TECHNICAL SKILLS:

Security Engineering/Information Assurance and Governance: CSAM, Xacta, Risk Vision; Titania NIPPER; FedRAMP; FISMA; NIST 800+; Risk Management Framework (RMF); DoD Information Assurance Certification and Accreditation Process (DIACAP); Assessment and Authorization (A&A); Certification and Accreditation (C&A); Risk Assessment/Mitigation; Network and Operational Security; Plan of Action and Milestones (POA&Ms) Management; Initial Security Determination; Security Plan development; SA&A documentation; Security Policy documentation; Information Assurance Vulnerability Alerts (IAVAs), Change Management

Applications and Skills: Microsoft Office 2003 and 2007, Windows XP, Vista, and Windows 7, Windows Server 2003 and 2008, Remedy 7.6, Exchange System Manager, ECM, VMware vCenter, Shavlik NetChk Protect and Configure 4.2, Active Directory 2003, What’s Up Gold, VPN, WSUS, SCCM 2007, SharePoint 2007, Tenable Security Center, Retina, HBSS, PKI

WORK EXPERIENCE:

Confidential

Information System Security Officer

Responsibilities:

• Create and maintain existing information system security documentation, including system security plan (SSP) security control matrix, and/or assessment and security configuration guide
• Develop and modify implementation and design documents describing how security features are implemented
• Prepare system documentation for assessment in accordance with the Risk Management Framework (RMF) and NIST Special Publications
• Identify deficiencies in security packages and provide recommendations for solutions
• Track findings with Plan of Action and Milestones (POS&M) through mitigation and/or risk acceptance
• Responsible for elements of physical and environment protection, personnel security, incident handling, and security training and awareness and ensure systems are operated and maintained, and disposed of in accordance with security policies and procedures
• Conduct periodic and continuous reviews of systems and ensure compliance for authorization packages
• Perform system administration, continuous monitoring, and vulnerability management using IA governance tools - Risk Vision
• Participate in change management processes by reviewing Request for Change (RFCs) and assessing the security impact of configuration changes and requests
• Implement vulnerability management by tracking and addressing IAVAs and security patches
• Conduct assessments on security packages to ensure security posture is maintained and security package is compliant

Confidential

Information Assurance Management/Specialist

Responsibilities:

• Provide input and assist in reviewing and updating CG-6813’s Information Assurance Security Plan
• Work alongside Government investigators to investigate incidents of cyber security violations and shall be a crucial component of the Government official report on each investigation.
• Perform IT security services functions to include, but not limited to, IT information assurance governance, Certification and Accreditation (C&A), security infrastructure protection, incident reporting, and security awareness training.
• Provide risk assessments, proper planning and communication strategies prior to implementing any security activities
• Manage risks by utilizing standard security services, including system account management, risk assessment, penetration testing, investigations, and contingency trials
• Make technical recommendations and expert technical mediation advice on how to fix IT security issues, flaws, and any concerns identified by the Contractor or Government.
• Provide Cyber Security support in complying with Defense Information Security Administration (DISA) issued Task Orders (TASKORD)
• Develop, review revise, and provide for programs acceptance Contingency and Disaster Recovery Planning and annual contingency plan testing
• Provide cyber security engineering and security control development and documentation to include integration support
• Assist the Coast Guard with providing Sensitive Personally Identifiable Information (PII) and Protected Health Information Privacy Support including creation, updates, and review of Privacy Threshold Assessment (PTA), Privacy Impact Assessments, and System of Records Notice (SORNs) for Direct Access

Confidential

Information System Security Officer (ISSO)/Security Specialist SME

Responsibilities:

• Prepares and submits to the Confidential CISO the final SC&A packages, including the ATO Briefing to the system owner and the ATO letter, in accordance with established procedures.
• Documents and remediates Plan of Action and Milestones (POA&Ms) working with Confidential ’s CISO, and developers and system owners of Confidential applications
• Provides advisory support for the Confidential ’s implementation of the Continuous Monitoring process and conduct/document continuous monitoring of Confidential systems
• Serves as the Lead Advisor for Confidential FedRAMP security compliance packages
• Provides support for FedRAMP Cloud Service Providers (CSPs) for the Confidential including Agency ATO efforts, managing POA&Ms, and creating/reviewing ATO package documentation per FedRAMP guidance Creates, maintains, and updates relevant ATO package security documentation for the Confidential
• Performs and/or assists in internal self-assessments and audits of IT systems to ensure compliance with mandated annual A-123 reporting, Office of Inspector General (OIG), and GAO requirement
• Develops, updates, and maintains IT security standard operating procedures (SOPs) and management directives to support the Information Technology Center (ITC), the Network Security Operations Center (NSOC), and the broader community at Confidential headquarters
• Assists the Security Test & Evaluation (ST&E) team with the application security testing services for each Confidential system that requires an initial ATO or an ATO that must be updated during the SC&A process as part of the review and determination of the implementation of security controls in Confidential systems.

