- Military / DoD Operations
- Risk Management Framework
- Research & Analysis
- Network Defense
- Background in Network devices
- Threat Assessment
- System, Network, Operational Security
- Fluent in English, Creole, and French
- Microsoft Word, PowerPoint, Outlook, and Excel
- Excellent listening and communication skills
Confidential, Tysons, VA
Information Assurance Engineer
- Responsible for certification and accreditation (C&A) activities for CA’s automated information systems (AIS) and provides C&A support for domestic and overseas deployed systems, as well as assist and advise system and application developers in the design and development of secure systems architecture in accordance with National Institute of Standards and Technology (NIST) 800 series and Department Foreign Affairs Manual (FAM) guidelines.
- The primary security lead for High, Moderate, and Low impact systems that support Visa, Passport, American Citizen Overseas or CA major applications. The IAE drives the overall A&A life - cycle process in accordance with the Department of State CA/CST System Development Life-Cycle (SDLC)
- Provide guidance to System Government Task Managers (GTM) and System developers as it related to the A&A process using both the National Institute of Standard and Technology (NIST) Special Publication (SP) 800 series and Department Foreign Affairs Manual (FAM) guidelines.
- Assist and advise System GTMs and System developers in the design and development of secure systems architecture as well as industry best practices and information systems technologies available to meet AIS security requirements.
- Gather required information to support system authorization by organizing technical working groups, conducting fact-finding interviews, attending system demos, assessing system security categorization levels, establishing system security control baselines, and acting as a security advisor to the GTM during the security controls implementation.
- Develop and update the following system security documentation which is maintained within the Consular Affairs Certification and Accreditation Management System (CACAMS):
- Security Categorization Form (SCF)
- E-Authentication Form (eRA)
- System Security Plan (SSP)
- Information System Contingency Plan (ISCP)
- Privacy Impact Assessment (PIA)
- Monitor the assigned system weekly.
- Schedule and facilitate boundary meetings, RMF step 1-3 Kick-off meetings, RMF step 6 Kick-off meetings, and attends RMF step 4 Kick-off and POA&M meetings.
- Review, monitor, and report POA&M status to all stakeholders including PM, ISSP GTM, System GTM, System Development Team, and System Operation Teams. Follows up with appropriate personnel to ensure that POA&Ms are remediated in a timely manner and reported closed findings to the POA&M Manager.
- Analyze Configuration Change Requests (CCRs) by conducting a security impact analysis initiating required actions to maintain security posture and ATO status.
Confidential, Herndon, VA
Junior Information Assurance Analyst
- Implemented, upgraded or monitored security measures for the protection of computer networks and information.
- Ensured appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure.
- Developed and implemented incidence response training for the organization.
- Composed proposal for new tool implementation with details on cost, manpower, and functionality of pros and cons.
- Conferred with users to discuss issues such as computer data access needs security violations and programming changes.
- Responsible for maintaining, updating, creating the System Security Plan, Risk Assessment Report, Security Assessment Plan and Report, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc.
- Developed and maintain documents audit reviews with the support of Senior Information Security Analyst to ensure NIST compliance.
- Vulnerability Assessment analysis and tracking.
- Developed and conduct contingency planning training for all levels of management and employees.
- Implemented NIST Rev. 4 controls.
Confidential, Lorton, VA
Comprehensive Security Assessment Coordinator
- Determined the schedule for Comprehensive Security Assessments for sites that needed new Authority to Connect according to High Performance Computer Modernization Program policy.
- Coordinated with the enclaves to schedule their Security Assessment. Provided all necessary Pre Comprehensive Security Assessment documents to the Information Assurance Analyst.
- Coordinated with HPMCP Defense Research and Engineering Network & Secret Defense Research and Engineering Network Support/Security Coordinators for scheduling and after action reports.
- Maintained constant communication with customer and Comprehensive Security Assessment team for scheduling, mitigations, and deliverables.
- Tracked all Comprehensive Security Assessment Deliverables: including Interim Authority to Connects, Report(s), and Post Comprehensive Security Assessment mitigations.
- Assisted the Information Analyst and Technical Analyst as the need arises.
- Knowledgeable of appropriate HPCMP & DoD guidelines and policies.
- Reviewed all reports for non-technical errors and disseminated accordingly to HPCMP personnel and government sites.
- Provided Monthly Reporting for HPCMP Metrics.
- Completed and disseminated Bi-Weekly Report and Weekly Activity Reports.
- Provided Cost Estimates for security assessments.
- Served as Security System Testing (SST) Coordinator and provided coordination efforts similar to those of Comprehensive Security Assessments.
Cyber Security Mitigation Action Team Intern
- Monitor, detect and take immediate action on events and incidents as they occur on the network
- Analyze traffic on networks to protect websites from malware, Denial of service attack, and viruses
- Assess and mitigate risk while enhancing system security
- Conduct intelligence research and analysis across open-source and private information platforms, focusing on indicators and warnings of threats, infrastructure protections, and cyber security
- Utilized Security Information and MacAfee Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), malware analysis tools, Nitro, Intrushield, and Host Based Systems Security
- Performed network scans in search of vulnerability across DISANet
- Identify problems and take appropriate actions based on Watch Team operating procedures.
- Collect and analyze events and incidents from multiple sources and correlating information between IT management tools
- Document all actions taken to resolve incidents on the enterprise network.