Career Objective:

Over the years, I have had the privilege and opportunities to work alongside the DoD, federal and commercial sectors which have embolden me with a keen perspective and best of practice in the Governance, Risk Management and Compliance of security processes. I welcome the opportunity to carry out tasks involving security strategy, developing enterprise architect, policy and procedure promulgation, risk assessments, conducting security awareness training as well as the continuing collaboration of security issues. I look forward to thriving in such an environment.

EXPERIENCE:

Security Engineer

Confidential

As a FedRAMP Information System Security Officer, I develop documentation for Cloud Service Providers CSP as part of FedRAMP's Cloud Initiative Program for GSA's Office of Citizen Services and Innovative Technologies OCSIT . Duties include coordinating CSP kickoff and project schedules to developing System Security Plans SSP , Security Assessment Plans SAP , and Security Assessment Reports SAR . Additionally, I develop other supporting documentation to include Configuration Management Plans, Incident Response Plans, Continuity Plans, FIPS 199, Rules of Behavior, Incident Response Plan and an array of policies and procedures for security authorization packages. Responsible for analyzing system testing and scan results performed by Third Party Assessment Organizations 3PAO and verifying the results documented in the SAR with provided artifacts. As part of my achievements, I successfully met PMO goals and objectives to ensure system confidentiality, integrity and availability through Continuous Monitoring by tracking/mitigating POA M's.

Security Engineer

Confidential

Tested/assessed security controls and vulnerability/compliance scan analysis of Automated Information Systems AIS as it pertains to network, firewall, and devices as a Senior Security Analyst for the Office of Procurement Group Cyber Security Division for the OCIO at United States Patent and Trademark Office Headquarters Analyzed risk to develop/improved IT security across enterprise and escalated issues to senior management. Demonstrated collaboration and team building with proven communication and interpersonal skills. Documented security assessment packages against NIST standards and addressed IV V comments for submission to Designated Accreditation Authority for approval.

• Evaluated/ System Security Plans, Business Impact Analysis, Contingency Plans and Testing, Security Assessment Reports, Security Test and Evaluation Plans within projected schedule consistently resulting in a quality product and On Time/Within Budget.

Security Engineer Consultant

Confidential

Audited the A A packages System Security Plans, Security Categorizations, Business Impact Analysis, Contingency Plans and Testing, Security Assessment Reports, Security Test and Evaluation Plans and execution, Privacy Impact Assessments, Configuration Management Plans, and POA M activities for the Department of Labor DOL /Office of the Assistant Secretary for Administration and Management OASAM /Office of Chief Information Officer OCIO as Senior Security Analyst Identified potential high risks to government information systems and utilized information to develop/improved IT security across enterprise and when necessary, prioritized findings and escalated issues to management. Monitored A A formerly C A processes through ATO process for various general support systems and major applications.

Security Engineer Consultant

Confidential

Monitored/developed documentation for Certification and Accreditation C A activities for the Office of Cyber Infrastructure and Computational Biology OCICB within Health and Human Services HHS /National Institute of Health NIH /National Institute of Allergy and Infectious Diseases NIAID as Senior Security Analyst Developed System Security Plans, Contingency Plans and Security Assessment Reports for security authorization packages. Conducted security test and evaluations ST E , risk assessments, and recorded findings for analysis through all phases of accreditation Prioritized tasks and effectively managed multiple responsibilities Established team goals and objectives to be accomplished and ensure the integrity, compliance and accountability for Continuous Monitoring.

Security Engineer Consultant

Confidential

Evaluated security architect and strategy of the information security policies and procedures as an Information System Security Officer ISSO for the Office of Operation Systems OOS within the National Weather Service NWS of the Nautical and Oceanic Atmospheric Administration NOAA Evaluated effectiveness of existing risk assessment programs to identify areas of potential vulnerability in operating systems used throughout the organization. Analyzed findings and developed long-range plans for security systems that minimize risks, mitigate vulnerabilities related to databases and web applications, prevent security incidents, and insure systems reliability. Identified new processes, techniques, and procedures to upgrade and enhance security protocols. Produced monthly metric reports as it pertain to the performance of completed documentation for ATOs, Interconnection Security Agreements ISA/MOU , Service Level Agreements SLA , Security Training, and Computer Incidents US CERT , Network Performance IDS/IPS-network and host based security infrastructure Voted as a member of the configuration change management board.

