Information Security Analyst Resume Samples

Description :

1. Responsible for end to end security, ensuring that the confidentiality, integrity and availability of all Sports authority data is not breached, infected or compromised in anyway by outside malicious users.
2. By utilizing a defense in depth approach and identifying areas of potential weakness.
3. Primary IT security lead on high profile integration and implementation projects. Many of these projects helped generate cost effective, automated solutions that required ground up security architecture,.
4. Performed full application security assessments and analysis on newly built and existing applications.Because of these efforts, many potential security threats were identified before being released into a production environment.
5. Existing production security vulnerabilities were promptly remediated upon discovery, thus greatly reducing the overall security risk within sports authority.
6. Continuous monitoring of the sports authority network and internal systems for malicious activity.
7. Numerous attacks and security threats targeted at company have been prevented because of these efforts.

Experience

0-2 Years

Level

Entry Level

Education

Business

Description :

1. Conducted security control assessment to assess the adequacy of management, operational privacy, and technical security controls implemented. Security assessment reports (sar) were developed detailing the results of the assessment along with plan of action and milestones (poa&m).
2. Developed risk assessment report to identify threats and vulnerabilities applicable to smart think systems. This report also evaluates the likelihood of vulnerability being exploited, assesses the impact associated with these threats and vulnerabilities, and identified the overall risk level.
3. Assist in the development of an information security continuous monitoring strategy to help in maintaining an ongoing awareness of information security.
4. Ensure effectiveness of all security controls, vulnerabilities, and threats to support organizational risk management decisions.
5. Lead in the development of privacy threshold analysis (pta), and privacy impact analysis (pia) by working closely with the information system security officers (issos), the system owner, information owners and the privacy act officer.
6. Develop a system security plan to provide an overview of federal information system security requirements and describe the controls in place or planned to meet those requirements.
7. Responsible for the development of key security standards by performing an in-depth security assessment of information systems in order to maintain fisma compliance by implementing guidelines and standards identified in the national institute of standard and technology (nist) 800 series in facility.

Experience

7-10 Years

Level

Executive

Education

BA

Description :

1. Developed, reviewed, and updated information security system policies, system security plans, and security baselines in accordance with nist, fisma, omb app. Iii a-130 and industry best security practices.
2. Applied appropriate information security control for federal information system based on nist 800-37 rev1, sp 800-53, fips 199, fips 200 and omb a-130 appendix iii.
3. Provided security expertise and guidance in support of security assessments. Review, analyze and evaluate business system and user needs, specifically in authorization and accreditation (a&a).
4. Facilitated security control assessment (sca) and continuous monitoring activities. Executed examine, interview, and test procedures in accordance with nist sp 800-53a revision 4.
5. Ensured cyber security policies are adhered to and that required controls are implemented. Validated information system security plans to ensure nist control requirements are met.
6. Developed resultant sca documentation, including but not limited to the security assessment report (sar). Reviewed security logs to ensure compliance with policies and procedures and identifies potential anomalies.
7. Updated and reviewed a&a packages to include core docs, policy & procedures, operations and maintenance artifacts, ssp, sar, fips 200, fips 199, poa&m, cptpr, bia, pta, pia, and more. Collected operation and maintenance artifacts on an ongoing basis so that security control assessment (sca) is seamless.

Experience

7-10 Years

Level

Consultant

Education

BS

Description :

1. Provided security expertise and guidance in support of security assessments.
2. Participated in weekly IT security team meetings to provide guidance and support for the development of enterprise security architecture.
3. Executed examine, interview, and test procedures in accordance with nist sp 800-53a revision 4. Ensured cyber security policies are adhered to and that required controls are implemented.
4. Validated information system security plans to ensure nist control requirements are met. Developed resultant sca documentation, including but not limited to the security assessment report (sar).
5. Assisted team members with proper artifact collection and detail to clients' examples of artifacts that will satisfy assessment requirements.
6. Reviewed security logs to ensure compliance with policies and procedures and identifies potential anomalies.
7. Made input in data calls to ensure it security projects are on track. Worked with systems and network administrators to develop implementation statement for security controls.

Experience

2-5 Years

Level

Junior

Education

BS

Description :

1. Implemented robust security controls to safeguard sensitive data and resources.
2. Conducted comprehensive risk assessments to minimize security and legal exposure.
3. Performed vulnerability scans on systems to identify and remediate risks.
4. Monitored security logs to detect and respond to suspicious activities.
5. Managed web security gateways to control user access and mitigate threats.
6. Executed quarterly user access reviews to enforce strict access controls.
7. Reviewed and updated security policies to align with regulatory requirements.

Experience

10+ Years

Level

Consultant

Education

MS

Description :

1. Administered identity and access management lifecycle, ensuring compliance across enterprise systems using SailPoint.
2. Collaborated with developers and IT teams to integrate new applications into the identity management platform.
3. Monitored identity controls and conducted risk assessments to identify compliance gaps.
4. Managed role-based access control and access requests, ensuring adherence to security policies.
5. Created, modified, and deleted user accounts and privileges in Windows environments via Active Directory.
6. Configured access permissions for security groups across applications and network resources.
7. Automated repetitive tasks using VBScript, enhancing operational efficiency.

