SUMMARY

• Experience in all areas of software development for SDLC, Web, Internet/Intranet, Static Code Review, Real - time control and Client-Server applications, Window Application.
• Experience of development of IA control, policy and documents related
• Experience in cyber security, information assurance (IA), information security, intelligence terrorism
• Many years of experiences of software engineer specializing in Object-Oriented Design and Analysis wif extensive experience in the full life cycle of the software design process including requirements definition, prototyping, and proof of concept design, interface implementation, testing and maintenance.
• Solid knowledge wif C&A process, NIST SP, DHS 4300 A, NIST SP, NIST SP, NIST SP, DoD Directive 8500.1, DoD Instruction 8500.2, DIACAP process.
• Knowledge and experience in development of Information Assurance(IA)and Certification and Accreditation (C&A) documents.
• Conducts executing extensive Security Testing and Evaluation analysis and continue to monitor program.
• Earning undergraduate and graduate degrees in computer sciences wif a plus of years of experiences dat contribute a firm foundation of software principals necessary, solid knowledge to handle and solve challenging problems. Experienced wif analysis, designs, and produces of deliverable and software development.
• Experienced using C++, Pro*c/c++, PL/SQL, ProC, J2EE, JSP, VB 6,VB Scripts, VB.NET, C#,.NET Framework, MVC Architecture, ASP, ASP.NET, ADO.NET, Visual Source Safe, Oracle PL/SQL, SQL, Store Procedure, RDBMS, Crystal Report, VBA, MS Access, VB for Excel.

TECHNICAL SKILLS

Networking: TCP/IP, Network Router, Firewall

Hardware: UNIX HP, Sun Solaris, M1250 Network Platforms

Applications/Tools: Eclipse, JUnit, UML, Rational Rose, MS Windows, Visual Source Safe, MS AccessExceeds,ClearQuest, ClearCase, DOORS, Visio, Autosys, Nessus, AppProDet, MS Project.

Languages: C++, JDeveloper 11g,J2SE/JSP, WebLogic 10, Oracle Repository Utility (RCU), Oracle Database Express 11g, VB.NET, ASP.NET, ASP, VB/VBA, C/C++, C#, ColdFusion, Web Methods, UNIX Shell Scripts, Oracle, Sybase, MS-SQL, VBA Excel Scripts, Java Scripts, C shell scripts, VB3.0 and VB5.0, Crystal Report, API, JDBC, ODBC,Struts, DB Grids, ADO, DAO, Active C, C++, SQL, PL/SQL, Pro C, Rapid SQL, Lotus Notes Designer R5, Scripts, Macromedia Dreamweaver,Nessus, AppProDec, NMAP and more scanned security tools.

PROFESSIONAL EXPERIENCE

Confidential

Senior Security Developer Lead

Responsibilities:

• Perform leadership activities dat bridge technical development and production, identify and implement new technologies, and troubleshoot technical issues, offers guidance and recommendation to government and contract leads as needed.
• Provide evaluation and recommendation to security configuration for various technologies and operation systems to protect current and future mission assets from possible cyber threats.
• Responsible for using the latest application/database development tools and languages, security hardening guides and best practices to ensure the security requirements are incorporated into all modified or new application/system builds.
• Develop IA policy for software, hardware, database for all supporting system and enclaves.
• Review, analyzing, hand on and recommendation for multiple Java and .Net applications code vulnerability. Provide code fix/enhancement as needed.
• Experiences of CAST(Software Code Analysis), HP Fortify (static Code Analysis), HP Web Inspects (Java, JSP, C#…), Nessus, AppProDet. Review, analyzing and comment on code vulnerability, flaws, bug fix, misconfiguration, CVE, CCE, CWE…
• Develop Security policy and configuration RedHad Linux 6/7, Window Serves Domain Controller …
• Experience of applying Active Directory Group Policy, Group Policy Object, Configuration, Edit, Review.
• Develop documentation and implementation plans detailing the security posture and the proper security configuration of new software and hardware.
• Hand on closely wif Window, Linux and IA teams to implement technology, troubleshoot and resolve security related issues.
• Experience wif IASE STIGs, IA Security requirement, National Vulnerablity Database, DoD RMF, NIST SP Version 3, DHS 4300 A, NIST SP, NIST SP, NIST SP, DoD Directive 8500.1, DoD Instruction 8500.2, DIACAP process.
• Coordinate/Hand on wif team resources to diagnose and resolve issues dat involve possible security threats.
• Coordinate/Hand on wif IT Engineering, IT Security, and Development Center for security issues as needed.
• Work wif Application teams to ensure dat security requirements are defined and thoroughly addressed in the configuration guides for each application.
• Experience of development security capabilities into mission-critical applications.
• Hand-on wif Security tester/Scanner on new builds or where a major change has been instituted. security review, analysis, resolution recommendation, document as needed.
• Hand-on wif Vulnerability Assessment team/Security Testing team to review vulnerability reports, identify actual vulnerabilities, POAM, follow up as needed.
• Experience in project management, initiate, plan, organize, coordinates and monitors IT projects.
• Experience of managing, guide, and directing activities of subordinates to ensure IT program objectives are completed.
• Attend IT Security and development meeting regularly.

