It Security System
Resume:
Salifu Conteh
Stafford Virginia *****
Email: ad64cw@r.postjobfree.com 215-***-****)
CLEARANCE LEVEL: SECRET. WORK AUTHORIZATION: US CITIZEN OBJECTIVE:
A self-motivated and passionate analytic person with excellent communication skills who combines professional and interpersonal skills to accomplish the mission, vision, and goal of an organization. Ability to motivate, lead, and work with a team in IT Security. Seeking to utilize background and experience within a progressive and responsible position, attention to detail, and passion for excellence to enhance the confidentiality, Integrity, and availability of the information system.
10 + years of IT Security experience
Qualifications Summary and Technical Experience
Review the System Security Plan (SSP) using NIST SP 800-18 as a guide
Participated in the FIPS 199 process in which Security Categorization takes place, and selected the Technical, Operational, and Managerial Controls using NIST SP 800-60 guidelines.
Reviewed E-Authorization document using NIST 800-37 as a guide
Ability to develop POA&M (Plan of Action & Milestones) document to take corrective actions resulting from ST&E (System Test & Evaluation)
Data Loss Prevention (DLP) Event Handling.
Cybersecurity-related governance, risk & compliance.
Reviewed and updated Risk Assessment (RA) using NIST SP 800-30 guidelines.
Understanding of IT Security Compliance work, including demonstrated experience documenting/reviewing policy, Plan and Procedures, and IT Security artifacts following NIST.
Review and assist in eMass and Networking.
Professional knowledge in supporting and guiding System owners through the NIST Risk Management Framework & Systems Assessment and Authorization processes.
Led change management activities
Professional Experience
Information Security Analyst,
August 2023 to date:
SECURITAS CRITICAL INFRASTRUCTURE SERVICES, INC.
Provides first contact and incident resolution to customers with hardware, software, and application problems. Includes both customer telephone support as well as electronically submitted requests.
Perform systems administration of desktop systems connected to local and wide area networks. Provide desktop system management/maintenance responsibilities involving account monitoring, account creation, security, Operating System (OS) installation, and other local area system administration-related functions.
Monitor systems/networks in real-time NOSC environment and initiate fix actions or problem escalation to Tier II/Tier III admins.
Provide support for implementation, troubleshooting, and maintenance of IT systems.
Manage IT system infrastructure and any processes related to these systems.
Provide support to IT systems including day-to-day operations, monitoring, and problem resolution for all the
client/server/storage/network/print devices, and mobile devices.
Provide polite and friendly customer service.
Attempts to resolve as many incidents as possible during the first contact, or at Tier I/II. Efficiently escalates incidents to Tier III when required.
Documents incident status and solutions in incident database tools.
Possesses current working knowledge of computers, printers, laptops, and common Windows applications.
Work through various types of Tiers I issues with telephone assist.
Provides answers to Frequently Asked Questions or solutions to common problems as part of a customer self-help capability. Possesses comprehensive knowledge of the principles, methods, and techniques used in computer troubleshooting and support.
Possesses comprehensive knowledge of desktop operating systems and applications.
Responsible for implementing and enforcing an Information Assurance (IA). Data Loss Prevention (DLP) Event Handling
Cybersecurity-related governance, risk & compliance
Ensured all systems and applications were certified and accredited and that RMF packages were processed, reported, and coordinated in a timely fashion with the organization.
Assisted subordinate IAMs in creating RMF artifacts and Plans of Action and Milestones (POA&Ms).
Ensured POA&M mitigations and timelines were adhered to and documented any changes that occurred.
Applied mastery of IT system security principles, concepts, and methods, including state-of-the-art and emerging techniques and products, to recommend appropriate technical strategies to resolve. complex and persistent IT security challenges.
Reviewed the status of Information Systems for modifications and assessed the impact on current system accreditation.
Validated system requirements, security policies and procedures, contingency plans, incident response plans, personnel security, access control mechanisms, and identification and authentication. mechanisms.
Performed technical assessments to ensure the system or application proposed for accreditation or connection met the classification and sensitivity levels of the systems and applicable policies, regulations, and standards.
Ensured the implemented security safeguards were adequate to assure the integrity, availability, and confidentiality of the information being processed, transmitted, or stored consistent with the level of sensitivity of that information.
Ensured system POA&M mitigations and timelines were adhered to and documented all changes that occurred.
Responsible for 4 accredited systems and ensuring that system.
Security postures.
Work with business process owners to ensure timely identification. And remediation of jointly owned risk-related issues and action plans.
Perform comprehensive Security Controls Assessment (SCA) and write. reviews of management, operational, and technical security controls for audited applications and information systems.
Manually reviewed logs and provided documentation guidelines to business process owners and management
Contribute to initiating FISMA metrics such as Annual Testing, POA&M Management, and Program Management.
Cyber security Specialist
February 2015 -September 2021
Brian’s House INC: Cyber security Specialist, under the chief information security officer
(CISO).
Skills & Tasks My key responsibilities as a Cyber Security Specialist
Scorecard Metrics
Updating all components on SharePoint and Splunk.
Cybersecurity-related governance, risk & compliance
Assist with the preparation and maintenance of documentation.
Data Loss Prevention (DLP) Event Handling
TECHNICAL SKILL
Assist with the CM for information system security software, hardware, and firmware.
Maintain records on workstations, servers, routers, firewalls, intelligent hubs, network switches, etc. including system upgrades.
Propose, coordinate, implement, and enforce information systems security policies, standards, and methodologies.
