SUMMARY:

• Over 20 years of combined experience in the Information Technology profession.
• Supported various government agencies such as the Confidential ( Confidential ), Confidential ( Confidential ), Confidential ( Confidential ), Confidential ( Confidential ), Confidential ( Confidential ), Confidential ( Confidential ), Confidential ( Confidential ).
• Familiar with all phases of the NIST Risk Management Framework (RMF).
• Broad experience with the Confidential Information Systems Accreditation and Authorization (A&A) process utilizing the NIST SP800 - 53 rev.3, and rev.4, Security Controls.
• Familiar with the CMMI Level 3 SCAMPI Process.
• Capable of independently acquiring new skills necessary to excel in the constantly evolving Information Technology profession.
• Excellent written and oral communication skills.
• Enjoy exploring technical issues with peers, as well as gathering and eliciting functional requirements with stakeholders and end users.
• Detail oriented, and comfortable when dealing with senior management.
• Currently hold a Public Trust Clearance with the Confidential ( Confidential ).

TECHNICAL SKILLS:

Programming Languages: SQL

Operating Systems: Microsoft Windows

Scanning Tools: IBM EndPoint Manager (BigFix), Nessus (Tenable Security Center), Netsparker

Enabling Technologies: Microsoft Office Suite (Words, PowerPoint, Visio, Project, Access, Outlook), SharePoint, Adobe Connect.

Information Assurance: NIST RMF Process- Categorization, Selection, Implementation, Assessment, Authorization, and Continuous Monitoring; Confidential information systems Authorization and Accreditation (A&A). Software Requirements Analysis; Software Quality Assurance; Software Test Engineering. FedRamp CSP/3PAO/P-ATO Accreditation.

PROFESSIONAL EXPERIENCE:

Confidential

ISSO

Responsibilities:

• Assist the SO with completing the system authorization documentation using templates from the current Confidential ’s Security Authorization Handbook.
• Support all Assessment & Authorization (A&A) activities.
• Perform scheduled vulnerability/risk assessment analysis.
• Ensure IT systems have all security controls in place and functioning properly in accordance with NIST 800-53A publication.
• Evaluate/analyze vulnerability results from the following set of tools to include but not limited to: NESSUS and WebInspect, DbProtect.
• Manage POA&Ms from creation to closure.
• Insure that all A&A core documents (SSP, BCP, FIPS 199/200, PTA, PIA, ISCP, etc…) are completed and uploaded in CSAM.

Confidential

Alt-ISSO

Responsibilities:

• Conducted assessments of existing IT Systems for compliance with security requirements from Confidential security guideline.
• Performed FIPS 199 Security Categorizations
• Performed Privacy Threshold Analyses
• Developed Privacy Impact Assessments
• Updated System Security Plans
• Updated Business Impact Analyses
• Developed System Contingency Plan and Test Plan
• Updated Incident Response Plans
• Developed Security Assessment Plans
• Developed Security Assessment Reports (CSAM)
• Requested from Confidential Enterprise Security Services and analyze compliance and vulnerability scan results.
• Utilized CSAM to conduct NIST SP800-53 rev.4, Security Controls assessments.
• Created and managed POA&Ms utilizing CSAM.

Confidential

Lead IT Security Analyst

Responsibilities:

• Conducted assessments of existing IT architecture for compliance with security requirements from Confidential security frameworks.
• Created documentation (SAR, SSP, POA&M), to support information system Authorization and Accreditation packages.
• Provided continuous monitoring support for information systems (Incidents Response, IBM BigFix and QRadar Scan review and report, POA&M management).
• Developed IT architecture deliverables, specific to information security countermeasure implementations, for operational systems.
• Developed IT security policies, standards, and guidance based on Confidential Rev.4 recommendations and the Confidential Guidelines.
• Utilized Web Based Certfied Security Assessment And Management (CSAM) tool to automate the activities of the C&A for a Cloud based Major Application and a GSS hosted Major Application.
• Attended daily Scrum meetings and utilized CA Agile Central RALLY tool to manage project tasks.

Confidential

Senior Requirements Analyst / Security Analyst

Responsibilities:

• Supported various software development projects from start to closure and followed the PMO Project Management Life Cycle process from initiation to closure.
• Document user requirements into a Functional Requirements Document (FRD).
• Map user requirements into a structured Requirements Traceability Matrix (RTM).
• Conduct requirements reviews with user communities and as well as with peers Developers and QA testers.
• Assist Developers in writing System Design Documents (SDD).
• Maintain project documents up to date in SHAREPOINT based project libraries.
• Utilize REMEDY to track IT Support issues, and provide assistance to users when needed.
• Record software defects utilizing DEVTRACK, and tracked system change requests to resolution.
• Utilized SQL queries to analyst data from MS SQL Server database.
• Insure that all NIST SP800-53 rev.3 recommended security features are built into the final software product in accordance with Confidential ’s Security Policies and Guidelines.

Confidential

Information Security Analyst / Requirements Analyst

Responsibilities:

• Utilize the Risk Management System (RMS) to assess assigned systems in order to determine their security status for Confidential Compliance.
• Develop C&A documentation (System Security Plan, Contingency Plan, etc…).
• Track all Confidential compliance artifacts in the Trusted Agent Confidential (TAF) tool.
• Conduct C&A efforts using the NIST SP800-53 rev.3 series and the Confidential Sensitive Systems Policy 4300A documents.
• Conducted peer reviews of test plans to verify their accuracy to the approved requirements, and their compliance with Confidential security policies.
• Ensured that the handling and processing of the applicant’s Personally Identifying Information (Social security Number, Biometrics, etc.) adhere to the Confidential ’s PII management policy and guideline.

Confidential

Senior Systems Analyst

Responsibilities:

• As Senior Analyst on the SPARQ application development team, responsibilities were to design test cases, build test data sets.
• Perform preliminary verifications of the functionality for new software release.
• Verify the security feature of the software products against government approved requirements, in order to protect the Confidentiality and the Integrity of the information, and promote the availability of the system at all time.
• Attended a 3 days JAD session to collect business requirements from subject matter experts, project sponsors, and system owners.

Confidential

Senior Analyst

Responsibilities:

• Guided the Credit Risk Division in discovering, gathering, analyzing and documenting requirements for their Credit Underwriting Survey System.
• Developed the first version of the Confidential Policy Guide System (OPGS) Index using Microsoft Access Web pages on a SQL Server database, and also on an MS Access database.
• Developed functional requirements into specifications requirements, then mapped the specifications requirements into a structured Requirements Traceability Matrix (RTM).
• Conducted requirements phase reviews with user communities and peers to develop Project Planning, System Requirements Specifications (SRS), System Design Document (SDD).
• Utilized PVCS Version Manager to record and manage changes to project artifacts and deliverables.
• Utilized PVCS Tracker to document and track project issues.

Confidential

Senior Quality Analyst

Responsibilities:

• Assure the Safety, the Quality, the Integrity, and the Potency of blood products by verifying that Good Manufacturing Processes (GMP) are adhered to.
• Analyzed user requirements to develop System Requirements Specification document (SRS), and Software Design Documents (SDD).
• Reviewed work products of peers Business Analysts and QA Analysts to verify the completeness and the accuracy of the requirements document.
• Developed User Acceptance Test (UAT) plans and test procedures to trace the requirements to the SRS and verify the completeness of their coverage in the Safety-critical Software products.