System Security Cyber

Location:

Virginia

Posted:

March 22, 2025

Contact this candidate

Resume:

Abraham Green

Professional Summary

Mr. Green has devoted over fifteen years to supporting intelligence community clients providing information assurance and information technology security services; including performing assessments, analyzing and documenting test results and risks. Mr. Green has created and reviewed over ten Body of Evidence documents to include Security Controls Traceability Matrix (SCTM), System Security Plan (SSP), Concept of Operations (CONOPS), Security Assessment Report (SAR), Plan of Actions and Milestones (PoA&M), System Security Plan Questionnaire (SSPQ), Continuous Monitoring Plan. Mr. Green performs assessments on systems that include both Windows and Linux platforms. He utilized AppDetectivePRO, Nessus/Security Center, and WebInspect to perform assessments on networks, web applications, and databases. Mr. Green has performed A&A for over ten systems which received full accreditation. He currently plays an active role in monitoring the systems and environment of operation to include developing and updating the security plan, managing and controlling changes to the system, application, system architecture, design documents, test plans and assessing the security impact of those changes.

Professional Experience

Ingenium Consulting October 2019 to Present

Cyber Security Engineer

As lead ISSE for a team of four, Mr. Green managed the daily responsibilities to ensure 11 systems were in compliance with the customer defined Green Light and Xacta Certification and Accreditation process. Implemented all system through the Risk Management Framework (RMF).

Perform, and review, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations and recommend mitigation strategies.

Validates and verify system security requirements definitions and analysis and establishes system security designs.

Designs, develops, implements and/or integrates IA and security systems and system components including those for networking, computing, and enclave environments to include those with multiple enclaves and with differing data protection/classification requirements.

Builds IA into systems deployed to operational environments.

Assist architects and systems developers in the identification and implementation of appropriate information security functionality to ensure uniform application of Agency security policy and enterprise solutions.

Supports the building of security architectures.

Enforce the design and implementation of trusted relations among external systems and architectures.

Assesses and mitigates system security threats/risks throughout the program lifecycle.

Contributes to the security planning assessment, risk analysis, risk management certification and awareness activities for system and networking operations.

Reviews certification and accreditation (C&A) documentation, providing feedback on completeness and compliance of its content.

Applies system security engineering expertise in one or more of the following: system security design process; engineering life cycle; information domain; cross domain solutions; commercial off-the-shelf and government off-the-shelf cryptography; identification; authentication; and authorization; system integration; risk management; intrusion detection; contingency planning; incident handling; configuration control; change management; auditing; certification and accreditation process; principles of IA (confidentiality, integrity, non-repudiation, availability, and access control) and security testing.

Support security authorization activities in compliance with NSA/CSS Information System Certification and Accreditation Process (NISCAP) & DoD Risk Management Framework (RMF), the NIST Risk Management Framework (RMF) process, and prescribed NSA/CSS business processes for security engineering.

• Advocate and recommend system-level solutions to resolve security requirements. Monitors and suggests improvement to IA policy.

Mr. Green ensured that the full Certification and Accreditation process was completed on a timely basis. He ensured systems maintain their full accreditation thru the life cycle while in production. While working with the Sponsor’s systems, Mr. Green maintained an in-depth knowledge of each system’s System Security Plan (SSP). Mr. Green was directly responsible for updating security plans, conducting vulnerability assessments and mitigation strategies in preparation for re-certification of the existing systems. In addition, he also had SSP preparation responsibility for all new systems.

He was responsible for ensuring the appropriate operational security posture was maintained throughout the information systems lifecycle and he worked in close collaboration with the Information System Owner. Mr. Green conducted periodic reviews of the information systems to ensure compliance with the security authorization artifacts. He played an active role in monitoring the systems and their environment of operation to include developing and updating the SSP, managing and controlling changes to the system, and assessing the security impact of those changes.

ProAptiv Corporation

April 2018 to October 2019

Cyber Security Engineer

Leesburg, VA

Mr. Green conducts technical security assessments of applications and infrastructure and performing security design reviews as well as risk assessments within a diverse, complex global enterprise infrastructure.

Mr. Green is responsible for conducting security assessments as part of a formal system security accreditation process. This includes performing a review of the Certification and Accreditation (C&A) packages to ensure completeness and compliance with the applicable security requirements in effect within the customer’s environment (e.g., Intelligence Community Directive (ICD) 503, the Federal Information Security Management Act (FISMA) and the applicable National Institute of Standards and Technology (NIST) security standards). This activity also includes auditing the information systems utilizing a standardized checklist to certify that required security controls have been implemented, conducting onsite interviews with the system owners, performing vulnerability scans, performing visual inspections and conducting penetration tests as required. This activity also included creating detailed reports on the findings made as part of the assessments and providing detailed risk recommendations in support of a C&A determination by senior level security accreditation authorities.

Xebec Global Corporation

December 2017 to April 2018

Cyber Security Engineer

Vienna, VA

Mr. Green conducted technical security assessments of applications and infrastructure and performed security design reviews as well as risk assessments for a wide array of systems.

