SUMMARY:

Highly - motivated information technology professional ready to apply over 12 years of experience in Information Security, IT Audit & Compliance and Network planning & Administration to a long-term, full time, permanent opportunity.

SKILL:

Networking: Citrix Presentation Server, Exchange 2003, Active Directory, Surfcontrol, Nessus, AppScan, TCP/IP (RIP & OSPF), DHCP, VPN, DNS, WINS, HP Openview, Snort and Microsoft Windows Server Update Service (WSUS)

Operating Systems: Windows 2K/2K3/2K8, Unix (Solaris and AIX) and Centos 5.4

Software Applications: MS Office, MS SQL 2000/2005, Nessus, McAfee ePolicy Orchestrator 4.5, MacAfee Endpoint Encryption v6, AVG 8.0, Symantec backup exec, Bosch Security DVR System, Blackberry, Visio, ERStudio, Clarify, SWIFT, Global Performance Workstation, SMS, HEAT ticketing, SPLUNK, Trusted Agent Confidential (TAF) and IBM Tivoli Storage Management., Bugzilla, HP Service Center, Security Service Center and SPORT.

EXPERIENCE:

Confidential, Rockville, VA

Information System Security Officer

Responsibilities:

• Served as an ISSO validating/documenting information security control Implementation Statements and assisting in the development and management of information security systems
• Performed Quality Assurance (QA) reviews
• Assessed Nessus scans and provided remediation guidance based on security vulnerabilities detected
• Prepared A&A Packages to include developing an Executive Summaries (ES), System Security Plans (SSP), Risk Assessments (RA), Risk Traceability Matrix (RTM) and Security Assessment Reports (SAR)
• Served as liaison by chairing several virtual meetings with Federal Government employees and Contractors to conduct Security Control Assessment (SCA) Testing.
• Responsible for are the System Security Plan, Risk Assessment Report, Security Assessment Plan and Report, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc.
• Develop and maintain the Plan of Action and Milestones and support remediation activities.
• Validate that protective measures for physical security are in place to support the systems security requirements. Maintain an inventory of hardware and software for the information system.
• Developing, coordinating, testing, and on Contingency Plans and Incident Response Plans.
• Provide continuous monitoring to enforce client security policy and procedures and create processes that will provide oversight into the following activities for the system owner.

Confidential, Rockville, VA

Information System Security Officer

Responsibilities:

• Ensure security policies, procedures; recommendations comply with Confidential, NIST, Organizational guidelines and technical best practices.
• Implement Risk Management Framework (RMF) in accordance with Confidential SP .
• Participates in the development and maintenance of system security plans and contingency plans for all systems under their responsibility.
• Planned, System Security Checklists, Privacy Impact Assessments, POA&M, and Authority to Operate (ATO) letters.
• Develop Plan of Action and Milestones (POA&M) for identified vulnerabilities and ensure compliance through monthly updates.
• Maintain inventory of all information Security System assigned.
• Develop a variety of Assessment & Authorization deliverables including; System Security Plan (SSP), Security Assessment Report (SAR), Contingency Plan (CP) and POA&M for review and approval for Authorization Official.
• Monitor and conduct Security Control Assessment to ensure all controls meet security requirements as stipulated in the SSP and Confidential SP Rev4
• Assist with the development of a processes and procedures to identify potential incidents and threats and report system vulnerabilities and security violations.
• Planned, developed, finalize, and review key deliverables in each stage of the SA&A process for Major Applications (MAs) and General Support Systems (GSS).

Confidential, Herndon, VA

Information System Security Officer

Responsibilities:

• Identified, analyzed, proposed, and coordinated implementation of mitigation strategies for system security risks.
• Developed and maintain Plans of Actions and Milestones (POA&Ms) to rectify issues and problems found as a result of security vulnerabilities and security controls analysis.
• Planned and implement Smithsonian system security risk management policies, procedures, templates, and tools.
• Developed and maintain system security documentation including System Categorization, Risk Assessment, System Security Plan, System Assessment Report, System Contingency Plan, etc. Review, approve, and provide editorial guidance on security documents generated by others for Smithsonian systems.
• Supported federal government requirements for Confidential Assessment and Authorizations by conducting IT security risk assessments on new or updated systems and reporting risk assessment findings and recommendations to OCIO management, System Owners, and to the Director of IT Security, and working with system sponsors to manage and understand system and data risks affecting the Smithsonian’s mission.
• Refine and propose modifications to security requirements and specifications
• Advises management by identifying critical security issues; recommending risk-reduction solutions
• Running Nexpose scans on weekly basis to reveal vulnerabilities, patches, and updates that due and then work closely with System engineers and Solution architects to fix the issues
• Review Audit Logs on a weekly basis using Splunk, and recording the findings in an Audit Log Review Tracker
• Complete Waivers and Accepted Risks (WEAR) as required
• Complete remediation plans for all POA&Ms
• Complete and maintain any required Memorandum of Agreement/Understanding (MOA/MOU) or copies of these agreements applicable to my system
• Ensure security controls are met at inception and throughout system development
• Ensure systems are properly patched and hardened according to USCIS/DHS requirements

Confidential, Reston, VA

Senior Security Control Assessor

Responsibilities:

• Lead security testing and security control assessments on federal applications to ensure compliance with the Confidential a and agency specific requirements.
• Lead security control assessments within the On-going Security Authorization Cycle.
• Assessed both major application and General Support System (GSS) security configurations and implementation.
• Interfaced with federal employees and contractors to perform the security assessment activities
• Assisted in the presentation of the vulnerability findings to the client.
• Performed full scope Risk Management processes for a federal client, to include and Accreditation (C&A), Confidential Self Assessments, Technical Assessments (Vulnerability analysis, penetration testing), and Risk Assessments.
• Used vulnerability and security testing tools such as Nessus, McAfee Vulnerability Manager (MVM), QualysGuard and Redseal, HP WebInspect, BurpSuite, AppDetective.
• Provided additional considerations for candidates with Risk Management Framework (RMF) implementation experience.