Confidential, Springfield, VA

Information System Manager

Responsibilities:

• Create and maintain IA and related security documents for Uii - Strategic Weapons System Network (SWSNET) Fleet Ballistic Missle (FBM) Partners.
• Experience wif IASE STIGs, STIGs Tool, IA Viewer, Security requirement, National Vulnerablity Database
• Experience wif IASE STIGs, STIGs Tool, IA Viewer, Security requirement, National Vulnerablity Database
• Experience wif NIST SP Version 3, DHS 4300 A, NIST SP, NIST SP, NIST SP, DoD Directive 8500.1, DoD Instruction 8500.2, DIACAP process.
• Review and maintains functionality, security, and integrity of Internet and intranet sites.
• Work wif software developers to review specs, design, develop, modify and implement for application development.
• Reviewed project requirement and specs, define data needed for projects, requirements and analyze the requests for effectiveness and efficiency.
• Static Code Review, analyzing and modified as needed.
• Manage database and development teams to enhance applications / program development and technical management of supported systems and web sites.
• Define Information Assurance requirements and develop the optimum solution to satisfy the requirements.
• Analyze and contribute ideas of system design and topology architecture, diagrams, workflow for development and implementation for Informaton Assurance (IA) process
• Monitor, tracking changes, maintain and update documents on reflecting of new changes of the security controls
• Provide oversight and guidance to software development and Information Assurance as well.
• Review, analyze the open vulnerability items (Retina Scan) and oversee compliances to minimize risks
• Provide both technical support and non-technical support for a broad range of IT security programs and processes
• Direct and coordinate the implementation of IA policies and procedures
• Experience and knowledge of commercial and open source security scanning tools such as Nessus, AppDecPro, Retina.
• Static Code Review and analyze program code developed
• Develop, identify and evaluate Security Technical Implementation Guides (STIG) - IA policies and controls, STIG Viewer and checklists for Network Security, IDS, Firewall, Switch, Router, Software, Hardware, Database, Web Server, Window Serve, Web Internet Information Services (IIS), Directory Services Security, PKI, Patch updates System Open Vulnerability alerts.
• Review the existing POA&M and update as needed.
• Review inputs, outputs, flow diagrams, decision logic tables, and linkages wif other applications systems. Tests, validates, and documents the applications.
• Define applicable training and guidance to IA team members.
• Provide “hands-on” engineering services to maintain information security technology systems and enclave system networks dat are critical to the operational support of security event monitoring, reporting, and remediation.
• Leading a development team to develop software.
• Leading an IA team to create and maintain the IA documents for Audit processes.
• Hand on to develop code and enhancement to programs using JDeveloper 11g. Web Logic 10, C++, Pro*C/C++, JSP, VB 2010 Express, MVC, Oracle Database.

