| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Germantown, MD Phone: PHONE NUMBER AVAILABLE Email: EMAIL AVAILABLEProfessional Summary:Well qualified Cyber Security Professional with experience in information technology, including data monitoring, threat detection and response, threat analysis, and security control implementation and assessment. Highly proficient in building lasting relationships with key decision-makers, customers, and team members to further company goals. Adept at working with system stakeholders in the development and implementation of information security strategies required to protect enterprise information systems, networks, data, and operational processes through the Security Assessment & Authorization (SA&A), using industry-based standards such as NIST, FISMA, OMB, RMF, and FedRAMP, process. Strong background in Governance, Risk Management, and Compliance requirements and well-versed in installing, configuring, and deploying next-generation Cyber Security tools.AREAS OF EXPERTISESecurity Assessment & AuthorizationThird Party Risk ManagementPolicy and Process DevelopmentSecurity PlanningIncident ResponseRisk AssessmentsVulnerability ManagementFISMA Act 2002NIST SP 800-SeriesTenable Nessus ScanningISO 2700XFedRampServiceNow SecurityRisk Management FrameworkCloud SecurityBusiness Continuity and Disaster Recovery planningIT general Controls (ITGC) AuditingSplunkPCI-DSSEducation and Certifications:Master of Science: Cybersecurity Management and Policy, 10/2022 - 03/2024University of Maryland Global Campus - AdelphiBachelor of Arts: Human Resources ManagementChristian Service University CollegeSIEM TECHNOLOGIES & ToolsNessusSplunkCore Skills:Provide FedRAMP Authorization to Operate (ATO) support for Workday public cloud deployment following FedRAMP and NIST guidelines.Liaise with external auditors and internal control owners to support various internal and external audits/assessments such as FedRAMP, ISO 27001Manage the creation and update of security documentation for FedRAMP Moderate environment such as (System Security Plan (SSP), SSP Attachments, Policies and Procedures.Performed comprehensive assessments and wrote reviews of management, operational and technical security controls for audited applications and information systems.Used checkpoint Firewall Analyzer to access predefined Checkpoint firewall reports that help with analyzing bandwidth usage and understanding security and network activities.Analyze reports and archive logs from Check Point Firewalls.Develop and execute Cloud (AWS) Information Security strategy to proactively identify risk and drive remediation.Improve the efficiency of information security processes and advance the effectiveness of the information security controls of the AWS cloud operating model.Participates in Incident Response activities in coordination with other teams as necessary, Reviewing and editing event correlation rules, performing triage on these alerts by determining their criticality and scope of impact, evaluating attribution and adversary details.Develop and conduct Security Control Assessments (formally ST&E) per NIST SP 800-53A and NIST SP 800-53R4.Over 5 years of experience in system security monitoring, auditing and evaluation, C&A and Risk Assessment of GSS (General Support Systems) and MA (Major Applications)Performed Certification and Accreditation documentation in compliance with company standards.Developed, reviewed and evaluated System Security Plans based on NIST Special PublicationsCompiled data to complete Residual Risk Report and to insert contents into POA&MsSecurity Life Cycle and Vulnerability Management, using FISMA and applicable NIST standards.PROFESSIONAL EXPERIENCE:Security Control AssessorGeekview Tek Solutions, Leesburg VA 11/2021-PresentSchedule kick off meetings with system owners to help identify assessment scope, system boundary, the information system's category and attain any artifacts needed in conducting the assessment.Create Requirement Traceability Matrix (RTM) and document whether controls being assessed passed or failed using NIST SP 800-53A as a guide.Develop Security Assessment Plans (SAPs) and Conduct assessment of security control selections on various Moderate impact level systems to ensure compliance with the NIST SP 800-53A Rev 4 Conduct security control interview meeting and Artifact gathering meeting with various stakeholders using assessment methods of interview, examination, and testing.Document assessment findings in a Security Assessment Report (SAR) and recommend remediation actions for controls that failed and vulnerabilities.Review A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, e-Authentication Assessment, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT) Perform vulnerability assessment of information systems to detect deficiencies and validate compliance using POA&M tracking tool.(CSAM) Request scans and later review the scan results for common vulnerabilities such as missing patches, weak password settings, unnecessary services not disabled, and weak configurations.Develop documentation [FIPs 199, FIPs 200, PTA, PIA, e-authentication on new or existing systems.Provide system/equipment/specialized training and technical guidance.Serve as liaison with clients, participating in meetings to ensure client needs are met.Independently research and collaborate with teams to develop knowledge regarding the environment.Take on leading roles within the team and effectively train team members based on inherent knowledge.ISSO (Information System Security Officer)AGO Worldwide Consulting 06/20182021Provide responses to data calls and all audit requests by due dates and Maintain tracking reports and central repository of data call artifacts.Prepare and document System's ATO Brief for submission to Authorizing Official (AO) for his adjudication to grant ATO to a new system or for the existing system to continue operation.Schedule, track and manage the monthly and quarterly POA&M review process. Coordinates meetings and tasking with System Owners (SOs), Information System Security Officers (ISSOs) and support remediation of opened POA&M itemsReview Information System Security Policies and Procedures, System Security Plans (SSPs), and Security baselines in accordance with NIST, FISMA, OMB App III A-130, and industry best security practicesAssess Security Controls through document review, interview, and test procedures to ensure compliance with FISMA, and NIST SP 800-53A Rev 1Conducting in-depth technical reviews of new and existing IT systems in order to identify the appropriate mitigation strategies required to bring these systems into compliance with established policy and industry guidelines.Providing ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, OMB, FISMA, etc.Review and validate vulnerability scan results at the operating system (OS) and application level and work with stake holders to architect and implement mitigations.Monitor and analyze Security Information and Event Management (SIEM) alerts to identify security issues for remediation and investigate events and incidents.Using a wide variety of tools such as Splunk, Cisco Firepower, Symantec, Checkpoint Endpoint Security, etc. to identify, prioritize, and manage potential security incidents.Analyze and update System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M).Create and update the Security Assessment Report (SAR) in compliance with NIST and FISMA regulations.Assist in the coordination and implementation of major detection enhancements to SOC analytics.Provide security management, process engineering and operations management to a Security Operations Centre. |
