Professional Summary

• Over 14 years of professional experience with expertise in IT Security Engineering, and Operations and Security Assessments. Knowledgeable in the application of mitigation strategies to networked environments in order to decrease risks to acceptable levels as well as defining Security Policies and Procedures. Executed, drafted, edited and maintained the Risk Management Framework RMF Package throughout the entire DoD/Federal Agency
• Assessment and Authorization A A Life Cycle

Technology Summary

• Vulnerability Assessment/Penetration Testing Retina, Nessus, AppDective, Fortify, WebInspect, Kali/Metasploit
• Security Management Application-McAfee Endpoint Protection, Symantec, Norton, HBSS
• Cyber Security Guidelines-NIST 800 series, CNSS, DOD 8500s, FISMA, FIPS, OMB Circular, RMF, HIPAA, DIACAP, FedRAMP, CNSS
• Perimeter Security and Networking-Routers, multi-layer switching, VLANS, TCP/IP, TSL/SSL
• Systems- Unix-Based Systems, Linux, BSD, Redhat Linux, Windows all

KEY SKILLS

• Risk Management Framework RMF
• Risk Management Solutions and Vulnerability Assessments
• Security Control Assessment SCA
• Assessment and Authorization A A
• Information Verification and Validation IV V
• System Security Plan/Security Plan SP
• Information System Continuous Monitoring ISCM
• Regulatory Compliance Testing
• Accreditation Boundary/System Authorization Boundary
• Security Content Automation Protocol SCAP
• Vulnerability Management System VMS
• Security Readiness Review SRR
• Security controls and documentation review
• Plan of Action and Milestones POA M
• Network System Security Design
• Information Assurance Vulnerability Alerts IAVA
• Information Assurance Vulnerability Management IAVM
• Security Test and Evaluation ST E and/or Certification Test and Evaluation
• Security Technical Implementation Guides STIGs

CAREER HISTORY

Confidential

Lead Cyber Security Engineer

• Leads assessment teams and provide direct hands-on contribution and oversight on Assessment and Authorization A A efforts the Program Manager assigns Provides hands-on activities including vulnerability scanning, security documentation development, documentation review, vulnerability analysis, and issue resolution Direct oversight responsibilities include leading A A Discovery and Assessment activities Coordinates meetings, assigns engineering and analysts tasks, identifies discrepancies in work products and reports the progress of Assessment and Authorization timeline tasks to the Program Manager Conducts quality assurance reviews of all Assessment and Authorization A A package deliverables
• Maintains direct responsibility for leading and completing technical engineering tasks on the A A timeline with the support of Cyber Security Engineers and Cyber Security Analysts
• Oversees the work and duties of Cyber Security Engineers on Information Verification and Validation IV V team
• Responsible for performing the technical tasks associated with developing assessment and authorization A A packages
• Develops technical documentation e.g. network diagrams, inventory control, data flows and perform reviews of the technical sections of A A artifacts including verification and validation of IA Controls. Reviews vulnerability scans to identify false positives, mitigation strategies, and system fixes.
• Assist Information System Owners and Stake Holders with the establishment of accreditation boundaries and the validation of completed POA M items.
• Responsible for completing tasks as assigned and on schedule, providing SME support to the project for completing assessment package deliverables and conducting technical testing using automated tools.
• Responsible for system authorization boundary definition, hardware and software inventories, vulnerability scanning, vulnerability analysis, technical input to security documentation, and technical issue resolution
• Conducts quality assurance reviews of all A A package deliverables
• Reviews IA directives, creates agency action plans, disseminates the information to all responsible parties, and tracks all tasks to completion.

