| | | 20,000+ Fresh Resumes Monthly | |
|
|
| | Related Resumes Risk Management Cybersecurity Analyst District Heights, MD Cybersecurity Analyst, EDR, SIEM, Email security solution, Secur Ashburn, VA Cybersecurity Analyst Colesville, MD Cybersecurity Analyst Risk Management Washington, DC Project Management Cybersecurity Analyst Solomons cyberSecurity Analyst Laurel, MD Cybersecurity Analyst Risk Management Baltimore, MD |
|
Click here or scroll down to respond to this candidate Candidate's Name
North Bethesda, MD Street Address
PHONE NUMBER AVAILABLE - EMAIL AVAILABLE
PROFESSIONAL SUMMARY
Seasoned cybersecurity analyst with extensive experience in implementing and
maintaining robust security controls in alignment with industry best practices and
standards. Proven ability to stay abreast of evolving threats and emerging technologies
to proactively mitigate risks and safeguard organizational assets. Highly skilled in
security assessments, incident response, vulnerability management, and ensuring
compliance with NIST, FedRAMP, HIPAA, ISO 27001, and PCI-DSS frameworks.
Committed to continuous improvement through ongoing professional development and
adoption of innovative security methodologies. Excels at leveraging in-depth security
expertise to protect systems and data while enabling business objectives.
SKILLS
FRAMEWORKS/STANDARDS: Responding to various types of
RMF; FISMA(FedRAMP);NIST incidents following six steps of
800 Series/ISO 27001; HIPAA; incident response provided by NIST.
PCI-DSS; SOC1 & SOC2 Working knowledge of ISO 27001 and
Experience in RMF process PCI-DSS.
|FISMA|NIST 800 Series| FedRAMP| Working knowledge of ticketing
Tenable Nessus|SNORT system such as RemedyNow and
Experience conducting gap analysis. ServiceNow.
Knowledge of Network Ports, Teamwork| Collaboration| Meets
Protocols, Security, Threat, Risk and deadline.
Vulnerability Management. Interpersonal / Written
Solid experience on Change and Patch Communication
Management Process. Continuous Improvement
Knowledge of FedRAMP, HIPAA.
WORK HISTORY
07/2021 to Current Senior Cybersecurity Analyst
Abiatech Solution LLC Beltsville, MD
Developing and implementing security policies, procedures, and protocols for all
information systems
Sound understanding and experience with NIST Risk Management Framework
(RMF) process.
Performed assessments and document creation using NIST SP 800-53 Rev.5
Participate in FIPS 199 process using SP 800-60 Perform Security Categorization
(FIPS 199) using NIST SP 800- 60
Perform Information Systems Security Audits and Certification and Accreditation
(C&A) Test in compliance with the NIST standards.
Review audit logs and provide documentation guidelines to business process
owners.
Conduct meetings with IT team to gather documentation and evidence about their
control environment.
Updating and developing information security policies for client as part of ISO
27001.
Scoping of Controls and profiling of clients (Vendors) to support client's SOC1
and SOC2 Audit.
Ensuring compliance with security standards and regulations such as HIPAA,
PCIDSS, and GDPR.
Support client and cloud service providers in FedRAMP, ATO process.
Perform specific quality control for package validation on SP, RA, RTM, PIA,
SORN, E-auth and FIPS-199.
Support System owners through A&A (Formally C&A) process
Developed artifacts for A&A (Formally C&A) Process.
Supported client in developing, reviewing and updating security artifacts such as
SSP, SAR, POA&M, CP, BIA, PIA, RA, ISA, IR, MOU, DRP and SLA for
compliance, accuracy and completeness.
Reviewed System Contingency Plans (CP).
Reviewed artifacts and removed any PII (Personal Identifiable Information) for
audit requests.
Review Technical Security Controls and provide implementation responses as to
how systems meet security requirements.
Developed, maintained, and communicated consolidated risk management
activities and deliverables calendar.
Develop and conduct security tests and evaluations based on NIST 800-53/53A.
Conducting regular vulnerability assessments and risk management activities to
identify and mitigate potential security threats and exceptional proficiency in
vulnerability Management. With keen eye for detail and systematic approach,
maintained organization-wide cyber risk register on security gaps, assets, threats,
vulnerabilities, and controls by registering 500-800 records per quarter.
Conducted FISMA-based security risk assessments for various government
contracting organizations and application systems, including interviews, tests, and
inspections, produced assessment reports and recommendations.
Work with business process owners to ensure timely identification and remediation
of jointly owned risk related issues and action plans.
Audit compliance of security plans based on National Institute of Standards and
Technology (NIST) Security Publications.
