SUMMARY:

• Nine - year Navy veteran with experience in Network security, implementing safeguards and performing security configuration, installation, maintenance, and administrative support.
• Cleared for Top Secret (TS) information and granted access to Sensitive Compartmented Information (SCI) based on a Single Scope Background Investigation (SSBI) and CI Polygraph completed on June of 2014.
• Cleared for Department of Homeland Security (DHS) Custom Border Protection (CBP) Information and projects on May of 2011.
• Self-starter with the ability to work independently, as part of a team or in a leadership capacity.
• Superior computer skills with proficiency in LINUX, Microsoft Windows, NT, DOS, Virtual Microsoft (VM Ware), and Microsoft Office (Word, Excel, Access and PowerPoint).
• Proficient in computer networking with experience in wireless routing, configuration, and maintenance.

PROFESSIONAL EXPERIENCE:

Confidential, Minneapolis, MN

Lead IT Security Consultant

Responsibilities:

• Create Security Test Plan and Rules of Engagement for white box, grey box and black box penetration testing of applications and systems within Tricare enclaves.
• Evaluate systems architecture and application design for security posture and provide guidance to project and architecture team in secure coding environments.
• Conduct vulnerability and risk compliance interviews with application and systems owners to verify the DOD security compliance and configuration using DISA STIG Checklist and NIST 800-53 IA Security Controls.
• Execute application assessment of internal and external applications via automated and manual techniques to understand the risk and security posture of an application.
• Administered and configured application assessment, vulnerability scanning and penetration test tools such as: Retina CS, Nessus, Nexpose, WebInspect, Fortify, Metasploit, BurpSuite and Kali Linux Penetration Testing tools.
• Conduct source code analysis and audits using HP Fortify Software Security Center.
• Provides written reports featuring validation evidence, exposure, remediation recommendations, and overall risk posture to explain business needs against security concerns to both executive management and Application Development teams.
• Consult with development teams in the remediation efforts of Application security findings and explain the risks and trade-offs in differing methods of remediation.
• Managed and conducted PCI and HIPPA security controls assessments and penetration testing on applications, connected and hosting systems for regulatory compliance.

Senior Information Security Engineer/Validator

Responsibilities:

• Obtained Navy system and site information to evaluate security posture of the IT system or site being certified and accredited.
• Documented C&A information in the Comprehensive DIACAP package ensuring internal consistency of the information and that there were no omissions.
• Reviewed Security Test plan and procedures to ensure the test plan addresses the correct level of effort and is to validate all IA requirements applicable to the IT system or site being certified and accredited.
• Executed Security Test Plan and Validation procedures and evaluated all discrepancies to recommend mitigation measures and countermeasures for reducing or eliminating specific risk found on the system or site.
• Optimized all C&A test and validation procedure results to ensure the most accurate reporting in the appropriate format and that all IA requirements have been addressed and meet compliance standards.
• Analyzed C&A test and validation procedure results finding for risk with respect to IA requirements. Worked with ISSE to determine fixes or mitigations for weaknesses and to determine the level of revalidation testing that is necessary if immediate fixes are applied.
• Documented unmitigated discrepancies, countermeasures that are in place and POA&M for addressing open risk and residual risk items. Developed the Scorecard and determines when the C&A Package is complete and ready for submittal.
• Developed and approved the submission of the Certification Determination Letter for the IT system or site being sent to the Navy CA and ODAA for an ATO.

