Security Engineer

Location:

Euless, TX

Posted:

November 05, 2015

Contact this candidate

Resume:

Kenneth Williams

*****************@***.***

817-***-****

PROFESSIONAL SUMMARY:

Security Engineer with extensive experience

Performed many Internal Auditor for Private industry

Over 15 years of experience in the Information Technology

Over five years experiences performing third party Assessment

In the past five years performing Risk Assessment for Federal and Private Industries

In the past three years used Archer Governance, Risk and Compliance (GRC) Tools as an Administrator

In the past eight years using Best Practices such as NIST, ISO 2701/2702, PCI, HIPAA, CMS, SOX, COBIT and DIACAP

Kaiser Permanente, Oakland California (Short Term Contract)

August 2015 to Present

Security Analyst / HIPAA Consultant

Implement security compliance policies and requirements

Coordinate with various teams to ensure the HealthCare applications meet the organization’s security compliance needs.

Coordinate with various teams in the implementation of HIPAA information security practices including policies, standards, guidelines and procedures.

Conduct information security reviews to determine compliance

Conduct HIPAA or PCI information security audits and reviews

Used RSA Archer GRC tool to create and update Control Baseline

Used Smart Sheet as a Timeline for managing Tasks and collaborate with IT departments

Options Clearing Corporation, Keller Texas (Contract)

October 2014 to August 2015

Security Analyst

Used RSA Archer GRC tool to create and update Control Baseline

Work with technology platform owners to develop IT control baselines

Work with IT department to coordinate the draft, review, and approval of additional controls implemented in support of Regulation System Compliance and Integrity (Reg SCI)

Coordinate with control owners to perform self-testing of key controls supporting Reg SCI subsequent to their implementation.

Perform periodic reviews and updates to existing IT control baselines with IT department groups

Perform execution of Control Self-Assessments, management self-testing of key controls

Perform security architecture reviews

Establishes effective relationships with departments; builds and maintains effective business relationships.

NIST 800-53, ISO 27001/27002, Center for Internet Security (CIS), COBIT 5, & ITIL

CareFirst BCBS, Owings Mills MD (Short Term Contract)

June 2014 to August 2014

Security / Business Analyst II

Worked with our trading partners together, documents, and artifacts and communicate business requirements to technical development teams

Worked in close collaboration with business partners and developers to ensure consistent understanding of business processes and requirements.

Established effective relationships with other departments; builds and maintains effective business partner relationships.

Assisted with tasks and deliverables related to System Development Life Cycle phases for package and custom solutions

Attended and participates in user and project meetings and teams to expand knowledge as a participant and not in a lead capacity; facilitates project status meetings; tracks project status.

ISO 27001/27002, PCI, NIST, COBIT, SOX, and HIPAA Security and Compliance.

CHRISTUS Health, Irving TX (Short Term Contract)

March 2014 to May 2014

Security Engineer

Responsible for supporting the architecture, design and assurance of information security mechanisms and services throughout the enterprise. Works as part of cross-functional teams that deal with the full spectrum of information management technology providing security-based direction in technical standards, planning, and strategy to other technical staff and management.

Development and implementation of key security initiatives and global security parameters based upon level of risk for all enterprise IT platforms and infrastructure.

Provides internal consulting, analysis, and security review to project teams and business units in identifying secure solutions for attaining business goals and objectives.

Recommending new security policies and modifications to current security policies.

Performs probes of networks, applications, and devices to determine if security vulnerabilities exist and/or if security and access control policies have been violated.

Use of scan assessment tools (Nessus, Acunetix, QRadar (view firewall logs)

Used Archer Governance, Risk and Compliance (GRC) Tools

Used Tivoli Endpoint Manager (TEM) IT asset management tool)

Used Service Now which is an enterprise service management ticketing tool.

USFHP, CMS (Center for Medicare/Medicaid Services), SSAE16, COBIT, PCI, NIST, HIPAA, DIACAP, IT Audit, Security and Compliance.

Army & Air Force Exchange Service, Dallas TX (Contract)

June 2013 to March 2014

Information Assurance Engineer

Provide Information System Security Engineering and Certification and Accreditation (C&A) expertise in accordance with DIACAP

Assist in preparing Certification & Accreditation (C&A) documentation for submission to the Designated Approving Authority (DAA)

Provide security analysis and C&A/DIACAP support for Enterprise wide IT C&A to include: Datacenter C&A, Enterprise Network device C&A, and Enterprise Services/Application C&A

Utilize standard software tools to conduct vulnerability scans of all equipment on the network for vulnerabilities to ensure sound security configurations

Run and create McAfee ePO vulnerability reports work with system owners to mitigate finding.

