Derrick Agyiri

IA Engineer/Information System Security Engineer (ISSE)

Manassas, Virginia, United States

+1-202-***-****

ad1qd6@r.postjobfree.com

SUMMARY

I am experienced in performing comprehensive risk assessments, conducting security scans of information systems, and documenting test results for remediation and continuous monitoring. I have a proven track record of preparing and maintaining information security certification and accreditation documentation, including Systems Security Plans, Plan of Action & Milestones, and Standard Operating Procedures.

I possess a deep understanding of the latest cyber threats and vulnerabilities, as well as experience in implementing industry-standard security controls and frameworks, such as NIST, ISO, and CIS. I have strong communication and collaboration skills and am able to work effectively with cross-functional teams, including IT, engineering, and business stakeholders. With my strong technical expertise and business acumen, I am confident in my ability to help organizations strengthen their security posture and protect their critical assets. EXPERIENCE HIGHLIGHT

Experience working in the field of cybersecurity compliance and successfully completed and achieved ATO approval for several systems.

Experience conducting security control assessments and/or implementation using NIST SP 800- 53 Rev 5

Experience running vulnerability and compliance scans using Nessus, Rapid7 Experience with High Value Asset (HVA) systems

Experience in Secure SDLC, working directly with project teams to advise on control implementation to meet NIST SP800-53 controls

Experience with supporting system Authority to Operate (ATO) processes and creating artifacts, control implementation details, DISA STIGs, and POAMs. Experience with managing complex system records and RMF workflows in the Enterprise Mission Assurance Support Service (eMASS) or comparable system. Experience with Information Security Continuous Monitoring (ISCM) Experience with National Institute of Standards and Technology (NIST) security controls, the Governance, Risk Management, and Compliance (GRC) security documentation tool, Risk Management Framework (RMF), and security compliance processes Ability to facilitate meetings, analyze authorization documents and associated artifacts against authorization requirements to identify gaps, establish a schedule to address outstanding authorization requirements, and coordinate directly with system team stakeholders Experience with AWS services that include but not be limited to: Config, Security Hub, Audit Manager, Cloud Trail.

Experience with ITSM ticketing service (JIRA, Confluence, BMC Remedy) Experience with multiple OS (Windows, Linux, MacOS, Android) Experience following AGILE/SCRUM methodology

Experience with O365 tools, Active Directory, Azure, and Client Management Experience with security tools, hardware, and software security implementation, communication protocols, or encryption techniques and tools.

WORK EXPERIENCE

2019-Current

IA Engineer/Information System Security Engineer (ISSE)

Valytics LLC

Vienna, Virginia, United States

Experience architecting, designing, developing, and implementing cloud solutions on AWS platform

Guide, document, validate technical efforts to design, build, and deploy AWS applications at the direction of lead architects, including large-scale data processing, computationally intensive statistical modeling, and advanced analytic.

Prepare Risk Management Framework (RMF) system accreditation Body of Evidence (BOE) packages using the eMASS

Works directly with AWS service teams, infrastructure teams, security teams, related Amazon corporate teams, and Government authorizing officials for control implementation and articulate compliance implications to internal and external audit functions. Apply working knowledge of global information security regulation and policy to articulate customer and control impact and drive alignment to AWS controls. Establish and implement security procedures and practices in support of Customer goals and current DoD regulations. Develop and update Assessment & Authorization (A&A) documentation (Body of Evidence) for management and continuous monitoring of information systems.

Using knowledge of the Information System (IS) and understanding of established Information Assurance (IA) and Cybersecurity requirements to validate security policies and procedures outlined in the System Security Plan (SSP), customer policies & regulations, and ensure local policies are followed.

Initiate the authorization or re-authorization efforts and process for new or expiring systems and coordinate, schedule, and attend required meetings

Serve as the System Information System Security Officer (ISSO) for various customer systems 2018-2019

Senior Consultant

Booz Allen & Hamilton (BAH)

Vienna, Virginia, United States

Performed consistent threat analysis, vulnerabilities, and risk assessment to understand potential impact on USPS information systems and infrastructure and prioritize them for a response per CERT Resilience Management Model (CERT-RMM) framework for process improvement approach to operational resilience management.

Reviewed and developed IT security standards and guidance in accordance with existing standards.

Developed relationships quickly and easily with other teams, communicated the complexities of security with a wide variety of audiences, including senior management. Address risks in a systematic manner, based on organizationally defined levels of priority Regularly Identify new threats, vulnerabilities, and risks to USPS operations through research, interviews, testing and assessments.

2017-2018

Cybersecurity Analyst

Mindbank Consulting Group

Vienna, Virginia, United States

Performed vulnerability risk assessment and analysis in support of Assessment and Authorization, to include assessing a systems overall security posture.

Took corrective action to resolve problems identified and ensure systems are operated, maintained, and disposed of in accordance with established policies and procedures. Performed security audits IAW established procedures. Developed processes for the management, review, and retention of security audit data. Make decisions and implement corrective action as required to resolve audit discrepancies. Authored and reviewed IS security-related documentation and submit to Enterprise Mission Assurance Support Service (eMASS).

Acted as an IA Subject Matter Expert (SME), providing critical thinking to ensure system security requirements are addressed during all phases of the System Development Life Cycle

(SDLC).

Conducted ongoing security reviews and tests of systems to verify security features and controls are functional and effective. Take corrective action to resolve identified vulnerabilities. Provided security engineering review of proposed changes or additions to the IS (including hardware, software, or connectivity), and advise the Information System Security Manager

(ISSM) of the security relevance.

Reviewed manual STIGs (ckls) utilizing STIGViewer

Reviewed ACAS Scans

Developed Project Management Plan to attain ATO

EDUCATION

-2017

Bachelor of Science in Network Security and Cyber Security

University of Maryland Global Campus

Adelphi, Maryland, United States

Bachelor of Science in Network Security and Cyber SecurityAdelphi, MD University of Maryland Global Campus (UMGC)2017

SKILLS

Amazon Web Services AWS Large-Scale CISA Comptia Information Security ISO Nessus NIST Splunk Life Cycle SDLC Software Security System Development Agile BMC Helix BMC Remedy Confluence Governance, Risk and Compliance GRC IT Service Management ITSM JIRA Scrum Cyber Security Encryption Active Directory Network Security Linux Android Risk Assessment Security Audits Security Certification Security Documentation Security Engineering Security Implementation Security Plan Security Policies System Security Systems Security Documentation Documenting Audit Statistical Modeling Subject Matter Expert SME DOD Remediation Articulate Confident Trading Risk Management Threat Analysis Operations Corrective Action Risk Assessments Project Management Process Improvement Client Management Governance MAC Macos CERTIFICATIONS

Certified Information Security Auditor (CISA)

Certified Ethical Hacker (C EH)

Certified Scrum Master

AWS Security Specialty

Splunk Certified User

CompTIA Security+ CE

Security+

CISA

HONORS & AWARDS

authorization requirements to identify gaps, establish a schedule to address outstanding LANGUAGES

English - Intermediate

Contact this candidate