SUMMARY

• A self - motivated and analytic person with excellent communication and technical skills who combines professional and interpersonal ethics to accomplish the mission.
• Able to motivate, lead, and work with a team in IT Security.
• Seeking to utilize background and experience within a progressive and responsible position to enhance the confidentiality, integrity and availability of information systems.
• Experienced in Risk Assessment and Risk Management Frameworks (RMF)
• Using Webinspect, Nessus, Tenable, Netsparker, and Nexpose to perform vulnerability scanning
• Experience with Intrusion Detection/Prevention System (IDS/IPS) with tools like Snort
• Experience with Splunk in Security Information and Event Management (SIEM) environment.
• Experienced with NIST documents and FedRAMP compliance
• Experienced in Cloud Computing such as SaaS, PaaS, and IaaS
• Experienced in the development of System Security Plans (SSP), Contingency Plans, Disaster Recovery Plans, Incident Response Plans/Training, and Configuration Management.
• Plans, System Security Checklists, Privacy Impact Assessments, POA&M
• Familiar with VMware and Splunk
• Good communication and writing skills
• Over 3 years of experience working as Security Operation Center (SOC) Analyst
• Experienced working with NIST Volume 2, Fips 199, NIST SP rev 3 and rev 4
• FISMA Reports, Standard Operating Procedures (SOP) as part of POA&M remediation
• Experienced with Security Control Assessment and ATO packages.
• Familiar with network hardware and software devices such as Firewalls, Modems, Routers, Switches.

PROFESSIONAL EXPERIENCE

Confidential, Round Rock, TX

Technical Writer

Responsibilities:

• Wrote proposals for federal contract procurements
• Plan, develop, organize, proof, write and edit operational procedures and reports.
• Understand and translate operations related instructions, standards, regulatory requirements, test data/results, and various other highly technical information into written documents to prescribed department and procurement instructions.
• Research and gather technical and background information for inclusion in project documentation and deliverables.
• Applied for business certifications with System for Award Management (SAM) and General Services Administration (GSA)

Confidential, Austin, TX

Security Analyst/Technical Writer

Responsibilities:

• Wrote Identification and Authentication Standard (IA) based on NIST A and NIST B.
• Developed and edited publications such as Vulnerability Management Standard, Data Handling Guide, Acceptable Use Policy,
• Gathered security artifacts for assessment
• Managed Information Security mailbox by responding to inquiries and rerouting email to appropriate personnel
• Collect, organize, analyze and evaluate technical and non-technical information
• Transfer technical information into powerful graphs, flowcharts and tables or spread sheets for presentation as needed
• Analyzed reports generated by scanning tools by categorizing them according to the vulnerability priority level
• Provided recommendations on how to fix uncovered vulnerabilities and following their remediation process
• Developed Risk Register Process
• Wrote and published procedures on navigating publication sites on SharePoint
• Updated Security Assessment Report to comply with Security Controls
• Organized folders structure on SharePoint
• Wrote IT Alerts to send out to agency
• Worked with Subject Matter Experts to write processes and procedures

Confidential, Washington, DC

Security Analyst

Responsibilities:

• Using tools like Splunk and Arcsight to analyze and document Security Information and Event Management (SIEM) dashboard reports.
• Performing vulnerability scanning in accordance with NIST, using tools like Nessus, Nmap, WebInspect and Foundstone.
• Conducting Risk Assessment according to NIST SP
• Completing the Risk Management Framework (RMF) according to NIST in order to obtain ATO
• Proactively using Arcsight to help customers identify and prioritize security threats, organize and track incident response activities, and simplify audit and compliance activities.
• Assessing Security Controls implementation to ensure they meet security objectives
• Reviewing and updating ATO package documents such as SSP, POA&M, IR, BCP/DRP, BIA, PTA.
• Experience with FedRAMP to provide a standardized approach to cloud services-SaaS, PaaS, and IaaS.
• Experience with International Organization for Standardization (ISO) 27001 as equivalents of NIST Security Control Guide.
• Experience with Payment Card Industry Data Security Standards (PCI/DSS).
• Perform specific quality control for packages validation of Risk Assessment, (RA), FIPS-199 Categorization, PTA, PIA, SORN, E-authentication.

Confidential, Virginia

Information Security Analyst

Responsibilities:

• Participating in vulnerability management program
• Experience using scanning tools like Nessus Tenable, Webinspect.
• Supporting client in creating memos for POA&M that past schedule completion date (SCD).
• Supporting client in creating SOP (Standards Operating Procedures) as part of POA&M remediation.
• Performing data gathering techniques (e.g. questionnaires, interviews and document reviews) in preparation for assembling A&A packages.
• Updating Plan of Action & Milestones (POA&M) and Risk Assessment based on findings assessed through monthly updates.
• Reviewing Technical, Operational and Management Security Controls and providing implementation responses as to if/how the Systems are currently meeting the requirements.
• Reviewing organizational policies, standards and procedures and providing advice on their adequacy, accuracy and compliance with the Payment Card Industry Data Security Standard (PCI/DSS).
• Assisting in conducting the Security Control Assessment meeting (SCA) Kick-off Meeting and populate the Requirements Traceability Matrix (RTM) according to NIST SP A.
• Checking Security controls implementation for compliance with FedRAMP and Cloud services - SaaS, PaaS, and IaaS.
• Analyzing malicious vulnerability exploit attempts from the Security Operation Center (SOC)