• Experience with Nessus and analyzing all the scan results to the clients • Research and recommend resolutions to technical issues after scans. • Develop Privacy Threshold Analysis (PTA), and Contingency plan (CP) as Information System Security Officers (ISSOs) • Updates maintain and review policies to ensure compliance with Federal agency requirements within the scope of the CDM solution Participate in incident, problem, and change management processes. • Experience of analyzing scan results to determine if scans were successfully remediated. • Evaluate the operational effectiveness of the collection, use, and dissemination of personal information (PII). • Special Publications and FIPS as a framework for conducting (A&A) activities on federal IT systems. • Maintain integrity of POA&M database to ensure data is correct and update POA&MS and provide guidance to correct or mitigate risks. • Conduct appropriate compliance documentation, such as Privacy Threshold Analyses (PTA), Privacy Impact Assessments (PIA), and System of Records Notices (SORN), in coordination with program, business, and system owners across the organization’s enterprise. • Complete and close Plan of Action and Milestones (POA&Ms) vulnerability related POA&Ms, policy, and procedure based on Based Decisions (RBD) POA&MS. • Review Closure/Decommission Evidence and Validate that POA&M closure evidence is accurate and applicable. • Draft executive reports of vulnerability management status and map Security Assessment Report to POA&M. • Mapping security assessment report findings to POA&Ms. • Performing (NIST) 800 series such as 800-30, 800-171, 800-60, 800-53, 800-137, FIPS 199, FIPS 200 • Develop Security Privacy Impact Analysis (PIA) by working closely with the Information System Security Officers (ISSOs), the System Owners, the Information Owners • Experience with tools such as CSAM and Nessus.

.Provide services as security control assessor (SCA) being an integral part of the Assessments and Authorizations process to include A&A scanning, documentation, reporting and analysis requirements. .Monitor Security Controls using NIST 800-137 as a guide, and test portion of the applicable security controls annually and perform periodic vulnerability scanning. • Conducted CDM meeting to discuss vulnerabilities and potential remediation actions with system and application owner. • Ensured identified weaknesses from vulnerabilities scans are remediated in accordance with NIST standards. • Conducted kick off meetings to start security control assessment on assigned systems • Develop Security Assessment Report (SAR) detailing the results of the assessment along with Plan of Action and Milestones (POA&M) • Reviewing and updating, and operation to assess and mitigate potential privacy risks and ensure compliance with all applicable Federal privacy laws and regulations, implementing corrective, remedial, and preventive actions whenever necessary. • Develop System Security Plans (SSP) to provide an overview of system security requirements. • Recommend technological and administrative measures to ensure the privacy protection of personally identifiable information used by data systems, processes, and facilities. • Conducted IT risk assessment to identify system threats, vulnerabilities, and risks. • Prepares recommendation reports that are made available to system owners to remediate identified vulnerabilities during the risk assessment process. • Strong understanding of frameworks, such as NIST 800-53, Cybersecurity Framework, 800-37, Fed RAMP, NIST 800-Series. • Completing Security Authorization packages, to include system security plans, security assessment reports and POA&M summaries.

• Performed Continuous Monitoring tasks which involves identifying, monitoring, and reporting new findings and assets to PMO with vulnerability assessment reports. • Initiate kick-off meetings to collect system information to assist in the categorization phase using FIPS 199 and NIST SP 800-60. • Review and update Contingency Plan (CP) using NIST SP 80-34 guidelines. • Experience in Governance, Risk and Compliance (GRC) tools such as XACTA, CSAM • Security Assessment Reports (SAR) are developed detailing the results of the assessment along with Plan of Action and Milestones (POA&M) • Develop risk assessment reports to identified threats and vulnerabilities applicable to assigned systems. • Evaluates likelihood vulnerabilities can be exploited and assess the impact associated with these threats and vulnerabilities and identified the overall risk level. • Collaborate with ISSOs and system owners to document and manage POA&Ms for the client database. • Assist in the development of an Information Security Continuous Monitoring Strategy to help in maintaining an ongoing awareness of information security (Ensured continued effectiveness of all security controls) • Develop Privacy Threshold Analysis (PTA), and Contingency plan (CP) by working closely with the Information System Security Officers (ISSOs) and the Information Owners. • Review monthly vulnerability scan reports and track and address weaknesses in POA&Ms as needed. • Review and update Contingency Plan (CP) using NIST SP 80-34 guidelines. • Experience using Governance, Risk and Compliance (GRC) tools such as, CSAM