SUMMARY:

• An energetic IT Security Analyst with over 8 years of experience in Information Technology, 5 years as a Security Analyst/ Security Assessor.
• I have a great mastery of the Risk Management Framework, FISMA Compliance, Security Control Assessment, developing and updating key Assessment and Authorization package documents (SSP, SAP, SAR and POA&M) for systems before they are moved into operations.
• I also have experience in providing recommendations for mitigating organizational risk using Confidential Special Publication 800 - Series and ISO 27001.
• Prior to transitioning into Security, I worked as a Unix/Linux Systems administrator where I performed several Systems administrator tasks.
• I am a very effective team player with exceptional writing and verbal communication skills.
• I also excel in fast-paced and challenging environments where accuracy and efficiency matter.

SKILL:

Linux/Unix (3 years), VMware (3 years), Microsoft Office 365(6 years), Bash scripting (3 years), R/R studio (2 years), MySQL/Sql (3 years), puppet (2 years), Nagios (2 years) Security (5 years), Risk Assessment (5 years), FISMA (5 years), RMF (5 years), Confidential 800-series (5 years), Cyber Security Assessment &Management-CSAM (5 years), DIACAP

PROFESSIONAL EXPERIENCE:

Senior Security Analyst/Senior Technical writer

Confidential, Alexandria, VA

Responsibilities:

• Provide technical writing services to include SOPs, standard documentation, handbooks and directives
• Review client, third party and subcontractor contract language to identify information security requirements
• Provide technical and editorial review and analysis on cybersecurity documentation
• Ensure policies and procedures align with federal cybersecurity policies and standards, including Confidential cybersecurity Framework
• Manage tasks assigned within scope, quality and timeframe allocated with PM supervision.
• Collaborate with other security team members to highlight gaps or concerns with existing processes and standards
• Collaborate with other security team members to highlight gaps with existing security standards.
• Deliver strategic research, analysis and reporting for security oversight and integration
• Deliver knowledge management documentation including SOPs to provide detailed guidance for both technical and nontechnical audience
• Edit documentation produced by subject matter security analysts for clarity, tone and impact
• Research and gather technical and background information for inclusion in project documentation and deliverables
• Work effectively with Project Manager to deliver tasks accurately and on time.

Cyber Security Analyst

Confidential, MD

Responsibilities:

• Perform Risk Management Framework (RMF) using NIST as guide
• Update System Security Plans (SSP) using Confidential as a guide
• Support client in creating findings as part of POA&M remediation efforts using CSAM
• Experience conducting Risk Assessment (RA) using NIST to obtain Authorization to Operate (ATO)
• Assess security controls implementation to ensure they meet security objectives
• Monitor controls post authorization to ensure continuous compliance with the security requirements
• Perform gap analysis between Confidential rev3 and Confidential rev4.
• Review Privacy Impact assessment (PIA) document after a positive Privacy Threshold Assessment (PTA) is created to ensure PII findings are recorded in the System of Record Notice (SORN)
• Review authorization documents for accuracy and completeness
• Examine, interview and test security controls using Confidential A as a guide
• Validate information system security plans to ensure Confidential control requirements are met
• Provide continuous monitoring based on FISMA standards and recommendations

Information Security Analyst

Confidential, MD

Responsibilities:

• Supported all assessment and authorization phases
• Conducted security control assessments on general Support Systems
• Used FIPS 199 and Confidential SP to assist with information system identification and categorization
• Coordinated remediation approach and reported POA&M status and proposed mitigation strategies and cost
• Ensured that all policies reflect current standards in place including FISMA and other industry standards.
• Conducted meetings with the IT Team to gather evidence and documentation to support effective control implementation
• Documented and reviewed System Security Plan (SSP), Security Assessment Report (SAR) and Plan Of Action and Milestone (POA&M)
• Provided continuous monitoring support for control systems in accordance with FISMA guidelines

Windows/Linux Systems Administrator

Confidential, Baltimore, MD

Responsibilities:

• Configured local repository for online software management and system maintenance
• Maintain file system and host security permissions
• Created and managed swap and file systems
• Managed users and servers in Active Directory and Group Policy
• Configured and managed network interfaces
• Created user accounts and passwords to clients
• Participated in server tuning and performance
• Monitored server and application performances
• Performed system upgrades via RPM and Yum package manager
• Used puppet for system automation to deploy packages
• Performed monthly and routine patching