SUMMARY:

• I am a top level performing Software Engineer with over 13 years of expertise in software development and information assurance creating innovative designs and solving real world technical problems.
• I enjoy developing software design patterns that ease development efforts.
• I have developed complex desktop, handheld, N - Tier and Enterprise web applications and web services for the Department of Defense and the Confidential . My work with information assurance, code review and remediation has been integral to securing ongoing ATOs for several applications critical to shipbuilding and ship maintenance for the Confidential .
• I am 8570.01 compliant, having earned my Security+ certification, and am currently studying for the CISSP exam with a scheduled test date of January 20, 2014.
• I enjoy learning new skills and am quickly adaptable to new technologies. As a result of the high level of my work, I am tasked with complex and difficult assignments.
• I have never missed a deadline and do not accept failure as an option.

TECHNICAL EXPERTISE

• DoD 8500.2 controls and Security Technical Implementation Guidelines (STIGs), C&A processes under DITSCAP, DIACAP, and NIST frameworks
• Object Oriented Programming
• Microsoft .NET technologies including ASP.NET, VB, C#, SQL Server 2000/2005/2008, SQL Server CE 3/3.5, VS 2005/2008/2010, Windows Mobile 5.
• Web Services, SOAP
• IIS, SQL Server Management Studio
• HP Fortify
• AJAX
• XML, XSD, Liquid XML Studio.
• C++, Java, JSP, JavaScript, Visual Basic, ColdFusion, Struts MVC, Velocity, PHP, MySQL
• Apache, Tomcat, JBoss
• Oracle 9i/10g, Toad, MySQL, PL/SQL
• JQuery
• 13 years experience with relational database architecture, database design and stored procedure development with both MS SQL Server T/SQL and Oracle PL/SQL.
• Agile Software Development
• Serena, MS Visual Source Safe
• SDLC

PROFESSIONAL EXPERIENCE:

Confidential, Chantilly, VA

• As a software engineer I have been instrumental in the success of individual and team projects. These projects have included enterprise level software solutions in .NET and Java.
• Presently, I am a key software developer coding Automated Work Notification (AWN) for the Maintenance Figure of Merit (MFOM) application suite, an enterprise Navy web application, with a team of four others. AWN is being deployed fleet wide as the Navy’s solution to providing real-time communications and information with respect to fleet readiness. AWN is also crucial to the Navy’s effort in maintaining data integrity for ship model and deficiency data.
• I maintain the Windows Mobile 5 code base for AWN. My work was pivotal in redesigning web services, which constantly timed out, to provide AWN database updates to mobile device users.
• In my development work with AWN I was instrumental in developing a ship supply parts ordering module that seamlessly interfaced with a legacy system. This work was critical to the maintenance and integrity of Navy ships in port and underway. My work also included coding GUIs, middle tier classes and components, database objects and processing data, using XML, XSD, and flat files. This supply parts ordering code base merged data from a legacy application into our new data structure that models every class of Navy ship. My development efforts increased the efficiency of processing data from several hours to minutes.
• I am a co-lead developer for a system wide XML/XSD structure for data communications between applications within MFOM. I coded several classes to support the XML data structure and used XSD.exe to create typed data sets to facilitate serializing/deserializing outgoing/incoming data. This XML/XSD is critical for the success of AWN and the MFOM suite and my worked has supported that success by ensuring the integrity of data sent through the MFOM communication network.
• My tasking includes being the lead Information Assurance developer responsible for remediating information assurance certification and accreditation issues in our AWN code base for the web and mobile applications. I use HP Fortify regularly to scan our code, identify issues and remediate them. My work efforts have centered on STIG 3.4 issues including, among other things, XSS and SQL injection. The efficacy of my work brought the total number of IA issues from several thousands to less than 200.
• My work has been instrumental in the certification and accreditation process testing 8500.2 controls under DITSCAP, DIACAP and NIST for three Department of Defense applications, Electronic Trial Card (ETC), Construction and Maintenance Scheduling (CAMS) and Technical Support Management (TSM).
• I was tasked with testing security controls for all domains, conducting risk My work was directly responsible for attaining six ATOs/IATOs for these three projects.
• I developed a tasking metric module and a security module for TSM, a Navy web application developed using Java, JSP, JavaScript, Oracle and Struts MVC. This work was pivotal in securing the application and allowing the application users to monitor workflow based tasking efficiency. I also created a workflow package that streamlined formerly paper-based processes into digital form.
• My tasking with TSM also included load balancing Tomcat. This effort was critical to increasing server performance for a growing user base.
• I coded a simple encryption algorithm for ETC, a desktop Navy application written in Visual Basic, which was required to secure an ATO for the application.
• I developed a custom COM object for Palm handheld development that facilitated the ease of coding for other Palm developers on our team. Two other applications for the Palm handheld device, using the Palm SDK and CDK written in C++, include a mobile time keeping application, which allowed company employees to track time while on travel and an application called PERSI Wheel which allowed calculation of critical mission based metrics for the Navy.
• I am experienced with all levels of SDLC. Both AWN and TSM were full life cycle development efforts. While they are not in the disposal phase I do have knowledge of merging legacy code into both of these applications.
• I am well versed in p reparing applications for IA certification and accreditation under DITSCAP and DIACAP frameworks. I have participated in conducting risk assessments during the Certification and Accreditation process. I have expertise in analyzing and developing IA policies and procedures, interpreting security requirements relative to the capabilities of new information technologies, analyzing patterns of noncompliance to determine their potential impact on levels of risk and/or overall effectiveness of the enclaves’ IA programs (residual risk assessment), identifying security strategies that work best for the enclave and applications, evaluating IT technologies against Common Criteria requirements, conducting security software testing prior to release of new applications, developing and coordinating Continuity of Operations and Disaster Recovery Plans, writing IA policies and procedures required for certification and accreditation and assisting with configuring computing devices to meet DoD and Navy security requirements. This work was critical to attaining six ATOs for three different application used by the Navy for fleet maintenance and deficiency tracking.
• I regularly interface with customers to determine requirements for applications and to demonstrate application functionality.
• I am instrumental in supporting Board of Inspections and Survey (INSURV) and Supervisor of Shipbuilding sea trial events as I am responsible for setting up LAN services and trouble shooting issues in a live environment, desktop application support, data collection, data scrubbing and data upload to government servers for DDG, LPD, LHD, CVN, T-AKE, LCAC and LCS classes of Navy ships and MSL class of Coast Guard cutters.