Stafford, VA *****
Actively seeking for a Cyber Security position with a company where I can utilize my skills and technical qualifications, with the ability for growth and advancement. Also, where I’m also able to provide high level Information Systems Security Solutions with an integrated business approach.
(ACTIVE) DoD Top Secret Clearance
Bachelor’s Degree, Information Systems Security
CompTIA CASP Certified
Sept 2019-Present Quantico, VA
Senior Information Systems Security Engineer USMC MCCS
Develop security requirements, and maintain list of hardware, software.
Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures.
Ensure that IA and IA enabled software, hardware, and firmware comply with security configuration guidelines, policies, and procedures to follow the configuration management process for approval before implementation.
Experience with Certification and Accreditation activities, in particular, experience in the area of moving accreditation packages through the RMF process to Authority To Operate (ATO).
Conducting vulnerability scans, system assessments, risk analysis, and technical recommendations to validate compliance.
Conducts verification and validation for security information systems, products, and components.
Provides identification of non-compliance of security requirements and possible mitigations to requirements that are not in compliance.
Verifies and validates that the system meets the security requirements.
Assist in determining the type of cloud solution for information systems i.e., IaaS, PasS, SaaS.
Mar 2019-Sept 2019 Contract change
InfoSec Specialist Sr ASRC
November 2016-March 2019 Lorton, VA
Senior Information Systems Phacil
Security Officer DoD Army
●Participate in the development, modification, and implementation of the computing environment (CE) cybersecurity (CS) program plans, and requirements IAW with the RMF and IAVA Management, to include DISA STIGs/SRGs.
●Implement protective or corrective measures when a CS incident or vulnerability is discovered.
●Create and review System Security Plans.
●Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network systems operations.
●Develop security requirements, and maintain list of hardware, software, and service acquisitions specific to NE CS security programs.
●Ensure that IA and IA enabled software, hardware, and firmware comply with appropriate NE security configuration guidelines, policies, and procedures to follow the configuration management process for approval before implementation.
●Create and review System Security Plans (SSP) for the NE.
●Prepare and maintain artifacts for the assess and authorize (A&A), authority to connect (ATC), assess only (AO) and cybersecurity assessment (CSA) inspections, and ensure that CS inspections, tests, and reviews are implemented for the NE.
●Create and maintain POA&M vulnerabilities and evaluate cost benefit, economic, and risk analysis in decision making process for the AODR/AO to identify the impact on levels of risk and/or overall effectiveness of the enclave’s CS program.
●Ensure IAT Levels I - III, IAM Levels I - III, and any user with privileged access performing elevated functions receive the necessary initial and sustaining CS training and certification(s) to carry out their duties.
●Evaluate and approve development efforts to follow the interim authority to test (IATT) process to ensure that baseline security safeguards are appropriately installed and mitigated.
●Monitor, evaluate, and maintain annually the effectiveness of the enclaves' CS security procedures and safeguards to ensure they provide the intended level of protection, in compliance with FISMA regulations.
September 2015-November 2016 Washington, DC
Security Analyst-FEMA eGlobalTech
●Perform independent compliance reviews, tracking, and continuous monitoring of newly submitted C&A packages.
●Advise and assist with the Lifecycle Certification and Accreditation (C&A) process and developing a Systems Security Plan (SSP).
●Monitor and track projects in the C&A test queue.
●Maintain a document repository where C&A project documentation is stored.
●Work closely with developers to identify the appropriate certification/approval processes and authorities.
●Record/register actions concerning project approvals to operate in the C&A database.
●Read and analyze SSPs and develop understanding of systems and applications into security test plans.
●Coordinate C&A actions and system testing with appropriate security personnel.
●Develop risk assessment reports.
●Assemble and submit C&A packages to Principal Accreditation Authority/Designated Accreditation Authority.
●Review IA Compliance Validation Tests and Reports.
July 2015-Sept 2015 Crystal City
Information Assurance/Security Specialist-USAID Evigilant
●Daily operational support on all governance and compliance activities, processes and procedures including; Security Authorization and Assessment (SA&A) and Privacy Risk Assessment (PRA) processes.
●Plan of Action and Milestone (POA&M) support.
●Support the maintenance and reporting on all SA&A and risk management artifacts, tools and system inventory.
●Support the maintenance of Security and Privacy Controls and Security Requirements Catalog (in accordance with NIST 800-53 R4).
●Support the maintenance of all CISO-owned SA&A documentation such as System Security Plans, Contingency Plans, Contingency Plan Tests, Disaster Recovery Plans, etc.
November 2014-April 2015 Pentagon
IAPM- Enterprise & Information Mission Assurance CGI Federal U.S. Army Information Technology Agency
●Directly support the IAPM Cell in areas of development and management.
●Supported the maintenance of a formal Cyber Security program that defines the organization's unique mission requirements and procedures.
●Supported the IAPM Cell as a point of contact for IA-related reporting to the DAA.
●Responsible for action items to include IAVM reporting, compliance, vulnerability assessments, and feedback to Army staff on current and upcoming IA policies.
●Implemented and maintained the Assured Compliance Assessment System (ACAS).
●Ensured that all the organization's Systems and Networks have a current C&A plan.
●Responsible for tracking and making sure the C&A packages are submitted in accordance with this regulation in a timely manner to ensure there are no lapses in coverage.
●Tracked annual reported requirements as well as the current Approval To Operate (ATO) or Interim Approval To Operate (IATO) dates and documented in a timely manner in the appropriate Army database.
●Tracked and reported compliance of systems through eMASS.
July 2012-November 2014 Annapolis Junction, MD Lead QA & IA Analyst ExecuTech Strategic
●Developed and produced the latest Quality Assurance Analyst SOP.
●Created, modified, and troubleshot user accounts in the SNAP and SGS databases.
●Monitored, assigned and adjusted the workload for the Connection Approval Office (CAO) IA Analysts
●Reviewed and evaluated connection approval artifacts to determine mission partner adherence to DoD security and information assurance policies. (DoDI 8510.01 DIACAP)
●Processed connection approval package artifacts entered data into databases and issued approval to connect letters.
●Tracked and documented mission partner requests submitted to the Connection Approval Office (CAO).
●Assessed the local subscriber environment information system and technology's security posture for compliance with applicable policies and directives.
●Performed risk analyses, which also includes risk assessments.
●Includes, but is not limited to, ensuring compliance with the DoD connection rules, assessing local and wide area subscriber environment security posture and topology, reviewed security relevant documentation, and prepared technical papers and discussed the results of that analysis.
●Prepared letters recommending the government grant Approval Authority to Connect (IATC/ATC) to the DoD network. Assisted customers in resolving connection issues associated with their connection requests and recommend solutions to bring their systems/networks/ architectures into compliance with connection requirements.
●Analyzed user needs to determine functional and cross-functional requirements. Performed functional allocation and identified the required tasks. Identified resources required for each task. Possesses excellent communication skills and is a team player.
●Reviewed and Processed C&A packages on SIPR and NIPR DoD Networks.