Develop and maintain documentation for C&A by ODNI and DoD policies Provide CM for security-relevant information system software, hardware, and firmware (U) Develop system security policy and ensure compliance Evaluate security solutions to ensure they meet security requirements for
processing classified information
Maintain operational security posture for an information system or program Provide support to the Information System Security Manager (ISSM) for Maintaining the appropriate operational IA posture for a system program, or enclave.
Develop and update the system security plan and other IA documentation. Assist with security aspects of the information system and perform day-to-day security operations.
Schedule automation accounts of Cloud-hosted environments from Azure Portal, ticket generation to Microsoft.
Good knowledge of cloud computing and basic knowledge of Azure and other cloud service providers.
Developed an IT Strategy including implementation of a $3M IT program including an ERP and document management platform.
My tech experience includes MS SQL Server, IIS, and Cloud computing technologies like AWS, Azure, Kubernetes, etc.
Working on AWS Cloud computing, designing and implementing new APIs, and enabling new integrations to automate tasks.
Analysis, design, and implementation of cloud computing solutions in the SFDC. Key Duty
Conduct access control verification and secure highly classified information.
Verify and grant access of cleared individuals to sensitive compartmented information.
Reviewed the status of Information Systems for modifications and assessed the impact on current system accreditation.
Validated system requirements, security policies and procedures, contingency plans, incident response plans, personnel security,
access control mechanisms, and identification and authentication. mechanisms.
Performed technical assessments to ensure the system or application proposed for accreditation or connection met the
classification and sensitivity levels of the systems and applicable policies, regulations, and standards.
Ensured the implemented security safeguards were adequate to assure the integrity, availability, and confidentiality of the information being processed, transmitted, or stored consistent with
the level of sensitivity of that information.
Work with a team of information security professionals to conduct Security Authorization packages based on NIST standards for
general support systems and major applications.
Provide security support to government and contractor personnel Provide input to management on appropriate FIPS 199 impacts
level designations and identify appropriate security controls. on the characterization of the general support system or major applications Work in the command center as a part of the special operations unit, developing knowledge and experience with Google Drive, and utilizing SharePoint for document management and storage system
Work with the Certification and Accreditation team to conduct risk assessment; updated System Security Plan (SSP), contingency plan (CP), Privacy Impact Assessment (PIA), and Plan of Action and Milestones
(POA&M)
Update Plan of Action & Milestones (POA&M) and Risk Assessment based on findings assessed through monthly updates.
Conduct an assessment of controls on Information Systems by interviewing, examining, and testing methods using NIST SP 800-53A as a guide.
Create, update, and review System Security Plans using NIST 800-18, Contingency Plans using NIST 800-34, NIST 800-30, and Incident Reports using NIST 800-61.
Front Desk Technician.
January 2010 to May 2013
Marie Stops Sierra Leone
Freetown Sierra Leone
Skills & Tasks
My key responsibilities as Cyber Security Analyst
Data Loss Prevention (DLP) Event Handling
Cybersecurity-related governance, risk & compliance
Assist with the preparation and maintenance of documentation.
Assist in the evaluation of security solutions to ensure they meet security. requirements for processing classified information
Assist with the CM for information system security software, hardware, and firmware
Maintain records on workstations, servers, routers, firewalls, intelligent hubs, network switches, etc. including system upgrades.
Propose, coordinate, implement, and enforce information systems security. policies, standards, and methodologies
Develop and maintain documentation for C & A in ODNI and DoD policies
Provide CM for security-relevant information system software, hardware, and firmware (U) Develop system security policy and ensure compliance.
Evaluate security solutions to ensure they meet security requirements for processing classified information
Maintain operational security posture for an information system or program.
Provide support to the Information System Security Manager (ISSM) for maintaining the appropriate operational IA posture for a system, program, or enclave
Develop and update the system security plan and other IA documentation. Assist with the management of security aspects of the information system and perform day-to-day security operations of the
Providing Risk assessment, RMF Accreditation, Vulnerability Management, and Security Analysis support for various MCEN systems and network devices.
Working with Tanium and McAfee tools for endpoint security protection
Supporting HBSS Administration for their HBSS instance
Supporting IAVAs and POAMs
Help Desk Technician
January 2007 to January 2010
National Electoral Commission
Freetown Sierra Leone
Answer employees and provide technical support and troubleshooting for desktop, laptop, and tablet systems hardware and software, network, printers, phones, and mobile devices. Assist with the installation, configuration, and deployment of software on new desktops, laptops, and tablets.
Read technical manuals, confer with users, and conduct computer diagnostics to investigate and resolve problems, when needed, in providing technical assistance and support.
Document service requests, issues, and resolutions in the corporate ticketing system. Provide on-site support for those in the local office and remote support for those outside the building.
Assist with maintenance, configuration, and management of user accounts.
Track/monitor system performance and activity.
Perform software installation and upgrades.
EDUCATION CERTIFICATIONS:
2002=2003 Institute of Commercial Management (ICM) England. Advanced Diploma in Business Law, International Business Communications, and Business Administration.
CERTIFICATION
CompTIA CASP +
CISM CERTIFIED
Technical Skill:
Software: MS Office (Word, Excel, Outlook, Access, PowerPoint)
Great communication skills between my superiors and subordinates. Microsoft Word, Excel, and PowerPoint
Security Technologies: Network Security Scanner; Nessus Security Center, IDS/IPS; Log Management, Anti-Virus Tools, McAfee, DLP, Cisco Privileged Access Management
(PAM) Application Security Management (ASM) PCI/DSS
Operating Systems: Unix-Based Systems (Splunk Solaris, Linux); Windows (all) Networking: LANs, VPNs, Routers, Firewalls, TCP/IP
Ticket Systems: JIRA and Remedy (BMC)
Solar Winds
REFERENCES: Available upon request
Contact this candidate