SUMMARY

• Provide solutions for various aspects of C&A, security risk, data protection, data loss prevention, cloud transition, and vulnerability remediation while leveraging a broad range of risk management, network defense, and security integration expertise.
• Strong experience at performing security assessments in large enterprises using eMass, executing eMass workflows, managing a vulnerability lifecycle, aligning enterprise architectural requirements, privacy integration, testing; and skills to implement Privacy and Protected Health Information (PHI) standards, and security controls for applications, databases, and networks.
• Strong experience in Confidential Information Assurance developing Corrective Action Plans (CAP), Risk Treatment Plans (RTP), NIST 800 - 53 security guidance and security control assessment (SCA) process, NIST SP 800-30, Internal Controls, and vulnerability scanning using ACAS and Fortify. Maintain compliance for security frameworks, standards, and best practices: DISA STIGS, FISCAM, FISMA, FIPS, NIST, OMB, Confidential 8500, ISO 2700, and ITIL.
• Risk Assessment able to align resources, processes, and services for IT Risk Assessments in support of NIST Risk Management Framework (RMF), eMass, and Cyber Security Readiness Inspection (CCRI), ACAS, SCAP, & STIG scans; Patching and Remediation, Risk Assessment Reports (RARs), Plans of Action and Milestones (POA&Ms); and Governance, Risk, and Compliance (GRC). Expert at conducting Cloud Security Control Assessments (SCA) of threats and vulnerabilities to determine deviations from acceptable configurations, enterprise security standards, or local policies; and assessing the level of risk to determine appropriate countermeasures for sustaining HIPAA compliance.
• Vulnerability Management adept at developing vulnerability remediation process and conducting vulnerability scans using Fortify and ACAS for enterprise remediation efforts. Holds senior level knowledge at developing metrics, trends, and reported anomalies, unapproved system configurations, and detected vulnerabilities for analysis, remediation, risk acceptance and reporting using tools such as HBSS, HP Fortify, Retina, NESSUS, or IBM Big Fix.
• Security Engineering possess a track record of improving needs assessment, information protection, and integrating security into systems and networks via the SDLC. Utilizes various skillsets to identify security safeguards via NIST 800­53, OWASP, SANS Top 25, HIPAA, and CNSS 1253 for implementing security best practices and internal controls for auditing and compliance verification. Provides hands-on support in evaluating systems using vulnerability scanners and manual techniques for system security settings and configurations against baseline technical controls.
• Security Operations in-depth operational experience on creating custom queries and dashboard for continuous monitoring; improving Enterprise Security procedures; drafting Security Assessment Reports and Risk-Based Decisions, tailoring controls in eMass; and analyzing vulnerability reports and trend analysis to reduce exploits.

PROFESSIONAL EXPERIENCE

Senior Information Security Analyst

Confidential

Responsibilities:

• Analyzes and remediate vulnerabilities on DLA systems for inclusion to Risk Assessment Reports (RAR’s) for Federal Risk and Authorization Program (FedRAMP) via the execution of ACAS scans using Nessus.
• Performed Security Checklist scheduling and assessment for application code compliance for development and production tasks relation to cloud transition.
• Performs FIPS 199 Control Baseline requirements to determine impact level and control categories for applications; and guided DLA on scoping and tailoring controls for populating controls within eMass.
• Develops Ports, Protocol, and Service Management outline for application, network, and database connections; assed requirements and drafted PPSM Registration data for DISA milCloud environment.
• Conducts vulnerability scans, address group creation, and policy tuning for ACAS and scheduled On-Demand and Ad- Hoc scans to support RMF assessments, MilCloud Migration and CCRI inspections.
• Works directly with ISSM and ISSO to assess applications and document control status in eMass fpr DIACAP. Extracted 50 tasks and updated the implementation details, risk related information, and status of 65 POAM items within eMass.
• Provides regular reporting on the status ACAS findings to the enterprise risk teams, senior leaders and directors as part of a strategic enterprise risk management program.
• Developed Security Policies and RACI charts to ensure security compliance of DLA MilCloud transition; and drove security requirements by integrating multiple capabilities and scenarios supporting cloud implementation.
• Provides training to developers on interpreting Nessus scan results to identify issues related to SSL, IIS, or other application related vulnerabilities; and scheduled new scans for testing software fixes and configuration changes.
• Engages with technical experts from DISA and vendors to mitigate complex system vulnerabilities for Fortify and ACAS findings; documented the results with a POA&M and tracked status within eMass for DIACAP.
• Extracts IAVA findings from ACAS and Fortify reports; and translated the information to developers and the ISSM for remediation and compliance reporting within eMass for C&A.
• Updated various DIACAP artifacts and closed out 23 applications for RMF transition; and updated eMass with control status for post assessment reviews.
• Performed over 300 tasks for DIACAP to RMF transition within eMass by removing legacy controls, updating POA&M items and tracking status of RMF control implementation for applications within DISA MilCloud.
• Serves as the primary SME conducting Fortify and ACAS scans for assets and applications. Generates weekly metrics STIG reports and IAVA status based for the MilCloud transition.
• Developed test plans, reports, and data collection for complete requirements coverage, and provide risk assessment from design documentation and test results.
• Effectively provided training on process and procedure to remain compliant with all regulatory requirements, and create detailed defect write-ups, assigning severity to defend findings.
• Used CWE and OWASP resources to provide fix recommendations, safe coding practices, and other tactics to development team for actionable remediation based on Fortify results of 15 applications DIACAP package
• Provides test & vulnerability summary reports to development team for Application STIG vulnerabilities; and effectively communicated the analysis of Fortify results for mitigation.
• Uploaded over 150 artifacts into eMass and appended the artifacts to applicable controls for DIACAP to RMF transition and periodic updates for cloud security controls.
• Analyzes compliance and technical control validation data in eMass to determine and report baseline variance for all applicable application technology environment.

Sr. System Security Engineer

Confidential, Atlanta, GA

Responsibilities:

• Served as the TIER III Region-06 advisor supporting the Veteran Administration (VA) Continuous Readiness in Information Security Program (CRISP) program directing VA’s security requirements based on VA 6500, FISMA, and NIST standard.
• Directed a team of 20 security experts on procedures to analyze scan reports, developed detailed metrics, and assess validation scans for false positives and remediation strategies based on security analytics.
• Leveraged technical knowledge and mitigated risk related issues for Veteran Health Administration baseline compliance for assets and software products such as MacAfee Anti-Virus deployment.
• Provided policy requirements on GRC and HIPAA during OIG Audits using Nessus; developed controls to manage health data based on HIPAA requirements; directed Risk Management Framework (RMF) for activities by integrating compliance within the VA enterprise architect for 33 sites hosting PHI, PII, and privacy data.
• Performed C&A tasks for various RMF assessments of Information Systems Security, Risk and Privacy programs for compliance as well as providing information assurance advisory services to information systems developers on Protected Health Information (PHI) and HIPAA.
• Reported anomalies, unapproved system configurations, and detected vulnerabilities to management and support staff for analysis, remediation, risk acceptance, mitigation, and reporting for web application assessments for RMF.
• Utilized NESSUS web-based tool to extract systematic issues, metrics, high-risk vulnerabilities and detail analysis for compliance; prioritized mitigation tasks and remediated vulnerabilities based on trend analysis for C&A and RMF tasks.
• Monitored data calls and suspense dates to remediate vulnerabilities, exemptions, and risks for Region 6 assets and applications; drafted Risk-Based decisions for legacy applications and critical system to remain operational.
• Drafted Risk Treatment Plans, Security Assessment and Authorization activities, continuous monitoring, and security artifacts such as Contingency Plans (CP), Disaster Recovery Plans (DRP), Incident Response Plans (IRP), and Configuration Management Plans (CMP).
• Prioritized remediation activities bas ed upon the results of the VA’s monthly Nessus scans for the Top 50 vulnerabilities, and security assessments from OIG Audits and response from Data Calls.
• Engineered technical solutions to mitigate vulnerabilities for 50,000 enterprise assets spanning 33 remote sites by focusing on VA’s Top 50 Critical Vulnerabilities, infrastructure protection, and defensive strategy.
• Performed security assessment of operating systems, applications, databases and network infrastructure components; and classified vulnerabilities for performing trend analysis, audit remediation, and reporting.
• Utilized Risk Vision GRC tool and VA OIG standards for agency-level comprehensive security assessment program, focusing towards continuous monitoring as prescribed in NIST 800-37 and 800-137; and VA’s Enterprise Architecture (VA EA).