Confidential, Rosslyn, VA

Principal Software Engineer / DHS ISSO

Responsibilities:

• Performed analyzing and on-going testing for vulnerabilities and oversee compliances to minimize risks.
• Verified users' access requests are approved; users' access controls.
• Performed review and analyze of access control logs for potential malicious activities and recommend solutions for remediation and/or mitigation of observed vulnerabilities.
• Worked wif network, application and Infrastructure Penetration Testing
• Static C# & VB code review, identified coding weakness, incorrect, inefficient, poor style and risk analysis
• Reviewed and analyzed the result of software scanning tools to identify vulnerability, risks, flaws, malware
• Reviewed and validated the findings and provide recommendations for mitigations if needed
• Create, maintained and updated IA C&A and related security docs for DHS - Domestic Nuclear Detection Office - Data Collection Systems.
• Experience wif NIST SP Version 3, DHS 4300 A, NIST SP, NIST SP, NIST SP
• Performed testing of Multi-level Security Flatforms for system development and operations wif special requirements using McAfee Virtual Memory EPO Management, McAfee M1250 Sensor Data Encryption Flatforms, McAfee Antivirus and Encryption Suite Client & Server.
• Conducted Risk and Vulnerability Assessments as planned and installed information systems to identify vulnerabilities.
• Maintained system security records including patches and upgrades throughout system life cycle
• Worked wif developers in network and systems design to ensure the implementation of appropriate systems security policies
• Maintain knowledgeable and experience in Information Assurance and Certification and Accreditation (C&A) processes.
• Experieced of coding review for supporting system including the system architecture for all clients and servers.
• Decomposed system specifications to determine security and IA requirements for C&A process
• Conducted penetration test analysis
• Interfaced wif Information System Security Manager(ISSM) and Staffs on security requirement, guidance implementation, risk mitigation
• Capable of interpret and write scripting code in various IT languages.
• Knowlegable of computer science technologies and information assurance (IA) requirements to the processes of review, design, development, evaluation and integration to maintain IT system security posture.
• Performed IA review to determine impacts and corrective actions, operation and incident response.
• Ensured rigorous application of information security/ information assurance policies, principals, and practices in the delivery of all IT services related to the ISSO/ Information Assurance Officer role.

Confidential, Herndon, VA

Sr. Software Engineer

Responsibilities:

• A Senior Web developer of development and delivery team to support the web application.
• Enhanced and code modified for NTFS (National File Tracking System) web application using Visual Basic 6, VB Script, ASP, JSP, Java Scripts, C#, MVC, ADO, COM, SQL, Oracle Store Procedures, HTML.
• Developed programs to generate bi - monthly, monthly ad hoc reports and manual jobs to automated reports VBA wif Excel.
• Experienced wif analysis, designs, and produces of the deliverable NFTS and software products.
• Experienced using VB 6,VB Scripts, VB.NET, .NET Framework, ASP, ASP.NET, ADO.NET, JSP, Java Scripts, Visual Source Safe, Oracle PL/SQL, SQL, Store Procedure, RDBMS, Crystal Report, VBA, MS Access, VB for Excel.
• Experienced wif building structured SQL.
• Responsible for analyzing detailed requirements.
• Ensured sub-level architecture is compliant wif software architecture.
• Coordinated and participated in all assigned unit, peer to peer, code and documentation Peer Reviews, testing.
• Reviewed major deliverables wif other NFTS teams related to associated software deliverables.
• Performed unit testing on updated pages of NFTS.
• Provided technical support for other team members.
• Designed, developed, implemented and maintained relational databases, SQL, Store Procedures.
• Reviewed project requirement, define data needed for projects, requirements and analyze the requests for effectiveness and efficiency.
• Assessed and addressed technical risks associated wif the analysis, design, and production of NFTS software deliverables, and coordinates wif the Release Lead to mitigate these risks.
• Provided weekly status input for the NFTS Status Report.
• Resolved help desk tickets as assigned.
• On call on duty assigned.
• Executed ad hoc and manual jobs per required schedules.