Assist systems administrators in implementing corrective actions required as a result of vulnerabilities uncovered during system scans in coordination with Information Assurance Manager (IAM) and IA Program Manager

Assist with project planning and scope

Noridian Blue Cross & Blue Shield, Fargo North Dakota (Contract)

March 2013 to June 2013

Senior Security Analyst/IT Auditor

The IT Internal Auditor will perform risk-based IT audits, consult with personnel on effective internal controls, and assist in developing and executing the annual Internal Audit Plan. More specific responsibilities include:

Develop a sound understanding of the company’s information systems, and assess the adequacy of controls over the systems.

Run McAfee ePO report in order to assist the team to mitigate vulnerability with the application.

Independently test the design and operating effectiveness of general computer controls and application controls, and provide guidance on appropriate actions to address control exceptions.

Write audit reports to communicate findings, recommendations, agreed-upon actions, and targeted completion dates to management and the Audit Committee.

Identify opportunities to automate business process controls, and reduce reliance on manual controls.

Recommend best practice corrective actions to policies and procedures, where necessary.

Track audit deficiencies and perform follow-up to ensure appropriate controls have been implemented and are operating effectively.

CMS (Center for Medicare/Medicaid Services), FISMA, NIST, ISO 27001, PCI-DSS, SSAE16, SOX, IT Audit, Security and Compliance.

American International Group, Inc, Fort Worth TX (Short term Contract)

April 2012 to January 2013

Senior Security Analyst

Provide guidance on implementation strategies for new security technologies on network

Develop and publish Information Security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements.

Conduct company wide data classification assessment and security audits and manage remediation plans.

Assess security controls for annual FISMA self-assessment testing through interview, documentation review, analyzing scan results, and reviewing other audits/reviews for applicable findings, maintain a high-level of knowledge on related criteria and guidance such as FISMA, NIST Special Pubs, OMB Memorandum, Privacy Act, HIPAA, VA directives and handbooks, and local directives and handbooks

Act as interface with customer to provide audit support for both internal and external audits and reviews

Help clients mitigate security related risks by providing alternative recommendation and guidance

Guide clients in defining and implementing overall security strategy, policies, and procedures

FISMA, NIST, FEDRAMP, SOX, SSAE16, ITS Audit, Security and Compliance.

U.S. Department of Veterans Affairs, Austin, TX (Contract)

March 2011 to April 2012

Senior Security Analyst

Responsible for developing and updating C&A security artifacts such as security plans, contingency plans, risk assessments, privacy impact assessments, incident response plans, configuration management plans, configurations checklists, and interconnection security agreements. Also includes continuous monitoring, self-assessment testing, and audit and compliance support. These artifacts must meet all applicable FISMA, NIST, VA, and CDCO criteria, including obtaining management approval.

Provide third-party auditing support

Provide day to day research information through documentation review, interview, and the use of automated tools such as the Configuration Management Database

Provide continue monitoring specific change orders information that can be used to update documentation through the use of tools such as CA Unicenter

Act as interface with customer to provide audit support for both internal and external audits and reviews

Meet with task order Contracting Officer’s Technical Representative (COTR) and/or Project Manager on a bi-monthly basis to discuss status of work

Meet with Contracting Officer and PM on an as-needed basis to discuss problems and concerns, status of work, changes in assignments or other contract related issues

Responsibilities for developing appropriate documentation require for FISMA reporting including responsibility for the System Categorization, in accordance with FIPS 199 and NIST SP 800-60, generation of the System Security Plan (SSP) associated Security Control selection and documentation in accordance with NIST SP 800-37 and 800-53, and generation of the Monitoring strategy.

Provides direct support to the business and IT staff for security-related issues.

Assess security controls for annual FISMA self-assessment testing through interview, documentation review, and scan results.

Provide third-party auditing support

Help clients mitigate security related risks by providing alternative recommendation and guidance

Guide clients in defining and implementing overall security strategy, policies, and procedures

Perform security assessments, risk analysis, and vulnerability testing and reviews

SOURCECORP, INC., Dallas, TX (Contract)

October 2010 to January 2011

Information Security Administrator

Responsible for ensuring the confidentiality, integrity, and availability of data and information systems for Health Net Federal Services for DIACAP

Review systems for effective security measures, including analysis and design of security systems, documents, and requirements throughout SOURCECORP. Perform adherence testing and support and promote quality assurance, while delivering excellent customer service at various levels

Provide security administration for all IT Security applications and associated accounts participate in designing and managing IT Security strategy including both infrastructure and applications for Health Net Federal Services/DIACAP

Provides direct support to the business and IT staff for security-related issues.

Assist with projects involving database and security issues and requirements. Knowledge of security principles, Public-key infrastructure (PKI) and Industry best practices

Analyze vulnerability assessment results

Experience with Infrastructure Server and/or Database Administration

Use of scan assessment tools – Retina (Network and Web Scanning Tools, OpenSTA Web Stress Performance Test, AppDetective, Gold Disk, Tenable and Nessus. Strong knowledge with NIST, FISAM and DIACAP compliance

HeiTech Services, INC., Landover, MD

November 2008 to September 2010

Information System Security Analyst

Responsible for information security policy development and maintenance; design of security policy education, training, and awareness activities; monitoring compliance with IT security policy and applicable law; coordinate investigation and reporting of security incidents

Work with the Information Technology Services (ITS) Systems Support team to monitor, and fine-tune the business continuity and disaster recovery program

Perform network vulnerability assessment scans and risk assessment reviews

Collaborate on solutions to mitigate risks and enhance system security

Work effectively with a diverse group of Information Technology and Security professionals in government and the private sector.

Provide third-party auditing support

Analyze vulnerability assessment results

Provide information assurance policy guidance to both internal and external customers

Help clients mitigate security related risks by providing alternative recommendation and guidance

Guide clients in defining and implementing overall security strategy, policies, and procedures

Perform security assessments, risk analysis, and vulnerability testing and reviews

Provide periodic written and verbal update to customer management on current vulnerabilities and countermeasure recommendations

Lead the information security team in the Information Security Awareness Program through presentations and content development.

Perform risk assessment on an application according to NIST SP 800-30

Use of scan assessment tools – Retina (Network and Web Scanning Tools, OpenSTA Web Stress Performance Test, Gold Disk, Tenable and Nessus.

Provides direct support to the business and IT staff for security-related issues.

Technifax Office Solutions, Carrollton, TX

July 2008 to November 2008

IT Specialist (Temporary Contractor)

Responsible for network connectivity and installation and repair of Technifax Office Solutions products

Installed software at customer locations; Design, document, and install custom software required by customers to use Technifax office equipment

Provide systems analysis, modifications and testing to user applications

Manage time, IT inventory, and customer relationships

Diagnose and solve customer initiated IT service calls

Periodically, work the IT Help Desk. Maintain customer satisfaction through expedient response to service requests

Network Security Systems Plus LLC, Falls Church, VA (Contract)

June 2007 to June 2008

Senior Security Engineer (MHS/TMA IA Contractor)

Responsible for the overall technical guidance for all teams. Complete reports meeting Department of Defense, DIACAP, and DISA standards for Certification and Accreditation

Provided solutions for Defense Health Systems TRICARE Management Activity risk assessment teams on technical questions and issues

Help clients mitigate security related risks by providing alternative recommendation and guidance

Guide clients in defining and implementing overall security strategy, policies, and procedures

Perform security assessments, risk analysis, and vulnerability testing and reviews

Implemented policies and procedures regarding how problems are identified, received, documented, distributed and corrected

Knowledge of Public-key infrastructure (PKI) and Industry best practices

Performed assessment testing, network infrastructure design, privacy impact assessment and vulnerabilities, monitoring & auditing, security testing on the mainframes, SQL, Oracle Database, Apache Web servers, Win 2003/2000/XP’s and network systems, Serve as SME on mainframes, midranges, and non-standard operating system platforms, scanning and testing tools (specifically CA-Examine), and the mainframe STIGs

Perform risk assessment on an application according to NIST SP 800-30

Use of scan assessment tools – Retina (Network and Web Scanning Tools, OpenSTA Web Stress Performance Test, Gold Disk, Tenable and Nessus

Department of Labor, Landover, MD (Contract)

April 2006 to May 2007

Senior Security Analyst

Implemented and manage IT security solutions

Provided security reports that meet FISMA requirements for DOL including risk assessments, policy & procedures, evaluation & periodic ST&E testing, incident response, contingency plans, disaster recovery plans, disaster recovery test drills to the alternate site, network infrastructure design, privacy impact assessment and vulnerabilities, monitoring & auditing, and disposition plans.

As analyst made recommendations regarding firewall and router ACL to senior staff

Participated in disaster recovery planning, implementation, testing and readiness for the organizations data center systems

Provide third-party auditing support

Perform risk assessment on an application according to NIST SP 800-30

Develop table top exercise scenario for disaster recovery.

Perform Incident Response Plan procedures, standards and processes to discover, resist and recover from security incidents and to limit the impact of any such occurrence or reoccurrence.

Assists in the development and management of security for one or more IT functional areas across the enterprise.