Senior Security Engineer

Confidential

Defined customer requests and applied customer support principles and methods to provide information and assistance when responding, reporting and resolving customer requests Provided expertise guidance for DoDI 8510.01 Department of Defense Information Assurance Certification and Accreditation Process DIACAP Instruction as the Project Manager/Security Liaison for DIACAP compliance for Office of the Medical Records Separations Processing MRSP system within the Deputy Secretary of the Army for Health and Medical Affairs. Researched solutions and made recommendations as a member of the Program Integration Office of the Interdisciplinary Architecture Systems Engineering team efforts. Designed and integrated complete IT infrastructure solutions that include multiple server platforms, software middleware, storage, and services. Evaluated integration efforts and provided comments regarding their performance in accordance with the guidance provided in the client's Technical Reference Model TRM and other guiding principles and standards established by the client.

Security Analyst

Confidential

Verified and Validated V V system lifecycle document artifacts to assure compliance with approved systems for the National Institute of Health National Health Genome Research Institute NIH NHGRI at the Bethesda, Maryland Campus as an analyst. Developed System Security Plan SSP and tested Disaster Recovery Plans DRP for the NHGRI organization and the documentation of application/system security controls Utilized project tracking documentation Excel, MS Project, and Pro-Sight .

Functional Analyst

Confidential

Planned acquisitions, developed resources and executed tests for the acquisition of Army ACAT III system and components thereof for the Joint Interoperability Test Command JITC Washington Division. Complied with Chairman of the Joint Chiefs of Staff Instructions CJCSI 6212 directives and policies NIST 800 series directives/instructions, FISMA, DoD 5200 series, and their implementation, Department of Homeland Security DHS 4300A, DHS 4300B, DHS Certification and Accreditation, DODD 8500.1, DODI 8500.2, and the information assurance IA principles/guidance, DoD Information Security Technology Certification and Accreditation Process DITSCAP in assuring cooperation and coordination with Program Office. Developed project plan and execution approach. Defined client requirements and project specifications in support of operational testing in addition to purpose, roles responsibilities, tasks, milestones, budgets resources and measures of success Analyzed DoDAF System Views SV's and Overviews OV's in determining technical performance characteristics to assure that test designs were compliant to the Joint Planning and Development Office JPDO Identified risks and provided mitigation strategies and options. Performed analysis of results and prepared comprehensive system level evaluation reports. Verified and validated system performance - User Acceptance Test UAT , Systems Integration Tests SIT and System Acceptance Testing SAT with Mercury/Performance Tester and data to support Functional, User Acceptance and Interoperability testing requirements. Documented and reported system defects and issues to developers in a timely manner for all test phases Collaborated with project engineers, developers, and other team members for complex validation assignments. Performed back end validation and regression testing. Recorded results to support application tuning Prepared/presented test reports/briefings to senior management for review/approval and participated in implementation/integration of solutions and follow-on assessments of results achieved Researched C4ISR system issues as a basis for developing and presenting white papers and case studies to customer that detailed authoritative technical advice and recommendations on solutions to recurring IT problems. Utilized management tools such as Trusted Agent FISMA Tool TAFT and the Risk Management Systems RMS.

CORE COMPETENCIES:

Assessment and Authorization A A formerly C A, FISMA, FIPS 199, 200, 201 , NIST SP 800 Series , Procedure and Policy Development, DIACAP, SDLC, Project Management, DoDAF, ITIL, Nessus, Web Inspect, NMAP, Gold Disk, FOIA, HIPAA, HSPD-12, Microsoft Office/Project, MS Word, Excel, PowerPoint, Access, Visio, Clear Case, CSAM/NCAT, Archer, Remedy HelpDesk