TECHNICAL EXPERIENCE:

• Project Management
• Enterprise Architecture
• OMB & FISMA Compliance Audit
• Confidential Compliance Audit
• NIST and DITSCAP Compliance Audit
• Certification & Accreditation (C&A)
• Intrusion Detection Analysis
• Public Key Infrastructure (PKI)
• Software Engineering
• System Administration
• Database Development
• Technical Training
• Technical Writing
• Helpdesk Support

RELEVANT SKILLS:

• VB, C++, Java, Perl, Assembly
• Security Tools (Nessus, AppDetective, ISS, DISA Gold Disk, NMAP, Wireshark, Encase, Retina, etc.)
• Intrusion Detection Systems
• Intrusion Prevention Systems
• Public Key Infrastructure (PKI)
• Database Design
• Windows
• Unix (Sun, Linux, IBM)
• Technical Training

TECHNICAL EXPERIENCE SUMMARY:

Confidential

Responsibilities:

• Participating in several Technical Enterprise Working Groups to help facilitate the integration of several different technologies into the Confidential Enterprise Architecture.
• Ensuring that all tasks related to the assigned projects are completed on time and within budget.
• Working closely with all the Senior Engineers to ensure that the project requirements are clearly defined and scoped properly.
• Ensuring that new C&A packages are being completed in accordance with FISMA, OMB, NIST and Confidential policy, standards and guidelines.
• Developing multiple customized scripts and applications to automate several manual tasks.
• Developing the following documents for multiple projects; System Security Plans (SSP), Security Test and Evaluation (ST&E) plan, Risk Assessments (RA), Contingency plans and Security Assessment Reports (SAR). Performed several vulnerability assessment scans using Nessus, WebInspect, and customized scripts.

Confidential

Enterprise Architect

Responsibilities:

• Creating the Enterprise Framework Process model required to simplify the integration of isolated legacy processes into a new streamlined Enterprise processes. Leading the effort to convert the legacy processes into the new streamlined Enterprise IT Process.
• Developing several standard operating procedures (SOP) for the FEMA IT Security branch. Conducting security reviews for multiple commercial off the shelf (COTS) and government off the shelf (GOTS) products and providing recommendations to the Chief Information Security Officer (CISO). Creating profiles for the security tools such as; Nessus, Retina, WebInspect.
• Ensuring that new C&A packages are being completed in accordance with FISMA, OMB, NIST and Confidential policy, standards and guidelines. developing the following documents for multiple projects; System Security Plans (SSP), Security Test and Evaluation (ST&E) plan, Risk Assessments (RA), Contingency plans and Security Assessment Reports (SAR). Performed several vulnerability assessment scans using Nessus, WebInspect, Retina and DISA Gold Disk. providing security advice and guidance the CISO

Information System Security Engineer

Confidential

Responsibilities:

• developed the following documents; Security Plan, Risk Assessment (RA), and Contingency plan. conducted initial interviews, performed network assessment scans, reported findings and developed plans of actions and milestones (POA&M). provided security advice and guidance the Information System Security Manager (ISSM)

Senior Auditor

Confidential

Responsibilities:

• Conducted interviews with each of the Confidential component’s security management teams.
• Performed Certification and Accreditation (C&A) documentation analysis
• Validated and verified whether the C&A packages met FISMA, DITSCAP, Confidential and NIST standards.
• Provided the Confidential OIG with recommendations
• Provided the Confidential OIG with official audit reports.

Information System Security Consultant

Confidential

Responsibilities:

• Reviewed the Confidential ’s security documentation
• Conducted interviews with the members of the Confidential management team.
• Identified the discrepancies within the Confidential Cyber Security program.
• Created a detailed report describing all the discrepancies and solutions.
• Developed a Cyber Security program roadmap for the Confidential
• Developed the statement of work and project plan.

Information System Security Engineer

Confidential

Responsibilities:

• Certification and Accreditation (C&A) documentation - developed the following documents; Security Plan, Risk Assessment (RA).
• Consulting - provided security advice and guidance the Information System Security Officer (ISSO)

Information System Security Engineer

Confidential

Responsibilities:

• Created profiles for the security tools such as; Nessus, AppDetective, and ISS.
• Performed several vulnerability assessment scans using Nessus, AppDetective, and ISS..
• Certification and Accreditation (C&A) documentation - developed the following documents; Security Plan, Risk Assessment (RA), and Contingency plan.
• Security Test and Evaluation (ST&E) - conducted initial interviews, performed network assessment scans, reported findings and developed plans of actions and milestones (POA&M).
• Consulting - provided security advice and guidance the Information System Security Manager (ISSM)
• Project Management - ensured that all C&A efforts are completed in accordance with FISMA, OMB, NIST and Confidential policy, standards and guidelines.

Confidential

Sr. Security Engineer

Responsibilities:

• Process Improvement - developed new procedures to identify and isolate all rogue devices throughout the country at no additional cost.
• Software Development - Wrote a software application that was used to gather a complete and accurate inventory of all devices throughout Confidential .
• Certification and Accreditation documentation - developed the following documents for multiple projects; Security Plans, Risk Assessments (RA), Continuity of operations (CoOP) and the Contingency plans.
• Security Test and Evaluation (ST&E) - conducted initial interviews, performed network assessment scans, reported findings and developed plans of actions and milestones (POA&M).

Confidential

Information Security Engineer

Responsibilities:

• Certification and Accreditation - provided guidance and oversight for multiple C&A efforts on large and complex environments concurrently.
• Software Development - developed software applications to automate the following:
• C&A workflow process
• Interoffice communications
• Documentation management
• C&A progress reporting
• Process Improvement:
• Re-designed the C&A process to in corporate a large majority of the SDLC process.
• Documentation Review - provided comments and corrections for multiple documents to address inconsistencies in format, syntax and content.

Security Engineer

Confidential

Responsibilities:

• Certification and Accreditation documentation - assisted in the development of the following documents; Security Plan, ST&E plan, ST&E report, and the Contingency plan.
• Process Improvement - developed a software application that was used by the C&A team to automate a huge part of the C&A process.
• Technical Support - provided tier 3 technical support to the Confidential C&A and installation teams. ensured all CRM systems were in compliance with DoJ 2640.2d and JCON architecture standards during a major network overhaul. conducted initial interviews, performed network assessment scans, reported findings and developed mitigation plans for the JCON IIA network. developed the following documents; ST&E plan, ST&E report, Trusted Facilities Manual (TFM) and the Security Features Users Guide (SFUG).