OBJECTIVE:

Provide Information Assurance (IA) and Network Security/Engineering expertise to an organization in order to establish synergetic enterprise visions, homegrown innovations and customer loyalty in the face of both prosperous and adverse times.

SUMMARY:

• Career IA security management professional disciplined with over five years of in - depth experience ensuring projects of high visibility throughout their entire System Development Life Cycle (SDLC) at various Commands within the Confidential.
• Subject matter expert level of knowledge in developing, implementing, and maintaining (e.g., due care) strategic, technical, and operational security plans, diverse security architectures, risk management strategies, and security programs.
• IA Confidential expertise, with emphasis on Confidential Information Technology Security and Accreditation Process (DITSCAP - 8500 series) and Confidential Information Assurance and Accreditation Process.

TECHNICAL PROFICIENCIES:

• Successfully lead and obtained and Accreditation (C&A) system and application Authorities to Operate (ATO), through both DITSCAP and DIACAP, for three-years on Network Protection Suite (NPS), Research Development Test and Evaluation (RDT&E) and Legacy.
• Proven ability to remain flexible, but task oriented in order to overcome scope creep challenges commonly associated with project development.
• Five years of on-the-job experience in the following aspects of C&A processes: System Security Authorization Agreement (SSAA) development, Concept of Operations (CONOPS) development, System Rules of Behavior development, Security Test and Evaluation (ST&E) from both a documentation (i.e., Security Requirements Traceability Matrix (SRTM) and overall risk assessment plan construction) and a technical (vulnerability scanning and analysis) standpoint, Incident Response planning, SDLC planning, DIACAP transition planning, Contingency, Disaster Recovery, and Continuity of Operations (CP/DRP/COOP) planning, Project of Action and Milestones (POA&M) development and execution and Privacy Impact Assessments.
• Competent in writing professional proposals, reports and documents.
• Familiar with the following products within the IA arena of expertise: McAfee and Norton Anti-virus/Ad-aware, Retina, Nessus, Snort, Host-Based Security System (HBSS), Defense Information Systems Agency (DISA) Field Security Operations (FSO) Gold Disk and Security Readiness Scripts (SRRs).
• Comfortable giving impromptu and planned oral presentations to small, medium, and large sized audiences.
• Working knowledge of National Institute of Standards and Technology (NIST) 800-series publications.
• Experienced in implementing, monitoring and troubleshooting the following operating systems and devices: Microsoft XP Workstation, Microsoft NT Workstation / Server, Windows 95/98, Windows 2000 Workstation / Server, UNIX (Hewlett-Packard, Red Hat and SuSE Linux), CISCO firewalls, switches, and routers.
• Proficient in using the following business related products: Microsoft Office Suite, to include Project, Word, Excel and Visio.

TECHNICAL EXPERTISE:

Systems: PC configuration, System Analysis, UML, Customer Service, Sound Engineering

Databases: SQL Server 2005 & 2000, Oracle 9i, Oracle 10g, MySQL.

Web Development: HTML/DHTML, JavaScript, ASP/ASP.Net, XML

Programming: Java, C / C++ / C#, Visual Basic.Net, Assembly Language, UML.

Operating Systems: Windows Vista, XP, 2000, NT, 98 & 95, Server 2003, Server 2000, UNIX, MAC, Cisco Pix, Cisco Firewall, Juniper Devices

Networking: Wired and Wireless, TCP / IP, Virtual Private Networks, Ethernet.

Applications: Microsoft Office 95, 98, 2000, XP, 2003 and 2007, Lotus Notes 6, Clarify, Remedy, Visio.

PROFESSIONAL EXPERIENCE:

Confidential, Adelphi, MD

Senior Systems Security Engineer/HBSS Administrator

Responsibilities:

• Manage HBSS servers in the enterprise network.
• Troubleshoot, resolve and provide technical guidance for IT security incidents and provide forensic analysis.
• Administer McAfee ePolicy Orchestrator (ePO) and McAfee host based IDS and IPS systems.
• Develop network based applications and databases.
• Maintain and update all Microsoft and Confidential security updates for the HBSS infrastructure to include all the HBSS servers, consoles and remote servers throughout the network.
• Support network infrastructure, analyze gaps, and assist with future network design and architecture. Identify potential risks to systems, networks, and controls before they become incidents.
• Analyze and develop current and future security requirements based on mission need.
• Execute processes to analyze and meet system security requirements as part of a formal and accreditation process. Develop detailed engineering plans and designs for security features, controls, and systems within the enclave boundary.

