SUMMARY:

• Results - driven Information Security Specialist with 8 years of combined work experience in Information Security and Information Technology with proven knowledge and ability to effectively utilize information security tools, technologies, controls, policies and procedures implementation and best practices to prevent and mitigate organization risks.
• Proficient and experience in all aspects of Information Systems Audits, Security Authorization (SA) and Continuous Monitoring process with emphasis on Federal Information Security Management Act (FISMA), using National Institute of Standard Publications SP 800-37 Rev. 1, SP 800-53 Rev. 4, SP 800-53 A Rev.4, SP 800-53 A Rev. 1, SP 800-137, FIPS 199, FIPS 200, FIPS 800-60, SP 800-30, SP 800-39, SP 800-34 Rev. 1, SP 800-18 OMB A-130 App. III and industry best security practices.
• Experience in vulnerability management scanning and identifying gaps/issues using security assessment tools such as Nessus, App Detective, Hp Web Inspect, IBM Appscan, Nipper, Retina Network Security Scanner (RNSS), and Nmap.
• Excellent knowledge in Risk Assessment and Risk Management Framework (RMF).
• Extensive knowledge of Platforms like Microsoft Windows (Windows 7/Windows 8, Window Server 2003-2012).
• Excellent knowledge in Information Security Policies and Procedures development, documentation and review.
• Ability to work independently and take ownership of and complete relatively complex tasks, effectively using available resources, as needed, with minimal guidance.
• Excellent knowledge in developing System Security Plans (SSPs), Security Assessment Plan (SAP), Security Assessment Report (SAR), POA&M Matrix Validation, Risk Assessment Report (RAR) and System Requirements Traceability Matrices (SRTMs).
• Experience in Analyzing and Responding to Security Events and Incidents with Security Information and Event Management System (SIEM)

PROFESSIONAL EXPERIENCE:

Continuous Monitoring/ Cyber Security Analyst

Confidential

• Assist with analyzing, developing, implementing, integrating and maintaining secure Agency IT solutions
• Responsible for compiling and submitting security authorization packages for IA security control assessor (SCA) review and assessment in accordance with NIST 800-37 standards.
• Prepare assessment and risk reports for HHS.
• Working collaboratively with system owners and engineers to respond to SCA findings and identify, implement, and document mitigating controls.
• Responsible for ensuring IT systems have all security controls in place and functioning properly in accordance with NIST 800-53rev4 publication.
• Conduct, evaluate and analyze vulnerability results from NESSUS, AppDetective and WebInspect.
• Administers the Physical Security Program for the organization. Uses comprehensive knowledge of the integrated organization's mission to advise commanders and or involved parties on security facilities/equipment/ alarm installation
• Implemented a robust continuous monitoring program utilizing a NIST SP 800-137 compliant Information System Continuous Monitoring (ISCM) strategy and plan with ForeScout, RES, BigFix, Archer Splunk Enterprise Security Information and Event Manager (SIEM) tool.
• Conduct Privacy Impact Analysis (PIA) of the applications security design for the appropriate security controls, which protect the confidentiality and integrity of Personal Identifiable Information (PII).
• Performe independent compliance reviews, tracking and continuous monitoring of newly submitted C&A packages.
• Assist in providing serves as the organization's representative for Industrial Security issues. Maintains an in-depth knowledge of multiple customer missions in order to facilitate the protection of classified and SCI access as required by contract performance.

