SUMMARY:

• Self - motivated, team-oriented Information Technology Security professional with 10+ years of experience developing IT Security, creating C&A Artifacts, and conducting Security Risks Analysis. Highly efficient (with proven track record) in Program Management, implementing Security Controls & Life cycle Monitoring for Federal Government customers.
• Deliver IT solutions using processes developed by Confidential, Confidential, FIPS, OMB Circular A-130 and other compliance guidelines of the Federal Information System Requirements. Conduct Security Authorization process through Security Planning, Assessment Reports, and Plan of Action and Milestones (POA&M).
• Implement fully compliant Information Security to Protect Mission, Function, Image and Reputation.

TECHNICAL EXPERIENCE:

Operating Systems: Linux, AIX, Windows NT, Windows 2000/2003, Solaris/Linux

Platforms: Novell, Cisco IOS, MAC Lion OS

Hardware: Routers, switches, firewalls, multimedia products, modemspolycom video, autoloaders, thumb drives, desktops and laptops

Software/Applications: AWS CloudFront Lamda Edge, SIEM SolarWinds, SIEM Splunk, Redhat Linux version 3, 4 & 5, Windows XP/2003, Microsoft Excel 07, Active Directory, SGL Server, Apache, ArcServeIT, Nessus, Snort, Oracle, Sequel, Mortgage Calculator, Compaq Insight Management, Visio, Internet, TCP/IP

Network/ Management Applications: Cyber Security Assessment and Management (CSAM III), Kaseya Ticketing System, Request for Action Tracking System (RATS), Tivoli IBM (Big Fix), nCircle, ThunderBird, Remedy, HP Openview, Lucent QIP, Blackberry, Bankrate, Zillow, Enterprise Server (BES) Checkpoint Firewall, ArcSight

PROFESSIONAL EXPERIENCE:

Cloud Security Specialist

Confidential, Vienna, VA

Responsibilities:

• Aiding to provide a robust web services backup system solution in AWS CloudFront on Lamda Edge
• Aiding in enterprise VPC project to connect infrastructure direct with supported AWS services
• Manage Solarwinds SEIM problem management tool for user activity logs and event alerts
• Providing solutions for disaster recovery short & long term strategy
• Performing administrative Project Manager duties and provide weekly team status reports
• Working closely with Fed Technical Monitor & CIO Office
• Managing AWS cloud infrastructure EIA systems
• Conducting & reporting daily Tenable Nessus Security Center vulnerability scan reports
• Conducting & reporting daily TrendMicro Web Reputation & Anti-Malware security reports
• POA&M tracking with focus to tackle current and outstanding issues
• Drafting and finalizing SOPs, Memorandums and Policies for infrastructure and applications
• Updating Confidential packages for infrastructure and applications accreditation process
• Reporting system status in Change Control Board meetings
• Reporting daily and weekly trouble tickets in Kaseya ticketing system
• Managing FedRAMP compliance, risk management, application security & pen testing

Information Assurance Engineer

Confidential, Vienna, VA

Responsibilities:

• Managing 32 IT Systems for audit compliance readiness
• Assisting in supporting the Security Assessment & Authorization Confidential efforts for DOT COE GSS
• Tracking Semi-Annual Confirmation of Privileged Accounts Review by OA (all modes confirmed review)
• POA&M tracking for pending, remediation/mitigation procurements process for (High, Mod & Low)
• Control Risk Mitigation involving approved deviations/waiver request forms
• Participating in Virtual Desktop Infrastructure (VDI) expansion pilot test
• Performing review & reporting scan results with POCs
• Overseeing the tracking and communication to close JAS Portal incident tickets
• Manage Solarwinds SEIM tool for user activity logs and event alerts
• Helping manage the Contingency Plan (updating POCs,RTO, MTOs etc.)
• Helping manage the development of Configuration Baseline
• Perform CSAM III updates including reporting on baseline status and upload artifacts
• Manage MOU & ISA signoffs with OA (all modes, Operating Administrations)
• Audit management of POA&Ms in unison with 3rd party assessment team
• Manage Security Impact Analysis Evaluation forms ensuring compliance with Policy & Procedures
• Confidential & Black Hat Training evaluation and results of accessing courses and completion cert process
• Vulnerability Assessment & Scanning reporting with Storage Team (technical team)

Confidential, Washington, DC

Responsibilities:

• Managed the Enterprise Solutions Architect group, leading the Confidential initiative to achieve Confidential compliance
• Worked directly with the CIO in efforts to collect, prepare and document the current security posture
• Prepared the Security Assessment & Authorization (SA&A/C&A) documentation package by gathering information and interviewing IT teams
• Utilized CSAM version III in updating, reviewing and uploading all project documentation
• Provided guidance on the HSPD-12 Logical Access program by referencing from the Confidential, FIPS and internal SOP standards
• Worked closely with the Program Managers and leads to provide a robust solution for PIV/CAC access
• Assisted on leading the Cyber Security Team on POA&M Management reports generated from third party auditors KPMG
• Focused on prioritized findings and providing quick solutions for repeat problem areas that could be remediated in a short time
• Assisted in project planning, resource loading, target completion and various other management techniques to keep on target

Sr. Security Analyst

Confidential, Herndon, VA

Responsibilities:

• Prepared Security Assessment & Authorization documentation including system security plans (SSP), risk assessment (RA), contingency plan (CP), privacy impact analysis (PIA), SSAE 16 Audit Report and other agreed upon artifacts required for the Confidential packages of both projects
• Managed the annual Confidential security authorization tasks including planning, notification, evaluation, validation, and report preparation of annual Confidential control assessment, IT risk assessment, contingency plan testing
• Managed the remediation actions to correct assessment findings and develop supporting plan of action and milestone (POA&M) reports on the CMS Confidential Controls Tracking System (CFACTS)
• Supported IT security audits, reviews, and reports from ST&E team
• Assisted with the preparation of new or revising of out-of-date IT security policies and procedures
• Researched, evaluated, and recommended vital IT security-related technologies and services
• Assisted in day to day management of the corporate IT governance and assurance program
• Lead the development and management of the corporate security training program, review current and develop new courses as needed
• Responsible managing our local Toastmasters Club - Herndon Chapter as the Vice President Education ( Confidential ), where I plan club meetings, promote participation in programs, track members progress and assign mentors
• Took lead on helping IA team shop for software tools to be implemented in the environment
• Provided mentoring and training for junior staff

Principle Analyst

Confidential, Reston, VA

Responsibilities:

• Responsible for providing support to the VA Sales, Tech Support team as well as Business helping VA in the acquisition phase of the business process to retain or attain IT products
• Risk management advice on appropriate control solutions to match business needs
• Identify new devices introduced in the IT environment and revise existing ones in compliance with VA agency IT Security Policy, FAR Part 39.101 (d) Policy, FIPS, Confidential SP 53A) and
• Responsibilities include reviewing and helping with the approval of devices/products to be used or piloted within the VA infrastructure ensuring the use of common security configuration checklists
• Creating Initial Product Review (IPR) documentation for the Office of Information and Technology
• Documentation consists review & analysis of product features, market comparisons and security concerns
• Ensure VA meets compliance for new technology pilot program by assessing against stringent IT requirements for use within the VA enterprise

Security Analyst

Confidential, Reston, VA

Responsibilities:

• Focused efforts towards Vendor Risk Management (VRM) responsibilities of contract review
• Vendor security document request of contract artifacts needed for compliance assessments and records
• Banking institution artifacts relating to measurement by Confidential & Confidential, Confidential ’s and others, in assessing financial records for Confidential fiduciary purposes using Web Services
• Review of outsourced service provider contract clause verification checklist against Confidential guideline controls
• Conducted contract reviews in the Consolidated Document Information System ( Confidential ), an online corporate document information processing system application that includes a Digital Library of electronic contracts on file (CEFile)
• Tracking tickets through Remedy automated solution software within the Confidential database
• Assisted in completion review of DRR Vendor Risk Management (VRM) Phase I; contract portfolio, performed categorization of post awarded contracts, risk level designation, resourcing and content type
• Working knowledge of the SSAE16 (reporting and controls) Auditing Confidential Type I & II
• Assisted team on completion of Sigv6.2 mapped with Confidential Rev3 control families deliverable

Security Specialist

Confidential, Rockville, MD

Responsibilities:

• Responsibilities included conducted controls compliance reviews (CCR) to verify Information Systems are being operated in accordance with DOC Information Technology Security Program Policy (ITSPP), Confidential, OMB - Circular A-130 and other applicable mandated security controls
• Resourcing through Cyber Security Assessment and Management (CSAM) a C&A Web-based secure network tool, review system authorization status, latest versions of system artifacts provided, and POAMs. Contribute aggregate information to the Department’s OMB A-123 Report
• Also referenced some outstanding tickets through Remedy automated in agency operations WR processes
• Conducted compliance assistance activity (CAA) by assisting organizations in meeting compliance requirements through performing POAM trend analysis, delayed analysis, closure rates, scans, developing corrective action plans, and assessing new technologies
• Lead efforts on performing continuous monitoring reviews for 21 government systems, to determine whether or not these operating units have improved in complying with previously recommended security controls
• Results are documented and included by the compliance & oversight team on scorecards that are uploaded into CSAM for over 50 DOC operating units and 270+ Information Systems

Security Specialist

Confidential, Rockville, MD

Responsibilities:

• Performed Project Management for Inventory of Information System Components project and Baseline Configuration project, focusing on operations and maintenance
• Facilitated weekly Charter and Scope focused meetings alongside high-level Government personnel
• Supported the development and management of Information Systems security, including gap analysis, change control requests, work requests, problem requests, disaster recovery procedures, database protection and software development
• Analyzed mission critical Information Security systems and applications to recommend and develop security policy and procedures that protect information against unauthorized modification or loss, or compromise confidentiality, integrity and or availability
• Supported technical architecture and assessments on components and software in the environment
• Oversaw the continuous monitoring process through a subject matter expert point of view and provided remediation by tracking findings through corrective action plans and project scope
• Provided guidance on developing and updating system documentation for C&A efforts using security categorization tools in accordance with Confidential of 2002 artifacts, FIPS 199 and 200, and referencing to Confidential SP 53A)
• Conducted security tests and evaluations by independent research through in-person interviews, against current environment operational conditions
• Created and disseminated weekly vulnerability reports applicable to all systems and software of environment
• Provided compliance on Independent Verification and thoroughly closed POAMs by their priority dates

Senior Certification & Accreditation Specialist

Confidential, Washington, DC

Responsibilities:

• Supported Internal Revenue Service ( Confidential ) in Certification and Accreditation. Proven responsibilities of efforts resulted in resolving over 90% of intrusion and device failures detected
• Efficiently addressed security needs by: implementing a comprehensive, thorough, and documented process; creating remediation plans; and providing oversight of corrective actions
• Created risk analysis procedures using SSP templates, Confidential SP (A), vulnerability assessment matrices, and creating set measure of contingency planning based upon agreed controls
• Ensured security categorization in accordance with Confidential of 2002 artifacts, FIPS 199 and 200, and referencing to Confidential SP 53 A)
• Evaluated control deficiencies. Developed mitigation approaches and risk tests with fellow IT Specialists
• When changes were deemed necessary, addressed system owners to agree on realistic investment costs for program resources system design

Senior Information Assurance Engineer

Confidential, McLean, VA

Responsibilities:

• Opened/corrected 80+ problem tickets a month in email management and restoration
• Supported contracts with Department of Justice (DOJ), Treasury Confidential of Confidential
• Facilitated Risk Management in auditing, assessing and remediating documentation by providing thorough guidance compliance with Confidential Security Auditing protocol instructions
• Accountable for training employees and users at multiple levels of the corporation, as a means to assure quality in their performance as part of my responsibilities
• Set due diligence parameters on time and within resource cost with team members
• Involved in Plan of Action and Milestones with Information System owner
• Proceeded with correcting any deficiencies documented during assessments. Reduced and effectively eliminated various susceptible ranges or gaps in the Information System
• Implemented consistent monitoring throughout life cycle of Information System. Whenever a change was deemed necessary, conducted Impact Analysis and carried out procedures to safeguard operations
• Delivered monthly and quarterly reports/review updates on objectives on performance plans of employees and practicing protocol standards of ISO/IEC 27002, Confidential SPs 53A, DoD guidance series 8500, DIACAP, DITSCAP and DHS 4300

Senior CFA, Personal Banker

Confidential, Washington, DC

Responsibilities:

• After receiving rapid promotions (within Banking Center), goal achievement awards, meeting over 110% - 200% goals, and Best Attitude Award, transferred to one of the highest goal-achieving centers in D.C.
• Maintained Bank Center performance to optimum compliance level. Advised, mentored and collaborated with fellow associates in demonstrating best business experiences for all customers
• Responsibilities in providing all banking products included but not limited to; Banking Accounts, Credit, Mortgage, Investments
• Qualified customer with industry best tools; DTI, CTI calculations with mortgage calculators
• FICO Scores and other risk measurements to assess borrowers risk to borrow and payback