Sr. Information Security Engineer

Confidential, Atlanta, GA

Responsibilities:

• Administers technical advice, planning support for information assurance documentation required to support to maintain a key Confidential forensic data center accreditation for the US Army Forensic Science of Excellence (DFSoE) program.
• Integrates employee functional work requirements into a business framework to support Defense Forensic Science of Excellence (DFSoE) and STARLims availability; maintained cost scheduling and budget reports for project.
• Provides leadership for team through training employees to reach contract objectives for SOW.
• Served as the principal architect to designing and implementing Change Control procedures to include: Change Workflow Process, Change Control Board documentation, and configuration management for Forensic networks
• Led security assurance validation, DIACAP artifact creation, vulnerability scans, assessments, remediation and IA implementation for desktop computers, servers, network, and databases.
• Manages validation of assigned IA Controls, conducts risk assessments, documents compliance status of the validation results in the DIACAP Scorecard for ATO’s, and planned Security Test and Evaluations (ST&E) for Site Assisted Visits (SAV).
• Audited all documentation required for SIP, DIP, C&A, and Plans of Actions and Milestones (POA&Ms) based on DIACAP procedures such as Business Continuity, INFOSEC Policies, and privacy based on Confidential 8500 and NIST standards.
• Communicated with government CIO on existing security gaps and developed mitigation strategies based on Confidential 8500, AR25-1, AR25-2, and FIPS for Site Assisted Visits (SAV).
• Researched procedures to integrate security products and services for forensic web-based applications and security architecture.

Information Assurance Engineer

Confidential, Charleston, SC

Responsibilities:

• Served as a subject matter expertise (SME) providing sustainment for IA to include C&A, CERT Readiness, IRM, ST&E, remediation, and POA&M for 135 enterprise servers using REM/Retina, McAfee ePO Orchestrator 4.5, IAVA’s, STIGs, vulnerability scans, and security tool suites.
• Provided response to security requirements by performing security updates; utilize Server 2003 / 2008, Enterprise Management software, and expertise to advise clients on resolving compliance issues for over 40,000 assets.
• Troubleshot Server 2003/2008 software problems and applications; configured, tested, and installed new and/or enhanced software though registry modifications, configuration changes, and new build-outs.
• Engaged with technical experts from DISA and vendors to mitigate complex system vulnerabilities.
• Worked with various technical teams to address security configuration based on DISA’s Secure Tool set Suite of applications; performed security checks and associated changes to maintain STIG compliance
• Utilized REM Enterprise Manager to gather trend analysis, statistics, and information for threats and risks associated with log data correlated from 27 Retina Scanners.
• Created and maintained baseline configuration for all centrally managed assets through SIEM feeds and alerts.
• Utilized Server 2003/2008, Retina Vulnerability Scanner; REM Security Management Console and technical expertise to advise IAM’s on resolving issues related to defensive security solutions.

