- Cloud computing
- Kali Linux
- Cloud security
- Burp Suite
- Policy and procedures writing
- DHS (TIC)
- Technical writer
- Enumeration scans
- Vulnerability scans
Project manager/Task lead/Lead Information Security Engineer
- Manage a team of 22 security control assessors and ISSOs (including penetration testers)
- Worked with team, ensuring the review of the security architecture of the environment being assessed.
- Worked with multiple network engineers ensuring least functionality being put in place.
- Conducting Nessus scans and Nessus scan analysis, as well as, presenting it to stakeholders while explaining the meaning of the vulnerabilities.
- Perform extensive technical writing regarding policies, procedures and other pertinent documentation.
- Support to the Assessment and Authorization (A&A) Risk Management Framework process for all client managed systems, networks, and enclaves (all security domains); ensure validity and accuracy review of all associated documentation; support remote sites when required
- Assist in centralization of A&A files/documentation and maintain files/library; ensure validity and integrity of all systems
- Create, update, and delete entries in databases utilized for the tracking of system and network compliance
- Ensure that all IA systems are properly documented with Configuration Management processes maintain the security accreditation status of systems/sites including the review of current documentation, site architectures and coordination with sites to ensure the documentation is accurate with the current site architecture, IAW Policy and processes
- Perform, participate and support all assessment and authorization (A&A) efforts for systems, networks, and applications (all security domains) IAW DoD and IC requirements
- Provide coordination for assessment metric submissions
- Provide direct support in development of other A&A related systems bodies of evidence in accordance with current NIST guidance, using the government provide A&A tool (i.e. XACTA)
- Provide security engineering assessments of proposed IT solutions
- Work in coordination with both internal and external systems administrators, configuration management, and network engineers to ensure proper configuration and adherence to security standards in regard to deployment actions
- Serve as Security Controls Assessors for formal Security Test and Evaluation
- Providing guidance regarding remediation and mitigation of identified vulnerabilities
- Provide guidance on the application of security policy, identifying security requirements, providing technical guidance for the satisfaction of requirements, reviewing and determining the adequacy of required documentation
- Development of all supporting test reports and supporting artifacts and plan and action of milestones (POA&Ms) documenting open findings, preparation of formal authorization packages and oversight of the resolution of POA&Ms and development and maintenance of assessment and authorization enterprise schedules and metrics
- Provide support for management and maintenance of assessment and authorization repositories
- Perform security assessments at remote sites
- Conducting scans utilizing Nessus and provide explanation on what the findings mean to the stake holder
- Conducting Burp Suite report analysis
- Attend monthly meetings with the CISO, to discuss methodologies to enhance the assessment process
- Train personnel on the proper way of assessing controls; primarily controls that require great deal of technical understanding
- Supports the Security Assessment and Authorization process of the clients’ systems as a technical Security Analyst
- Assisted Pen testing team with projects in analyzing Burp suite reports
- Work in 3PAO projects where we assisted CSPs to receive ATOs
- Utilizes FedRAMP requirements to assess cloud systems to ensure the proper security requirements are satisfied.
- Reviewed technical security controls and provide implementation responses to meet requirements
- Document findings in the SAR
- Meet with client to discuss findings and process of remediation