Ensured proper system categorization using NIST 800-60 and FIPS 199, and implemented appropriate security controls for information systems based on NIST 800-53 rev 4 and FIPS 200.Collaborated with system owners to develop, test, and train on contingency plans and incident response plans.Tested, assessed, and documented security control effectiveness, collecting evidence, interviewing personnel, and examining records to evaluate the effectiveness of controls.Reviewed and updated remediation on Plans of Action and Milestones (POA&Ms) in the organization's Cyber Security and Management (CSAM) system.Worked with system administrators to resolve POA&Ms, gathering artifacts, and creating mitigation memos, residual risk memos, and corrective action plans to assist in the closure of the POA&Ms. Reviewed, maintained, and ensured all assessment and Authorization & Accreditation (A&A) documentation was included in the system security package.Ensured vulnerabilities and risks were efficiently mitigated in accordance with the organization's monitoring plan.Authored or coordinated the development of other required system security plans, including Configuration Management (CM), Contingency Plan (CP), Continuity of Operations (COOP), Disaster Recovery Plan (DR), and Incident Response Plan (IRP).Provided continuous gap analysis of current policies, procedures, and practices in relation to established guidelines outlined by FISMA, OMB, and NIST.

Managed the implementation and maintenance of security controls and measures for information systems. Conducted Security Authorization (Assessment & Authorization) for major applications and general support systems.Performed risk analysis and assessment, developing mitigation strategies to address vulnerabilities. Utilized tools such as XACTA for continuous monitoring and POA&M management.Provided detailed security code analysis and product evaluation.Developed and reviewed security documentation, including policies, procedures, and risk management plans.Supported policy and audit services to ensure compliance with federal and industry standards. Conducted security testing and assessments on federal applications and support systems.Evaluated Authorization packages and made recommendations for security authorization.Reviewed and updated remediation plans (POA&Ms) in the Cyber Security and Management (CSAM) system.Collaborated with system administrators to resolve POA&Ms, creating mitigation and residual risk memos.Authored and maintained various system security plans, including Configuration Management and Incident Response Plans.Conducted security assessment interviews and developed Security Assessment Reports (SAR) to maintain Authorization to Operate (ATO).