Engineer Project Manager
Resume:
***** ****** **** **. *******, MD. *****
240-***-**** Home
301-***-**** Cell
*********@*******.***
Career Objective:
Over the years, I have had the privilege and opportunities to work
alongside the DoD, federal and commercial sectors which have embolden me
with a keen perspective and best of practice in the Governance, Risk
Management and Compliance of security processes. I welcome the opportunity
to carry out tasks involving security strategy, developing enterprise
architect, policy and procedure promulgation, risk assessments, conducting
security awareness training as well as the continuing collaboration of
security issues. I look forward to thriving in such an environment.
EXPERIENCE:
Security Engineer 5/2013 - Present Noblis Inc, Falls Church, VA
Monitored/developed documentation for Cloud Service Providers (CSP) as
part of FedRAMP's Cloud Initiative Program for GSA's Office of Citizen
Services and Innovative Technologies (OCSIT). Developed System
Security Plans (SSP), Security Assessment Plans (SAP), and Security
Assessment Reports (SAR) in addition to other supporting documentation
i.e. Configuration Management Plans, Incident Response Plans and
Continuity Plans for security authorization packages. Analyzed
security testing results performed by Third Party Assessment
Organization (3PAO) and verified results documented in SAR against
evidence. Prioritized tasks and effectively managed multiple
responsibilities. Established team goals and objectives to be
accomplished and ensure the integrity, compliance and accountability
for Continuous Monitoring.
1. Successfully navigated CSP through GSA's FedRAMP Cloud Initiative
process as a recipient of a FedRAMP Provisional Authorization-To-
Operate (P-ATO) certification.
Security Engineer 12/2011 - 5/2013 VERIS Group LLC Vienna, VA
Tested/assessed security controls and vulnerability/compliance scan
analysis of Automated Information Systems (AIS) as it pertains to
network, firewall, and devices as a Senior Security Analyst for the
Office of Procurement Group Cyber Security Division for the OCIO at
United States Patent and Trademark Office Headquarters; Analyzed risk
to develop/improved IT security across enterprise and escalated issues
to senior management. Demonstrated collaboration and team building
with proven communication and interpersonal skills. Documented
security assessment packages against NIST standards and addressed IV&V
comments for submission to Designated Accreditation Authority for
approval.
1. Evaluated/ System Security Plans, Business Impact Analysis,
Contingency Plans and Testing, Security Assessment Reports, Security
Test and Evaluation Plans within projected schedule consistently
resulting in a quality product and On Time/Within Budget.
Security Engineer Consultant 11/2010 - 12/2011 PrismSoft Consulting /
Accenture / Radius 360 Technology Group; Silver Springs, MD
Audited the A&A packages (System Security Plans, Security
Categorizations, Business Impact Analysis, Contingency Plans and
Testing, Security Assessment Reports, Security Test and Evaluation
Plans and execution, Privacy Impact Assessments, Configuration
Management Plans, and POA&M activities) for the Department of Labor
(DOL)/Office of the Assistant Secretary for Administration and
Management (OASAM)/Office of Chief Information Officer (OCIO) as
Senior Security Analyst; Identified potential high risks to government
information systems and utilized information to develop/improved IT
security across enterprise and when necessary, prioritized findings
and escalated issues to management. Monitored A&A (formerly C&A)
processes through ATO process for various general support systems and
major applications.
1. Analyzed the GAP from NIST 800-53 Rev 2 to Rev 3 and presented the
results to senior management. Analysis was approved by management and
implemented.
Security Engineer Consultant 8/2010 - 5/2011 PrismSoft Consulting / NET E-
Solutions Corporation; McLean, VA
Monitored/developed documentation for Certification and Accreditation
(C&A) activities for the Office of Cyber Infrastructure and
Computational Biology (OCICB) within Health and Human Services
(HHS)/National Institute of Health (NIH)/National Institute of Allergy
and Infectious Diseases (NIAID) as Senior Security Analyst; Developed
System Security Plans, Contingency Plans and Security Assessment
Reports for security authorization packages. Conducted security test
and evaluations (ST&E), risk assessments, and recorded findings for
analysis through all phases of accreditation; Prioritized tasks and
effectively managed multiple responsibilities; Established team goals
and objectives to be accomplished and ensure the integrity, compliance
and accountability for Continuous Monitoring.
