SUMMARY:

• Detailed knowledge of security tools, technologies and best practices. In - depth knowledge in the application of the FISMA Risk Management Framework and Ongoing Authorization processes to protect government Information Systems. Experienced in system and network administration and engineering, hardware evaluation, project management, systems and network security, incident analysis and recovery.
• Perform Security Assessment and Authorization (SA&A) documentation
• Develop, review and evaluate System Security Plan
• Perform comprehensive assessments and write reviews of management, operational and technical security controls for audited applications and information systems
• Develop and conduct ST&E (Security Test and Evaluation) according to NIST SP 800-53A
• Excellent with NIST RMF and Ongoing Authorization process.
• Knowledgeable about NIST publication including FIPS 199, SP 800-60, SP 800-53rev4, SP -800-137
• Excellent with COSO, COBIT, ISO, SSAE 16 (SOC1,2&3) and PCI DSS Frameworks
• Develop and update POA&M
• Ability to multi-task, work independently and as part of a team
• Strong analytical and quantitative skills
• Effective interpersonal and verbal/written communication skills
• Strong background in Linux Systems Administration and Networking
• Experience with vulnerability scanners including Nessus
• Experience with NMAP, IP360, and AppScan
• Experience with configuring of Cisco network Switches including VLANs, Port Security, Port Aggregation, etherchannel, and etc.
• Familiar with SIEM tools including Splunk and ArcSight
• System administration experience with RedHat Linux 3.x, 4.x, 5.x & 6.x, CentOS 4.x, 5.x 6.x and Fedora. Microsoft Windows Server 2008 and 2012.

PROFESSIONAL EXPERIENCE:

Confidential

Information Systems Security Engineer

• Complete and maintain Interconnection Security Agreements (ISAs) for any connections outside of Confidential network boundary.
• Complete and maintain any required Memorandum of Agreement/Understanding (MOA/MOU) or copies of these agreements applicable to my systems.
• Ensure security controls are met at inception and throughout system development
• Ensure systems are properly patched and hardened according to Confidential requirements
• Ensure Rules of Behavior are signed for all system users.
• Complete Waivers and Accepted Risks (WEAR) as required to be presented to the Authorization Official.
• Complete remediation plans for all POA&Ms
• Provide code review & approval prior to deployment into production
• Review Audit Logs on a weekly basis using Splunk, and recording the findings in an Audit Log Review Tracker
• Review system accounts monthly using splunk, and recording the findings in an Account Management Review Tracker
• Review questionnaires, Checklist, and ICCB plans as part of change management processes and approving change requests
• Perform manual penetration testing of systems and web applications to discover vulnerabilities
• Running Nessus Security Center 5 scans on weekly basis to reveal vulnerabilities, patches, and updates that due and then work closely with System engineers and Solution architects to fix the issues.
• Review DbProtect and WebInspect scans on monthly basis for Web and Database vulnerabilities, and providing guidance to the application engineering team for remediation.
• Coordinate with Departmental agency staff as necessary to provide guidance on the process of conducting risk analysis and computer security reviews, security assessments, the preparation of Disaster Recovery Plans in the Continuity of Operations (COOP) plans, security plans, and the processes involved in the DOL required activities for the Certification and Accreditation of Major Information and General Support Systems (MIS/GSS)

Confidential

Senior Information Security Engineer

• Worked with Windows and UNIX network administration teams to complete vulnerability and patch management assessments and implementation releases.
• Recommended and provided approvals for network security policies, standards and protocols to prevent unauthorized use, modification and destruction of the organization information.
• Utilized Nessus Security Center 4 (SC4) vulnerability scanning tool ensure compliance objectives are met while providing mitigation strategies and guidance for discovered vulnerabilities.
• Performed vulnerability assessments, remediation and security hardening.
• Performed enterprise wide vulnerability assessment on the VA systems and developed Plan of Action and Milestones (POA&M).
• Developed Security Assessment Report (SAR) detailing the results of the assessment along with Plan of Action and Milestones (POA&M).
• Assisted ISSOs in reviewing and submitting Artifacts to justify POA&M Closure.

Confidential

Information Security Analyst

• Assist System Owners and ISSO in preparing certification and Accreditation package for the compan’s IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53rev4.
• Conduct kick off meetings in order to categorize systems according to NIST requirements of Low, Moderate or High system using FIPS 199 and NIST SP 800-60
• Develop a security baseline controls and test plan that was used to assess implemented security controls.
• Conduct security control assessments to assess the adequacy of management, operational, privacy, and technical security controls implemented. A Security Assessment Reports (SAR) are developed detailing the results of the assessment along with plan of action and milestones (POA&M).
• Develop risk assessment reports. This report identified threats and vulnerabilities applicable to assigned systems. In addition, it also evaluates the likelihood that vulnerability can be exploited, assesses the impact associated with these threats and vulnerabilities, and identified the overall risk level.
• Assist in the development of an Information Security Continuous Monitoring Strategy to help maintaining an ongoing awareness of information security (Ensure continued effectiveness of all security controls), vulnerabilities, and threats to support organizational risk management decisions.
• Participate in the development of Privacy Threshold Analysis (PTA), and Privacy Impact Analysis (PIA) by working closely with the Information System Security Officers (ISSOs), the System Owner, the Information Owners and the Privacy Act Officer.
• Develop E-Authentication reports following NIST SP 800-63 requirements to provide technical guidance in the implementation of electronic authentication (e-authentication).
• Develop/review system security plan in accordance with NIST SP 800-18 to provide an overview of federal information system security requirements and describe the controls in place or planned to be implemented.
• Develop HIPAA compliance reports documenting audit findings and corrective actions. These reports are submitted to the alternate ISSO.

Confidential, Germantown, Maryland

System Administrator

• Troubleshooting Redhat Linux 3.x, 4.x, 5.x & 6.x, CentOS 4.x, 5.x 6.x and Fedora Windows XP, Vista and 7 desktop environments and to help users solve hardware and software operation and application problems. Performing data backups and maintaining the Local area network. Adding new network points and users to the LAN and managing new and old users on both Linux (RHEL) and Windows Server platforms. Managing user accounts, shells, and security in Linux.
• Managed call center activities to meet service level agreements.
• Responsible for creating and managing user accounts, security, rights, disk space and process monitoring in Solaris, CentOS and Redhat Linux.
• Performed PC support and maintenance for over 1000 people.
• Installed and upgraded video cards, modems, hard drives, IDE controllers, SCSI drives, power supplier and memory components.
• Performed system configuration and troubleshooting.
• Created and managed user accounts and security in both Linux and Windows environment
• Created, cloned Redhat and CentOs Linux Virtual Machines, templates using VMware Virtual Client 3.5 and migrating servers between ESX hosts.
• Managed systems routine backup, scheduling jobs, enabling cron jobs, enabling system logging and network logging of servers for maintenance.
• Performed RPM and YUM package installations, patch and other server management.
• Worked with information Security and Assurance professionals to implement security controls to meet HIPAA Security and Privacy requirements.

Confidential

IT Executive

• My responsibilities included designing and configuring LAN and Uplinks for new offices, acquiring and installing the right Operating Systems (OS) and Application system software for various departments, offering effective network administration which also included managing user accounts and mailing lists, repairs and installation of PCs and peripherals.