OBJECTIVE:

• To obtain a position in the Security and Information Assurance Security arena which will allow me to assist and evaluate security views and processes to determine changes in adversary capabilities, vulnerabilities, and probable courses of action.

PROFESSIONAL EXPERIENCE

Confidential

Senior Network Engineer

Responsibilities:

• Manage and coordinate Blue Team assessments to identify vulnerabilities and correct weaknesses in Service Providers (SPs) networks. The Blue Team will work cooperatively with Key Components (KCs) to provide notification and make recommendations to mitigate those vulnerabilities and assist in corrective actions.
• Perform and assess the degree to which a system is compliant with operating system, network, and application security STIG reviews.
• Perform host and network based security control assessments, determine residual security risks, prepare assessment test reports, prepare and assess test plans, and provide formal recommendations in support of authorization.
• Create and managed new innovative methods (i.e., dashboards, databases, spreadsheets) for POA&M tracking and reporting.
• Support federal information system documentation to include:
• Systems Security Plan(SSP)
• Security Concept of Operations (SECONOPS)
• Architectural overviews
• System security Standard Operating Procedures (SOP) documents for performing assessment security activities
• System configurations for devices and software performing security relevant functions
• Vulnerability and penetration test results
• Security Incident reports
• System security performance metrics
• Apply federal and organizational directives to manage both manual and automated methodologies to identify, assess, and report security risks, prioritize findings based on risk, and document detailed corrective and remediation plans or actions
• Manage existing and/or potential organizational security weaknesses as a result of the assessments, including personnel controls, training, incident and emergency response, logical security controls, physical security controls, operational security and integrity of software applications and data for customer engagements
• Manage and track Assessment and Authorization (A&A) of new systems
• Manage and make recommendations for process improvements and increasing efficiency of assessments
• Manage, compile, and provide input to, weekly customer status reporting and project plans
• Perform analysis on assessment results and make holistic and programmatic recommendations
• Manage, prepare and/or assist in the preparation of reports and presentations required for communicating findings of the security control assessments
• Manage and track Continuous Monitoring of existing systems with an approved ATO
• Manage and assist with identification and remediation of Plan of Action & Milestones (PO&MS)

Confidential

Security Control Assessor

Responsibilities:

• Provided an assessment of the severity of weaknesses or deficiencies discovered in the IS and its environment of operation and recommend corrective actions to address identified vulnerabilities for all programmatic activities within Airforce’s area of responsibility
• Performed oversight of the development, implementation and evaluation of IS security program policy; special emphasis placed upon integration of existing SAP network infrastructure
• Performed assessment of ISs, based upon the Risk Management Framework (RMF) or the JSIG process
• Advised the Government on any assessment and authorization issues
• Advised the Government on assessment methodologies and processes
• Evaluated Authorization packages and make recommendation to the AO and/or DAO for authorization
• Evaluated IS threats and vulnerabilities to determine whether additional safeguards are required
• Advised the Government concerning the impact levels for Confidentiality, Integrity, and Availability for the information on a system
• Reviewed and approve the IS Security Assessment Plan, which is comprised of the SSP, the SCTM, and the Security Control Assessment Procedures
• Ensured security assessments are completed for each IS
• Prepared the final Security Assessment Report (SAR) containing the results and findings from the assessment at the conclusion of each security assessment
• Initiated a Plan of Action and Milestones (POA&M) with identified weaknesses and suspense dates for each IS based on findings and recommendations from the SAR
• Evaluated security assessment documentation and provide written recommendations for security authorization to the government
• Developed recommendation for authorization and submit the security authorization package to the government
• Assessed proposed changes to ISs, their environment of operation, and mission needs that could affect system authorization
• Ensured approved procedures are in place for clearing, purging, declassifying, and releasing IS memory, media, and output
• Assisted government in compliance inspections
• Assisted the government with security incidents that relate to cybersecurity and ensure that the proper and corrective measures have been taken
• Assessed changes within the IS boundary that could affect the authorization of the boundary

Confidential

Security Control Assessor

Responsibilities:

• Developed and promulgated Security Assessment Plans
• Interpreted and evaluated implementations of NIST 800 - 53 Rev4 security controls
• Documented NIST 800-53 security control compliance findings within the Security Assessment reports (SARs)
• Reviewed and interpreted Nessus Vulnerability and Compliance scans
• Executed and Developed Security Assessments and deliver supporting documentation within aggressive timelines
• Advised the Authorizing Official (AO) on any assessment and authorization issues
• Evaluated Authorization packages and make recommendations to the CISO and AO
• Evaluated information security threats and vulnerabilities to determine whether additional safeguards are required
• Reviewed and approved the IS Security Control Assessment procedures, the Security Assessment Plan, the Systems Security Plan (SSP), and Security control Traceability matrix (SCTM)
• Prepared reports and Memorandums for authorization to proceed, status and technical briefs for review and approval by DHS.
• Prepared Security Assessment Reports (SAR) and authorization recommendations at the conclusion of each security assessment activity containing the results and findings from the assessment
• Initiated a POA&M with identified weaknesses and suspense dates for each IS, based on findings and recommendations from the SAR
• Provided RMF transition planning in accordance with FISMA, and NIST 800-53 control compliancy

Confidential

Security Control Assessor

Responsibilities:

• Provided certification and accreditation of DHS systems
• Authored information security policies in accordance with DHS standards
• Developed various security documentation to include; security, configuration management, TTP’s, SSP’s, Privilege Users guides, Risk Assessment reports, contingency plans and contingency test plans
• Managed and control changes to the system, and assess the security impact of those changes
• Performed compliance monitoring, analysis, tracking, and reporting, using vulnerability assessment tools.
• Provided RMF transition planning in accordance with FISMA, and NIST 800-53 control compliancy
• Conducted ongoing security reviews and tests of the IS to periodically verify that security features and operating controls are functional and effective
• Initiated, coordinated and tracked the patching and remediation of security weaknesses as they are discovered, via a "Plan of Actions and Milestones" (POAM)
• Ensured all new hardware, software and systems (to include standalone and guest systems) introduced to the SCIF are recorded and updated in a hardware/software inventory list
• Assisted the NSS CIO with matters regarding oversight and compliance