1. Performed GAP analysis from NIST 800-53 Rev 2 to Rev 3. Results were
leveraged in accordance with HHS policy, laws and directives, NIH
guidance and OCICB procedures then presented to management. Changes
were implemented in Security Handbook.
Security Engineer Consultant 10/2009 - 08/2010 PrismSoft Consulting /
Reston Consulting Group (RCG); Reston, VA
Evaluated security architect and strategy of the information security
policies and procedures as an Information System Security Officer
(ISSO) for the Office of Operation Systems (OOS) within the National
Weather Service (NWS) of the Nautical and Oceanic Atmospheric
Administration (NOAA); Evaluated effectiveness of existing risk
assessment programs to identify areas of potential vulnerability in
operating systems used throughout the organization. Analyzed findings
and developed long-range plans for security systems that minimize
risks, mitigate vulnerabilities related to databases and web
applications, prevent security incidents, and insure systems
reliability. Identified new processes, techniques, and procedures to
upgrade and enhance security protocols. Produced monthly metric
reports as it pertain to the performance of completed documentation
for ATOs, Interconnection Security Agreements (ISA/MOU), Service Level
Agreements (SLA), Security Training, and Computer Incidents (US CERT),
Network Performance (IDS/IPS-network and host based security
infrastructure); Voted as a member of the configuration change
management board.
1. Developed strategic communication experience interfacing directly with
SES as the Director for NOAA Wide Area Network (NOAA Net), NWS
Telecommunications Gateway (TG), Consolidated Internet Farm (CIF), and
the Telecommunication Operations Center (TOC), vendors, and key IT
staff.
Senior Security Engineer 2/2009 - 07/2009 INSTOS Inc; Sterling, VA
Defined customer requests and applied customer support principles and
methods to provide information and assistance when responding,
reporting and resolving customer requests; Provided expertise
guidance for DoDI 8510.01 Department of Defense Information Assurance
Certification and Accreditation Process (DIACAP) Instruction as the
Project Manager/Security Liaison for DIACAP compliance for Office of
the Medical Records Separations Processing (MRSP) system within the
Deputy Secretary of the Army for Health and Medical Affairs.
Researched solutions and made recommendations as a member of the
Program Integration Office of the Interdisciplinary Architecture &
Systems Engineering team efforts. Designed and integrated complete IT
infrastructure solutions that include multiple server platforms,
software middleware, storage, and services. Evaluated integration
efforts and provided comments regarding their performance in
accordance with the guidance provided in the client's Technical
Reference Model (TRM) and other guiding principles and standards
established by the client.
1. Led information security effort for Veteran Administration's
digitizing of Army military medical records and accomplishing an IATT
of some 170 sites.
Security Analyst 4/2008 - 2/2009 ALTA, Inc; Bethesda, MD
Verified and Validated (V&V) system lifecycle document artifacts to
assure compliance with approved systems for the National Institute of
Health National Health Genome Research Institute (NIH NHGRI) at the
Bethesda, Maryland Campus as an analyst. Developed System Security
Plan (SSP) and tested Disaster Recovery Plans (DRP) for the NHGRI
organization and the documentation of application/system security
controls; Utilized project tracking documentation (Excel, MS Project,
and Pro-Sight).
1. Accepted promotion to Project Manager/Security Liaison
Functional Analyst 3/2006 - 03/2008 - Engineering Documenting Systems, Inc.
(EDSI); Fairfax, VA
Planned acquisitions, developed resources and executed tests for the
acquisition of Army ACAT III system and components thereof for the
Joint Interoperability Test Command (JITC) Washington Division.
Complied with Chairman of the Joint Chiefs of Staff Instructions
(CJCSI) 6212 directives and policies; NIST 800 series
directives/instructions, FISMA, DoD 5200 series, and their
implementation, Department of Homeland Security (DHS) 4300A, DHS
4300B, DHS Certification and Accreditation, DODD 8500.1, DODI 8500.2,
and the information assurance (IA) principles/guidance, DoD
Information Security Technology Certification and Accreditation
Process (DITSCAP) in assuring cooperation and coordination with
Program Office. Developed project plan and execution approach.
