Security Engineer

Location:

Fort Lauderdale, FL

Posted:

June 22, 2020

Contact this candidate

Resume:

Rachel Lisi

********@***.***

561-***-****

PROFILE

Strong background in Governance, Compliance, Security, Auditing, Risk Management, State and Federal IT Policies and the Incident Response process. Skilled in Networking and Information Assurance/Security. Hard-working team player with great communication skills, self-motivated and strong business ethics.

EXPERIENCE

SoClean Inc. Contract (3 week contract) 4/2020 – 5/2020

Senior Security and Compliance Consultant

Short term contract to create documents to help them pass CCPA Audit

Created Security Policies for corporate, production and Dev environment

Mapped out Risk Management Framework

Educated peers on FedRamp and other Security & Compliance standards (SOX, CCPA, NIST 800-171, GDPR NIST 800-53r4, etc.)

Educated peers on US and International standards and how to read/implement the necessary Government Regulations

Educated peers on Roles and Responsibilities of various different security positions

Worked with Business Units to create security relevant processes

Educated Peers on Privacy laws in the US and Internationally

Contracted to Chewy Technology (3 month contract) 11/2019-1/2020

Senior Security Engineer and Compliance SME Consultant

Created Security Policies for corporate, production and Dev environment

Mapped out Risk Management Framework

Helped Chewy become CCPA compliant.

Educated peers on FedRamp and other Security & Compliance standards (SOX, NIST 800-53r4, etc.)

Educated peers on US and International standards and how to read/implement the necessary Government Regulations

Educated peers on Roles and Responsibilities of various different security positions

Worked with Business Units to create security relevant processes

Boeing Distribution Services, Inc, Formerly KLX, Inc. 10/ 2017-11/2019

Senior Security Engineer

Created Security Policies for corporate, production and development environment

Mapped out Risk Management Framework

Educated peers on FedRamp and other Security & Compliance standards (SOX, NIST 800-53r4, etc.)

Introduced and recommended Risk Management and Vulnerability Management software

Educated peers on US and International standards and how to read/implement the necessary Government Regulations

Educated peers on Roles and Responsibilities of various different security positions

Wrote System Security Plan (SSP), Security Assessment Report (SAR), System Requirements Traceability Matrix (SRTM), Plan of Actions & Milestones (POA&M) and so on

Worked with multiple third party vendors in regards to their software along with work contracted to them by KLX

Contracted to E-builder (3 month contract) 5/2017-8/2017

Senior Security Engineer

Created 15 Security Policies for corporate, production and GovCloud environment

Created Incident Response and Disaster Recovery Plan

Mapped out Risk Management Framework

Educated peers on FedRamp and other Security & Compliance standards

Introduced Risk Management and Vulnerability software

Educated peers on FedRamp documentation and how to read the necessary Government Regulations

Educated peers on Roles and Responsibilities of various different security positions

Anexinet (3 month contract) 12/2016-3/2017

Senior Security Engineer and Encryption SME

Created/configured HSM program with supporting documentation for private company

Configured, issued and documented the CA program

Worked with infrastructure on patch management

Worked with business analyst on how to better utilize ServiceNow for change control

Advised groups on international/national encryption laws

IT-CNP 8/2016-11/2016

Information Security Manager

Created an Insider Threat Program

Certified systems to be NIST, FedRamp and ISO 2700x compliant

Managed and educated interns working to get into the IT security field

Created and Analyzed metrics

Worked with Business Units to create more business

Liaison between business unit and infrastructure

Continuous Monitoring of multiple systems across multiple private companies and government agencies for cloud solutions

Moser IT Consulting 2/2016-7/2016

Senior Security Consultant Contracted to WellPoint Military Care (WMC, an Anthem company) as the Risk Assessment Manager

Configured Xacta IA Manager along with supporting documentation

Helped to design and define a Risk Management Program

Helped to design a certification program for systems based off of the Risk Management Framework and HI TRUST

Helped define system boundaries

Created system and risk documentation

Helped create and define the Change Control Board and all the documentation to support it

Built Incident Response Program

Defined multiple user roles

Advised on multiple security issues using the NIST 800-54r4, NIST 800-30, NIST 800-37, NIST 800-39, FIPS 140-2, FIPS 201 and FIPS 202