Confidential

Senior Cyber Security Engineer

• Conducted technical security reviews, evaluations of ISs documentation, POA Ms, extension and deviation requests, reciprocity acceptance and various security assessment types
• Implemented system and network activities including risk assessments, security plans security test and evaluations, and contingency plans
• Executed technical and physical security evaluation of IS security safeguards including a qualitative assessments of the potential security risks to the IS.
• Performs security assessment and used vulnerability tools including Retina, Fortify, WebInspect, and AppDetective.
• Responsible for the developing and maintaining Certification and Accreditation program and assist with updates and reviews of Security Policies, Business Impact Analyses, Disaster Recovery Plans, Incident Response Plans, Security Processes and Procedures
• Evaluated engineering designs for compliance with applicable security requirements
• Provided network and computer security analysis including experience working with security architecture and design
• Performed security assessments and mitigations on Virtual, Physical OS and database Information Assurance compliance/hardening and administration
• Performed security assessment and vulnerability assessment to support Information System Continuous Monitoring ISCM

Confidential

Sr. Information Assurance Engineer

• Reviewed and analyzed system-related documentation such as the security design documents SDDs , network diagrams, server/network matrix, and security boundary in the planning and coordinating of onsite vulnerability assessments
• Provided stakeholders weekly reports on compliance with all required organization's security initiatives to support ISCM
• Created recommended action plans regarding the applicability of IA requirements, and for compliance to IA requirements based on industry best practices
• Ensured compliance with all applicable FISMA and OMB System Authorization Requirements
• Evaluated engineering designs for compliance with applicable security requirements
• Responsible for conducting security assessments, reporting findings, and assisting with remediation efforts
• Developed the security plans SP to test and evaluate systems for certification and accreditation
• Provides certification and accreditation support to Government Agency information systems as directed by the customer
• Documented, designed, and implemented security solutions supporting customer requirements while adhering to security best practices and agency security policies
• Updated centralized repository to reflect compliance status and attaching evidence supporting decisions
• Responsible for determining and verifying that required security controls per Government standards and best practices are correctly implemented and function properly
• Evaluated and recommended solutions for highly complex security systems according to industry best practices to safeguard internal information systems
• Developed documentation detailing the implementation and administration of deployed security solutions
• Performed testing and evaluation of network/server configurations to identify potential vulnerabilities
• Developed baseline security configuration for network access control systems and operating systems based on organization policy and NIST and NSA guideline

Confidential

Senior Information Assurance Specialist

• Developed the security plans SP to test and evaluate systems for certification and accreditation
• Designed secure solutions to meet customer needs and directed multiple technology projects to integrate security
• Created program documentation, detailing system security concepts, system security assessments, tailored security plans, vulnerability assessments, and incident response
• Researched, developed and implemented security controls and standards to minimize network security risks
• Developed and implement information security standards and procedures through FISMA and NIST certification and accreditation process
• Analyzed audit log files, reports breaches, and proposes potential solutions
• Participated in the organization's threat and vulnerability assessment process, incident response process and disaster recovery
• Read, analyze, and interpret technical procedures and regulatory requirements write reports, business correspondence, and procedure manuals.

Confidential

Information Assurance Specialist

• Performed vulnerability and risk assessment to support assessment and authorization
• Developed security plan to test and evaluate systems for assessment and authorization
• Developed continuous monitoring best practice solutions and strategies to assist the organization establish stronger security posture
• Provided day-to-day IT security support and consultation to organization and business partners
• Developed continuous monitoring best practice solutions and strategies to help the organization establish stronger security posture
• Managed changes to security systems and assessed the security impact of those changes
• Developed a remote access technical guideline for corporate and vendor users
• Monitored, evaluated, and maintained systems and procedures to protect the data systems and databases from unauthorized users Worked with SMEs to identify potential threats and responded to reported security violations

Confidential

Systems Security Engineer

• Recommended preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy
• Assisted in the development of access-controls, separation of duties, and roles
• Conducted technical risk evaluation of hardware, software, and installed systems and networks
• Monitored, evaluated, and maintained systems and procedures to protect the data systems and databases from unauthorized users Analyzed and identified potential threats and responded to reported security violations.
• Maintained security and the overall data integrity within the company's computer systems