Security Engineer

Confidential

Responsibilities/Accomplishments:

• Primary function would be to perform assessment for IT system controls during ATO renewal/new. Serve as the principle advisor to the System Owner, Business Process Owner and the Task Manager on all matters, technical and otherwise, involving the security of an information system.
• Responsible for ensuring the implementation and maintenance of security controls in accordance with the SSP of all systems designated.
• Review system control requirement accordingly to system categorization implementation obtained by FIPS199/NIST800 - 60, and FIPS200/NIST800-53v3&v4; review standard operating procedures maintain by agency Confidential and Confidential for various operating system platforms.
• To review report results from scanning application Nessus, communicate with system owners to verify the completion of findings.

  Confidential

Information Assurance Engineer

Responsibilities/Accomplishments:

• Perform vulnerability assessment on assign systems. To create system documentation for all system ATO both new and existing, the documentation would include all artifacts required for System Control Assessment (SCA).
• The following documents were used for both implementation and clarification.
• To perform and review report results from various scanning application Nessus, Web Inspect, Appdective,Nmap, Foundstone, communicate with system owners to verify the completion of findings.

Confidential

 Information Security Engineer

Responsibilities/Accomplishments:

• Serve as the principle advisor to the System Owner, Business Process Owner and the Task Manager on all matters, technical and otherwise, involving the security of an information system. Responsible for ensuring the implementation and maintenance of security controls in accordance with the SSP of all systems designated.
• Provide guidance oversight, expertise and develop security documents or actually implement any security controls. Perform vulnerability assessment on assign systems.
• Assist with coordinate, facilitate or otherwise ensure certain activities are performed. Build relationships with the System Owner, technical staff and other stakeholders and to maintain system security requirements.
• In doing so review system control requirement accordingly to system categorization implementation obtained by FIPS199/NIST800-60, and FIPS200/NIST800-53v3&v4; review standard operating procedures maintain by agency FDA, NIST and STIGS for various operating system platforms.
• To review report results from scanning application Nessus, communicate with system owners to verify the completion of findings.

Confidential

Information Assurance Analysis

Responsibilities/Accomplishments:

• Perform security assessment for Federal Enterprise agency Department of Education, (Major/Minor and GSS) systems, Generating Security Assessment Report/Plan, Risk Management Report, Security Control Assessment, etc... Review agency generated internal policies for accuracy for meeting Confidential compliance requirements.
• Performing these task with the guideline requirements by the “RMF, Risk Management Framework” documentation.
• To establish presentation slides for each system needing kick-off documentation assessment procedures and time scheduling requirements by system owner, program manager, staff team for each manage system/systems.
• To review system documentation for all system ATO both new and existing, the documentation would include all artifacts required for System Control Assessment (SCA). The following documents were used for both implementation and clarification.
• To review report results from various scanning application Nessus, Web Inspect, Appdective,Nmap, Foundstone, communicate with system owners to verify the completion of findings.

Confidential

 Principle Analyst, Information Security

Responsibilities/Accomplishments:

• Member of a team of Certification and Accreditation specialists in support of a family of systems, networks, and Sites. Conducting Security Test and Evaluations.
• Conducting peer reviews of Certification conducted by other technicians.
• Review certification and accreditation policies and directives for the DIACAP. Assist the Certification Official in the oversight, inspection, review, and accreditation of Information Systems.
• Provide for review and progress reports on all submitted Plans of Action and Milestones (POA&Ms) under the Certification and accreditation process.
• To review various scanning and penetration output reports, Nmap, Nessus, Web Inspect and Appdetective Netcat, Nipper, Microsoft Baseline Security Analyzer reports for validation and POA&M update. Additionally review DISA Stig reports and documentation for system requirements.
• To participate in special projects as required.

Confidential

Reston, VA

 Senior Information Assurance Analyst/Part Time

• Perform Security Program Evaluation of the General Support System (GSS) Network Segment, Active Directory (AD) implementation, and various Financial Systems in support of multiple certification and authorization.
• To review Oracle HR database and confirm security requirements were mitigated and all default authentication are being mitigated.