Managed a team of 5 who help create and direct the tools needed and used to secure and monitor the WMC information systems

Acted as a liaison and advisor to multiple infrastructure teams

Independent Security Consulting 1/2014-1/2016

Security Engineer

Create and analyze metrics

Advise on security policy and procedure for the purpose of bidding and winning contracts

Educate and teach CISSP material along with Best Security Practices

Help create/write business proposals based on best security practices

Advise clients of security flaws in their current systems and propose solutions

Provide system design assistance to IT and infrastructure enhancements

Help develop and train company’s security program and security team to include the development of security policies and procedures

Safenet 7/2011 – 12/2013

Information System Security Officer/Engineer (ISSO/E) for ODNI office

Contracted to NSA as an Information Systems Security Officer/Engineer

IAO (Information Assurance Officer) for the DoD PKI System (VeriSign, MS and Entrust projects)

Responsible for the entire life cycle of 20+ systems concurrently for the entire C&A Process

Obtained over 15 ATO's

Provide system design assistance to IT and infrastructure enhancements

Manage client systems and ensure regulatory compliance for FISMA/FEDramp are met. Ensure security controls are meet by following requirements set forth in the Business Partners Systems Security Manual (BPSSM) (In most cases the business partners were other federal agencies or entities that were commercial but not allowed to know which agency we were)

Performed technology assessment on existing resources while recommending technology tools that aligned with security requirements

Implemented change management processes and system/network monitoring solutions that helped in the early identification and resolution of problems

Regular reviews of Audit logs

Maintain SSP’s and supporting documentation for numerous systems

Create and analyze metrics

Work with SA’s/customers on IAVA patching/reporting (Nessus & ArcSight)

Worked with Engineers to come up with solutions on how to secure their systems without limiting the capabilities of what they wanted their systems to do

Worked with Incident Response Teams and flagged potential incidents when running weekly audits

Prosync, Inc. 4/2008-6/2011

Information System Security Officer(ISSO) & Engineer (ISSE) for SIGINT office

Contracted to NSA as an Information Systems Security Officer

Responsible for the life cycle of 50+ systems for the entire C&A Process

Obtained over 30 ATO's in less than 60 days

Provide system design assistance to IT and infrastructure enhancements

Performed technology assessment on existing resources while recommending technology tools that aligned with security requirements

Implemented change management processes and system/network monitoring solutions that helped in the early identification and resolution of problems

Regular reviews of Audit logs

Maintain SSP’s and supporting documentation for numerous systems

Create and analyze metrics

Work with SA’s/customers on IAVA patching/reporting

Worked with Engineer to come up with solutions on how to secure their systems without limiting the capabilities of what they wanted their systems to do

Worked closely with IAVA and DAA/DAO's to get systems through the C&A process fast and out into the field since most systems were mission critical and the lack of them being there could cause loss of life

Help develop and train contractor sites security program and security team to include the development of security policies and procedures

Trained a team of 8 and brought in experts in the field on security and their CISSP (all students passed)

Sparta Systems, Inc. 1/2008 – 3/2008

Security Engineer (3 month contract)

Contracted to NSA as an Information Systems Security Officer

Responsible for the Continuous Monitoring of 40+ systems (the last phase of the C&A Process)

Implemented change management processes and system/network monitoring solutions that helped in the early identification and resolution of problems

Regular reviews of Audit logs

Maintain the SSP for numerous systems

Provide system design assistance to IT and infrastructure enhancements

Create and analyze metrics

Work with SA’s/customers on IAVA patching/reporting

IAO (Information Assurance Officer) for the DoD PKI System

Help develop and train contractor sites security program and security team to include the development of security policies and procedures

SAIC 12/2006 – 11/2007

FIPS 140-2 tester/consultant

Physically tested unclassified crypto-modules against government conformance standards.

Wrote reports to NIST based off of testing results for certification

Responsible for setting up and recreating system environments

Working closely with customers and a system integration team, analyzing customer environments and requirements

Provide system design assistance to IT and infrastructure enhancements

Integrating and installing off-the-shelf or custom developed software

Common Criteria Testing and Analysis

Training of the FIPS 140-2 to peers/managers

Booz Allen Hamilton 10/2005 – 4/2006

Security Engineer/Consultant (6 month contract)

System analysis and design of data communications and security networks

Analysis and breakdown of system security structures and the rebuilding of them.

