- Over 20 years of combined experience in the Information Technology profession.
- Supported various government agencies such as the Department of Homeland Security ( Confidential ), Federal Communications Commission (FCC), Confidential, Confidential, Department of Energy (DOE), Notional Oceanic and Atmospheric Agency ( Confidential ), Federal Aviation Administration ( Confidential ).
- Familiar with all phases of the Confidential Risk Management Framework (RMF).
- Broad experience with the FISMA Information Systems Accreditation and Authorization ( Confidential & Confidential ) process utilizing the Confidential SP rev.3, and rev.4, Security Controls.
- Familiar with the CMMI Level 3 SCAMPI Process.
- Capable of independently acquiring new skills necessary to excel in the constantly evolving Information Technology profession.
- Excellent written and oral communication skills.
- Enjoy exploring technical issues with peers, as well as gathering and eliciting functional requirements with stakeholders and end users.
- Detail oriented, and comfortable when dealing with senior management.
- Currently hold Confidential Public Trust Clearance with the Federal Aviation Administration ( Confidential ).
Programming Languages: SQL
Operating Systems: Microsoft Windows
Scanning Tools: IBM EndPoint Manager (BigFix), Nessus (Tenable Security Center), Netsparker
Enabling Technologies: Microsoft Office Suite (Words, PowerPoint, Visio, Project, Access, Outlook), SharePoint, Adobe Connect.
Information Assurance: Confidential RMF Process: Categorization, Selection, Implementation, Assessment, Authorization, and Continuous Monitoring; FISMA information systems Authorization and Accreditation ( Confidential & Confidential ). Software Requirements Analysis; Software Quality Assurance; Software Test Engineering. FedRamp CSP/3PAO/P - ATO Accreditation.
ConfidentialSenior Quality Analyst
- Assist the SO with completing the system authorization documentation using templates from the current Confidential ’s Security Authorization Handbook.
- Support all Assessment & Authorization ( Confidential & Confidential ) activities.
- Perform scheduled vulnerability/risk assessment analysis.
- Ensure IT systems have all security controls in place and functioning properly in accordance with Confidential Confidential publication.
- Evaluate/analyze vulnerability results from the following set of tools to include but not limited to: NESSUS and WebInspect, DbProtect.
- Manage POA&Ms from creation to closure.
- Insure that all Confidential & Confidential core documents (SSP, BCP, FIPS 199/200, PTA, PIA, ISCP, etc…) are completed and uploaded in CSAM.
ConfidentialSenior Quality Analyst
- Conducted assessments of existing IT Systems for compliance with security requirements from FISMA security guideline.
- Performed FIPS 199 Security Categorizations
- Performed Privacy Threshold Analyses
- Developed Privacy Impact Assessments
- Updated System Security Plans
- Updated Business Impact Analyses
- Developed System Contingency Plan and Test Plan
- Updated Incident Response Plans
- Developed Security Assessment Plans
- Developed Security Assessment Reports (CSAM)
- Requested from Confidential Enterprise Security Services and analyze compliance and vulnerability scan results.
- Utilized CSAM to conduct Confidential SP rev.4, Security Controls assessments.
- Created and managed POA&Ms utilizing CSAM.
Lead IT Security Analyst
- Conducted assessments of existing IT architecture for compliance with security requirements from FISMA security frameworks.
- Created documentation (SAR, SSP, POA&M), to support information system Authorization and Accreditation packages.
- Provided continuous monitoring support for information systems (Incidents Response, IBM BigFix and QRadar Scan review and report, POA&M management).
- Developed IT architecture deliverables, specific to information security countermeasure implementations, for operational systems.
- Developed IT security policies, standards, and guidance based on FISMA Rev.4 recommendations and the Confidential Guidelines.
- Utilized Web Based Certfied Security Assessment And Management (CSAM) tool to automate the activities of the C& Confidential for Confidential Cloud based Major Application and Confidential GSS hosted Major Application.
- Attended daily Scrum meetings and utilized CA Agile Central RALLY tool to manage project tasks.
Senior Requirements Analyst / Security Analyst
- Supported various software development projects from start to closure and followed the PMO Project Management Life Cycle process from initiation to closure.
- Document user requirements into Confidential Functional Requirements Document (FRD).
- Map user requirements into Confidential structured Requirements Traceability Matrix (RTM).
- Conduct requirements reviews with user communities and as well as with peers Developers and QA testers.
- Assist Developers in writing System Design Documents (SDD).
- Maintain project documents up to date in SHAREPOINT based project libraries.
- Utilize REMEDY to track IT Support issues, and provide assistance to users when needed.
- Record software defects utilizing DEVTRACK, and tracked system change requests to resolution.
- Utilized SQL queries to analyst data from MS SQL Server database.
- Insure that all Confidential SP rev.3 recommended security features are built into the final software product in accordance with Confidential ’s Security Policies and Guidelines.
Information Security Analyst / Requirements Analyst
- Utilize the Risk Management System (RMS) to assess assigned systems in order to determine their security status for FISMA Compliance.
- Develop C& Confidential documentation (System Security Plan, Contingency Plan, etc…).
- Track all FISMA compliance artifacts in the Trusted Agent FISMA (TAF) tool.
- Conduct C& Confidential efforts using the Confidential SP rev.3 series and the Confidential Sensitive Systems Policy 4300A documents.
- Conducted peer reviews of test plans to verify their accuracy to the approved requirements, and their compliance with Confidential security policies.
- Ensured that the handling and processing of the applicant’s Personally Identifying Information (Social security Number, Biometrics, etc.) adhere to the Confidential ’s PII management policy and guideline.
Senior Systems Analyst
- As Senior Analyst on the SPARQ application development team, responsibilities were to design test cases, build test data sets.
- Perform preliminary verifications of the functionality for new software release.
- Verify the security feature of the software products against government approved requirements, in order to protect the Confidentiality and the Integrity of the information, and promote the availability of the system at all time.
- Attended Confidential 3 days JAD session to collect business requirements from subject matter experts, project sponsors, and system owners.
- Guided the Credit Risk Division in discovering, gathering, analyzing and documenting requirements for their Credit Underwriting Survey System.
- Developed the first version of the Confidential Policy Guide System (OPGS) Index using Microsoft Access Web pages on Confidential SQL Server database, and also on an MS Access database.
- Developed functional requirements into specifications requirements, then mapped the specifications requirements into Confidential structured Requirements Traceability Matrix (RTM).
- Conducted requirements phase reviews with user communities and peers to develop Project Planning, System Requirements Specifications (SRS), System Design Document (SDD).
- Utilized PVCS Version Manager to record and manage changes to project artifacts and deliverables.
- Utilized PVCS Tracker to document and track project issues.
Senior Quality Analyst
- Assure the Safety, the Quality, the Integrity, and the Potency of blood products by verifying that Good Manufacturing Processes (GMP) are adhered to.
- Analyzed user requirements to develop System Requirements Specification document (SRS), and Software Design Documents (SDD).
- Reviewed work products of peers Business Analysts and QA Analysts to verify the completeness and the accuracy of the requirements document.
- Developed User Acceptance Test (UAT) plans and test procedures to trace the requirements to the SRS and verify the completeness of their coverage in the Safety-critical Software products.