HBSS Support Engineer

Confidential, Charleston, SC

Responsibilities:

• Served as a focal point to Concept of Operations (CONOPS) working group for establishing baseline operations, incident reporting, escalation procedures, and contingency planning for HBSS.
• Configured applications for policy compliance and used reporting system to track, perform threat analysis, gather metrics, and mitigate risks based on CND task orders, countermeasures, and intelligence data.
• Researched various threats and analyzed impacts for system changes and Information Operations Condition (INFOCON).
• Maintained theater architecture, management, and execution of all host based IA and CND change controls, as part of CYBERCOM and JTF-GNO policies.
• Processed improved HBSS software, hardware, and evaluation process by analyzing firewall logs, assessing security requirements, application settings, assets configuration, IPS\IDS data, writing incident reports, briefing event details to leadership.
• Managed INFOCON for threats, and coordinating remediation with network owners. Drafted an Incident Response and Escalation procedure to report and contain attacks.
• Analyzed technical and intelligence information to provide cyber threat indications warnings, and trends.
• Created and modified Group Policy Objects to remediate windows vulnerabilities for Active Directory to include user and machine accounts, and security permissions to all objects and OU’s.
• Investigated the security posture of HBSS assets using threat analysis; vulnerability assessment methodologies, and drill-down analysis.
• Monitored the network for spillage (data loss) incidents and mitigated fallout to include enforcement of policies. Set exceptions and IP’s as trusted network through policy changes. Performed Retina Scans for DIACAP.

HBSS Administrator

Confidential, Jacksonville, FL

Responsibilities:

• Served as a focal point to Concept of Operations (CONOPS) working group for managing Host Intrusion Prevention System (HIPs), Policy Auditor (PA), McAfee Agent (MA), ePolicy Orchestrator (ePO), Asset Baseline Monitor (ABM), McAfee Anti-Virus (MA), and supporting applications.
• Developed procedures to configure HBSS applications for policy compliance and used reporting system to track, perform threat analysis, gather metrics, and mitigate risks based on CND task orders, countermeasures, and intelligence data.
• Blocked unwanted programs such as spyware and adware. Created, deployed and managed ePO repositories. Created, queried and ran reports from the ePolicy Orchestrator reports database, including creation of custom queries.
• Installed and removed older Virus Scan versions and updated engine and dat files to the latest version. Performed analysis via the ePO reports database on virus outbreaks and vulnerabilities to develop appropriate response.
• Ensured Rogue System Detection sensors have coverage per USCYBERCOM direction and alerts are reviewed daily.
• Identify and reported implementation, configuration, resource and coverage gaps regarding the deployment and operation of HBSS for NTCS
• Operated HBSS on all assets in accordance with approved operating procedures. This includes monitoring HBSS operations and alert logs, notifying their chain of command in accordance with local incident handling procedures, and updating HBSS agents with appropriately approved HBSS policy set changes, programmatic updates, and patches.
• Analyzed and identified threats, vulnerabilities or changes to the level of risk associated with continued operations. Assess the level of threat associated with the circumstances and provide reporting to CND SP management.
• Performs system administration on HBSS and integrates HBSS data (alerts, logs, data feeds, etc.) into protect, detect, and respond processes, procedures (intrusion detection analysis, auditing, etc.) and systems.
• Investigated the security posture of HBSS assets using threat analysis; vulnerability assessment methodologies, and drill-down analysis.

Senior Security Analyst

Confidential, Jacksonville, FL

Responsibilities:

• Provided technical assistance to System Engineering team on all matters including functional layout, COOP operation, security integration, technical requirements, and C&A.
• Instituted a vulnerability management program to control threats and integrated security compliance for systems.
• Coordinated tasks and scheduling with security engineering team and outside customers to perform upgrades.
• Performed a quality check after conducting assessments to ensure 36 workstations was in IA compliance.
• Independently developed a variety of DIACAP deliverables including: System Security Plans, Security Design Documents, Vulnerability reports, Privacy Impact Assessments, Security Annual Assessments, and Contingency Plans.
• Tracked and coordinated POA&Ms completion and submitted results to inspection teams.