SEARCH

Cybersecurity Analyst/Information Assurance Engineer Resume Example

Resume Score: 90%

Love this resume?Build Your Own Now
CYBERSECURITY ANALYST/INFORMATION ASSURANCE ENGINEER
Summary
Develops FISMA compliant security policies and procedures *Perform Certification and Accreditation in compliance with company/ organization standards *In-depth knowledge of NIST, and related Special Publications, DIACAP Implementation processes. *Perform comprehensive assessments and reviews management, operational and technical security controls for audited applications and information systems. *Strong analytical skills, quantitative skills, and excellent verbal/written communication skills *Ability to multi-task, prioritizes daily duties, and meet strict deadlines *Highly adept to learning new technologies *Effective in communicating and working with diverse groups.
Skills
  • FIPS 199/ FIPS 200
  • NIST Special Publications (NIST SP)
  • Sarbanes-Oxley Act
  • Security Categorization (SC)
  • Security Technical Implementation Guides (STIGs)
  • Continuous Monitoring (CM)
  • Security Assessment Reporting(SAR)
  • HIPAA Microsoft Office Suite (Ms Word, Ms Excel, Ms PowerPoint, Outlook, and Share Point)
  • DIACAP C&A Implementation Process
  •  Certification & Accreditation (C&A)
  •  Plan of Action & Milestones (POAM)
Work History
Department of Defense MCLB
Department of Health and Human Services
Department of Defense
Department of Health Services
Experience
03/2017 to Current
Cybersecurity Analyst/Information Assurance EngineerCenturum Information IncAlbany, GA
  • Perform Information assurance security engineering and testing support in support of GCSS-MC (Global Combat Support Systems Marine Corps).
  • Providing ISSE, C&A, IV&V, RMF, and Subject Matter Expert (SME) support to the Marine Corps Enterprise Information Technology Services (MCEITS) Program Office.
  • Developing the RMF packages for myriad systems (like the GCSS-MC) that will allow those systems to be hosted within the MCEITS environment.
  • Support Annual Security Reviews, Annual Security Testing, Annual Contingency Plan testing, and the quarterly updates/POA&M updates in compliance with the FISMA.
  • Provide support to obtain and maintain certification and accreditation (C&A) of fielded systems and systems in development under DIACAP (DoD Information Assurance Certification and Accreditation Process) and RMF (Risk Management Framework) guidelines.
  • Experience in vulnerability testing and using DoD approved tools (Nessus ACAS, SCAP, Vulnerator, HBSS, etc.).
  •  
  •  
  •  
  •  
  • Experience evaluating systems utilizing the National Institute of Standards (NIST) SP 800-53.
  • Experience with the C&A process and with DIACAP/RMF package documentation.
  • Create and analyze vulnerability assessment reports from ACAS, SCAP, and HP Fortify scan results and identify compliance strategies.
  • Participate in weekly meetings with Network Security Operations cybersecurity analysts for status on any cyber-related tasks.
  • Document Standard Operating Procedures for any systems under the purview of the GCSS-MC as tasked by the Cybersecurity Lead and/or Network Security Operations.
  • Supporting the implementation of enterprise cybersecurity standards.
  • Developing and implementing system specific cybersecurity standards and procedures; and programs.
  • Proficient in analyzing cybersecurity-related technical problems and provides technical support for resolution.
  • Execute defined cybersecurity processes, procedures, and reporting requirements;.
  • Satisfying information assurance and security requirements through the application of information system security best practices based upon the analysis of user, policy, regulatory, and resource demands.
06/2016 to 02/2017
Information Security AnalystTimeless Solutions IncHyattsville, Maryland
  • Scheduled kick off meeting with Stakeholders to help identify assessment scope, system boundary, information types (information process, store or transmitted by the information system), and eventually categorize information system accordingly.
  • Ensured that system's security controls, policies and procedures are examined, and validated.
  • Conducted IT controls risk assessments that included reviewing organizational policies, standards and procedures, interview appropriate personnel, and provide recommendations on adequacy, accuracy and compliance with regulatory standards using NIST SP 800-53A.
  • Help guide System Owners and ISSOs through the Security Assessment and Authorization (SA&A) process ensuring that management; operational and technical controls for securing either sensitive Security Systems and IT Systems are in place and are followed according to federal guidelines (NIST 800-53).