Confidential

Chicago, IL

Information System Security Representative

• Edited, created, reviewed and evaluated System Security Plans, System Security Authorization Agreements, systems and network diagrams, Security Requirements Traceability Matrices, Risk Assessments, and Associated Information Systems Certification and Accreditation (C&A) documents in accordance with Intelligence Community,
• National and Agency standards Observed, evaluated, and documented IS security certification testing and prepared Security Certification Test Reports (SCTRs) with findings and recommendations regarding systems' certifications Evaluated systems, networks, sites for compliance to Information Security standards and policies.
• To review and monitor monthly scanning and vulnerability applications tools for POA&M update and validation mitigation.
• Review and work with staff for both front end and backend device administrators for OS/Security mitigation. Mitigation tools that were used within the environment were Nipper, Web Inspect, Nessus, AppScan, Appdective and Quayls. To review NIST 800-53v3 and 800-53A Rev1 for system control assessment

Confidential

 Vienna, VA

 Lead Security Engineer

• Lead computer security operations engineer performing product evaluation, selection and procurement in Federal government context.
• To utilized various security monitoring applications SIEM, Packet Analyzer, Flow Analyzer. To performed malware analysis and forensic investigations.
• To maintained firewalls, IDS/IPS and VPNs. Led incident response activities. Generating reports with vulnerability scanning tools such as FoundStone, Web Inspect, CoreImpact, Nessus, NCircle and Nmap plus firewall technologies applications.
• To worked across teams and directly with customers.
• To review and work with staff for both, front end and backend device administrators for OS/Security mitigation.
• Operation administrations using SCCM and Big Fix for agency device management, to work in conjunction and confirming all system meet these requirements through the use of SOC security tools such as Foundstone and Nessus to generate other reports.

Confidential

Centreville, Virginia

 Information Assurance Analyst/Part Time

• Performed System Test and Evaluation (ST&E) activities on a variety of hardware and software systems (Windows, UNIX and Cisco IOS) using the latest Navy-approved vulnerability scanning tools (eye Retina, Nmap, Windows Production Gold Disk and DISA Security Readiness Review (SRR) scripts. Wrote C&A documents per DIACAP and Navy Afloat PIT standards, including System Security Plans (SSPs), Risk Assessment (RA) Plans
• Plans of Actions and Milestones (POA&M), Security Test and Evaluation (ST&E) Plans, and Contingency Plans (CP . To review Army Information Regulation documentation AR-1 and AR-2.

Confidential

 Reston, VA 

 Information System Security Officer

• Developed and maintained overall system security document, Information System Security Plan (SSP), which contained all necessary security procedures, instructions, operating plans and guidance. Participated in the development or revision of System-specific security safeguards and local operating procedures that are based on the above regulations Provided IT security consulting to system owners as to the other security documents, for example, security incident reports, equipment/software inventories, operating instructions, technical vulnerability reports, and contingency plans.
• Ensured that management; operational and technical controls for securing either National Security Systems or SBU level IT Systems are in place and are followed Worked closely with Certifiers to navigate the TSA Certification & Accreditation (C&A) process and produce all appropriate accreditation documentation. The following documents were used for both implementation and clarification.
• The NIST 800 series for, 800-30 for Risk Management, 800-34 for Contingency Planning, 800-37 Guide for Conducting Risk Management, NIST-39 Managing Information Security Risk.
• NIST 800-53v3&v4 Security and Privacy Controls for Federal Information Systems and Organizations, NIST 800-53Av4 Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans, NIST 800-60 Rev 1 Guide for Mapping Types of Information and Information Systems to Security Categories.
• To attended monthly ISSO training course at TSA Headquarters.

Confidential

 Dulles, VA 

 Senior Firewall Engineer

• As integral member of the technical team supported the definition, design and implementation of a global secure computing solution. Maintained IT standards, processes, advanced information systems and principles related to the myriad of IT systems in order to manage and administer technology in the infrastructure for the sole purpose of maintaining a firewall system capable of detecting and preventing unauthorized communications to/from various systems (classified and unclassified systems) within environment; and administering security systems for e-mail and internet access for the sole purpose of maintaining firewalls.
• Supported the building and testing the Firewall / PKI / DMZ infrastructure in sustaining the consolidation and the client’s IT Security Architecture.
• Maintained Network Stateful and Application Firewall technologies (Stonegate, Sidewinder G2).

Confidential

Reston, VA 

 Senior Security Engineer

• Security Engineer with the Project Management Office team for Veterans Affairs Agency to meet OMB mandate June 2008, IPv6 compliant.
• Reviewed Veterans Affairs security handbook and verify IPv6 testing meets internal agency policies requirements and also National Institute Standards Technology guideline, policies, and standards.
• Reviewed NIST special publications 800 series for system/information requirements and 500 series system profile IPv6. Gathered and reviewed Network Security, Network Management documentation from various team members for clarification and accuracy to meet requirement s for IPv6 design in the test pilot.
• Attended various work groups meetings that are part of the initiative for the IPv6 requirements.
• Created VA security risk analysis documentation for IPv6 implementation. Met with various vendors and verified products meet specifications that are stipulated within vendors’ documentation. Reviewed current NIST documentation 800 series and verify the security requirements and its effects if any for the implementation of IPv6.
• Review vendor products to be in compliance with FIPS 140, Common Criteria, or ITSEC standards as required by government agency.

