Information Security Officer
Resume:
A detail-oriented individual with over * yrs. experience in Information Security with focus on Federal Information Security Management Act (FISMA), NIST Cyber Security Risk Management Framework (RMF), System Security Monitoring and Auditing, Risk Assessments, Security Control Assessment (SCA) and Developing Security Policies, Procedures according to NIST Standards and guidelines. Done Authentication Services and Identity and Access Management (IDAM).
Professional Experience
Cyber Security Analyst- V-Tech Solutions. (Contractor)
Department of Agriculture, Washington, DC September 2017 – Present
Job Duties:
Perform ongoing Assessment and Authorization projects in support of client security systems and ensuring quality control of A&A documents.
Conduct risk assessments and collaborate with clients to provide recommendations regarding critical infrastructure, network security operations and Continuous Monitoring processes. Done through wireless security assessment.
Extensive knowledge in Categorizing Information Systems (using FIPS 199 as a guide)
Create, update and revise System security Plans, FISMA and FISCAM audits, Contingency Plans, Incident Reports and Plan of Action & Milestone
Participate in ST&E Kick-off Meeting and populate the Requirements Traceability Matrix (RTM) per NIST SP 800-53A. Also done IDAM.
Secure all security baseline configurations are met and reporting on issues with other team members.
Review Privacy Impact Assessment (PIA) document after a positive PTA is created and ensure PII findings are recorded in the System of Record Notice (SORN)
Document and finalize security Assessment Report (SAR) and Performing security assessment and continuous monitoring of cloud computing services on multi-agency systems in accordance to Fed RAMP security control baselines
Determine security controls effectiveness and configuration (i.e., controls implemented correctly, operating as intended, and meeting security requirements, SIEM and Encryption.)
Evaluate threats and vulnerabilities based on tenable reports and Implement Risk Management Framework (RMF) in accordance with NIST SP 800-37 using Nessus, Web Inspect and Nmap.
Classification and categorization of information Systems using the RMF processes to ensure system Confidentiality, Integrity and Availability.
Provide audit briefings to agency and Information Systems Security Officer (ISSO), to assist in the preparation of independent audit assessments with the agency's goal of improving their operational effectiveness and ensuring that all findings are documented as Plan of Action & Milestones within their Trusted Agent FISMA (TAF) tool
Worked on Data Loss Prevention and on Incident Response Team
Generate, review and update System Security Plans (SSP) against NIST 800-18 and NIST 800 53 requirements.
Information Security Analyst- Info Reliance. (Contractor)
Department of Interior, Washington DC, September 2016 -July 2017
Job Duties:
Developed NIST-compliant vulnerability assessments, technical documentation, and Plans of Action and Milestone (POA&M), and address system weaknesses
Monitored controls post authorization to ensure continuous compliance in accordance to FISMA guidelines. Worked on various platforms like windows, Active Directory and UNIX.
Ensured all POA&M actions are completed and tested in timely fashion to meet client deadlines.
Participated and attended weekly ISSO forums for security advice and updates and, conduct meetings with the IT team to gather documentation and evidence about their control environment.
Applied appropriate information security control for Federal Information System based on NIST SP 800-53, FIPS 199, FIPS 200 and OMB A-130 Appendix III
Executed examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4
Managed vulnerabilities with the aid of Nessus, Splunk, and Nmap Hp web inspect. for vulnerability Scanners to detect potential risks on a single or multiple asset across the enterprise network
Monitored security controls post authorization to ensure continuous compliance with the security requirements and wireless security assessment.
Created, updated and revise System security Plans, FISMA and FISCAM audits, Contingency Plans, Incident Reports and Plan of Action & Milestone
Authored recommendations associated with findings on how to improve the customer's security posture in accordance with NIST controls
Proven ability to support the full life-cycle of the Assessment and Authorization (A&A) process
Supported client security policies and activities for networks, systems and applications including Vulnerability Management, Incident Reporting, Mitigation, and Continuous Monitoring
Reviewed and updated some of the system categorization using FIPS 199, Initial Risk Assessment, E-authentication, PTA, PIA, SAR, SSP, SAP & POA&M.
EDUCATION & CERTIFICATIONS
•Secret Clearance
•Bachelor of Science in Finance Kean University 2010-2014
•Certified Authorization Professional (CAP) obtained
•Security +
•SQL Fundamentals
Contact this candidate