We provide IT Staff Augmentation Services!

Project Manager/task Lead/lead Information Security Engineer Resume

TECHNICAL SKILLS

  • Nessus
  • Cloud computing
  • WebInspect
  • Kali Linux
  • AWS
  • Cloud security
  • Burp Suite
  • Nmap
  • Networking
  • Policy and procedures writing
  • Splunk
  • Metasploit
  • DHS (TIC)
  • Technical writer
  • DbProtect
  • Management
  • Enumeration scans
  • Vulnerability scans
  • SDLC
  • Assessment

PROFESSIONAL EXPERIENCE

Confidential

Project manager/Task lead/Lead Information Security Engineer

Responsibilities:

  • Manage a team of 22 security control assessors and ISSOs (including penetration testers)
  • Worked with team, ensuring the review of the security architecture of the environment being assessed.
  • Worked with multiple network engineers ensuring least functionality being put in place.
  • Conducting Nessus scans and Nessus scan analysis, as well as, presenting it to stakeholders while explaining the meaning of the vulnerabilities.
  • Perform extensive technical writing regarding policies, procedures and other pertinent documentation.
  • Support to the Assessment and Authorization (A&A) Risk Management Framework process for all client managed systems, networks, and enclaves (all security domains); ensure validity and accuracy review of all associated documentation; support remote sites when required
  • Assist in centralization of A&A files/documentation and maintain files/library; ensure validity and integrity of all systems
  • Create, update, and delete entries in databases utilized for the tracking of system and network compliance
  • Ensure that all IA systems are properly documented with Configuration Management processes maintain the security accreditation status of systems/sites including the review of current documentation, site architectures and coordination with sites to ensure the documentation is accurate with the current site architecture, IAW Policy and processes
  • Perform, participate and support all assessment and authorization (A&A) efforts for systems, networks, and applications (all security domains) IAW DoD and IC requirements
  • Provide coordination for assessment metric submissions
  • Provide direct support in development of other A&A related systems bodies of evidence in accordance with current NIST guidance, using the government provide A&A tool (i.e. XACTA)
  • Provide security engineering assessments of proposed IT solutions
  • Work in coordination with both internal and external systems administrators, configuration management, and network engineers to ensure proper configuration and adherence to security standards in regard to deployment actions
  • Serve as Security Controls Assessors for formal Security Test and Evaluation
  • Providing guidance regarding remediation and mitigation of identified vulnerabilities
  • Provide guidance on the application of security policy, identifying security requirements, providing technical guidance for the satisfaction of requirements, reviewing and determining the adequacy of required documentation
  • Development of all supporting test reports and supporting artifacts and plan and action of milestones (POA&Ms) documenting open findings, preparation of formal authorization packages and oversight of the resolution of POA&Ms and development and maintenance of assessment and authorization enterprise schedules and metrics
  • Provide support for management and maintenance of assessment and authorization repositories
  • Perform security assessments at remote sites

Confidential

Senior Consultant

Responsibilities:

  • Conducting scans utilizing Nessus and provide explanation on what the findings mean to the stake holder
  • Conducting Burp Suite report analysis
  • Attend monthly meetings with the CISO, to discuss methodologies to enhance the assessment process
  • Train personnel on the proper way of assessing controls; primarily controls that require great deal of technical understanding
  • Supports the Security Assessment and Authorization process of the clients’ systems as a technical Security Analyst
  • Assisted Pen testing team with projects in analyzing Burp suite reports
  • Work in 3PAO projects where we assisted CSPs to receive ATOs
  • Utilizes FedRAMP requirements to assess cloud systems to ensure the proper security requirements are satisfied.
  • Reviewed technical security controls and provide implementation responses to meet requirements
  • Document findings in the SAR
  • Meet with client to discuss findings and process of remediation

Hire Now