SUMMARY

• InfoSec Engineer with ten+ years experience in Information Security and Computer Networking.
• IT certifications achieved: CISSP, CCNP, CCNA, MCSE, MCSA, MCDBA, MCP, A+.

PROFESSIONAL EXPERIENCE

Confidential, Alexandria, VA

Responsibilities:

• Security Analyst with the Washington Headquarter Service (WHS) Operations and Maintenance Team (O&M)
• Daily work with Tenable’s ACAS scan tool Assisted with set up of scans Reviewing and processing of scan reports
• Assisted O&M system admins with mitigations Assisted V&V team with validations Assisted in management of eMAS
• Responsible for assisting with the certification of applications, systems, or networks in compliance with DoDI 8510.1, DoDI 5200.40, DoDI 8500.2, and other applicable directives.
• Scheduled and conduct between 6 and 16 major test events during the Risk Assessment process.
• Reviewed all application, system, or network documentation in accordance with current guidance.
• Ensured compliance with Privacy requirements and provide guidance to application, systems, or network owners as necessary.
• Prepared comprehensive Risk Assessment Reports to support interim accreditation, and Accreditation Reports to support full accreditation.

Confidential, Bethesda, MD

Security Analyst

Responsibilities:

• Responsible for assisting with the certification of applications, systems, or networks in compliance with DoDI 8510.1, DoDI 5200.40, DoDI 8500.2, and other applicable directives.
• Scheduled and conduct between 6 and 16 major test events during the Risk Assessment process.
• Reviewed all application, system, or network documentation in accordance with current guidance.
• Ensured compliance with Privacy requirements and provide guidance to application, systems, or network owners as necessary.
• Prepared comprehensive Risk Assessment Reports to support interim accreditation, and Accreditation Reports to support full accreditation.

Confidential, Fort Washington, MD

Security Analyst

Responsibilities:

• Responsible for assisting with the certification of applications, systems, or networks in compliance with DoDI 8510.1, DoDI 5200.40, DoDI 8500.2, and other applicable directives.
• Scheduled and conduct between 6 and 16 major test events during the Risk Assessment process.
• Reviewed all application, system, or network documentation in accordance with current guidance.
• Ensured compliance with Privacy requirements and provide guidance to application, systems, or network owners as necessary.
• Prepared comprehensive Risk Assessment Reports to support interim accreditation, and Accreditation Reports to support full accreditation.

Confidential, Fort Washington, MD

InfoSec Engineer

Responsibilities:

• Responsible for the certification of applications, systems, or networks in compliance with DoDI 8510.1, DoDI 5200.40, DoDI 8500.2, and other applicable directives.
• Developed and executed Security Test Plans for firewalls, VPN, routers and switches IP networking, port filtering, and security objectives.
• Scheduled and conduct between 6 and 16 major test events during the Risk Assessment process.
• Reviewed all application, system, or network documentation in accordance with current guidance.
• Ensured compliance with Privacy requirements and provide guidance to application, systems, or network owners as necessary.
• Conducted Physical Security Audits & Ports and Protocol Audits in compliance with DoD policy, directives, and guidance
• Recommended to the Certification Authority (CA) and Designated Accreditation Authority (DAA) the worthiness of an application, system, or network for accreditation.
• Prepared comprehensive Risk Assessment Reports to support interim accreditation, and Accreditation Reports to support full accreditation.
• Implemented and designed a Test and Training Lab

Confidential, Fort Washington, MD

InfoSec Engineer

Responsibilities:

• Responsible for the certification of applications, systems, or networks in compliance with DoDI 5200.40, DoDI 8500.2, and other applicable directives.
• Developed and executed Security Test Plans for firewalls, VPN, routers and switches IP networking, port filtering, and security objectives.
• Scheduled and conduct between 6 and 16 major test events during the Risk Assessment process.
• Reviewed all application, system, or network documentation in accordance with current guidance.
• Ensured compliance with Privacy and HIPAA requirements and provide guidance to application, systems, or network owners as necessary.
• Conducted Physical Security Audits & Ports and Protocol Audits in compliance with DoD policy, directives, and guidance
• Recommended to the Certification Authority (CA) and Designated Accreditation Authority (DAA) the worthiness of an application, system, or network for accreditation.
• Prepared comprehensive Risk Assessment Reports to support interim accreditation, and Accreditation Reports to support full accreditation.
• Implemented and designed a Test and Training Lab

Confidential, VA

Information Assurance Security Officer

Responsibilities:

• Responsible for disseminating and ensuring implementation of IA policy, guidance, and training requirements.
• Ensuring implementation of IAVM dissemination, reporting, and compliance procedures.
• Ensuring all users meet the requisite favorable security investigations, clearances, authorization, need - to-know and security responsibilities before granting access to the IS.
• Ensuring personnel receive system-specific and annual IA awareness training.
• Ensuring log files and audits are maintained and reviewed for all systems and that authentication policies are audited for compliance.
• Preparing, distributing, and maintaining plans, instructions, and SOPs concerning system security.
• Reviewing and evaluating the effects on security of system changes, including interfaces with other ISs and documenting all changes.
• Ensuring that all ISs within their area of responsibility are accredited. Developing or coordinating the development and support of C&A requirements, and initiating re-accreditation as required.
• Ensuring configuration management for IS software and hardware is maintained.
• Ensuring system recovery processes are monitored and that security features and procedures are properly restored.
• Maintaining current software licenses and ensuring security related documentation is current and accessible to properly authorized individuals.
• Reporting security violations and incidents to the servicing RCERT.
• Responsible for Certification and Accreditation (C&A) of FMCSA network and resources, keeping in compliance with NIST 800 series standards and recommendations, as well as industry best practices.
• Execute C&A Plans against a negotiated timeline.
• Assist the Information System Security Officer (ISSO) and application, system, or network owners defining all applicable Information Assurance (IA), and security requirements in compliance with all applicable DOT policies, directives, and guidance.
• Conduct Periodic Review of accredited applications, systems, or networks to ensure configuration stability requirements.
• Identify and track vulnerabilities for each major test event until fixes and/or mitigations are acceptable

Confidential, Falls Church, VA

InfoSec Engineer

Responsibilities:

• Responsible for the certification of applications, systems, or networks in compliance with DoDI 5200.40, DoDI 8500.2, and other applicable directives.
• Developed and executed Security Test Plans for firewalls, VPN, routers and switches IP networking, port filtering, and security objectives.
• Scheduled and conduct between 6 and 16 major test events during the Risk Assessment process.
• Reviewed all application, system, or network documentation in accordance with current guidance.
• Ensured compliance with Privacy and HIPAA requirements and provide guidance to application, systems, or network owners as necessary.
• Conducted Physical Security Audits & Ports and Protocol Audits in compliance with DoD policy, directives, and guidance
• Recommended to the Certification Authority (CA) and Designated Accreditation Authority (DAA) the worthiness of an application, system, or network for accreditation.
• Prepared comprehensive Risk Assessment Reports to support interim accreditation, and Accreditation Reports to support full accreditation.
• Implemented and designed a Test and Training Lab