Jeremy L. Trotter

Home: 501-***-****

ad3kj2@r.postjobfree.com Active: SECRET clearance

Summary of Qualifications:

Recognized expert and consultant specializing in analytical methods, with a proven record of implementing security and compliance controls in systems environments. Demonstrated success in providing valuable insights to tackle complex challenges. Adept at synthesizing data and studies to formulate action-oriented recommendations and policies, showcasing strategic thinking and strong problem-solving abilities. Effective communicator skilled in preparing presentations, publications, and guidance papers in diverse formats. Committed to achieving positive outcomes at the intersection of information technology. Possesses in-depth knowledge of NIST 800-34, NIST 800-53, FedRamp, and other implementing regulations and manuals. With over a decade of experience in Information Technology services supporting security initiatives for government and commercial customers, excelling in conducting security incident/preliminary inquiries and analyzing incident reports. Well-versed in Risk Management Framework (RMF), National Institute of Technology (NIST), System Development Life Cycle (SDLC), and adept at developing Security Assessment Plans (SAP/CAP), System Security Plans (SSP), Contingency Plans, Contingency Plan Testing, and Security Assessment Reports (SARs). Proficient in threat analysis, network surveillance, data mining, and incident response (IR/IRP). Responsible for developing comprehensive security authorization packages, including system security plans, assessment reports, POAM summaries, and continuous monitoring plans/schedules. Additionally, skilled in evaluating vulnerability scan reports and determining remediation actions for FISMA systems.

SKILLS & KNOWLEDGE

Risk Management Policy Implementation Project Planning

IT Security Standards Leadership & Development Supervision Skills

Regulatory Compliance Information Security Advisory System evaluation

Program Execution Cross-functional Collaboration Security event mgmt.

Cyber security Reporting & Documentation Vulnerability scan

Work Experience:

Favor TechConsulting (08/2023-Present)

Mid-Senior Level III Information System Security Engineer

Prepare and updating all documents pertaining to assigned systems security authorization packages in accordance with the client’s requirements and compliant with FISMA. Responsible for core document included are the System Security Plan (SSP), Contingency Plan & Test, Incident Response Plan (IRP), Risk Assessment Report, Security Assessment Plan, Standard Operating Procedures (SOP), Plan of Actions and Milestones (POA&M), Remediation Plans Configuration Management Plan systems, Sentinel Vulnerability reports, etc.

Conduct weekly meetings to inform the Information System Owner and key stakeholders on system specific responsibilities or to address any roadblocks delaying ATO efforts.

Provide continuous monitoring to enforce client security policy and procedures and create process that will provide oversight for the Information System Owner and Key Stakeholders.

Communicate information to individuals, team lead or groups, tailoring communication to suit diverse audiences.

Demonstrated proficiency in delivering clear oral presentations.

Verify and maintain an inventory of hardware and software asset list for all portfolio assigned information systems to ensure the remediated control sets are enforced throughout the systems authorization boundary.

Conduct yearly Assessment motives in compliance with NIST 800-53A and organization guidelines.

Develop and coordinate, test, and train staff on Contingency Plans and Incident Response Plans.

Coordinate with multiple stakeholders to complete mandatory agency data calls list in a timely manner.

Koniag Management / Eagle Harbor Solutions (09/2021-07/2023)

Cyber Security Analyst

Subject Matter Expert in Governance Risk Compliance and Information Assurance.

Provide enterprise-wide management of security incidents in unclassified, organizations managed network space, to detect, respond and report all computer related incidents that includes daily monitoring, vulnerability remediation, intrusion detection, log reviews, and provide cyber threat analysis.

Prepare threat briefs on threat environment to Leadership.

Communicate information to individuals or groups, tailoring communication to suit diverse audiences (e.g., technical, sensitive, controversial).

Proficient in delivering clear oral presentations.

Provide governance and risk management solutions for all procedures to identify and respond to incidents and to prevent or limit damage to the organization's assets.

Ensure that the incident response program complies with applicable security policy, FISMA, NIST (SP) 800-6, Rev. 4 & Rev. 5.

Conduct SA&A assessments, identification, and remediation of the individuals and /or systems affected.

Provide infrastructure, operations, and maintenance support for Security information tools such as Event Management solutions (Splunk) and Network Security Management solutions (Tenable/Nessus) CSAM (or similar tool i.e., TAF, Archer, Xacta 360.

