Cloud Security Specialist Resume

SUMMARY:

Over 25 years of direct experience in a broad range of Information Technology positions. Thirteen (13) years of progressive experience in Cyber security in complex system and organizational environments and five (5) years direct project management.
Experience in the DoD and Federal environments as both a project manager and an IA engineer responsible for managing teams coordinating all phases of the Certification and Accreditation (NIST/DIACAP) process.
Comprehensive bottom - up development of C&A packages including SSP, Contingency Plans, Incident Response Plans, SAP, SAR and POAMs. Leader in the development of enterprise wide policies and procedures for various Federal agency program offices.
Excellent communicator; possesses the ability to convey technical issues and resolutions to all levels of management, as well as to customers of various technical backgrounds.

PROFESSIONAL EXPERIENCE:

Confidential

Cloud Security Specialist

Serves in an advisory capacity for the Cloud Computing Services Program Management Office. Responsibilities include providing security expertise and recommendations for cloud computing acquisition vehicles and next generation cloud computing models, supporting multiple working groups (Cloud Migration Services WG, EaaS Requirements WG, Cloud Computing Acquisition Forum (CCAF) and the Federal Cloud Computing Center of Excellence (CCOE), assist in developing and editing procurement documents (RFIs, SOOs), respond to technical inquiries from Contracting Officers regarding cloud proposal submissions and modifications, respond to inquiries from customer agencies about cloud products. Serves as liaison to FedRAMP PMO.
Assisted with and conducted assessments of PaaS and SaaS components for NIH utilizing the NIST and FedRAMP frameworks.

Confidential

GSA (Consultant) / ISSO

Responsibilities included evaluation of cloud service provider’s Assessment and Authorization (A&A) activities, including reviewing NIST documentation and organizational policies and procedures in accordance with GSA IaaS Vendor Guidance.
Identify and propose solutions to resolve security deficiencies, Interface with commercial and government cloud service providers, and analyze system risks and provide recommendations for risk acceptance or rejection.
Evaluated cloud computing architectures and identify weaknesses including assessment results for Host System Security (Windows, UNIX, and Linux), Network Security (Firewalls, Guards, etc.), Malicious Code Detection and Eradication, and Penetration Tests. Presentation of findings and recommendations to senior government officials.
Serves in an advisory capacity for the Cloud Computing Services Program Management Office. Responsibilities include providing security expertise and recommendations for cloud computing acquisition vehicles and next generation cloud computing models, supporting multiple working groups (Cloud Migration Services WG, EaaS Requirements WG, IaaS Shared Interest Group (SIG)), assist in developing and editing procurement documents (RFIs, SOOs), respond to technical inquiries from Contracting Officers regarding cloud proposal submissions and modifications, respond to inquiries from customer agencies about cloud products.

Confidential

(Consultant) Sr. Security Analyst

The primary responsibility was to provide third party verification of NIST 800-53A control implementation for the Office of IT Security for various business lines and departments within the agency.
Made determination as to whether controls were properly implemented using the CSAM tool. Responsible for reporting to OITS and provide accreditation recommendations as warranted.
Responsibilities included documentation of security controls including collecting general system information, verification of system categorization and Privacy Threshold Analysis, identification of all common controls (if applicable), selection and documentation of remaining controls and identification of tailored or compensation controls.
Completion of all required compliance descriptions and enhancements.
Development of Contingency, Incident Response, Disaster Recovery, and required appendices.
POA&M creation, assignment and tracking.