Experienced and proficient in Security Assessment & Authorization (SA&A), Risk Management, System Monitoring, Developing and Reviewing Security Assessment Report and artifacts, as well as IT Security Policies, Procedures and Guidelines PCI/DSS, FISMA, Cybersecurity Framework (CSF) FedRAMP, DHS 4300, NIST 800 Series, publications compliance working knowledge. (With Active Clearance)
Skills
Experienced working with NIST 800 series
Risk Management Framework
Excellent Communication skills
Excellent problem-solving abilities
Excellent work ethic
Analytical skills
Experienced with vulnerability Scanning tools such as NESSUS, WebInspect
Work History
Information Systems Auditor, 12/2019 to Current Convergeone – Bethesda, MD,
Conduct security assessment interviews to determine the security posture of the system using NIST and CSF framework.
Review artifacts for assigned system such as: MOU, ISA, DRP, BIA, ISA.
Review scanner report to check vulnerability, compliance with hardening guides, ask that accountability installed software, ports protocol and services.
Completed audit papers by thoroughly documenting audit tests and findings.
Review and update remediation on plan of action and milestones (POA&Ms).
Observe documentation observe cyber security operation and ask questions to get a better understanding on the operations environment
Ensure hardware assets /software assets connected to the DHS network are approved on the technical reference model.
Prepared working papers, reports and supporting documentation for audit findings.
Review, analyze, and coordinate remediation of vulnerability. Recommend corrective action and review remediation actions for effectiveness.
IT Security Analyst, 10/2017 to 12/2019 Aeg Worldwide – El Segundo, CA,
Ensure proper system categorization using FIPS 199 and NIST 800-60 volume 2; implement appropriate security controls for information system based on NIST 800-53 rev 4 and FIPS 200.
Draft and update security documents such as FIPS 199, System Security Plan(SSP), Contingency Plan (CP), Contingency Plan Testing (CPT) E -Authentication, Incident Response Plan (IRP), Incident Response Plan Testing (IRPT), Privacy Threshold Assessment (PTA), Privacy Impact Assessment (PIA), Disaster Recovery Plan (DRP).
Work with system owners to develop and review System Security Plan (SSP).
Tests, assess, and document security control effectiveness. Collect evidence, interview personnel, and examine records to evaluate effectiveness of controls.
Work with system administrators to resolve POA&Ms, gathering artifacts and creating mitigation memos, residual risk memos and corrective action plans to assist in the closure of POA&M.
Conduct security assessment interviews to determine the Security posture of System and to develop a Security Assessment Report (SAR) in completion of the Security control assessment questionnaire using NIST SP 800-53A required to maintain Company Authorization To Operate (ATO), the Risk Assessment, System Security Plans, and System Categorization.
Reviewing, maintaining, and ensuring all assessment and authorization (A&A) documentation is included in the system security package.
Perform information security risk assessments and assist with the internal auditing of information security processes.
Assessed threats, risks, and vulnerabilities from emerging security issues and identified mitigation requirements
Ensure vulnerabilities and risks are efficiently mitigated in accordance with the organization continuous monitoring plan.
Collaborate with ISSO colleagues on the planning and implementation of enhancements to the system's risk management processes.
Information Systems Security Analyst, 06/2014 to 10/2017 Engility Corporation – Hagatna, GU,
Prepared and submitted security assessment plan (SAP) to CISO for approval.
Reviewed, developed and updat security artifacts for assigned system such as: MOU, ISA, DRP, BIA, ISA.
Provided support in the design and implementation of automation for manual procedures, the development of baseline security configurations, standards, and policy in accordance with industry best standards.
Developed and updated security plan (SSP), security assessment report (SAR), and plan of action and milestone (POA&M).
Monitored controls post authorization to ensure continuous compliance with security requirements.
Created reports detailing identified vulnerabilities and the steps taken to remediate them.
Participated in other governance team initiatives, to include development of comprehensive security awareness program; and audit response activities.
Implemented company policies, compliance standards (FISMA, NIST 800-18, 53, 53A, 53 Rev4, 30, 37, 60, and 137), and risk and business management into the RMF for information systems.
Performed continuous monitoring of security control effectiveness.
Education & Certifications
Bachelor of Arts: , Expected in Ahfad University - , GPA:
Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions. As such, it is not owned by us, and it is the user who retains ownership over such content.
How this resume score could be improved?
Many factors go into creating a strong resume. Here are a few tweaks that could improve the score of this resume:
