Security Officer Financial Aid

Location:

Lawrenceville, GA

Posted:

November 29, 2023

Contact this candidate

Resume:

Jerrod Philson

Cell: 540-***-****

*********@*****.***

Summary: Professional level understanding of DoD Manual 5200.01, NIST 800-34, NIST 800-53, etc. as well as other implementing regulations and manuals. Able to perform implementation of security and compliance-based security controls Capable of conducting security incident/preliminary inquire and analyzing security incident reports to ensure the cause, and corrective actions are properly addressed. Responsible for developing security authorization packages, to include system security plans, security assessment reports, POAM summaries and a continuous monitoring plan/assessment schedule, and present executive level briefings. Understand the process for conducting annual INFOSEC Program Reviews (IPRs) and Staff Assistance Visits (SAVs). Broadly skilled intelligence analyst with proven expertise in driving intelligence requirements for protecting assets, civilian and military interests domestic and abroad. Experienced in database queries and research *Experienced in creating Threat Intelligence Briefs/Terrorism Area Reports (TIBs/TARs). *Experienced in preparing Intelligence Desk Notes, Smart Sheets, and Finished Intelligence Products. *Experienced in providing Input to and/or Brief the Commanders Update Brief (CUB).

Security Clearance: TS/SCI (DOD) granted 08/19

Education and Certifications:

American Public University, Manassas, VA

Degree: Master of Business Administration

Graduation: 10/18

Averett University: Danville, VA

Degree: Bachelor of Science, received May 2014

Major: Business Administration

CompTIA Security +: Completed 07/18

CompTIA CASP: Completed 09/18

ISACA CISM: Completed 1/22

Antiterrorism Officer (ATO) Course Level II: Completed 08/18

Federal Emergency Management Agency (FEMA): Completed 11/17

Active Shooter

Introduction to the Incident Command System

Center for Development of Security Excellence (CDSE): Introduction to Information Security: Completed 8/18

EMPLOYMENT HISTORY:

Kreative Technologies on FEMA contract

Address: 400 C St. SW 3SW 4103 Washington, DC 20472

Start/End Date: 05/2021-current

Hours Worked: 40/week

Position: Information System Security Officer

Support: DHS

Ability to identify known vulnerabilities and configuration baseline standard deviations in OF’s environment by operating the vulnerability management platform.

Experience with performing risk assessment of vulnerabilities by correlating asset/vulnerability data from various sources.

Advanced knowledge of malware, emerging threats, attacks, and vulnerability management.

Experience designing, deploying, configuring, supporting, troubleshooting, debugging, and administering Cyber Security Products (Vulnerability Management tools, File Integrity Monitor, Web Proxy, Intrusion Detect

Experience implementing solutions on industry cloud platforms (e.g. AWS, Azure, GCP).

Azzur Group on SAP NS2 contract

Address: 40 Dulles Corner Rd Herndon, VA 20171

Start/End Date: 02/202*-**-****

Hours Worked: 40/week

Position: Information System Security Officer

Support: DOD/DHS & FedRAMP/Cloud Activities

Experience implementing solutions on industry cloud platforms (e.g. AWS, Azure, GCP).

Experience with SPLUNK, XACTA, Remedy, Tenable (Nessus),

Experience in implementing, building, and operating security capabilities in cloud environments and working with cloud/DevOps technologies including containers, infrastructure-as-code, and serverless.

Monitor for and ensure Security Technical Implementation Guides (STIG) compliance, security, and performance.

Overhaul continuous monitoring program by spearheading Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP), and Security Technical Implementation Guide (STIG) engineering and analysis activities.

Participates in network design reviews and security testing for the customer’s networks.

Eliassen Group on FEMA contract

Address: 400 C St. SW 3SW 4103 Washington, DC 20472

Start/End Date: 08/2019-03/2020

Hours Worked: 40/week

Position: Information System Security Officer

Support: DHS

Experience with security efforts related to modern Windows, Linux, UNIX, Cisco, SQL or Oracle databases, and virtual computing.

Experience with SPLUNK, XACTA, Remedy, Tenable (Nessus),

Conduct daily, weekly and monthly audit review and management of the audit collection system

Work with the larger IA team to maintain various IA tools, including audit collection and reporting systems, vulnerability management programs, and other continuous monitoring capabilities.

Maintain vulnerability management programs, including tracking and addressing IAVAs and security patches, accessing applicability to existing systems, and ensuring all patches are up to date on a monthly basis minimum.

Experience implementing solutions on industry cloud platforms (e.g. AWS, Azure, GCP).

TEKSystems contracting for Perspecta at Marine Core Cyber Command

Address: USMC, Quantico, VA.

Start/End Date: 03/2019-08/2019

Hours Worked: 40/week

Position: Information System Security Officer

Support: DOD

Create and maintain existing information system security documentation, including System Security Plan (SSP), Security Controls Matrix and/or Assessment, and Security Configuration Guide (controlled changes to the system)

Develop or modify implementation and design documents describing how security features are implemented

Perform audit and security compliance checks, including network penetration testing, vulnerability scans, and configuration analysis

Prepare system documentation for assessment in accordance with the Risk Management Framework (RMF) and NIST Special Publications (800-37, 800-53 and others); identify deficiencies and provide recommendations for solutions

Track findings with Plan of Action and Milestones (POA&M) through mitigation and/or risk acceptance

Evaluated information systems for compliance with Defense Information Security Agency (DISA) Security Technical Implementation Guideline (STIG) and review measures needed to bring systems into compliance.

Ensure all users have the requisite security clearance, authorization, need-to-know, and are aware of their security responsibilities before being granted access to the system, and periodically thereafter.

Create security policies and maintain existing information system security documentation

Conduct periodic and continuous reviews of the system to ensure compliance with the authorization package

Work with the Information Assurance (IA) team to perform basic system administration and maintain various IA tools, including audit collection and reporting systems, vulnerability management programs, another continuous monitoring capabilities

Participate in the change management process, including reviewing Requests for Change (RFC) and assist in the assessment of potential change's security impact

Conduct daily, weekly and monthly audit review and management of the audit collection system

Continuously review and evaluate vendor, security, and business best practices for implementing a comprehensive audit program

Implement vulnerability management programs, including tracking and addressing IAVAs and security patches, accessing applicability to existing systems, and ensuring closure

Provide direction and guidance to less experienced IA personnel

Remain sensitive to security infractions and assist in security investigations and responses as requested

Participates in risk and vulnerability assessments.

Performs manual and system level audit reviews of systems to track multiple events including any signs of inappropriate or unusual activity, data transfers, etc. Reports any findings to the ISSM.

Monitor system recovery processes to ensure security features and functions are properly restored and functioning correctly following an outage.

Update Incident tickets in Remedy for accurate reporting

System High Corporation contracting for Missile Defense Agency

Address: MDA Headquarters, Ft. Belvoir, VA.

Start/End Date: 10/2017-03/2019

Hours Worked: 40/week

Position: Information Security Analyst

●Supported: DOD

●Assists in developing and performing internal compliance efforts including preparation for audits, certifications, and other assessments.

●Brief and educate internal team members about governance and compliance responsibilities

●Conduct network vulnerability assessments using tools to evaluate attack vectors, identify system vulnerabilities and develop remediation plans and security procedures.

●Compiles monthly reports summarizing effectiveness of the information security program

●Formulating, creating, and tracking security Plans of Action and Milestones (POA&Ms)

●Able to perform Security Control Assessment (SCA) planning and development.

●Support the development of program deliverables by providing detailed research, analysis, and production of program protection and other security products.

●Support continuous monitoring program by spearheading Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP), and Security Technical Implementation Guide (STIG) engineering and analysis activities.

●Overhaul continuous monitoring program by spearheading Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP), and Security Technical Implementation Guide (STIG) engineering and analysis activities.

●Supported all facets of operations to include physical security, product production, communications security, personnel security, software upgrades, etc.

●Conduct detailed technical state-of-the-world research and engineering research

●Conduct systems, risk and vulnerability analysis

●Manage the SIEM infrastructure

●Define, establish and manage security risk metrics and track effectiveness.

●Use encryption technology; penetration and vulnerability analysis of various security technologies; and information technology security research.

●Update Incident tickets in Remedy for accurate reporting

AeroJet Rocketdyne

Address: 7499 Pine Stake Rd, Culpeper, VA 22701

Start/End Date: 11/2015 to 10/2017

Hours Worked: 40/week

Position: Program Analyst

●Support: DOD;

●Supporting Continuous Monitoring activities.

●Managing POA&Ms and developing remediation strategies.

●Aligning systems activities to the NIST Cyber Security Framework (CSF).

●Supporting the incident response process.

●Oversaw, advised, and assisted in the coordination, development, and preparation of various projects and programs.

●Perform IT audits of the development, security, and internal controls of IT systems and applications

●Provided leadership, coordinates, and administers the strategic planning process for programs and initiatives of the unit.