Defined client requirements and project specifications in support of
operational testing in addition to purpose, roles & responsibilities,
tasks, milestones, budgets (resources) and measures of success;
Analyzed DoDAF System Views (SV's) and Overviews (OV's) in determining
technical performance characteristics to assure that test designs were
compliant to the Joint Planning and Development Office (JPDO);
Identified risks and provided mitigation strategies and options.
Performed analysis of results and prepared comprehensive system level
evaluation reports. Verified and validated system performance - User
Acceptance Test (UAT), Systems Integration Tests (SIT) and System
Acceptance Testing (SAT) with Mercury/Performance Tester and data to
support Functional, User Acceptance and Interoperability testing
requirements. Documented and reported system defects and issues to
developers in a timely manner for all test phases; Collaborated with
project engineers, developers, and other team members for complex
validation assignments. Performed back end validation and regression
testing. Recorded results to support application tuning;
Prepared/presented test reports/briefings to senior management for
review/approval and participated in implementation/integration of
solutions and follow-on assessments of results achieved; Researched
C4ISR system issues as a basis for developing and presenting white
papers and case studies to customer that detailed authoritative
technical advice and recommendations on solutions to recurring IT
problems. Utilized management tools such as Trusted Agent FISMA Tool
(TAFT) and the Risk Management Systems (RMS.
1. Developed and submitted an Interoperability Certification Evaluation
Plan (ICEP) and Requirement Traceability Matrix (RTM) derived from the
Information Support Plan (ISP) and Concept of Operation Plan (CONOP).
Approved by management.
2. Successfully tested targeted sites for Army's Radio Frequency In
Transit Visibility (RF-ITV)
Program Manager 07/2004 - 02/2006 - Caldwell Technology Solutions Inc;
Boling AFB, Washington, DC
Developed, managed and implemented project plans to include (time
management, work breakdown structure, budget, risk and procurement).
Analyzed and developed cost and schedule variance using accepted EVM
tools [Cost Account Management (CAM)] and methodologies. Assured
responsiveness to requirements, rapidly resolve problems, and
identified/responded to new requirements. Contributed to analyses of
RFP's, coordinated development/submission of responsive proposals, and
participated in negotiation of contracts (terms, conditions, prices)
and contract modifications.
1. Developed site footprint from initial team of 6 network engineers on
one contract to 17 system engineers among 3 contracts. 1. Joint
Intelligence Task Force Program/System Engineers. 2. Systems
Configuration Division/Configuration Management Engineers. 3. Systems
Installation Division/Network Engineers.
1. Managed team of 20+ for the installation and support of computing
platforms and applications within a network infrastructure upgrade
project. Identified, captured requirements and performed outstanding
for implementation project that resulted in promotion from system
engineer to Project Lead /Program Manager with salary commensurate;
Project was completed on time and on budget.
Security Engineer 12/2002 - 07/2004 - Raytheon Technical Services Inc;
Indian Head, MD / Boling AFB, DC
Configured and maintained Sidewinder/Cisco PIX firewall and UNIX
platform (Juniper and Cisco); complied with SECNAV, OPNAV and
COMNAVNETWARCOMINST 5239.1 guidelines for the Navy Marine Corps
INTRANET (NMCI) IT Team. Utilized IT security policies/procedures
and results to configure ACL rule (HTTP/S, TCP/IP, IPSEC and UDP) and
recommend/justify related improvements to Information System Security
Manager (ISSM); Configured Raptor Security Manager, Eagle Firewall,
Sidewinder, NetScreen and NetRanger.
EDUCATION:
BS Information System Management; Almeda University
AA Electronic Technology; Almeda University
A+
Program Management Course (PMI)
CISSP Course (ISC2)
DIACAP Certificate
Personally Identifiable Information (PII) Certificate
DOD Information Assurance Awareness Certificate
Armed Forces Communications and Electronics Association Fairfax Virginia
Chapter - Member
Open Web Application Security Project - Member
CORE COMPETENCIES:
Assessment and Authorization (A&A) formerly C&A, FISMA, FIPS (199, 200,
201), NIST SP 800 Series (, Procedure and Policy Development, DIACAP, SDLC,
Project Management, DoDAF, ITIL, Nessus, Web Inspect, NMAP, Gold Disk,
FOIA, HIPAA, HSPD-12, Microsoft Office/Project, MS Word, Excel,
PowerPoint, Access, Visio, Clear Case, CSAM/NCAT, Archer, Remedy (HelpDesk)
Contact this candidate