Confidential, McLean, VA

Sr. Software Engineer Lead

Responsibilities:

• Strong understanding of client server, web technologies, database architecture, database relationship and willing to learn new technologies.
• Experienced wif architecture design and develop code for web application using ASP, C#, ASP.NET, VB.NET, JSP, HTML,SQL,PL/SQL, Store Procedure, Dreamweaver
• Developed new and existing financial application and web sites used by internal and external users.
• Experienced wif OO concepts use case realization and documentation, secondary mortgage industry, mortgage contracting and pricing, data modeling, Microsoft tools such as Access, Visio, and Excel for data analysis and architecture design, DOORS, Clear Quest, Clear Case.
• Plan, design, develop, and conduct technical assessment and evaluation data for the audit of the financial processes, projects in accordance wif common practices, standard operating procedures, and working wif high level management to directives, instructions, and guidelines. Perform technical assessments involving computer security and software engineer, software developments, software acquisition, Information and Quality Assurance.
• Responsible to develop, and maintain data management systems to make sure the system satisfied the current and future requirements.
• Experienced wif Work Breakdown Structures for efforts documents, Earned Value analysis for use by upper management, data managers internal organization
• Provided software/system support for Investment Department such as tasks included defining the software architecture for applications utilizing both Open Source and commercial toolkits, developing, integrating, and managing new products to existing applications in C/C++, Java, Oracle, Sybase on Solaris/Linux platform.
• Prepared test data and work wif the QA team to develop test harnesses, update the System Test Plan and test scenarios and procedures wif each software release. Performed Test, Interface Test, Functional Test, and Regression Test Identify, document, and track software/system defects (Problem Reports) Hold Test Readiness Reviews (TRR) to turn over tested software/system and test document to business partner team. Independent Verification and Validation (IV&V) test activities Work closely wif the requirements, development, CM, integration, sustainment, QA and IA team members Assisted in writing the User Manual and Training material
• Experienced wif enhancement concept by bringing specific business knowledge to the requirements processes as needed, create data, execute, and document User Acceptance Requirement, design, coding and testing to verify dat changes meet the expectation. Supported Initiatives and implement data quality controls for new products or processes as well as for the enhancement of existing products or processes.
• Provided technical guidance to contractor(s) and junior staffs and write documentation requirements, testing, including problem reports and diagnostic plans. Ensured contractors or junior staffs to perform in accordance wif correct procedures and the product to established specifications and requirements. Served as technical Subject Matter expert for computer and current application aspects of construction, testing, maintenance, production support. Advised the management periodically for findings, conclusion, and recommendations.
• Audited the collecting information and followed-up wif the daily issues to ensure problem resolved and write reports providing to managers. Compare and observe results to specified requirements in regulations, technical standards, or other criterion related to the data requirement.
• Prepared or oversaw the preparation of analyses and statements of conclusions dat are accurate, complete, concise and timely. Develop and support project findings in accordance wif criteria, condition, cause and effect, and recommendations of corrective actions.
• Managed execution of daily, monthly process, evaluated data collection, and analyzed, assisted business partners for preparing business cases for the application of solutions; ensured efficient integration of all system components such as procedures, databases, policies, and hardware specifications; and responding and resolving system level problems of the complex technical nature, including multi-system interfaces wif related financial systems.
• Worked wif high level manager to plan and manage projects, team and budget, project requirement and stakeholder expectation.
• Developed and managed change tracking system.
• Facilitated discussions and decisions to work toward solutions
• Directed the coordination of all implementation tasks involving third party vendors as well as provide consultation to clients on system implementation.
• Tracked software customization, defects and issues via the use of SDLC.
• Monitored process activities and advised staffs of issues and resolution due to resource availability
• Developed system recovery plan and perform the routine maintenance and testing software in a backup location in case of problems. To ensure the automation system working properly and guarantee proper operations of the emergency processes running in the smooth manner. Assisted the manager to organize, schedule, coordinate, installation, controls, document technical guidance to help internal and external staff engineers and engineering technicians to understand procedures clearly. Developed new approaches monitor and report the contractors’ work performance.
• Researched and analyzed problems, issues, security risks, vulnerabilities
• Analyzed program requirements relative to promoting production and services.
• Document reviewed for standards and operating policies and procedures surrounding the work stream re-execution processes to comply wif Sarbanes-Oxley (SOX)