SUMMARY:

• Certified Information Security Professional with more than 10 plus years of experience.
• Extensive experience with Nessus, Big Fix, Confidential, and Confidential and Confidential 800 - 53, Confidential controls including the latest Continuous Monitoring requirements, POAMs, patch deployment and management, and remediation.
• Previously took a 2-person IA team with 7 systems from an audited 64%, and within 2 years audited at 96% and came in 1st place.
• Reviewed Applications Designs to determine Compliance to Confidential SP 800-53 rev 4 compliance, assisted in the production of Security documentation for Applications, and assisted in implementation efforts for new Infrastructure / applications to ensure compliance for Confidential 800-53 rev 4, HIPAA, HITRUST, and PCI.

TECHNICAL EXPERIENCE:

Security Consultant

Confidential

Responsibilities:

• Responsible for developing and documenting Confidential cloud criteria, condition, cause, effect of identified deficiencies and recommend courses or remedial actions; conducting validation testing on remediation measures taken to remediate Plans of Action and Milestones (POA&M) created in response to discovering validated vulnerabilities or deficiencies.
• Reviewed vulnerability scan reports until mitigated, and reviewed Applications designs to determine Compliance to Confidential SP 800-53 rev 4 compliance, assisted in the production of Security documentation for Applications, and assisted in implementation efforts for new Infrastructure / applications to ensure compliance for Confidential 800-53 rev 4, HIPAA, HITRUST, and PCI.

Security Consultant

Confidential

Responsibilities:

• Responsible for developing and documenting the criteria, condition, cause, effect of identified deficiencies and recommend courses or remedial actions; conducting validation testing on remediation measures taken to remediate Plans of Action and Milestones (POA&M) created in response to discovering validated vulnerabilities or deficiencies.
• Reviewed Applications Designs to determine Compliance to Confidential SP 800-53 rev 4 compliance, assisted in the production of Security documentation for Applications, and assisted in implementation efforts for new Infrastructure / applications to ensure compliance for Confidential 800-53 rev 4, HIPAA, HITRUST, and PCI.

Senior Security Support Analyst

Confidential

Responsibilities:

• I created the component strategy to implement the Confidential and Confidential Cybersecurity policies and procedures including Confidential ; perform security assessments in accordance with Confidential 800-37 and Confidential 800-53; upgraded and conducted Nessus vulnerability scans and assessments reports;
• Contingency planning and testing; provides Confidential audit support and POAM management and remediation; and provides Continuous Monitoring, including the use of the Confidential mandated Confidential Endpoint Manager (Big Fix).
• Experience with implementing one of our Cloud systems for Confidential compliance; including testing the controls, reviewing and taking required action on the Cloud Service Provider authorization package, and facilitating with applicable parties for approval.
• I also conducted Patch and Vulnerability management and remediation, Audit Log Retention and Monitoring, report actual or suspected computer-security incidents including PII breaches.
• I was the SME for Cyber Security Assessment and Management ( Confidential ) which is a web-based secure network a capability to assess, document, manage, and report the status of IT security risk assessments.
• I also use following security tools: Nessus, WebInspect, Veracode, Confidential Endpoint Manager (IEM), ArcSight, and analyze AppDetective scan reports.

Security Consultant

Confidential

Responsibilities:

• Facilitated, analyzed, and tested information security controls and performing Certification and Accreditation using the Confidential methodology Confidential .
• Confidential Certification and Accreditation, best practices in security, and Confidential security management practices.
• Firm understanding of Confidential SP 800-53 controls, network architecture, physical security, telecommunications/network security, disaster recovery, business continuity planning, application and security awareness training required. Analyze and define security requirements for applications hosted on local and wide area networks.
• Performed Lead ISSO duties in support of in-house and external customers.
• Duties include, but are not limited to, reviewing and developing C&A support documentation; reviewing Foundstone, Nessus, WebInspect, and AppDetective scan reports and provided Confidential analysis for reporting to the Confidential Director and System Owners; incident reporting and monitoring using ArcSight; notifying Confidential Director when changes occur that might affect C&A; performing system and network self-inspections; providing security coordination and review of all system test plans; identifying vulnerabilities and implementing countermeasures; conducting system audits and surveys and gathering pertinent security documentation for inclusion into system accreditation packages; documenting hardware and software upgrades and changes; maintaining security records; and receiving direction from the Confidential Director and POAM management and remediation.

Confidential

Information Security Technician

Responsibilities:

• Managed and inspected three security programs utilizing the Confidential tool for verification of Confidential compliance.
• Briefed management of status of operations.
• Provided technical analysis and support in resolving computer events and/or intrusions.
• Conducted vulnerability assessments, penetration testing, and analyzed output from network vulnerability assessments and recommended mitigation strategies using and reviewing the Foundstone scanning tool.
• Reviewed and provided feedback on information system security plans and procedures.
• Assisted in establishing and maintaining security products to include intrusion detection systems, antivirus and patch management.
• Reviewed and provided input into network designs to ensure compliance with security and enterprise architecture.
• Reviewed logs from devices and made recommendations for risk mitigation.

Confidential

Manager, Securify Pilot Services

Responsibilities:

• Managed the Securify Pilot Services program along with three personnel.
• Briefed government officials and Confidential management on status of operations.
• Assisted in managing the combined Confidential Certification and Confidential Security Analysts in supporting Confidential Intrusion Detection.
• Provided technical support to Network/Security administrators during the identification and resolution of computer security incidents/events.
• Provided technical analysis and support to assist Incident Handlers in identifying and resolving computer events and/or intrusions.

Confidential

Network Security Engineer

Responsibilities:

• Performs vulnerability testing, risk mitigation, risk analysis, and documentation utilizing the Confidential Information Technology Security Classification and Accreditation Process ( Confidential ) process.
• Supports development and documentation of security policies, practices, and processes at security program levels as well as for specific major applications and systems.
• Provide expert level security engineering or analysis in the following areas: Confidential documentation, Operating Systems, ISS Internet Scanner (Test, Reports, and Analysis), Security Readiness Review Scripts (Test, Reports, and Analysis).
• Responsible for maintaining certification and accreditation readiness of all network systems.
• Is responsible for Information Assurance Vulnerability Alert compliance verification. Installed, configured, maintains, and monitors ISS Real Secure Workgroup Manager, Network sensors, and Server sensors.
• Provide technical Trusted Systems Confidential implementation and support to Pilot Services projects in all aspects of Trusted Systems and Information Security Engineering.

Confidential

Assistant System Administrator

Responsibilities:

• Was responsible for 6 servers, 36 workstations, and 13 printers running under Windows NT used by the Directorate.
• Analyzed, installed, tested, and maintained the operating system and application software used by Freedom of Information Action Officers.
• Provided support for site infrastructure, including session and security management.
• Maintained an inventory of all hardware and software assets.
• Provided first-line support for all customers; performed troubleshooting on network, system, and application problems.