Confidential

Senior Information Security Consultant

Responsibilities:

• Conducts compliance reviews of security authorization packages for all Department of Homeland Security ( Confidential ) Component’s systems and FedRAMP Cloud Service Providers (CSPs) leading to FedRAMP approved cloud service providers.
• Thorough knowledge of the implementation of FedRAMP Requirements and FedRAMP Cloud hosting environments and Cloud systems
• Reviews the Risk assessment of Cloud hosting environments and Cloud systems
• Works with 3PAOs and FedRAMP CSPs to assist in their approach for meeting the Security Assessment & Authorization (SA&A) for current and pending Cloud hosting environments and Cloud systems.
• Conducted Risk Management Framework (RMF) continuous monitoring support for Confidential component systems and FedRAMP CSPs
• Utilize NIST 800-37/800-53/800-53 a to conduct security documentation reviews on Confidential component systems utilizing the Confidential ’s IT risk management and continuous compliance system (XACTA IA Manager)

Confidential

Sr. Security Analyst/Assessor

Responsibilities:

• Manage full lifecycle Security Authorization Process for Confidential IT Security deliverables. Managed Plan of Action and Milestones (POA&M). Conducted interviews, document examination, wrote and developed security documentation and security authorization packages, conducted vulnerability analysis and risk assessments
• Ensured appropriate operational security posture is maintained for an information system and as such, works in close collaboration with the information system owner
• Handled all aspects of information assurance/RMF processes including risk analysis, system security authorizations, security auditing, security documentation, and security testing
• Prepared, validated, and maintained RMF security documentation including, but not limited to: FIPS 199, Initial Risk Assessment, E-authentication, System Security Plan, POA&M, contingency plans (CP), and contingency plan tests (CPT), privacy impact assessments (PIA) and risk assessment (RA) documents per NIST 800 guidelines
• Conducted security risk assessments of information systems to identify security issues and develop risk mitigation plans
• Performed operational security assessments of agencies within Confidential for compliance using security frameworks such as FISMA
• Created compliance reports on network devices utilizing Confidential ’s Titania NIPPER security compliance system
• Created RMF security assessment reports (SAR) and compliancy reports for Confidential agencies
• Identified and managed POA&Ms through remediation as well as develop corrective action plans for each POA&M
• Coordinated/directed Confidential organizations through required government IT security assessment and authorization audits as required
• Analyzed security policies and procedures against Federal laws, Confidential policies and regulations; provided recommendations for mitigating the gaps in security

Confidential

Sr. Lead Systems/Security Administrator

Responsibilities:

• Provide Level 3 support to the AOC/CCSA Division (700 customers and 1400 computers)
• Implemented approved system changes based on IAVA notices
• Supported the development of DIACAP package based on the analysis of 8500.2 IA MAC II sensitive Controls
• Implemented Microsoft network environments and operating system controls and configurations in compliance with the Department of Defense (DoD) security standards to include the DIACAP requirements
• Created System POAMs (living documents which tracks each vulnerability through its life-cycle in the system) for DIACAP Packages for government systems
• Modified security policies on groups/machines for troubleshooting purposes with HBSS
• Conducted security scan reports of workstations using tools such as Retina, Shavlik, and SCCM
• Conducted security tests of proposed procedures and operating system patches for correctness and compatibility
• Ensured machine compliance with HIPS and Antivirus agents using HBSS
• Trusted Agent for PKI and Common Access Cards for CCSA
• Evaluated and analyze leading edge security technologies to be implemented to improve the organization’s security posture.
• Provide administrative maintenance on network computer and user accounts with Active Directory
• Manage and oversee a staff that provided 24/7 system administrator support on-site for Army and VIP customers
• Respond to help desk remedy tickets
• Conduct fault isolation and resolution of network problems
• Configure agents on computer and create packages to install necessary approved hot fixes and service packs using WSUS, Shavlik, and SCCM
• Manage and update site content on SharePoint along with creating document libraries and lists
• Monitor the network health and welfare of servers and services using What’s Up Gold

Confidential

Desktop Technician Subject Matter Expert

Responsibilities:

• Provide technical and remote support to the Joint Staff Chief of Staff and Personnel (2,500 customers)
• Train, manage, and oversee service desk shift and personnel
• Develop DIACAP documentation including supporting the updates to System Security Plan, DIACAP Scorecard, DIACAP implementation plan, System Identification Profile and Plan of Action and Milestones for DOD projects
• Manage outages and respond to General Officer issues and requests during afterhours support
• Maintain and update remedy queues for end user support
• Create work instructions and solutions for high priority and reoccurring issues
• Diagnose, research, and troubleshoot various software applications and desktop computer problems as well as peripheral devices
• Troubleshoot and test network connectivity and port activity
• Install software and hardware, perform system upgrades, configure workstations for network connectivity and troubleshoot computer hardware related issues
• Modify customer accounts and profiles using Active Directory
• Monitor call queues using Interaction Client (ACD) for routing and call distribution
• Create and modified SOP procedures and provided documented training material
• Review remedy tickets to ensure SLAs are being met and for incident escalation and resolution
• Use Remedy to create problem management tickets for frequent or recurring problems/issues.
• Document monthly SLA statistics with metrics reports

Confidential

Executive Desktop Support Tech

Responsibilities:

• Provide VIP customer support, technical support, maintenance, software installation and configuration support to over 15,000 government and civilian users including the Air Force Chief of Staff, and the 844th Communications Squadron located in the Pentagon and other Military facilities within the National Capitol Region
• Troubleshoot network, internet connectivity, domain, and VPN issues (IP configuration, static and Confidential )
• Troubleshoot and provide technical expertise for software applications, operating systems, utilities, peripherals, communication protocols and hardware systems used by the Department of Defense and AFDW
• Assisted in the development of System Security Accreditation Agreement (SSAA) documentation in accordance with the DITSCAP/DIACAP guidelines
• Provide remote desktop support (SMS)
• Modify user accounts/computers and permissions (Active Directory and DRA)
• Install hardware/software
• Troubleshoot laptops and desktops, PDA phones, printers, scanners, and other peripheral devices
• Respond to remedy tickets

Confidential

Help Desk Analyst

Responsibilities:

• Provide Level 1 and 2 support for clients/users and remote users.
• Troubleshoot software applications and hardware systems.
• Troubleshoot internet, network, and VPN connectivity,
• Reset passwords and unlock user accounts for various applications.
• Use Remedy and Mercury - call/ticket tracking systems.