Experience

10+ Years

Level

Management

Education

Bachelor Of Engineering

Description :

1. Led information security projects ensuring timely delivery, budget adherence, and quality standards.
2. Evaluated security impacts of new initiatives and provided guidance to maintain security posture.
3. Managed implementation and maintenance of identity management solutions, enhancing user access security.
4. Directed user provisioning and role evaluations, producing entitlement reports for compliance reviews.
5. Acted as a subject matter expert in security discussions with stakeholders and vendors.
6. Ensured compliance with SOX controls, executing security measures consistently.
7. Developed and updated security policies to address evolving threats and business needs.

Experience

10+ Years

Level

Consultant

Education

BS

Description :

1. Collaborated with cross-functional teams to assess and enhance security protocols for Unix server environments.
2. Documented and analyzed current access structures, translating business requirements into effective security solutions.
3. Provisioned new access requirements based on job roles, ensuring secure server communications and account management.
4. Prepared documentation and support files for server migration, ensuring compliance with security standards.
5. Provided on-site support during scheduled migrations, representing the security management team.
6. Resolved post-migration access issues, ensuring minimal disruption to business operations.
7. Tracked and reported on privileged access reductions to meet project compliance goals.

Experience

2-5 Years

Level

Junior

Education

BSc Cybersecurity

Description :

1. Participated in risk assessment meetings to identify vulnerabilities and develop mitigation strategies.
2. Updated System Security Plans (SSP) in compliance with NIST SP 800-18, enhancing security documentation.
3. Reviewed and evaluated security controls to protect organizational data effectively.
4. Applied ISO and COBIT standards to maintain acceptable risk levels within information systems.
5. Developed and enforced policies for management, operational, and technical security controls.
6. Conducted network configuration audits to ensure compliance with regulatory standards.
7. Provided expert analysis on security systems, offering recommendations for improvements.

Experience

2-5 Years

Level

Junior

Education

BSc Cybersecurity

Description :

1. Conducted comprehensive audits of firewall configurations using SolarWinds FSM, ensuring compliance with change control protocols.
2. Managed nodes, rules, and user access in SolarWinds LEM, enhancing security event monitoring and response.
3. Performed vulnerability assessments on servers and network devices using QualysGuard, identifying and mitigating risks.
4. Analyzed web application vulnerabilities with QualysGuard WAS, providing actionable remediation strategies.
5. Monitored endpoint security across devices using Sophos, enforcing policies for antivirus and malware protection.
6. Implemented encryption and device protection policies with Sophos, safeguarding sensitive data across the organization.
7. Configured Barracuda WAF to protect web applications, optimizing security settings and blocking malicious traffic.

Experience

10+ Years

Level

Management

Education

M.S. Cybersecurity

Description :

1. Installed and configured Security Content Automation Protocol (SCAP) software to enhance system security.
2. Applied Microsoft and Windows updates to ensure compliance with security standards.
3. Executed SCAP protocol, documenting vulnerabilities for management review and policy compliance.
4. Utilized configuration management checklists to assess and manage security configurations across devices.
5. Conducted automated network vulnerability scans and configuration assessments to identify security gaps.
6. Compiled data from Information Assurance Vulnerability Alerts (IAVAs) to inform security strategies.
7. Monitored and reported IT security violations, ensuring prompt remediation.

Experience

2-5 Years

Level

Entry Level

Education

BSc Cybersecurity

Description :

1. Acted as a Subject Matter Expert in IT risk management, guiding projects to enhance security posture.
2. Collaborated with business units to evaluate the impact of strategic decisions on security risks.
3. Conducted audits and documented compliance with security policies across departments.
4. Developed and maintained security dashboards to monitor compliance and risk metrics.
5. Designed management reports to provide insights into security performance and vulnerabilities.
6. Led the implementation of the Archer SmartSuite framework for risk management.
7. Revamped the vulnerability management program, improving tracking and reporting of security issues.

Experience

10+ Years

Level

Management

Education

M.S. Cybersecurity

Description :

1. Served as a key liaison to integrate cybersecurity efforts across federal energy regulatory bodies.
2. Reviewed and enhanced FISMA compliance measures, leading to improved governance initiatives.
3. Developed and executed a comprehensive anti-phishing training program, increasing user awareness.
4. Authored a detailed SOW for external vendors to conduct penetration testing on critical networks.
5. Evaluated cloud service providers for security accreditation and operational authority.
6. Established new SOPs for Security Operations Center, enhancing daily operational efficiency.
7. Analyzed DHS cybersecurity assessments to identify and remediate vulnerabilities in systems.

Experience

7-10 Years

Level

Management

Education

M.S. Cybersecurity

Description :

1. Led security certification projects, ensuring compliance with industry standards and regulations.
2. Verified policies and controls in alignment with ISO 27001, ISO 9001, and PCI standards.
3. Organized documentation for PCI and ISO certifications, streamlining the audit process.
4. Identified security gaps in internal policies, enhancing overall security framework.
5. Conducted audits to pinpoint process improvements, increasing operational efficiency.
6. Built strong relationships with internal and external stakeholders to foster a security-first culture.
7. Managed certification body relationships, overseeing audit scheduling and compliance activities.

Experience

7-10 Years

Level

Senior

Education

BS