PROFESSIONAL SUMMARY:

• Broad experience with consulting with various government agencies
• Expertise in the Certification and Accreditation (C&A) process.
• Expertise in the Ongoing Authorization (OA) process, Security Plan (SP), POA&M Management, and Authorization and Re - authorization of systems.
• Working knowledge of Xacta, TAF, and CSAM, Clearquest, Remedy, HEAT.
• Working technical knowledge of vulnerability/troubleshooting scan software including but not limited to Nessus, Mcafee EPO, Retina, Wireshark and Appdetective.
• Customized Nessus scanning software for compliance and configuration scans.
• Performed IV&V Independent Verification and Validation (IV&V) testing as well as ST&E Security Test & Evaluations.
• Was the subject matter expert (SME) to recommend solutions to administrators and key personnel for their security systems.
• Used various hardening and configuration documentation to make sure systems were in compliance.
• Lead a team to do ST&E testing as well as ultimately assisted agency increase their FISMA scorecards.
• Conducted site assessments on various client sites and datacenters.
• Presented in-briefing summary and out-briefing summary to clients during assessments.
• Provide support for facilitating and helping agencies identify their current security infrastructure and define future programs, design and implementation of security related to the IT system.
• Work with the other Information Security Engineers (ISE’s) to perform remediation C&A Information Security Services activities, as needed.
• Experience in supporting customers for PKI software installation and troubleshooting for human and device certificates for PKI.

PROFESSIONAL EXPERIENCE:

Confidential

Responsibilities:

• Provide support for C&A activities for Office of Inspector General. Coordinate meetings and efforts for all C&A activities with technical engineering team and support staff.
• Work closely with Account Security Officer (ASO) and Segment Security Officers (SSO) to ensure operational security measures are implemented.
• Assesse and mitigates system security risks; determines and analyzes security requirements for implementation and testing.
• Review and continuously monitors implemented security controls.
• Create and maintains security checklists, templates and other tools to aid in the A&A process.
• Performs security control assessment using NIST A guidance and as per continuous monitoring requirements.
• Perform risk analyses to determine and recommends essential safeguards.
• Proactively mitigates system vulnerabilities and recommends compensating controls.
• Prepare security authorization packages in accordance with the client contractual requirements.
• Develops core documents such as System Security Plan, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc.
• Maintain client-specific Plan of Action and Milestones and supports remediation activities.
• Maintain an inventory of hardware and software for the information system.
• Develop, test and train on Contingency and Incident Response planning.

Security Engineer

Confidential

Responsibilities:

• Coordinate with HRMIS Infrastructure group and ITSO group for ongoing C&A activities including quarterly scans, audits and compliance.
• Use problem tracking tool ptr for generating weekly reports for system findings.
• Develop and continually refresh System Security Plan, Risk Assessment Report, Security Assessment Plan and Report, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan documentation using Xacta.
• Perform internal security control assessments and ensure compliance with NIST SP rev 4.
• Provide continuous monitoring to enforce client security policy and procedures
• Develop and modify MOUs and ISAs.
• Keep track of all findings for HRMIS system and provide remediation support including POA&M monitoring.
• Update network and system diagrams for latest system updates.

Primary Assessor

Confidential

Responsibilities:

• Reviewed and updated Information Security System Policies, System Security Plans, and Security baselines in accordance with NIST, FISMA, OMB App. Apply appropriate information security control for Federal Information System based on NIST rev1, SP rev4, FIPS 199, FIPS 200. Analyze automated, manual, database and web application vulnerability scans results and create Plan of Action and Milestone to remediate potential risks.
• Ensuring ISSOs complete a FIPS-199, PTA, e-authentications, CPs, CPTRs, SSPs, and As, and personally delivering RAs, ST&E Plans, SARs, and ATO Letters.
• Assist in developing and executing the agency Certification & Accreditation Program using IACS XACTA in a day to day basis. Currently using NIST rev 4 compliance
• Served as the primary certifier main liaison and driving force for all assessment and authorization to include ensuring Confidential complete all deliverables for an ATO
• Managed assigned systems throughout the entire A&A lifecycle to include continuous monitoring, POA&M management, waiver and exception support, and periodic reauthorization.

IT Consultant

Confidential

Responsibilities:

• Provide support for C&A activities by assisting system owners with developing C&A documentation and providing remediation planning and implementation activities for Confidential client at Confidential .
• Support Confidential C&A tool for all C&A efforts for Confidential clients.
• Provide support to system owners on C&A activities as needed, including developing all necessary documentation

IT Specialist

Confidential

Responsibilities:

• Provide support for C&A activities by assisting system owners with developing C&A documentation and providing remediation planning and implementation activities for 24 Confidential computer systems in support of the Confidential contract
• Support the engineering effort required to implement solutions to vulnerabilities identified in risks assessments and mitigation plans
• Provide support to system owners on C&A activities as needed, including developing all necessary documentation
• Work with the other Information Security Engineers (ISE’s) to perform remediation C&A Information Security Services activities, as needed.

Network Security Engineer

Confidential

Responsibilities:

• Configuration Management Support, which includes Risk Management Support and Continuous Monitoring Support
• Provide C&A support for ST&E and IV&V testing.
• Have FISMA In-Depth Training which covers FIPS 199, NIST SP, NIST SP, NIST SP, NIST SP, NIST SP, NIST SP 80053A, and the development of Systems Security Plan (SSP), Security Assessment Report (SAR), and Plan of Action and Milestones (POA&M). As well as templates for NIST Guidance.
• Involved in assessing security vulnerabilities and designing appropriate security safeguards.
• Support customers for PKI software installation and troubleshooting for human and device certificates for PKI
• Performed baseline configuration and systems hardening for Windows, Linux, Solaris, AIX, Apache, and TomCat environments.
• Setup lab environment for testing of PKI using Entrust Security Manager
• Work with individuals for PKI products hardware and software support.
• Install PKI for all FEMA employees within the Washington DC region.

Network Security Engineer

Confidential

Responsibilities:

• Contractor assigned to Office of the General Counsel
• Managed Vulnerability Management System (VMS) in closing and updating patches vulnerabilities to over seven different sites in the US.
• Configured Confidential to update workstations with the latest Microsoft patches.
• Coordinated efforts to address CMI's (A spill of classified information onto a lower classification system or network)
• Performed Information Assurance Office (IAO) duties to implement Confidential security policies.
• Performed monthly Retina scans to scan for network vulnerabilities.
• Used Gold Disk to run Confidential 's on both workstations and servers
• Attended IAB (Information Assurance Board) weekly meeting for requirements and procedures mandated by OSD enterprise.
• Performed baseline configuration and systems hardening for Windows, Unix (linux) environment.
• Managed Confidential servers to do Retina scanning and deployment of patches to workstations and servers.
• Coordinated efforts for testing, deploying, administrating security policies and patching for all agency requirements.