Participates in the system/application development life cycle to ensure Information Security processes and concepts are incorporated into all applicable systems and software

Help clients mitigate security related risks by providing alternative recommendation and guidance

Guide clients in defining and implementing overall security strategy, policies, and procedures

Maintained up-to-date documentation of network topology equipments and data center environment.

Provide DOL Certification Package using NIST methodology in preparation for Security Certification & Accreditation audit process. Perform yearly security awareness training.

Work with system owners of DOL five major applications and General Support System to perform system scans and validating system boundary, MOU, ISA, and ICON

EMC, Plano, TX

February 2005 to April 2006

Customer Engineer

Performed installations and maintenance of EMC data storage equipment at customer locations

Showed professionalism and customer’s satisfaction at each account

Prepared clarify case reports for each event

Prepared accurate expense reports and daily time sheets

Performed part replacements as directed by PSE lab. Documentation and other duties as assigned

Market Scan IS, Westlake Village, CA

May 2003 to February 2005

Field Service Technician

Installing, troubleshooting maintaining and coordinating the use and proper operation of network environments and desktop and server operating systems/environments (Windows 2000/XP/2003) for Car Dealership subscriber locations

Conducted pre-installation onsite surveys with the customer to explain and demonstrate the functionality of the equipment and software. Install network cabling systems including CAT5e, CAT6, multimode and single mode, coax

Termination of RJ-45, RJ-11 (4/6-pin), BNC (coax)

Installed modems, terminate cables, connect terminals, install peripheral interface boards, configured hardware, install software, perform network conversions, bring up LAN, conduct onsite customer training demonstrating the software, performed equipment audits as required, responded expeditiously to requests as necessary

Performed multiple tasks within established time frames and criteria. Perform POST installation quality checks or calls, if requested

Worked independently using experience and judgment to accomplish assigned tasks and achieve goals

Tax Service Companies, Keller, TX

July 2002 to May 2003

Network Consultant

Performed hardware/software installations and configurations on Dell Windows 2000, XP workstations and Windows 2000, 2003 Servers for Tax Service companies

Conducted pre-installation onsite surveys; Install DSL, routers, modems, terminate cables, connect terminals, install peripheral interface boards, conducted onsite training and demonstration of equipment and software

Performed routine follow-up and quality checks

Sabre Holdings / American Airlines (Outsourced to EDS in 2001), Southlake, TX

July 1991 to July 2002

Desktop Support/Field Comms & Service Tech

Provide and manage installation with Sabre hardware/software on Compaq, Dell Windows 2000, XP workstations and Windows 2000, 2003 Servers including restaging and troubleshooting hardware/software problems on Win95, 98, 00, XP and NT, Novell NetWare Operating Systems, Cisco router and switches configuration, LAN and Hardware Diagnostics, Gateway, File Server, LAN & WAN connectivity, PC installation/troubleshooting and LAN design/installation troubleshooting

Ensured all OS systems and software tools utilized in the data center are kept up-to-date and do not allow any to fall behind more than one version from latest general release

Data center equipment rack planning and installation/racking of equipment into telecommunication racks

Performed layer three (3) configurations, implementing, monitoring and troubleshooting Cisco 7600 series router and Catalyst 2900, 3500, 3700, 4500, 4900 and 6500 series switches. Performed hardware/software installations for American Airlines/Eagle airport and travel agency locations on Win 2000/2003/NT workstations and servers; Administered TCP/IP network running Windows NT 4.0 and Windows 2000 with over 500 users in support of operational exercises

Provided end-user support and technical assistance; new installations and upgrade file servers, PCs, printers, print servers, OS2 operating systems; loading the operating system for Novell servers; Configure UNIX databases. Independently perform tasks in a rapid pace environment with tight schedules. Respond to telephone calls, emails and Remedy action request system trouble tickets for technical support. Installed Enhanced Gate Reader, IER 557 Printers, loaded TCP/IP for the Intranet, Remote Group Wise, installed routers, MUXSABRE Gateway, File Servers, and Printers

Conduct maintenance, analysis, troubleshooting and repair of computer systems, hardware and computer peripherals; Documenting, performing upgrades or replaces hardware and software systems

Provide support and maintenance of user account information, including rights, security and systems groups

Adhere to department operating procedures and reporting requirements

EDUCATION:

Master of Science in Information Security Management from the University of Fairfax, May 4, 2013

Bachelor of Science, Information Technology, Colorado Technical University, April 2006

Studying for my Certified Information System Security Professional (CISSP) certification

Diploma, Computer Operations, Computer Learning Center, Springfield, VA

CERTIFICATIONS:

Information Systems Security Professional (ISSP)

Senior Security Manager (SSM)

Contact this candidate