Senior IA Security Engineer

Responsibilities:

• Perform Independent Verification and Validation (IV&V) on network environment, architecture and design. Conduct interviews of system owners, document examination, configuration assessment, perform risk assessment and review system security plan.
• Ensure adherence to System Development Lifecycle (SDLC) and Change Management (CM) principles. Identify security risks and threat vulnerabilities, review and update testing procedures and develop ST&E plan.
• W orked with the Program Manager to create ST&E schedules for each application or system under test and to coordinate schedules with System Owners. Responsible for selecting and configuring vulnerability assessment tools for testing each system and application.
• Utilize DIACAP 8500.2 controls for testing the security controls within C&A boundary on all systems and applications to make sure they meet compliance requirements within DIACAP security guidelines. Assist with POA&M management, compliance, oversight, and continuous monitoring for all networks, systems and applications.
• Utilize all DISA STIGS and checklist against all systems, applications and devices to assess, harden and configure to DOD standards before being certified.
• Configure and Administered all automated scanning tools such as: Retina Scanner on networks and devices, AppDetective on databases, WebInspect on web applications, DISA Platinum Disk Scanner on workstations, servers, SRR Scripts on Unix servers and databases, NMAP .
• Performed manual security testing on Vendor approved applications and software for Air Force E/APL software list approval. Tools used: WireShark, MKRUN Test, Installwatch and application configuration checklist.

Lead Information Assurance Engineer

Responsibilities:

• In charge of Patch Management for all servers and workstations on the ONR (Office of Naval Research) production and DMZ networks by installing, configuring and administering Automated Patch Management tools Hercules and WSUS.
• In charge of Vulnerability Management for all servers and workstations on the production and DMZ networks by administering and configuring automated tools: Retina vulnerability scanner Q-Tip Malware scanner and running DISA Platinum Disk on all assets on the network.
• In charge of IAVA compliancy, analyzing and remediation of all vulnerabilities on production and DMZ network. Responsible for updating status reports and reporting all actions and corrected IAVA vulnerability assets to NETWARCOM.
• Involved in the installation, configuration and deployment of HBSS (Host Based System Security) on our legacy network. Using HBSS EPO Orchestrator deployed agents to all assets on the network and configured the Host IPS portion of product to detect for rogue machines.
• Administer Enterprise Symantec Antivirus client as well as investigate respond, react and remediate to any and all Virus and Trojan alerts on the network.
• Configure, administer and deploy all agents from Exacta Asset Manager tool to keep track of all assets on the network and all applications that are loaded on each machine.
• Conduct CT&E, IV&V and ST&E testing of networks, systems, applications and architectures. Analyze data and report findings with a risk mitigation plan.
• Ensure all systems comply with all applicable IA Controls and requirements within DOD 8500.2, STIGS and all JTF-GNO and NAVY directed actions.
• Prepare and maintain DIACAP artifacts and packages and other documentation that satisfy DOD 8500.2 IA controls as well as use Exacta IAM Assessment Engine to deploy C&A packages in an automated process.
• Manage and administer all tools in our Smart Fisma Suite which includes: Site Protector, ISS Proventia IPS, Anomaly Detection Server, Securify Identity Management and Exacta Suite which is: Asset Manager, Assessment Engine, Detect 32 and 64 Rem server and database.

Senior Network Security Engineer

Responsibilities:

• Provides IT Security engineering and integration services to internal customers.
• Responsible for ensuring the protection of corporate data against unauthorized disclosure, accidental or intentional loss of data, or unauthorized modification.
• Helps write, review and monitors IT Security policies, procedures and standards. Also prepares IT Security reports.
• Responsible for the monitoring network-based IDS/IPS devices, correlating logs and associated events into actionable/reportable analysis that could lead to an intrusion on (EIA)
• Responsible for Installing and configuring Snort IDS, Cisco MARS (Monitoring Analysis Reporting System) logging system, and Site Protector management console
• Responsible for installation and configuration of the Symantec AV management tool, follow-up on any virus or malicious incidents. Installs and configures PGP Encryption on desktops.
• Responsible for identifying, remediating and documenting any incidents that occur on (EIA) Energy Information Administration Network.
• Provide technical insight and mitigation strategies to assist with the defense-in-depth policies and procedures.
• Responsible for doing monthly scans on (EIA) Energy Information Administration Network using tools such as: Nessus Vulnerability Scanner, ISS Internet Scanner, and Indicator Finder workstation scanner. Also keeps software up to date with latest patches and features.
• Involved in NIST C&A documentation, annual self assessments and baseline assessments on (EIA) Energy Information Administration Network using NIST 800-53 IA Controls.
• Responsible for installing and configuring C&A tool “Xacta IA Manager” on our server.