Confidential

Rockville, MD 

Security Engineer

• Worked with the security design group on the design of the enterprise infrastructure and deployed network security devices as requested by customer.
• To gathered existing documentation and information from various departments for deployment of existing application and hardware that would be migrated to new facility. Gathered internal and external documentation as required by NIST for federal government enterprise security architecture.
• To review documentation during the new design of the enterprise architecture, The NIST 800 series for, 800-30 for Risk Management, 800-34 for Contingency Planning, 800-37 NIST 800-53v2 Security Minimal Baseline Requirements, NIST 800-53Av1 Security Baseline Assessing Controls .Created infrastructure test mock-up, device upgrades and patches, performed configuration and testing before deployment to new enterprise architecture and verified traffic flow utilizing tcpdump and Wireshark applications.
• To implement guide and utilize checklist on various operating systems and appliances for C&A utilizing DISA Gold and Cisco safe practice. To worked with customer internal staff on training in the new test mock-up enterprise architecture.
• To created security documentation and security Visio diagrams to reflect new enterprise architecture.
• Networking devices that are included within the infrastructure, Checkpoint Firewalls, Pix FWSM, Cisco IDSM-2, NFR intrusion detection, Cisco routers, switches 4510R, 6509, 7609, and 7613.

Confidential

 Reston, VA

 Network Security Engineer

• Performed administration, maintained and monitored security RSA accounts on ACE server.
• Maintained and performed administration duties for users on LDAP server. Performed administration duties in Remedy application for various infrastructure devices.
• Worked on administration, configuration and troubleshooting of issues on Cisco Pix firewall and Netscreen firewall. Maintained, configured and troubleshot issues on Nokia device and Checkpoint firewall. Managed Cisco router IOS maintenance and debug upgrades and Cisco switch IOS upgrades.
• Managed VPN on various devices, Cisco Routers, Netscreen Firewall, Checkpoint Firewall, Pix Firewall and Cisco Concentrators.
• Performed administration, configuration and troubleshooting of Netcach Web appliance.
• Administered various firewall and content devices with different operating System platforms, UNIX and Windows, firewall devices, (Cisco) Pix, Checkpoint, Netscreen .

Confidential

Washington, DC

Network Engineer

• Designed, planned, configured, updated and maintained the network and information systems to ensure the 24-hour per day, 7 days per week availability required to support the Department's mission-critical service delivery operations. Created users and groups, configured remote access policy and security.
• Diagnosed, troubleshot and resolved network operation problems and evaluated the cause of malfunctions to take corrective action Monitored system integration, maintenance and support of LAN and or WAN. To utilize scanning/sniffing tools, nmap, nessus, tcpdump and Wireshark to identify and generate reports..
• Supported Novel network operating systems environment, especially Novell (versions 4.x and above) and associated applications, NDS, eDirectory, to use management tools, Zenworks 2.0 and 3.0, NDPS, NWADMIN, ConsoleOne, Managewise and BorderManager Citrix, Terminal Server, and HP Open View for operation support.

Confidential

Washington, DC, 

Supervisor Biomedical/ System Engineer

• To Assisted in the Planning and Formulation of an effective patient medical information program by researching material, equipment manuals and brochures, medical equipment repair and concepts. Worked directly with Chief Biomedical Engineer and presented plans of operations, to include techniques, scheduled preventive major damage and down time of equipment. Established guidelines, directed, coordinated and evaluated the sections programs, through observance, instructing preparing procedures for approval and reporting the progress and/or recommended changes to enhance the section procedures to accomplish the goals of the section.
• Recommended repairs part for systems, based on life expectancy of component parts, feasibility of stock, delivery time, and the urgency of the equipment in reference to the users program and critical factors of equipment operations.
• Performed safety and performance testing on new medical equipment and performed regular scheduled inspections, tests and calibration of equipment. Oriented new employees and conducted in-house service training programs as required Kept updated ‘State of the Art’ in Biomedical Engineering and Computer systems developments by actively participating in educational courses and seminars. Maintained patient information system in compliance with DCRA and HIPPA.
• Maintained patient information system for the Intensive Care Unit 24/7, Patient information system HP/UX disk mirror.