Raleigh, North Carolina, United States
Cyber Security Analyst experienced with the NIST Cybersecurity Framework and NIST SP 800-53 controls. Skilled in system security planning, risk assessments, privacy impact assessments, and security testing. Currently seeking new opportunities in cybersecurity as an analyst, consultant, contractor, or in sales. Passionate about helping organizations strengthen their security posture and maintain compliance.
Analyzed and updated System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E). Ensured proper system categorization using NIST 800-60 and FIPS 199 and appropriate security controls for information systems based on NIST 800-53 rev 4 & rev 5 and FIPS 200. Supported Security Control Assessments using NIST 800-53A Rev5 as guidance for current federal directives and policies. Serve as the main POC during full and annual assessments. Knowledgeable about Risk Management Framework (RMF) Package, FISMA Compliance, NIST SP 800-53 Controls, NIST SP 800-53A Controls Assessment guide, and Cloud security, ensuring adherence to regulatory and compliance requirements. Identify, track, and draft the Plan of Actions and Milestones (POA&Ms) for outstanding risks. Skilled in performing vulnerability assessments using tools such as Nessus by Tenable SC, identifying, and mitigating security weaknesses.
Performed a’’ Kickoff meeting” and discussed the purpose of the assessment. Reviewed existing security documents like system boundaries, system security plan (SSP), Privacy Threshold Assessment (PTA), Privacy Impact Assessment (PIA), Incident Response Plan (IR), and Contingency Plan (CP). Drafted the Security Assessment Report (SAR) and documented the failed controls along with their remediation recommendation in the security Assessment Report (SAR). Analyzed Nessus vulnerability scan reports consistently to identify weaknesses in the systems as part of continuous monitoring. Assess vulnerabilities and update vulnerabilities status by using STIG viewer. Ability to create raw CKL files. Managed and maintained documents stored in eMASS, Microsoft teams and SharePoint. Used FedRAMP compliance to assess cloud-based systems.