DOD Secret Clearance (Active) | United States DHS Suitability (Active) | Secret Clearance (Active
PROFESSIONAL SUMMARY
An enthusiastic Information Technology professional with 5 years of experience in managing and protecting enterprise information systems, through Assessment and Authorization (A&A) in accordance with the Federal
information Security Management Act (FISMA), with an in-depth knowledge of Risk Management Framework (RMF) using NIST and FIPS standards throughout the System Development Life Cycle (SDLC). Possesses strong
communication skills and comfortable in team-based or single focused roles and detail oriented. I can offer loyalty, strong work ethic and utilize knowledge, experience, abilities, and skills to further benefit the company. Results-driven IT professional with notable success in planning, analysis, and implementation of security initiatives. Strengths in providing comprehensive network design and security frameworks. Certified in [Area of certification].
Security Policy: FISMA/NIST/RMF/FIPS
Tools: Nessus/Xacta 360/eMASS/ACAS/ DISA-STIG POA&M tracking or FISMA Vulnerability scanning tools like Nessus, Weblnspect, Qualys, AppDetective and Fortify c)
IDS/IPS such as Snort IDS, (Silent Note: Others are Cisco IPS, Bro, and Security Onion) d) SIEM tools like Splunk Pentest tools like Kali Linux, Nmap,, WireShark, and Metasploit.
Computer: Microsoft Office Suite, Adobe, Excel, Share Point, Remedy Ticket System.
Networking: LAN/WAN/TCP-IP/INTERNET
Operation Systems: . Windows (XP Office)
- Implementing security prograMicrosoft Office Suite
ā SharePoint
ā Access
ā Nessus
ā Vulnerability Scanning
Tool
ā Joint Personnel Adjudica-
tion System
ā Passage Point
ā Remote access
service (RAS)
ā Delegation
ā Microsoft Windows
ā Negotiation
ā Vendor Management
ā Communication
ā Decision Making
ā IT Management
ā Remedy Ticket System
ā Help Desk Support
ā Project Management
ā Cyber Threats
ā Incident Response
ā Adaptability
ā Customer Service
ā Conflict Management
ā Operations Analysis
Certified Ethical Hacker (CEH)
Ā· Security Plus CE
Ā· Linux (in Progress)
Ā· AWS Certified SJessications Architect
Ā· NCIC Certification
Ā· Splunk Enterprise Certified Admin
Beaumont, TX, 10/2019 - Current
- Reviewing, maintaining, and ensuring all Assessments and Authorizations (A&A) documentation are included in system security package.
- Ensure Implementation of appropriate security control for Information System based on NIST Special Publication 800-53 rev 4, FIPS 200, and System Categorization using NIST 800-60, and FIPS 199.
- Review and update remediation on (POAMs), in organization's Cyber Security Assessment and Management (CSAM) system. Work with system administrators to resolve POAMs, gathering artifacts and creating mitigation memos, residual risk memos and corrective action plans to assist in the closure of the POA&M.
- Perform vulnerability and baseline scans, using tools such as Tenable Nessus, CIS-CAT, Retina Vulnerability scanner, analysis scan results and document findings in POA&M.
- Collaborate with system administrators to remediate (POA&Ms) findings. Ensure vulnerabilities and risks are efficiently mitigated in accordance with the organization continuous monitoring Plan.
- Monitor controls post authorization to ensure continuous compliance with the security requirements.
- Identify new, maintain and disposal of information system inventory in accordance with established policies and procedures, ensure accurate configuration management and property accountability.
- Modify and maintain procedures, operational process document, change control document, operational checklist, detailed system specifications and procedures.
- Develop training materials for employees on data protection.
- Conducted security assessment interviews to determine the Security posture of the System and to develop a Security Assessment Report (SAR) in the completion of the Security Test and Evaluation (ST&E) questionnaire using NIST SP 800-53A required to maintain Company Authorization To Operate (ATO), the Risk Assessment, System Security Plans, and System Categorization.
- Performed information security risk assessments and assist with the internal auditing of information security processes. Assessed threats, risks, and vulnerabilities from emerging security issues and also identified mitigation requirements.
- Exposed to Vulnerability scanning and assessment tools such as Retina, Nessus and CSAM.
- Performed Security Assessment (Assessment and Authorization (A&A)) on moderate information systems as part of an active third-party assessment organization in accordance with National Institute of Standards.
- Complete comprehensive test plans for identified security controls following NIST 800-53, FedRAMP guidance, and/or agency-specific guidance.
- Responsible for performing security control compliance reviews, tracking, and continuous monitoring of assessment packages.
- Advise and assist with the Lifecycle Assessment and Authorization (A&A) process and developing a Security Assessment Report (SAR).
- Monitor and track projects in the assessment test queue.
- Maintain a document repository where A&A project documentation is stored.
- Record/register actions concerning project approvals to operate.