●Maintained, coordinated and received applicable documentation in order to discharge the necessary security duties and responsibilities to support internal and external customers (directives, regulations, manuals policies, procedures and guidelines)

●Analyzed risks associated with processes or applications and mitigates risk with appropriate control

●Coordinated the development and implementation of programs, special projects, research studies, and other unit initiatives.

●Conduct periodic network scans to find any vulnerability and ensure compliance.

●Ensured that periodic testing is conducted to evaluate the security posture of the organization.

●Oversaw the supervision of personnel, which includes work allocation, training, promotion, enforcement of internal procedures and controls, and problem resolution; evaluates performance and makes recommendations for personnel actions; motivates employees to achieve peak productivity and performance.

●Developed and managed annual capital and/or operating budgets; oversees, monitors, and coordinates program budgets, as appropriate.

Securitas Critical Infrastructure Services

Address: 6850 Versar CTR Suite 400, Springfield, VA 22151-4148

Start/End Date: 10/2012 to 12/2015

Hours Worked: 40/week

Position: Program Manager/Security Specialist

●Supported: DOD;

●Developed strategies to responded to and recover from a security breach

●Developed, configured, and implemented open-source/third-party tools to assist in detection, prevention and analysis of security threats

●Prepared and reviewed all purchase order requests to determine sufficiency of funds and signs to authorize expenditures; balances checking account.

●Perform IT audits of the development, security, and internal controls of IT systems and applications

●Developed, implemented, and documented formal security programs and policies

●Investigated potential or actual security violations or incidents in an effort to identify issues and areas that require new security measures or policy changes.

●Trained staff on network and information security procedures

●Lead incident response, including steps to minimize the impact and then conducting a technical and forensic investigation into how the breach happened and the extent of the damage

●Assisted the government during development of plans to ensure the protection of DOD resources against trespass, terrorism, sabotage, theft, arson, and other illegal acts during peacetime, mobilization, and war, and share them with other commands located in close proximity.

●Handled confidential information with care and discretion by observing the Privacy Act.

●Worked independently to establish work priorities and coordinating work with Investigators; analysts and specialists to meet deadlines.

●Served as Project Manager for efforts necessary to meet program objectives.

●Prepared the Sites budget, determining required funds to satisfy operational and debt service expenses, and to identify and allocate sources of revenues

●Annual duties included preparing refresher training documents and preparing necessary paperwork in support of the HQs Annual DSS audit

ITT Technical Institute

Address: 7300 Boston Blvd, Springfield, VA 22153

Start/End Date: 11/2010 to 03/2012

Hours Worked: 40/week

Position: Program Analyst

●Supported: DOE

●Help manage projects in cost, schedule, and schedule while continuing improve performance and quality

●Perform audit and security compliance checks

●Monitored events, responded to incidents and reported findings.

●Prepared written reports and other technical information in a pertinent, concise, and accurate manner for distribution to management. Ensures audit summary is prepared within established deadline.

●Conducts oral presentations to all levels of management, as appropriate, during and upon the completion of audits.

●Managed multiple projects kept track of and identified new tasks or adjusted tasks and expectations as the project evolved.

●Excellent analytical and research capabilities.

Top Guard Security

Address: 131 Kings Way # 100, Hampton, VA 23669

Start/End Date: 07/2008 to 12/2010

Hours Worked: 40/week

Position: Security Analyst

●Supported: DOD;

●Evaluated travel and site security plans to recommend improvements to team management.

●Performed risk assessments to help create optimal prevention and management plans

●Develop and carry out information security plans and policies

●Perform threat, vulnerability, risk assessments, and investigations

●Evaluate new security technology & emerging threats and provide recommendations to strengthen information security environment

Work Experience Skills

●Experience preparing Intelligence Desk Notes and Threat Advisory.

●Risk Management Framework (RMF) compliance

●Analytical.

●OPSEC, INFOSEC, Industrial Security, Physical Security (PHYSEC), Personnel Security (PERSEC)

●OSINT research and analysis.

●Experience in database queries and research analytics.

●Experience in creating Threat Intelligence Briefs/Terrorism Area Reports (TIBs/TARs).

●Experience in preparing Intelligence Desk Notes, Smart Sheets, and Finished Intelligence Products.

●Remediate security issues.

●Self-motivated.

●Working knowledge of Microsoft computer applications (Project, Word, Access, PowerPoint, and Excel).

●Experience in providing Input to and/or Brief the Commanders Update Brief (CUB).

Contact this candidate