Network Security Engineer

Responsibilities:

• Conduct security and vulnerability assessments and established C&A boundary on information systems under Military Health Systems and Tricare Management Activity.
• Conduct Certification and Accreditation effort utilizing DITSCAP/DIACAP guidelines 8500.2.
• Created Security Test Plan so we performed automated and manual test and checks on every device within the C&A boundary as well as documentation during the sites baseline and Mitigation visits.
• Used automated scanning tools such as: Retina Scanner on networks and devices, AppDetective on databases, Gold Disk Scanner on workstations, and ran SRR Scripts on servers.
• Gather data from Vulnerability Matrix and create a Mitigation Strategy Report so sites can fix findings to get their systems in compliance with DOD Information Assurance regulations.
• Used information From Mitigation Strategy Reports to make a Risk Report so the information can go into our final Accreditation report in an effort to try to get the site an (ATO) Authorization to operate From our (DAA) Designated Approving Authority.

Computer Network Security Analyst

Responsibilities:

• 30 months experience as Web Risk Assessment Analyst (WRA).
• Recognized technical expert as Web Risk Assessment Programmer/ Assessor responsible for scripting 71 complex page rules using the new COAST Assessment Software and Hardware.
• Conducted vulnerability assessments on US Naval information systems NMAP Vulnerability Scanners and provided computer/ network security incident reporting along with packet level analysis.
• Conducted Blue Team Training exercises for Naval Ships worldwide on Network Security vulnerabilities.
• Conducted White Box, Grey Box and Black Box penetration testing on Navy Networks, systems, applications on Shipboard platforms.
• Responsible for the overall assessment of over 3,600 Naval websites, registration, and enforcement compliance IAW SECNAV and Department of Defense Directives.
• Coordinated with various website administrators and personally facilitated swift corrective action to fix assessment discrepancies noted during WRA assessments.
• Utilized Information Assurance tool kit on the LINUX operating system to penetrate shipboard networking systems.
• Provided Computer and Security Network training, assistance, and incident handling support to more than 400 U.S. Navy Fleet units and Military Sealift Commands.
• Tracked over 1,300 Remedy tickets and 53 virus reports while supervising six watch standers as Naval Computer Incident Response Team Watch Officer.
• Maintained 6,000 user accounts and tracked the compliance of 1,100 commands as the direct liaison for 37 echelon commands.
• Performed Intrusion detection analysis with Snort and Real Secure while monitoring intrusion detection sensor for malicious activity.

SCI Network Operator/ Communications Supervisor

Responsibilities:

• Operated the SI-ADNS (Special Intelligence Automated Digital Networking System) computer based communications system and associated equipment.
• Responsible for maintaining 9 Special Intelligence voice, data, and video communications circuits in support of early tactical Indications and Warning Mission.
• Transmitted, received, and processed all forms of telecommunications using state-of-the-art multimedia technology such as fiber optics, digital microwave, and tactical and commercial satellites.
• Dedicated countless hours to troubleshoot isolate, and resolve networking problems associated with the SI- ADNS (Intelligence Automated Digital Networking System).
• Monitored Tactical Intelligence (TACINTEL), Operational Intelligence (OPINTEL) broadcast, and Secure Voice Circuits.
• Using TPI (Two Person Integrity) I handled different types Cryptographic Key Material loading it into Top Secret cryptographic devices using crypto key tape or CYZ-10 (Cryptographic Storage Device) or disposing of it properly once it superseded.
• S cheduled and operated SVTC (secure video teleconference) services within the Joint World Wide Intelligence Communications System (JWICS) network for USS Kearsarge.
• Routed audio/ video sources to appropriate destinations using the Pesa Router and the Accord Multi-point Gateway Control Unit (MGC).