Confidential, Fort Belvoir, VA

Security Engineer

Responsibilities:

• Managed the routine application of Information Assurance Vulnerability Alert ( Confidential ) patches. This included the identification, interpretation, implementation and documentation of associated system modifications and IT security patches.
• Supported the creation, submission, tracking, documentation and distribution of Ports, Protocols, and Services requests.
• Updated and maintained antivirus software and associated virus definitions (with assistance from the Operations Support team).
• Supported and reviewed audits, audit logs, password compliance, asset management and other Information Assurance mandated compliances.
• Assisted in performance of periodic tests of Continuity Of Operations / Disaster Recovery
• Assisted with coordination efforts with various government IT groups and organizations as needed to support the operation of the Confidential . This included the coordination of Domain Name Service entries, the registration of host names, Single Sign On (SSO) services and Confidential s.
• Assisted with the maintenance of IA controls, of Networthiness (CON), and Confidential Information Assurance and Accreditation Process (DIACAP).
• Assisted in the maintenance of the system Authority To Operate (ATO).
• Assisted with Independent Verification & Validation of the system.
• Maintained and reviewed Confidential approved network analyzers (e.g., SNORT)
• Provided design and implementation assistance of security concepts for an enterprise level infrastructure.
• Supported and maintained regular Confidential security assessments including remediation of security vulnerabilities.

Confidential, Falls Church, VA

Systems Engineer

Responsibilities:

• Served as a member of a systems engineering team providing guidance, direction, and leadership regarding engineering processes and disciplines, and provides senior technical and engineering support on all facets of system engineering, integration engineering, and designs.
• Supported the entire product lifecycle, from requirements analysis through design, development, testing, implementation and lifecycle sustainment.
• Led technical engineering working groups and integrated product teams. Employ standard ITIL, Six Sigma, and CMMI engineering processes.
• Worked individually as required to conduct analyses, trade studies, technology assessments, alternatives analyses, and provided technical support for cost modeling and return on investment (ROI) analyses. Develop technical and engineering white papers, briefings, and technology related documents.
• Analyzed problems, issues, and trends individually or as the leader of an engineering team. Lead troubleshooting teams, and conduct root cause analysis
• Provided leadership, direction, and support for lifecycle performance management, capacity planning analysis, and performance benchmark testing
• Supported briefing development for senior management both internally on and externally engineering product status
• Worked with the Architects to design, implement and configure the systems needed to support an enterprise AD infrastructure
• Created material(s) for the customer on all solutions implemented
• Worked side-by-side with customer personnel in an advisory, support and role
• Supported test lab implementations, including developing Systems Acceptance Tests
• Researched and evaluated emerging tools, techniques, and IT technologies
• Developed CONOPS (Concept of Operations) procedures
• Demonstrated experience developing SDLC system documentation
• Worked closely with client to perform technical and requirements analysis
• Identified opportunities for technical innovation, and provided technical leadership and support for proposal development activities and support for customer technology initiatives

Confidential, Columbia, MD

Network/Systems Engineer Lead

Responsibilities:

• Troubleshot problems with networks, web services, mail services and overall aspects of an ASP solution.
• Maintained a broad knowledge of operating systems, programming languages and hardware.
• Gathered business requirements from clients in order to initiate project and SLA’s.
• Knowledge of Government security documents, such as NIST SP 800 series, OMB, The Privacy Act of 1974, FIPS series.
• Used Data Loss Prevention (DLP) to monitor, and protect data through deep content inspection, contextual security analysis of transaction
• Conducted and Accreditation (C&A) of systems and application.
• Liaison between business users and technical teams to resolve variances and help to consolidate their proposals.
• Provided Technical Customer Support on Lotus Note 6, MS Office and Windows XP and Vista.
• Developed Standard Operating Procedures (SOP)
• Scan networks and hosts for threats and vulnerabilities using Nessus scan.
• Performed vulnerability assessments and remediation.
• Used ArcSight (SEIM) to gather, analyze and present information from network and security devices.
• Monitored and secured network traffic with the use of Sourcefire IPS.
• Troubleshot in a Linux, MAC and Microsoft networked environment.
• Monitored Windows Servers via Active Directory.
• Provided expert IT technical solutions, advice, guidance, and recommendations to top management officials and other technical specialists on a wide range of IT issues.
• Analyzed user agency technical requirements to determine the type of IT services and/or products that will address client concerns.
• Provided consultant services to the upper management, regarding the application of advanced project management principles and methods to the procurement of IT.
• Developed clear and concise descriptions / outlines requirements for use in the development of preliminary project descriptions, request for proposals (RFPs) statements of work (SOW) and task orders
• Developed a coordinated approach to resolve unique and critical IT problems in assigned organization.
• Worked with Technical Specifications to create requirements documents.
• Coordinated with development team to schedule releases of software updates.
• Performed vulnerability analysis, monitoring patch status of internal and external computers and providing reports to management concerning patch conformance.
• Examined and responded to alerts generated by ePO Antivirus Management Console.
• Monitored performance and compiling monthly metrics report to top management.
• Performed regular research of document and procedures to ensure that we are up to date.