Assist Technical writers on updating templates for Information Assurance policies and procedures.

Work with ISSO support to meet all deliverables in preparation for yearly assessment.

EGlobaltech (07/2019-09/2021)

Information System Security Officer

Develop, maintain, and manage Security Authorization and Assessment packages, including System Security Plans (SSP), Contingency Plans (CP), Contingency Plan Test (CPT), Configuration Management Plan (CMP), POA&Ms, and other relevant security documentation for existing and new systems at DHS.

Possess experience with FedRamp 3PAO, SPLUNK, Xacta, Remedy, Tenable (Nessus).

Conduct both technical and non-technical internal audits and testing to validate system and operational requirements compliance.

Utilize workflows to develop security artifacts.

Document, organize, and implement security control requirements.

Prepare vulnerability test plans and coordinate testing and result procedures.

Demonstrate the ability to review and write security-related policies and procedures.

Collaborate with system owners and technical leads to develop and maintain security documentation.

Act as the Security Point of Contact (POC) for multiple systems within the environment.

Coordinate weekly, monthly, and quarterly vulnerability scanning activities and analyze results.

Maintain the security management program, including security policy, practices, standards, procedures, and processes. Coordinate and support regular security audits as part of the comprehensive System Security Policy, standards, practices, and procedures to maintain security authority to operate (ATO).

Continuously identify and escalate any risks to product solution, quality, staffing, and/or delivery commitments for timely resolution.

Review proposed change requests (CRs) related to system design/configuration, performing a security impact analysis, and providing approval or denial recommendations.

TGHealthcare Solutions (03/2016-07/2019) Cyber Security Analyst

HIPAA (Health Information Portability Accountability Act)

Conducted interviews with stakeholders, document and evaluate business processes, and execute audit test programs to determine the adequacy and effectiveness of internal controls and compliance with regulations. NIST, FISMA, FIPS.

Performed assessments on security controls using the methodology described in NIST SP 800-53A. Assess controls that the client has selected and implemented based on the categorization of a given system.

Worked directly with the ISSO, understanding of Risk Management Framework (RMF)

Assisted PO&AM teams to remediate vulnerabilities of various entities for low, moderate, and high impact systems.

Monitored controls post authorization to ensure continuous compliance with security requirements.

Formulated security assessment reports and recommendations for mitigating vulnerabilities and exploits in the system.

Performed Security Assessments to determine if controls are implemented correctly, operating as normal and meeting desired objectives.

Created ATO package documents; SSP, RA, SAR, POA&M reports, etc., based on the security assessments performed on systems.

Diversified Solutions (08/2013-03/2016) Vulnerability Assessor

Performed the role of Security Control Assessor by reviewing the artifacts and implementations statements provided by the ISSO on a system to determine if the security controls are yielding the desired result.

Performed vulnerability scanning with the support of Nessus scanning tools to detect potential risk on a single or multiple assets across the enterprise network and monitored controls post authorization to ensure constant compliance with the security requirements.

Provided on-line incident report documentation including the initial investigative process and escalation of investigations and events as well as mitigation advice and guidance to reporting parties.

Review Contingency Plan (CP) using NIST SP800-34 guidelines.

Maintain, review and update information security system documentations, including System Security Plan (SSP), Plan of Action & Milestone (POA&M), Risk Assessment (RA), policies and procedures, security control baselines in accordance with NIST guideline and security practices.

Work effectively in a team environment and participate in collaborative initiatives that foster the mutual exchange of knowledge and expertise.

Conduct IT risk assessment to identify system threats, vulnerabilities, and risk, and generate reports.

Assisting Federal Protective Services and other law enforcement with intrusion detection alarms and all national threats.

Office of Personnel Management (06/2011-08/2013) Desktop Support

Maintain and support corporate standard Operating System build process.

Provided excellent customer service and professionalism while answering phones and all email queries and provided technical assistance and support for incoming concerns and issues related to the systems software and hardware.

Serves as the point of contact for system management, password resets, software updates, Computerized Intrusion Detection System and Closed-Circuit Television systems.

Knowledge of electronic badge systems and personnel control system.

Surveyed PC and applications for windows compatibility issues as well as gather any unique hardware applications and software requirement

Certifications

Security+

CISSP Candidate

Education:

Leeward Community College Aiea, HI United States

Information Technology

Business Management

Contact this candidate