OBJECTIVES:

Over 9 years combine experienced Network Engineer and Information Security Analyst looking to secure a responsible position that will challenge my abilities, allowing me to fully utilize my problem - solving skills, organizational and communication skills where I can develop an employee-oriented company culture that emphasizes in quality, continuous improvement and high performance . An effective team leader with an excellent background in wide variety of professional system support and solution-based IT services. A strong advocate of team work, and continuous self-improvement with a track record for delivering results.

SUMMARY:

• Ability to perform privacy, technical, operational and management security control assessments and reviews.
• Ability to conduct security tests and evaluations (ST&Es) guided by Confidential SP 800-53A.
• Ability to create and update Security Assessment and Authorization (SA&A) documentation in line with company, industry and national standards.
• Ability to generate residual risk reports in order to update the POA&M.
• Have excellent analytical skills
• Have excellent inter-personal skills Have effective written and verbal communication skills.

TECHNICAL PROFICIENCY AND EXPERTISE:

Nmap, VMware vCenter, OpenVAS, P2 Commander, FTK, OWASP/Remediation, Nessus ACAS, CSAM, POA&M Management, Application Lifecycle Management (ALM), Risk Management Program Symantec, NetApp Snap Protect, FedRAMP, Remedy Ticketing system, Macintosh Computers, ASA Firewall, Vulnerability Assessment, Knowledge of (Splunk, Trend Micro, Tanium and Active Directory), Security Assessment & Authorization, Risk Assessment, SSP, ST&E, Windows MS-PROJECT, MS Office, MS-Outlook, MS-Spreadsheet, MS-Visio

WORK EXPERIENCE:

Confidential

RMF Analyst

Responsibilities:

• Oversee and actively manage relationships for assigned systems, ensuring vendors comply with agency security and privacy requirements.
• Achieved and exceeded 100% POA&M closures target for the US Census for the month of July.
• Actively coordinate with the infrastructure teams to plan, develop, implement and test security controls.
• Support the integration of security across the SoS lifecycle.
• Provided weekly risk management status reports to the Department under Secretary personnel for review and evaluation to drive executive management’s decisions.
• Ensure preparation and update of Security plans for information systems as assigned
• Attend and complete required security awareness and role-based training.
• Lead the development and maintenance of security documentation.
• Assess vulnerabilities to ascertain if additional safeguards are needed and ensure systems are patched and security hardened at all levels of the “stack,” and monitor to ensure vulnerabilities are remediated as appropriate.
• Actively manage vulnerabilities mitigation commitments from the integration team.
• Assist in establishing rules for program/project vulnerability scans, risk analyses and security.
• Analyze and define security requirements for information protection.
• Analyze Decennial change requests for security impacts and provide recommendations.
• Execute with limited direction or conceptual direction, anticipating customer needs and proactively supporting those needs.
• Assist in establishing and implementing a Continuous Diagnostics and Mitigation (CDM) capability with integrated security controls.
• Assist in establishing a continuous monitoring strategy to proactively survey, monitor, and track security-related defects and the status of their resolutions.
• Review program/project vulnerability scan results and report findings.
• Monitor for security breaches and participate in incident response activities and investigation of security breaches.
• Capture ATO artifacts that support independent assessment activities. Consolidate ATO artifacts for input into the Confidential Risk Management Processing System.
• Present status of RMF efforts to Government customer and program meetings as required.

Confidential

Security Control Assessor

Responsibilities:

• Conduct FISMA-based security risk assessments for various systems and applications
• Assist System Owners and ISSO in preparing certification and Accreditation package
• Grounded knowledge in all phases of security Assessment and Authorization including interviews
• Created post assessment reports and recommendations for security relevant findings.
• Conduct security control assessments to assess the adequacy of management, operational, privacy, and technical security controls implemented.
• Participates in security related projects including planning, research, testing and implementation
• Provide ISSO with composite reports detailing audit findings and recommendations to correct identified vulnerabilities
• Familiar with Confidential Publications SP 800-18, SP 800-30, SP 800-37 rev 1, SP 800-53 rev 4, SP 800-53A, SP 800-60 and Federal Information Processing Standards (FIPS) - FIPS 199 and FIPS 200
• Coordinated scans with ISSOs and Security Engineers as requested for FISMA compliance.
• Assist with overall review of policy, process improvement, and technical advances in IT Security
• Knowledge of FISMA, Confidential 800 -60/FIPS199 to categorize information system
• Participated, as required, in the Security Assessment and Authorization (SA&A) process
• Performed risk assessments, developed and review System Security Plans (SSP), Plans of Action and Milestones (POA&M), Security Control Assessments, Configuration Management Plan (CMP).
• Contingency Plans (CP), Incident Response Plans (IRP), and other tasks and specific security documentation in accordance with Confidential SP 800-37 rev 1, 800-18, 800-53 rev 4 and 800-34

Confidential, Glendale MD

System Security Analyst

Responsibilities:

• Responsible for all phases of C&A to ensure compliance and provide guidance on IT Security requirements to assigned Stakeholders.
• Conducted meetings with the IT project teams to gather documentation and evidence about their system operating environment.
• Examined artifacts, conducted interviews, and performed manual assessments.
• Analyzed automated scan results/reports, populated the Requirements Traceable Matric (RTM) with results of ST&E.
• Created and maintained user’s accounts, profiles, security, rights disk space and process monitoring.
• Experienced in system classification and categorization using the RMF processes to ensure system CIA
• Contingency Plans (CP), Incident Response Plans (IRP), and other tasks and specific security documentation in accordance with Confidential SP 800-37 rev 1, 800-18, 800-53 rev 4 and 800-34.
• Developed Security Assessment Report (SAR) detailing the results of the assessment
• Manage Nessus scanning for vulnerabilities, reporting and remediation.
• Develop and conduct ST&E (Security Test and Evaluation) according to Confidential SP 800-53A
• Familiar with Confidential publication; FIPS 199, SP 800-60, SP 800-53rev4, SP -800-137
• Develop and update POA&M
• Usage of testing scans and tools to check for vulnerabilities in code and systems
• Develop, review and evaluate System Security Plan
• Perform comprehensive assessments and write reviews of management, operational, technical and privacy security controls for audited applications and information systems

Confidential

Network Engineer

Responsibilities:

• Setting up and the management of LAN and the general Network of the Data Processing Unit/ Management Information System (MIS) Department.
• Designed and implemented remote dial up solution for clients with application errors.
• Assisted the senior network engineer with all software and hardware applications and routers.
• Ran all back-ups and maintenance checks on a weekly basis as requested by the senior network engineer.
• Installed all software and hardware applications, routers and drives on out of date systems.
• Configured all errors and technical problems with routers and drives on out of date systems