  • Other responsibilities included assurance of vulnerability mitigation, training on C&A tools, supporting System Test and Evaluation (ST&E) efforts and other support to the IT Security Office.
10/2012 to 05/2016
Information Security Analyst/Unit Supply SpecialistUnited States ArmyFort Benning, GA
  • Participated in weekly meeting to discuss the status of the assessment process.
  • Designated systems and categorized its C.I.A using FIPS 199 and NIST SP 800-60.
  • Developed test plans, testing procedures and evidence needed to validate the controls using NIST SP 800-53A.
  • Responsible for the development, implementation, assessment, and monitoring of common controls.
  • Conducted a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by the information systems to determine the overall effectiveness of the controls and the extent to which the controls were implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements.
  • Documented assessment findings in a security assessment report and produced a plan of action and milestones for all controls having weaknesses or deficiencies.
  • Reviewed system and audit logs and liaised with Database Administrators to remediate findings.
  • Monitored Office of Management and Budget and FISMA security requirements.
  • Reviewed existing documents, policies and procedures, and previous assessments reports.
  • Established schedules and deadlines for assessment activities.
08/2009 to 05/2012
IT Security SpecialistGhana Health ServiceAccra, Ghana
  • Verified and validated security categories for various information systems.
  • Coordinated with the information system owners in the continuous monitoring of DOE information systems and its environment of operation to include developing and updating the security plans, managing and controlling changes to the systems, and assessing the security impact of those changes.
  • Performed Vulnerability Assessments to ensure that risks are assessed, evaluated and proper actions have been taken to limit their impact on the Information and Information Systems.
  • Worked on Cyber Security projects developing a workshop for vulnerability identifications, analysis, remediation reporting to staff and end users.
  • Facilitated remediation of new vulnerabilities by collaborating with cyber security team and endpoint teams.
  • Worked closely with both business oriented executives and technical teams to ensure that adequate processes are in place and actions are being taken to mitigate identified risks proactively using HIPAA.
  • Developed and maintained relationships with internal and external customers to formulate information security governance solutions.
  • Researched and maintained knowledge base regarding information security issues, solutions and potential implications.
Education and Training
May 2017
Bachelor of Science: Cyber Security Management and PoliciesUniversity of Maryland University CollegeAdelphi, MarylandCyber Security Management and Policies
June 2009
Bachelor of Science: Computer ScienceGhana Telecom UniversityAccraGhanaComputer Science
Activities and Honors
National Society for Leadership and Success
Skills
Budget, C, consulting, SC, Database, Department of Health, documentation, HP, information security, Information Systems, Information Technology, managing, meetings, Ms Excel, Microsoft Office Suite, Office, Outlook, Ms PowerPoint, Share Point, Ms Word, Enterprise, Network Security, organizational, personnel, policies, processes, producing, Publications, reporting, requirement, Risk Management, Sarbanes-Oxley, technical support, training materials
Additional Information
  • Nessus Security Scan *SY0-401: CompTIA Security Certification: Expected August 2017 *CASP Certification expected September 2017 *Active Secret Clearance
Build Your Own Now

Resume Overview

Companies Worked For:

  • Department of Defense MCLB
  • Department of Health and Human Services
  • Department of Defense
  • Department of Health Services
  • Centurum Information Inc
  • Timeless Solutions Inc
  • United States Army
  • Ghana Health Service

School Attended

  • University of Maryland University College
  • Ghana Telecom University

Job Titles Held:

  • Cybersecurity Analyst/Information Assurance Engineer
  • Information Security Analyst
  • Information Security Analyst/Unit Supply Specialist
  • IT Security Specialist

Degrees

  • Bachelor of Science : Cyber Security Management and Policies
    Bachelor of Science : Computer Science

Similar Resumes

View All
Information-Assurance---Cybersecurity-Risk-Analyst-resume-sample

Information Assurance - Cybersecurity Risk Analyst

NET Esolutions Corporation, NTT DATA Services Company

Gwynn Oak, Maryland

Posted 130 days ago