Certification and Accreditation research and programming.

Multiple security frameworks to help create the first version of the REV1 (DCID 6/3, DITSCAP, DIACAP, UIC, NISPOM, and additional NIST regulations)

Subject Matter Expert for NSA defining and interpreting crypto module requirements and specs. (UIC vs. FIPS 140-2)

Use of Lean Six Sigma for System Analysis

Provide system design assistance to IT and infrastructure enhancements

Implemented change management processes and system/network monitoring solutions that helped in the early identification and resolution of problems

Cygnacom Solutions 2004 – 2005

Security Engineer

SME for NSA defining and interpreting crypto module requirements and specs. (UIC vs. FIPS 140-2)

FIPS 140-2 certified (testing unclassified crypto-modules against gov’t conformance standards)

Integrative Systems Specialist

Responsible for managing/working the Help Desk for the U.S. Department of Veteran's Affairs

System Administrator for the U.S. Department of Veteran's Affairs PKI system

Implemented change management processes and system/network monitoring solutions that helped in the early identification and resolution of problems

Responsible for maintaining and updating logs

Creating and sending out weekly status reports

Responsible for setting up and recreating system environments

Working closely with customers and a system integration team, analyzing customer environments and requirements

Integrating and installing off-the-shelf or custom developed software

Providing customer support to the Veteran’s Affairs PKI program

Installing hardware and formatting hard drives for the U.S. Machine Readable Transportation Documents (Passports)

Familiar with Entrust and Verisign security products along with various HSM’s-FIPS 140-2 certified (testing unclassified crypto-modules against gov’t conformance standards)

Integrative Systems Specialist

Responsible for managing/working the Help Desk for the U.S. Department of Veteran's Affairs

System Administrator for the U.S. Department of Veteran's Affairs PKI system

Responsible for maintaining and updating logs

Creating and sending out weekly status reports

Responsible for setting up and recreating system environments

Working closely with customers and a system integration team, analyzing customer environments and requirements

Integrating and installing off-the-shelf or custom developed software

Providing customer support to the Veteran’s Affairs PKI program

Installing hardware and formatting hard drives for the U.S. Machine Readable Transportation Documents (Passports)

PREVIOUS AGENCY EXPERIENCE: NSA, Department of State, Veteran's Affairs, FBI, CIA, ODNI, DOJ

PREVIOUS CORPORATE EXPERIENCE: The Walt Disney Company (Store and WDW Resort)

PREVIOUS VOLUNTEER EXPERIENCE: Children's Miracle Network, American Red Cross 9/11, Columba Association

EDUCATION

Strayer University 2010

Master of Science in Computer Information Systems – Security Concentration

University of Maryland – Baltimore County 2004

Earned a Bachelor of Science in Information Systems Management

TECHNOLOGY + OTHER SKILLS (Not all inclusive)

Programs: Microsoft Office Suite up to 2016, Lotus, Tripwire, Dream Weaver, FrontPage, Visual studio, Photoshop, NESSUS, SQL Server 2000-2005, MySQL, Oracle, VISIO, MS Project, Entrust Product suite, VeriSign product suite, Sourcefire, Arcsight, Cryptik, Wireshark, Snort, nmap, IBM QRadar, Rapid 7, RSA Token

Operating Systems: Windows (2000, XP, Vista, 2003 server, 7, 8.1, 10) Red Hat 4.0- 7.6

Languages: VB, C++, C, SQL, HTML 5, Java, Java Script.

HSM: Familiar with various HSM's.

Languages: English and Spanish

Documentation/Framework: VA Handbook 6500, DoD STIGS, FISMA 2002, HSPD-12, DITSCAP, CCPA, GDPR, PCI-DSS, DIACAP, NITSCAP, DCID 6/3, NIST 800-53 (all revisions), NIST 800-30, NIST-800-37, NIST 800-39, FIPS 140, FIPS 140-2, FIPS 201/2, FIPS 199, FIPS 200, Common Criteria, PIV, PII, HIPPA, Hi-Trust, SOX, COBIT,SSAE 16

Contact this candidate