Develop and conduct ST&E (Security Test and Evaluation) according to NIST SP
800-53A and perform on-site security testing using vulnerability scanning tools
such as Nessus.
Determine security controls effectiveness (i.e., controls implemented correctly,
operating as intended, and meeting security requirements).
Create standard templates for required security assessment and authorization
documents, including risk assessments, security plans, security assessment plans
and reports, contingency plans, and security authorization packages.
Perform comprehensive Security Control Assessment (SCA).
Perform management, operational and technical security controls for audited
applications and information systems.
Perform Vulnerability Assessment. Make sure that risks are assessed, evaluated
and proper actions have been taken to limit their impact on Information and
Information Systems.
Performed vulnerability response and mitigation in compliance with Information
Assurance Vulnerability Management (IAVM) program.
Record/register actions concerning project approvals to operate in the C&A
database.
Analyze SSPs and develop understanding of systems and applications into security
test plans.
Conducted gap analysis to make sure correct controls were in POA&M.
Develop NIST Compliant vulnerability assessments, technical documentation, and
Plans of Action and Milestone (POA&M), and address system weaknesses.
Documented and reviewed System Security Plan (SSP), Security Assessment
Report (SAR), Security Plan of Action and Milestones (POA&M), Authorization
letter/memorandum (ATO).
Prepare and supervise execution of Plan of Action and Milestone (POA&M) for
the mitigation of vulnerabilities found in systems.
Ensure all POA&M actions are completed and tested in a timely fashion to meet
client deadlines. With strong proficiency in managing and closing Plans of Action
and Milestones (POA&M) and through diligent effort and effective coordination,
successfully closed an impressive range of 30 to 40 POA&M items within a span
of two months by efficiently identifying vulnerabilities and ensuring timely
remediation actions with team collaboration thereby enhancing the overall security
posture and resilience of the organizations.
Develop risk assessment reports.
Document and finalize Security Assessment Report (SAR).
Assemble and submit C&A packages to Principal Accreditation
Authority/Designated Accreditation Authority.
Conduct risk assessments regularly; ensure measures raised in assessments were
implemented in accordance with risk profile, and root-cause were fully addressed
following NIST 800-30 and NIST 800-37.
Conducted continuous monitoring program using automated tools to maintain
compliance.
06/2019 to 07/2021 Cybersecurity Analyst
Abiatech Solution LLC Beltsville, MD
Organizes, develops, and presents briefing, written summaries, and written reports
incorporating narrative, tabular and/ or graphic elements
Support client with documentation and reviewing Security Plans (SP),Contingency
Plan Tests (CPT), Privacy Impact Assessments (PIA) and Risk Assessment (RA)
documents per NIST 800 guidelines for various government agencies.
Supporting client in conducting vulnerability Scanning using NESSUS, Web
Inspect and Nexpose.
Evaluate threats and vulnerabilities of each system and ensure proper safeguards
are in place to protect environment.
Supporting BRT in conducting POA&M quarterly reviews as part of POA&M
remediation.
Analyzing Vulnerabilities from Security Assessment Report and drafting
remediation strategies.
Reviewing Open and Closed POA&M for GSS systems and facilities.
Conducting Security control evidence reviews for client facilities and system as
part of POA&M remediation.
Supporting client in creating POA&Ms after assessments as part of Pre-OIG
Efforts.
Supporting client facilities in travels, conducting internal security control site
assessment for facilities as part of Pre-OIG Efforts.
Assist client facilities in creation of new findings uncovered during internal
security control assessments.
Assess the Cyber Security risk of IT systems documenting them in formal risk
assessment and supporting artifacts associated with the Assessment and
Authorization (A&A) process.
Utilize processes within Security Assessment and Authorization environment such
as system security categorization, development of security and contingency plans,
security testing and evaluation, system accreditation and continuous monitoring.
Increased overall system resilience by identifying and mitigating single points of
failure within organization's infrastructure.
Improved incident response times by developing and maintaining cybersecurity
playbooks for common attack scenarios.
Enhanced network security by implementing advanced threat detection and
prevention systems.
Reduced risk of cyber attacks by conducting regular vulnerability assessments and
penetration testing.
Ensured compliance with industry regulations by performing comprehensive audits
on existing security policies and procedures.
Collaborated with IT teams to integrate security measures into development and
deployment of new applications.
Streamlined communication during incidents by establishing clear protocols for
reporting potential threats or breaches in timely manner.
EDUCATION
06/2008 Bachelor of Arts: Education
University of Ibadan - Ibadan, Oyo State
CERTIFICATIONS
CompTIA Security+ in Progress
CAP Certified Authorization Professional in Progress
CITIZENSHIP
U.S Citizen.
|