- Read and analyze SSPs and develop understanding of systems and applications into security test plans. Coordinate A&A actions and system testing with appropriate security personnel.
- Develop risk assessment reports.
- Assemble and submit C&A packages to Principal Accreditation Authority/Designated Accreditation Authority.
- Review IA Compliance Validation Tests and Reports.
- Responsible for execution, review and interpretation of automated vulnerability scans utilizing industry standard tools.
Honolulu, HI, 01/2018 - 10/2019
- Performed assessment of information systems, based upon the Risk Management Framework (RMF)
- Conducted security testing and security control assessments on federal applications and general support systems to ensure compliance with the NIST SP 800-53 Rev. 4, NIST 800-37 Rev.1, and agency-specific requirements.
- Evaluate Authorization packages and make authorization recommendations.
- Review and compile the security control implementations, test results, Security Assessment Reports (SARs), Plan of Action and Milestones (POA&M), risk acceptance recommendations, and risk mitigation strategies to support the recommendation for client risk acceptance authorization decisions.
- Analyze results from vulnerability scanning tools such as Nessus, HP WebInspect, QualysGuard, AppDetective, and Burp Suite.
- Experienced reviewing/updating SSPās
- Created, monitored, and updated the status of Plan of Action & Milestones (POA&Ms) to ensure weaknesses are resolved in accordance to their scheduled completion dates.
- Performed annual assessments in accordance with guidance.
- Performed reviews and update security authorization documents as needed, but at least annually.
- Support system self-assessments as part of an ongoing Authorization program Interface with User Agency representatives and management to answer questions, conduct audits, provide feedback.
- Updated, implement and maintain procedures and SOPs.
- Perform assessment of information systems, based upon the Risk Management Framework (RMF)
- Conduct security testing and security control assessments on federal applications and general support systems to ensure compliance with the NIST SP 800-53 Rev. 4, NIST 800-37 Rev.1, and agency-specific requirements.
- Review and compile the security control implementations, test results, Security Assessment Reports (SARs), Plan of Action and Milestones (POA&M), risk acceptance recommendations, and risk mitigation strategies to support the recommendation for client risk acceptance authorization decisions.
City, STATE, 07/2016 - 01/2018
ā¢ Reviewing and Assessing SSP and preparing Authorization Package: System Security Plan (SSP), Security
Assessment Report (SAR), and Plan of Action and Milestones (POA&Ms).
ā¢ Validate and review RMF documentation in accordance to maintain Authorization to Operate (ATO).
ā¢ Continuously maintaining a comprehensive list of STIGs applicable to client information systems based on RMF
control selection, system owner/administrator interviews and detailed analysis of Host Based Security System
(HBSS) data (where available), ACAS scans, and reports.
ā¢ Evaluate information systems for compliance with Defense Information Security Agency (DISA) Security
Technical Implementation Guideline (STIG) and review measures needed to bring systems into compliance.
ā¢ Generate and review ACAS scans including STIG related findings, upload results to program dashboard. Provide
input to IAO for mitigation POA&Ms and A&A Plans.
ā¢ Participate in the development and implementation of enterprise-level policy directives and other guidance
materials; disseminates policy directives, including the development of supplemental guidance materials essential
to ensure affected organizations' understanding of implications for their operations.
ā¢ Analyze current cybersecurity policies, processes, capabilities, authorities, architectures for applicability and
responsibilities; Provide recommendations for improvements on proposed policies and strategies
ā¢ Experience preparing, processing, assessing, validating and maintaining DIACAP and RMF packages using
eMASS and XACTA tools.
ā¢ Executing Security Assessment methodology (examine, interview, test) procedures in accordance with NIST SP
800-53A Rev 4.
ā¢ Conduct Security Assessment interviews to determine the security posture of the system and develop a SAR
containing the results and findings. Provide technical security strategy, standards, and best practices for security
categorizations (Low, Moderate and High) and NIST, FISMA, and other applicable guidance.
ā¢ Experience with cr The Information System Security Officer (ISSO) supports FISMA compliance. Experienced ISSO working with multiple system Security and Assessment Authorization documentation including SSP, FIPS199, PIA, Risk assessment, etc. Experience working with NIST 800-53, FIPS 199, NIST RMF and some Cloud Systems experience (FedRAMP/ AWS)
By clicking Customize This Resume, you agree to ourĀ Terms of UseĀ andĀ Privacy Policy
Disclaimer
Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions. As such, it is not owned by us, and it is the user who retains ownership over such content.
How this resume score
could be improved?
Many factors go into creating a strong resume. Here are a few tweaks that could improve the score of this resume:
resume Strength
- Measurable Results
- Personalization
- Target Job
Resume Overview
School Attended
- Vauxall University
Job Titles Held:
- Information Systems Security Officer
- Information Security Analyst
- Information Security System Officer
Degrees
- Bachelor of Science
By clicking Customize This Resume, you agree to ourĀ Terms of UseĀ andĀ Privacy Policy