Cyber Security Analyst

Confidential

• Conduct Information System Audit (Security Control Assessment) and Security Authorization (SA) using NIST Risk Management Framework SP 800-37 guide.
• Responsible for developing security authorization packages such as Security Assessment Plan (SAP), Security Assessment Report (SAR), Risk Assessment Report (RAR) and Plan of Action and Milestones (POA&M).
• Conduct Security Assessment execution via document examination, interviews and automated Testing tool.
• Populate the Requirements Traceability Matrix (RTM) with results of SCA.
• Provide independent security assessment for information systems as required by federal governance.
• Part of the team that provide serves as security program specialist executing and enforcing compliance with operational, functional, and mission assurance aspects of an integrated information security program.
• Responsible for analyzing and assessing Network Infrastructures, Web applications and Database vulnerability to ensure that systems security controls are sufficient to meet NIST SP 800-53 Rev. 4 control baseline, and other technical standards & guidelines.
• Review and evaluate operations to appraise the effectiveness of policies and programs. Identifies deficiencies and recommends appropriate action.
• Utilize Nessus, App detective and IBM Appscan assessment tools to ensure compliance & continuous monitoring requirements.
• Analyze vulnerability scans results and conduct risk assessments of findings with the information system owner.
• Conduct SCA findings meeting with the System Owner, ISSO and other system personnel as required.
• Responsible for reporting activities of information systems on all phases of the Security Authorization to management and to ensure compliance and provide guidance on IT Security requirements for Information Systems.
• Serves as the primary certifier main liaison and driving force for all Information Systems Audits (Security Control Assessment) and Security Authorization (SA) efforts to include completion of FIPS-199, System Security Plan (SSP), Independent Security Assessment Report, Contingency Plan, Contingency Plan Test Report, Configuration Management Plan, Plan of Actions and Milestones, Independent Penetration Test Report documenting, Code Review Report and Authorization to Operate (ATO) Letters.

Security Control Assessor

Confidential

• Reviewed Security & Authorization package which includes System Security Plans, System Categorization Documents, Risk Assessments, Plan of Action and Milestones.
• Participated in client interviews to determine the Security posture of the System and to assist in the completion of the Security Assessment Plan using NIST SP 800-53A test required to maintain Company Authorization to Operate (ATO), the Risk Assessment, System Security Plans, and System Categorization
• Responsible for ensuring that Security Authorization documents, Plan of Action and Milestones (POA&M) and artifacts are maintained and updated in accordance NIST guidelines.
• Supported the Information Assurance (IA) team to conduct risk assessments, documentation for Security Control Assessment, systems analysis and hardening, vulnerability scanning, using Nessuss, appdetective and webinspect
• Part of the team that analyzed and performed technical and non-technical security risk assessments of computer and network systems via network scans, interviews, documentation review and walk-through of both new and existing federal information systems for FISMA compliance using NIST guidelines and controls

Information Security Analyst

Confidential

• Performed installation, configuration and maintenance of client computer software and hardware. This included local and network printer maintenance, diagnosis and troubleshooting.
• Re-imaged computers and different applications applicable to each departmental function, and create users accounts.
• Monitored Remedy queue for new call tickets to resolve them.
• Monitored system performance, gathered data, and prepares management reports.
• Performed data backups and disaster recovery operations on servers using VERITAS NetBackup application
• Provided day-to-day Management of the Help Desk and Network Administration personnel assigned to the Information Technology Department. Support all requirements needs by the engineering staff with respect to Repairs, Office Applications, E-mails, Internet (Support-Desk Administration).
• Performed installation, configuration and maintenance of client computer software and hardware. This included local and network printer maintenance, diagnosis and troubleshooting.
• Assembled, troubleshot and repaired computer systems (clone desktop system) as well as network components/devices (LAN/WAN
• In-Depth Hands-on Experience Analyzing and Responding to Security Events and Incidents with a Security Information and Event Management System.
• Strong knowledge of cyber security attack methodology to include tactics and techniques, and associated countermeasures, Strong Knowledge of Tcp/Ip, Protocols, Services, Networking, and Experience Identifying, Analyzing, Containing, and Eradicating Cyber Security Threat.
• Strong knowledge of cybersecurity attack methodology to include tactics and techniques, and associated countermeasures.
• Cybersecurity Analyst/Engineer in a security operations center prior work with Cybersecurity attacks countermeasure for malicious code and DDOS.
• Strong Knowledge of Tcp/Ip Protocols, Services, Networking, and Experience Identifying, Analyzing, Containing, and Eradicating Cybersecurity Threat