Information System Security Analyst
Maintained, reviewed and updated Information Security System documentations that include but not limited to System Security Plan (SSP), (POA&M), Risk Assessment (RA), policies and procedures, Security control baselines in accordance with NIST guideli ne and security practices.
- Involved with reviewing, maintaining, and ensuring all Assessments and Authorizations (A&A) documentation are included in system security package.
- Ensured Implementation of appropriate security control for Information System based on NIST Special Publication 800-53 rev 4, FIPS 200, and System Categorization using NIST 800-60, and FIPS 199.
- Reviewed and updated remediation on (POAMs), in organization's Cyber Security Assessment and Management (CSAM) system. Worked with system administrators to resolve POAMs, gathering artifacts and creating mitigation memos, residual risk memos and corrective action plans to assist in the closure of the POA&M.
- Applied appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53 rev4, FIPS 199, FIPS 200 and OMB A-130 Appendix III.
- Worked with stakeholders and system application teams to conduct testing, interviews, and collection of artifacts relevant to assessment of security controls.
- Performed configuration management reviews.
- Updated system Inventory.
- Managed vulnerabilities with the aid Nessus vulnerability Scanners to detect potential risks on a single or multiple assets across the enterprise network.