Eskada Berhanu

Provide the detailed knowledge and expertise required to manage the security aspects of an IS. Maintain responsibility for the day-to-day security operations of the system. Responsibilities may also include:

• Security Control Assessments
• ATO approval
• Role based awareness training
• Patch Management
• Vulnerability Management
• Change management
• Security Incident Management
• POA&M Management
• Providing support for implementing and enforcing information systems security policies, standards and procedures
• Ensure all security controls meet security requirements for all information that will be inputted, stored and transmitted
• Assisting with preparation, review and updating all documentation
• Provide support and guidance to the SO/ISSM
• Develop system security policies and ensure its compliances

• Designed and implemented plans to secure computer files against breach, destruction or accidental modification.
• Developed, review, update, and enforce implementation of information security system policies, system security plans (SSP), and security baselines in accordance with FISMA, NIST SP 800-18, OMB and industry best security practices.
• Support and managed systems in the process of assessment and authorization (A&A) while maintaining confidentiality, integrity and availability (CIA) of the systems and data stored within while in compliance with FISMA and NIST Special publication 800 series.
• Conducted reviews of security documents updated by the ISSO to ensure FISMA compliance, reviewing and validating of items uploaded into the POA&M tracking tool in support of remediated findings.
• Assisted in preparation of A&A package development and review; such as FIPS 199 categorization, e-authentication risk assessment, SSP, privacy threshold analysis (PTA), privacy impact assessment (PIA), POA&M and contingency plan, for efficacy and compliance with NIST guidance.
• Worked with the security control assessment (SCA) team to populate the requirements traceability matrix (RTM) according to NIST SP 800-53a as part of the A&A continuous monitoring testing/projects.
• Supported the review of all cloud service provider’s (CSPS) documentation for compliance and work with stakeholders until the cloud system documentation meets FedRAMP requirements.
• Reviewed vulnerability scanning as part of assessment and continuous monitoring and provide remediation to system and application administrators.
• Created and track vulnerabilities in the POA&M of all accepted risks upon completion of the SCA.
• Reviewed and update POA&Ms, security vulnerabilities and mitigation strategies; and develop security A&A artifacts, to include but not limited to, sensitivity assessments, SSP, and SAR.
• 
  

• Applies appropriate information control for Federal Information Security based on NIST 800-37 rev1, SP 800-53 rev4, FIPS 199 and FIPS 200.
• Conduct Security Assessment via document examination, interviews and manual assessments; Populate the Requirements Traceability Matrix (RTM) with results of Security Assessment.
• Reviewed and update some of the system categorization using FIPS 199. Created and update Contingency plans and Disaster recovery plans for information systems using NIST SP 800 – 34.
• Ensured that appropriate steps are taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal.
• Reviewed POA&M, enforced timely remediation of audit issues, and update system security plans (SSP) using NIST SP 800 series
• Used and applied knowledge of Security Assessment & Authorization (SA&A) policies, guidelines, and regulations in the assessment of IT systems and the documentation and preparation of related documents.
• Works with project managers to ensure incorporation of security activities in all ongoing projects and to identify security impact of new releases.
• Develops, updates, and completes systems security plans based on the National Institute of Standards and Technology (NIST) Special Publications and conducts an annual self-assessment.
• Developed the audit plan and performed the General Computer Controls testing of Information Security, Business Continuity Planning, and Relationship with Outsourced Vendors.
• Performed vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle.
• Requested or conducted required information system vulnerability scans in accordance to established policy; Developed system POA&Ms in response to reported vulnerabilities
• Ensure compliance with annual FISMA deliverables and reporting and also investigate any information technology or system security incidents.
• Performed security risk assessments, developed security risk mitigation recommendations, and identified security controls for systems and networks.
• Supported formal Security Test and Evaluation (ST&E) required by government accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports.
• Performed the role of Security Control Assessor by reviewing the artifacts and implementations statements provided by the ISSO on a system to determine if the security controls are being met.
• Developed systems that assist the organization to secure the CIA by categorizing and selection of controls using NIST SP 800 60, 800 53 and FIPS 199 as well as FIPS 200.
• Assist system owners and ISSOs through the A&A process, ensuring that operational, management and technical control securing sensitive security systems are in place and being followed according to the federal guideline in (NIST SP 800-37 RMF).
• Performed continuous monitoring of security controls by using NIST 800-137 as a guide by testing one-third of the applicable security controls annually and performing periodic vulnerability scanning and testing of controls.
• Contributed in the development of SSP, incident response plans, and contingency plans.
• Updated security policies, procedures, standards, and guidelines according to organizational and federal specifications.

• Assisted with clerical needs including answering telephone calls, performing database management and drafting correspondence.
• Drafted internship report to summarize position, responsibilities, learning outcomes and skills developed.
• Assisted researchers with investigations and literature reviews to support neglected initiatives.
• Coordinated project files to support Analysts and ISSO and enhance team success.
• Assist in NIST Special Publications review's and application