Confidential, Herndon, VA

Information System Security Officer

Responsibilities:

• Drafted and reviewed information security policies, processes, and procedures.
• Prepared information security awareness and materials and other documentation.
• Advised the system owner regarding security considerations in applications systems procurement or development, implementation, operation and maintenance, and disposal activities (i. Confidential ., system development life cycle management).
• Developed security documentation (security plan, contingency plan, test scenarios, privacy analysis, Confidential -authentication analysis, FIPS categorizations, and plans of action and milestones) required for authorization packages.
• Engaged in continuous monitoring of applications and support: Maintain authorization documentation and security control implementation status.
• Schedule, track and manage the quarterly POA&M review process. Coordinate meetings and tasking with System Owners and support remediation of open items.
• Assists with the management of security aspects of the information system and is assigned performs day-to-day security operations of the system.
• Review audit logs and make adjustments to security posture to ensure continued system operations at defined protection levels.
• Supported development and maturity of the IT Security Program and the newly developed continuous monitoring framework.
• Ensured IT systems have all security controls in place and functioning properly in accordance with Confidential A publication.
• Assist with external/internal audits for designated systems.

Confidential, Arlington, VA

Primary Assessor

Responsibilities:

• Assisted in developing and executing the agency & Accreditation Program
• Responsible for all phases of C&A to ensure compliance and provide guidance on IT Security requirements to assigned stakeholders.
• Assisted in developing unified guidelines and procedures for conducting s and/or system-level evaluations of federal information systems and networks including the critical infrastructure of TSA.
• Prepared the Security Test & Evaluation ( Confidential & Confidential ) Plan;
• Conducted the Confidential & Confidential Kick-off Meeting and Execution via document examination, interviews and manual assessments;
• Analyzed automated and Manual scan results;
• Populated the Requirements Traceability Matrix (RTM) with results of Confidential & Confidential ;
• Created a Security Accreditation Report (SAR) and Plan of Action and Milestones (POA&M);
• Conducted Confidential & Confidential Findings Meeting with the System Owner, ISSO and other system personnel as required.
• Communicated with ISSO on continuous monitoring activities related to Plan of Action and Milestone closures, waivers and exceptions;
• Tracked security activities of assigned systems and brief senior leadership on said activities;

Confidential, Rockville, MD

Information Security Specialist

Responsibilities:

• Subject Matter Expert (SME) for the Information Security branch providing guidance and implementing technical, management, and operational security controls in accordance with Confidential 800-series and FIPS publications, Confidential guidelines, as well as Health and Human Services and Confidential internal security policies and procedures pertaining to the Confidential ’s Center for Food Safety and Applied Nutrition and Center for Veterinary Medicine.
• Assist with the and Accreditation (C&A) / security authorization processes through collaborating with organizational system stakeholders to define and analyze the application/system security requirements based on information types, evaluation of risks, weakness findings, impact analyses, and mitigation strategies.
• Interface with the System Owners while maintaining the system security plan and associated documentation; ensures the Information System (IS) is operated, used, maintained and disposed of in accordance with security policies and practices; ensures the IS is authorized; performs regular security checks on the IS.
• Ensures that an Information Systems (IS) security analysis is conducted to determine appropriate security requirements during the design stage of an application. Ensures that the IS design meets a specified set of security requirements.
• Analyze Nessus vulnerability and compliance scan reports to assess the security posture of information systems.
• Responsible for the management and execution of Plan of Action and Milestones (POA&M), including remediating or mitigating weaknesses.
• Assist with creating contingency (CP) and disaster recovery plan (DRP) for data centers to minimize the effects of disaster and making sure resources, personal, and business process are able to resume operation in a timely manner.

Confidential, Mclean, VA

Senior Data Security Specialist

Responsibilities:

• Prepare deliverables at the publication quality level in order to communicate findings and recommendations to the client's senior management (U.S. Department of Interior - Office of Historical Trust Accounting).
• Create policies and procedures to ensure the security of information assets against unauthorized or accidental modification, destruction, or disclosure.
• Conduct security and developed awareness programs for both technical and non-technical computer users.
• Responsible for all aspects of security operations: Log management, vulnerability management, IDS/IPS management, DB Security, O/S Security etc.
• Work with System Owner, Business Owner and security/network group to create System Security Plan (SSP)
• Provide technical lead on security projects which involve a wide range of issues including secure architectures, secure electronic data transfer, network security, platform security, application security, and general data security and privacy.
• Participate in the implementation of business continuity, recovery planning, and information protection.
• Conduct the system assessments in accordance with Confidential SP rev3 Security Control List.

Confidential, Reston, VA

Senior Data Security Specialist

Responsibilities:

• Designed and managed the organization’s security infrastructure and implemented policies and procedures.
• Ensured that vulnerability assessments are performed to evaluate effectiveness of existing controls.
• Performed periodic risk assessments of the IT infrastructure and identified potential weaknesses.
• Ensured all critical security patches and upgrades have been implemented as per required guidelines.
• Liaised between Audit and IT departments to facilitate audit requests and ensured implantation of all audit recommendations.

Confidential, Baltimore, MD

IT Auditor

Responsibilities:

• Worked on audit engagements related to programming, mainframe batch and online processes, client-server architecture, Internet and intranet functionality, database extraction, technology strategy, data communication and network security.
• Evaluated Sarbanes Oxley (SOX) IT internal controls and worked collaboratively with management to identify actions.