Summary
Overview
Work History
Education
Skills
Accomplishments
Timeline
Generic
Leslee Nji

Leslee Nji

Security Analyst | Security+ Certified |
Abilene,United

Summary

  • I am a passionate Cybersecurity Architect and Network Engineer, experienced in "architecting", planning, implementing, optimizing, and troubleshooting cybersecurity solutions for enterprise deployment, patch management, and overall device management.
  • I have 6 years of experience as a Cybersecurity Project Technical Lead and have managed security projects from full implementations to migrations, Through the years I have gained proven experience in developing and testing security framework for cloud-based software, building projects and managing them through the entire project life cycle. This includes managing multi-phase/multi-dimensional/multi- resource projects to a conclusion while maintaining high customer satisfaction.

Overview

8
8
years of professional experience
4
4
years of post-secondary education

Work History

Security Control Assessor

SCA, Bae Systems
Dallas, Texas
03.2020 - Current
  • Schedule kick off meetings with system owners to help identify assessment scope, system boundary, prepare a plan of action and milestones based on the findings and recommendations of a security assessment report excluding any remediation actions taken
  • Develop/Review deliverables associated with a FedRAMP security authorization package including, but not limited to: System Security Plan, Information System Contingency Plan, Security
  • Assessment Plan, Security Assessment Report
  • Supports Security Control Assessments using NIST 800-53A
  • Rev4 as guidance for current federal directives and policies
  • Performs System Security Categorizations using FIPS 199 and the NIST 800-60 Vol.11 Rev1 guidelines and templates to select provisional impact level assigned to the Confidentiality, Integrity and
  • Availability (CIA) based on the information type
  • Analyzes and updates System Security Plan (SSP), Risk Assessment (RA), Privacy Impact
  • Assessment (PIA), System Security test and Evaluation (ST&E)
  • Develops and track Plan of Actions and Milestones (POA&Ms) to ensure remediation closure
  • Maintains and manages Security Authorization and Assessment packages that include System
  • Security Plans (SSP), Contingency Plans (CP), POA&Ms, SAR, and other relevant security documentations for the system
  • Perform security risk assessment and analysis of resources, controls, vulnerabilities, asset decommissioning, and information security threats to the organization’s objective
  • Participates in the System Assessment and Authorization process by working with the key stakeholders to ensure complete and accurate ATO packages
  • Validated system requirements, security policies and procedures, contingency plans, incident response plans, personnel security, access control mechanisms and identification and authentication mechanisms
  • Perform assessments on FedRAMP based on customer responsibility documentation and controls provided by the Cloud provider to assess
  • Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments
  • Governs the internal FedRAMP control activities to ensure management, technical, and operational controls are being executed without exception.

Information System Security Officer

Luna Solutions
Midwest City, OK
01.2018 - 02.2020
  • Implemented Risk Management Framework (RMF) in accordance with NIST SP 800-37
  • Reviewed security categorization of systems using FIPS 199 & NIST SP 800-60 Updated technical, operational and management control families and controls with guidance from NIST 800-53 Rev 4 and
  • FIPS 200
  • Reviewed and updated System Security Plan implementation statements of respective applicable control to assigned systems as need arises using NIST 800-18
  • Independently put together a variety of Security Authorization deliverables including System
  • Security Plans, Security Assessments Reports, Risk Assessment Plans and POA&M
  • Created and updated Authorization to Operate (ATO) packages Drafted, finalized, and submitted
  • Privacy Threshold Assessments (PTAs), Privacy Impact Analyses (PIAs), E-Authentication Assessments
  • System of Record Notices (SORNs) for annual review and recertification
  • Continuously monitored security controls effectiveness using NIST SP 800-137 as a guide
  • Created plans and communicated deadlines to ensure that projects were completed on time
  • Identify, review, prioritize vulnerabilities and remediation efforts
  • Experienced in performing Ongoing Security Authorizations aligned to NIST SP 800-53 and137
  • Reported and maintained security architecture, policies, and compliance, identified and documented security vulnerabilities, system status; maintained records of incidents, hardware/software, etc
  • Review for accuracy Security Control Assessment (SCA) documentation, including but not limited to the Security Assessment Report (SAR)
  • Conduct risk assessments, develop POA&Ms, facilitating and coordinating with information owners and custodians
  • Ensured POA&M mitigations and timelines were adhered to and documented any changes that occurred
  • Reviewed status of Information Systems for modifications and assessed the impact to current system accreditation
  • Reviewing Privacy Impact Assessment (PIA) documents after a positive PTA is created and ensuring that PII findings are recorded in the System of Record Notice (SORN)
  • Generating, reviewing, and updating System Security Plans (SSP) against NIST 800-18 and NIST53 requirements
  • Performing ongoing continuous monitoring (ISCM) using NIST 800-137 Rev 1 as a guide
  • Ensured appropriate changes and improvement actions are implemented as required
  • Maintained current knowledge of authenticator management for unclassified systems-NIST 171
  • Ensured compliance with protection requirements, control procedures, incident management reporting, remote access requirements, and system management for all systems under scope.

IT Compliance Specialist

Centene Consulting
Dallas, Texas
12.2015 - 12.2017
  • Maintained customer satisfaction with forward-thinking strategies focused on addressing customer or client needs and resolving concerns
  • Provided primary customer support to internal and external clients
  • Offered advice and assistance to clients, paying attention to special needs or wants
  • Assisted in the development, maintenance, and implementation of IT Risk Management
  • Framework
  • Ensured established internal control procedures are complying by examining reports, records documentation, and operating practices
  • Ensured security awareness and training materials were reviewed and updated periodically
  • Analyzed Nessus scans to identify vulnerabilities and documented weaknesses
  • Evaluated and managed system vulnerabilities
  • Reviewed, monitored, and responded to escalated system security alerts
  • Performed Vendor risk assessments to identify emerging key risks and reassess current risks
  • Assessed completed questionnaire and supporting documentation to validate vendor appropriate implementation of information security controls
  • Communicated vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks
  • Validated evidence from vendors before remediation plans are closed
  • Planned and executed onsite security/risk assessments for third party vendors
  • Ensured all risk controls were documented in a Vendor Risk Scorecard in accordance with Third
  • Party Risk Management (TPRM) Policy and the Risk Assessment Matrix
  • Assessed outsourced products/services for Risks and Criticality.

Education

Master of Science - MS - Information Technology

Altınbaş niversitesi
09.2018 - 05.2020

Bachelor of Science - Computer Science

University of Buea
10.2012 - 05.2015

Skills

Analysis skill

Project Management

Agile Methodologies

Cybersecurity

Network Support

SQL

Domain Name System (DNS)

Information Security

Vulnerability Assessment

Transmission Control Protocol (TCP)

LAN

WAN

Data security

Information Assurance

Active Directory

Microsoft 365

Vulnerability Scanning

Threat & Vulnerability Management

Network Support

Network Security

Accomplishments

  • CompTIA Cybersecurity Analyst (CySA+)

Timeline

Security Control Assessor

SCA, Bae Systems
03.2020 - Current

Master of Science - MS - Information Technology

Altınbaş niversitesi
09.2018 - 05.2020

Information System Security Officer

Luna Solutions
01.2018 - 02.2020

IT Compliance Specialist

Centene Consulting
12.2015 - 12.2017

Bachelor of Science - Computer Science

University of Buea
10.2012 - 05.2015
Leslee NjiSecurity Analyst | Security+ Certified |