Senior information technology professional with over 25 years of experience in the areas of information technology and customer support. Specialize experience in the operation of both classified/unclassified information assurance programs within diverse - scale, multi-site technical operations and delivering exceptional IT services. Skilled in the design, development, and implementation of technology-based solutions with Confidential proven record of increased productivity and reduced costs. Strong focus on federal guidance implementation, SDLC, operations, strategic planning, privacy compliance and engineering as applied to information assurance, office automation, reporting, decision support, disaster recovery, and business continuity.
Confidential, Washington, DC
SR. INFORMATION ASSURANCE/SYSTEM SECURITY ENGINEER
- Design, develop, integrate, test, implement, deploy and perform operations & maintenance of tools for the automation of security testing of networks, enclaves, and major/minor application systems.
- Integrate, install, configure, test, and administer Confidential & Confidential management & automation tools providing capabilities for the implementation of Confidential & Confidential business processes, workflow, RMF & ICD-503 methodologies, Confidential 800-53 security controls mappings, Intel and Privacy overlays, and FISMA reporting that directly support Fleet customers and stakeholders.
- Perform security assessments, design reviews, and provide guidance on new technologies such as Cloud integration, Cross Domain Solutions, Hardware and Operating Systems, Web technologies, and Cisco Enterprise Security Appliances.
- Provide Security Engineering support to the Security Controls Assessors (SCAs) and Validators for Confidential & Confidential efforts.
CYBER SECURITY SPECIALIST
- Served as Confidential Risk Management Framework (RMF) Subject Matter Expert (SME) for the Confidential portfolio of financial management systems.
- Conducted analysis of Confidential POA&M processes to ensure risks were tracked in Confidential complete and concise manner from creation to mitigation/remediation.
- Implemented/Tested/Monitored cyber improvements defined by the Management Internal Control Program (MICP) for process improvements.
- Reviewed RMF Body of Evidence (BOE) documents/artifacts for completeness and accuracy in preparation of DoD Financial Audits.
- Provided SME support to the Host - Based Security System ( Confidential ) and Confidential metric development.
Confidential, Hanover, MD
INFORMATION ASSURANCE ENGINEER SENIOR STAFF
- Provided security engineering design and implementation in all aspects of Information Assurance and Cyber Security Engineering for the RMF task order of the F - 35 Fighter Jet program.
- Performed POA&M risk analysis and mitigation functions and developed continuous monitoring & patch management plans.
- Created and reviewed Confidential & Confidential documentation and test plans, performed functional testing of hardware/software, and provided leadership support in the development of deliverable accreditation packages.
- Performed legacy systems conversion from DITSCAP/DIACAP to the RMF/JSIG, CNSS1253, and other DoD methodologies.
- Provided SME support to the Assured Compliance Assessment Solution ( Confidential ) implementation and monitoring.
- Assessed and mitigated system security threats/risks throughout the SDLC of IT systems and validated system security requirements and analysis against implemented security controls.
Confidential, Adelphi, MD
SENIOR TECHNICAL LEAD
- Provide leadership and assistance in vulnerability assessment support and training for Confidential missions using such tools as Retina, Nessus, and Yellow Jacket Wireless detectors.
- Provide training support to cyber protection teams.
- Served as the technical lead/privacy officer for the mission support team assisting the Confidential with Confidential & Confidential support and privacy compliance within HR personnel systems.
- Performed assessments against customer IT security programs and systems using the Confidential RMF & DIACAP methodologies to identify weaknesses in IA controls that were implemented in support of the Confidential 's Agent of the Certifying Authority (ACA).
- Supervised 4 subordinate officers and 12 enlisted soldiers during mission support and training and conducted yearly performance appraisals.
Confidential, Ft. Meade, MD
SENIOR INFORMATION SYSTEMS SECURITY ENGINEER
- Applied system security engineering expertise in the areas of system security design process; engineering life cycle; information domain; cross domain solutions; commercial off-the-shelf and government off-the-shelf cryptography; identification; authentication; and authorization; system integration; risk management; intrusion detection; contingency planning; incident handling; configuration control; change management; auditing; certification and accreditation process; and security testing.
- Assisted architects and systems developers in the identification and implementation of appropriate information security functionality to ensure uniform application of Agency security policy and enterprise solutions for networked, virtual (VMWare), and private cloud-based architectures (Amazon's AWS).
- Supported the building of security architectures and enforce the design and implementation of trusted relations among external systems and architectures.
- Designed, developed, and integrated security systems and system components including those for networking, computing, and enclave environments to include those with multiple enclaves and with differing data protection/classification requirements.
- Reviewed technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategies.
- Validated and verified system security requirements and analysis, and establish system security designs.
Confidential, Suitland, MD
SENIOR INFORMATION ASSURANCE/NETWORK SECURITY ENGINEER
- Served as the primary IAM/ISSE and advisor/mentor for the command information assurance program.
- Managed the Information Assurance Vulnerability Management (IAVM) and Continuous Monitoring programs.
- Ensured that written network security procedures and measures were developed and implemented.
- Monitored compliance with security policies, procedures, configurations, and PII within IT systems.
- Served as the focal point for interpretation and dissemination of Infosec guidance documents and for all written guidance regarding command security policies, procedures, PIA, C& Confidential documentation, and program status reports.
- Guided and assisted network engineers in implementing security features in their planning and upgrading of command networks within NCWDG and NSA controlled spaces.
- Developed SSPs and security procedures in accordance with JAFAN 6/3, ICD 503, NSA s Risk Management Framework, NAVINTEL s RMF, NISPOM, DSS, and DIACAP.
- Managed and implement the Enterprise & Security Architectures and led the management of the Command s portfolio of system and networks.
CERTIFICATION & ACCREDITATION TECHNICAL LEAD
- Reviewed & assisted in developing Confidential documentation to ensure compliance with the Confidential Risk Management Framework and the DoD 8510.01 DIACAP standard.
- Maintained current accreditation statuses, POA&M statuses, and C& Confidential requirements/artifacts statuses.
- Developed certification determination documentation, Security Test & Evaluation plans/reports, testing & reviewing plans, and residual risk assessments.
- Assessed & validated enclave/systems IA controls for information systems being certified IAW DIACAP AND Confidential standards.
- Supervised and developed solutions to ensure information systems properly meet organization standards for authentication, access control, confidentiality, data integrity, and non - repudiation.
- Provided Information Systems Security engineering support in developing new & existing information systems/network.
- Assisted in the technical planning of application cloud migration.