SUMMARY

• Confidential has over 12 years of proven experience in Information Assurance and System Engineering. Confidential has experience in Cross Domain systems (CDS), security control assessment (SCA), and risk assessment, risk mitigation, Certification and Accreditation
• Confidential has completed training in the security policies and practices of DCID 6/3 and ICD 503, with work experience using the NIST 800 series and the Risk Management Framework (RMF). Confidential has experience in running various testing tools and analyzing test results ensuring compliance with security policies, practices, and documentation.
• Confidential has honorably completed a 20 year career in the United States Naval Service in the fields of telecommunications and networking.

PROFESSIONAL EXPERIENCE:

System Security Analyst Business

Confidential, DC

Responsibilities:

• Provide Information System Security Officer (ISSO) and Security Control Assessor (SCA) services to the Federal Aviation Administration (FAA).
• Update, review, and create required system documentation for system security packages processed for Approval to Operate (ATO) and signature by the Authorizing Official (AO)
• Conduct system security interviews and security walk through to confirm and validate system security controls implementation.
• Review system security vulnerability scans for continuous monitoring.
• Review POAM items in the Cyber Security Assessment & Management tool (CSAM) for Risk assessment and Mitigation strategies.
• Provide Certification and Accreditation support to the Army Deputy Chief of Staff for Intelligence (G - 2). Detailed to support the certification efforts of the Army Red Disk system.
• Assisted in writing the System Security Plan (SSP)
• Assisted in writing and testing the System Test Procedures (STP)
• Worked with system engineers and integrators to conduct security verification and validation (V&V) of System Security Controls.
• Worked with IA team to conduct System Categorization in accordance with ICD 503 and CNSSI 1253.
• Provide Information Assurance (IA) consultation for the Futures Research & Development program under the Department of the Army INSCOM command.
• Member of IA team responsible for creating, reviewing and submitting Certification and Accreditation (C&A) documentation for a large analytic cloud based system. Artifacts includes System Security Plan (SSP), System Security Authorization Agreement (SSAA), System Design Diagram (SDD), Certification Test Procedures (CTP’s), System Requirements Traceability Matrix (SRTM), and Plan of Actions and Milestones (POAM).
• Conduct testing and assessment of security controls to ensure configurations meet applicable security standards and requirements.
• Review software scan results for vulnerabilities, work with developers to harden and secure customized software to meet industry standardized and best practices.

Certification Engineer

Confidential, VA

Responsibilities:

• Confidential systems are compliant with and adhere to the security requirements of applicable security policies and directives including DCID 6/3, ICD 503, DOD 8570, NIST 800-53, FISMA, and Confidential 8010.
• Perform evaluations and reviews of the Systems Security Plans (SSP), System Security Authorization Agreement (SSAA), Concept of Operations (CONOPS), network diagrams and all other associated system documentation required are complete and placed in the Xacta database for tracking and processing.
• Conduct vulnerability assessments and provide Security Assessment Reports (SAR) with recommendations to the Designated Approving Authority (DAA) for decisions on Operational Approvals to Test (OATT), Approval to Test (ATT), Approval to Connect (ATC), Approval to Operate (ATO), and Approval to Proceed (ATP).
• Perform testing focused on system servers, workstations, firewalls, Cross Domain devices, LAN/WAN infrastructure, and underlying system software (Windows, Unix, Linux, VM Ware (ESX) etc..) using Confidential approved testing tools such as DISA Gold Disk, DISA SRR scripts, Retina, and DISA Security Technical Implementation Guides (STIG) Manual checks to meet accreditation requirements and Federal Information Security Management Act (FISMA) annual assessment requirements.
• Assist with determining the system protection level (PL 2 -5) for certification, and thedetermination of which security controls are required.
• Ensure applicable security test and evaluation (ST&E) plans are developed and assist the Program Managers in addressing Plan of Action and Milestones (POAM) Liens levied against the system during Security Test & Evaluation (ST&E).
• Validate and report JTF-JNO directed Information Assurance Vulnerability Management (IAVM) compliance to the Confidential DAA.
• Routinely selected to augment FISMA travel teams (CONUS & OCONUS) for inspecting, certifying and monitoring Confidential systems for compliance with Federal, National, and Confidential security policies.
• DAA liaison and Information Security C&A subject matter expert (SME) during Technical Exchange meetings (TEM’s) and system registration meetings.

Security Engineer

Confidential, VA

Responsibilities:

• A member of the Information Assurance (IA) Team provided IA services and consultation to the Department of Navy for the efforts associated with the migration of legacy systems and applications into the Navy and Marine Corp Intranet (NMCI) enclave.
• Acted as an impartial representative for the DAA to conduct legacy systems security assessments to identify associated vulnerabilities and residual risks.
• Conducted network security scans to comply with DISA STIGS and document analysis for system C&A, including SSAA, DITSCAP, and NSCAP during the NMCI accreditation process.
• Reviewed network devices, AIS configuration management for compliance with the software integration plan for the NMCI enclave.
• Provided migration solutions ensuring compliance with the NMCI UnclassifiedTrusted Network protect policy.