, Housing of Urban Development (HUD).

Responsibilities:
  • Obtaining and managing security certification and accreditation of systems, networks, and sites.
  • Support using FISMA, , FIPS 199/200, NIST SP 800 Series, and FISMA guidance
  • Execute C&A process including pre-certification, certification, accreditation, and post accreditation (continuous monitoring).
  • Risk Management Framework - Identifying threat likelihood and impact analysis.  Vulnerability scanning. 
  • Financial Auditing using OMB A-123 guidance
  • SCAP expressed checklist used /needed for GSS’s or a system’s life cycle.
  • Managing and leading efforts in the review, application, and maintenance of information assurance policies and procedures.
  • Review and maintenance of certification plans and accreditation documentation.
  • Performing security, analyses and risk/vulnerability assessments.
  • Support clients using Nessus
  • SCAP validation products used to support clients: Tenable’s Nessus, DISA gold disk, and multiple Symantec applications.
  • Conducting security tests and evaluations.
  • SCAP Data Loss Prevention (DLP) while working with Bank of New York. Mellon
  • SCAP Data Loss Prevention (DLP) while working with Ginnie Mae.
  • Utilizing NIST SP 800-53 Rev. 3 and evaluating auditing tools; firewall and switch configurations, intrusion detection applications, and media control.
  • Visualize how the agency protected paper trails, backups (do they use the correct storage or third party vendors such as Iron Mountain), and all hardware that contains sensitive data.
  • Coordination of certification and accreditation activity for project teams.
  • Evaluation of information assurance technologies for application to the projects and systems.
  • Planning and support of security engineering.
  • Policy, procedure, and documentation development:BCP, DRP, IRP, and COOP development
10/2005 to 08/2009
Information Security Specialist 3 Integrated Communication Solutions City, STATE,
Supported Certification and Accreditation (C&A) activities for high-visibility federal government clients. Main focus has been working directly with the Department of Transportation (DoT), the Federal Aviation Administration (FAA), the Department of Education (DoEd), Veteran Affairs (VA), Internal Revenue Service (IRS) (TIPPS-3) and National Oceanic and Atmospheric Administration (NOAA) and the Department of Homeland Security (DHS). Client base is expanding with potential growth in company as well as new task assignments.

Responsibilities:

  • C&A management and support using NIST, DIACAP, and OMB guidance to integrate risk-based security principles throughout the program implementation life cycle for medium-scale systems deployments.
  • Execute C&A process including pre-certification, certification, accreditation, and post accreditation.
  • Risk Management Framework (RMF)
  • Knowledge of NIST 800-18, 800-30, 800-37, 800-53 Rev 2
  • Knowledge of FIPS 199 and FIPS 200 
  • BCP, DRP, IRP, and COOP development
  • Knowledge of DIACAP DoD Directive 8500.1 and 8500.2
  • DIACAP Lifecycle
  • Mission Assurance Category (MAC) Level and Confidentiality level (CL) used to identify the IA control set 
  • Work with Chief Information Officers (CIO), Information Security Officers (ISO), and Security Administrators to assess system security controls or to define security and functional system requirements. This involves the development of security related documentation to include policy development, procedural testing, risk assessments, ST&E plans, security requirement definition, and security metrics measurement, to support FISMA / NIST/ DIACAP C&A activities. 
  • Combine pieces of information from the results of system testing to outline general rules or conclusion 
  • Characterize the system, as well as organize each security control associated with that system 
  • Perform system tests, present implementation recommendations, identify and track vulnerabilities, systems integration, and provide technical advice based on those reviews. 
Technical Support Analyst NSOC - Network Security and Operations Center Responsibilities:
  • Developing and maintaining corporate website
  • Administer/monitor servers utilizing remote connection and intrusion detection systems.
  • Monitor remote networks for availability.
  •  Maintain and ensure 99.9% uptime for 11 application, web, and database servers.
  • Provide Tier 1 Application Support for 1500 users/3 applications.
  • Perform Incident Management using Remedy Action Request System.
  • Create, manage, troubleshoot and delete user accounts for hosted applications
  • Monitor data center systems including: 
  • Compaq Proliant series servers
  • Dell Poweredge servers 
  • Cisco Catalyst switches 
  • Cisco PIX series firewalls •          
  • StorageTek L700 Liebert humidifiers 
Education
Expected in 2007
Master of Science: Network Security
University of Advancing Technology - Tempe, AZ
GPA:
Expected in 2003
Bachelor of Arts: Computer Graphics/Animation
Towson University - Towson, MD
GPA:
Certifications
  • CompTIA Security Plus
  • ISC2 CISSP (anticpated 2015)
Security Clearance
  • Department of Defense (DoD) Secret 
  • IRS Minimum Background Investigation (MBI) 

By clicking Build Your Own Now, you agree to our Terms of Use and Privacy Policy

Disclaimer
Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions. As such, it is not owned by us, and it is the user who retains ownership over such content.

How this resume score could be improved?

Many factors go into creating a strong resume. Here are a few tweaks that could improve the score of this resume:

74Average

Resume Strength

  • Formatting
  • Personalization
  • Target Job

Resume Overview

School Attended
  • University of Advancing Technology
  • Towson University
Job Titles Held:
  • CyberSecurity Analyst
  • Information Assurance Analyst
  • Information Systems Security Officer (ISSO)
  • Information Security Specialist 3
Degrees
  • Master of Science
  • Bachelor of Arts

Similar Resume

View All
Cybersecurity Analyst
Cybersecurity Analyst
Cybersecurity Analyst