Mr. Green was responsible for conducting security assessments as part of a formal system security accreditation process. This included performing reviews of the Certification and Accreditation (C&A) packages to ensure completeness and compliance with the applicable security requirements in effect within the customer’s environment (e.g., Intelligence Community Directive (ICD) 503, the Federal Information Security Management Act (FISMA) and the applicable National Institute of Standards and Technology (NIST) security standards). This activity also included auditing the information systems utilizing a standardized checklist to certify that required security controls were implemented properly, conducting onsite interviews with the system owners, performing vulnerability scans, performing visual inspections and conducting penetration tests as required. This activity also included creating detailed security assessment reports outlining the findings made as part of the assessments and providing detailed risk recommendations in support of a C&A determination by senior level security accreditation authorities.

Xebec Global Corporation

March 2017 – December 2017

Senior Information Assurance Engineer

Vienna, VA

Mr. Green performed cyber assessments on over ten systems to include performing network and application scans. He Documented vulnerability scan and test results in a plan of action milestone document and he documented all risks identified in the assessments. Mr. Green performed cyber assessments of systems incorporating both Windows and Linux and operating systems. Daily, Mr. Green used Nessus/Security Center to scan for vulnerabilities within Linux and Windows operating system platforms. Mr. Green also used AppDetective and WebInspect to scan the applications and databases installed on each platform (Linux and Windows).

Mr. Green has extensive experience using Nessus/Security Center on performing cyber assessments on Windows and Linux platforms. He is experienced with analysis of test results and with working together with the design/development teams to mitigate security vulnerability and findings.

Mr. Green also worked with the engineering and development teams to analyze and make recommendations to the engineering and development teams. Mr. Green ensured that the security plans were written to the requirements specifications developed for the systems. He also ensured requirements specifications, system architecture, design documents and results from the test plans were properly documented in the security plans.

ALQMI

Jan 2013 – February 2017

Senior Information Assurance Engineer

McLean, VA

As lead ISSO for a team of four, Mr. Green managed the daily responsibilities to ensure over 20 systems were in compliance with the customer defined Certification and Accreditation process.

Mr. Green has extensive experience working with systems that follow and comply with DCID 6/3, ICD 503, NIST SP 800-53 Rev 3 and 4. Mr. Green has extensive experience conducting vulnerability assessments and performing network scans. His tool experience includes AppDetective, WebInspect, Nessus/Security Center, WASSP, MBSA, SECSECSCAN, and Nmap.

ALON/XLA

June 2012 – December 2013

Senior Information Assurance Engineer

McLean, VA

Mr. Green served as the independent security assessor for the initial authorization and re-authorization of IT systems for the National Archives (NARA). He performed EnCase evidence file examinations on operating systems. He was experienced with XACTA IA Manager by providing security risk management through continuous assessment and security process automation. Mr. Green conducted ad-hoc vulnerability scan for systems using government supplied and commercial software with Tenable Nessus vulnerability scanner, WASSP, MBSA, SECSCAN and Nmap. Mr. Green provided weekly reports and analysis of scan results. He monitored intrusion detection systems for evidence of security events and suspected security incidents. He has also used netForensics Security Information Management (SIM) tool to monitor traffic and alerts generated by security countermeasure devices throughout the enterprise. He also used McAfee Network Security Manager to view and analyze network traffic flows throughout the enterprise.

Booze Allen Hamilton

August 2010 – December 2011

Cyber Security Analyst

McLean, VA

Mr. Green supported Certification & Accreditation (C&A) activities for the Precision Tracking Space System (PTSS). He provided recommendations and inputs on all Information Assurance issues pertaining to PTSS. He was the lead Cyber Security Engineer for the Cyber Working Group (CWG) tasked with gathering Insider threat and Supply Chain Risk information. Mr. Green led a team in creating a Cyber Threat Model to gather actionable intelligence to ensure better and timely integration of secure measures into the Ballistic Missile Defense System (BMDS) Capability Delivery. He attended Systems Engineering & Integration Council (SEIC) meetings to ensure Information Assurance (IA) requirements were incorporated in the Aegis Ballistic Missile Defense System. He provided IA with inputs on gathering information for the DIACAP package and primary artifacts for PTSS in accordance with NIST and FISMA documentations. Mr. Green provided support to the Security Operations Center in the detection, response, mitigation, and reporting of cyber threats affecting client networks. He maintained an understanding of the current vulnerabilities, responses, and mitigation strategies including Plan of Action and Milestones (POA&M) used to support cyber security operations. He produced and delivered reports and briefings to provide an accurate depiction of the current threat landscape and associated risks to the customer networks, infrastructure and data. He accomplished this using customer, community, and open source (all-source) analysis and reporting. He provided trend analysis for correlated information sources and network data such as event logs, IDS, and network captures.

He provided critical analysis and detailed reporting of cyber threats as well as assisted in deterring, identifying, monitoring, investigating and analyzing computer network intrusions to meet the needs of the organization's goals.

Dowless & Associates, Inc.

November 2005 – July 2010

Senior Systems Security Engineer

Herndon, VA

Mr. Green developed multiple System Security Plans (SSP) providing an overview of system security requirements and controls, documenting system characterization, management controls, operational controls, and technical controls to ensure compliance to agency and DCID 6/3, ICD 503, and NIST 800-53 documentation requirements. Mr. Green conducted pre-scans risk assessments for all systems and mitigated vulnerabilities wherever feasible prior to certification and accreditation. He generated scans reports in conformance with SSP, mitigated vulnerabilities and provided details to the ISSM for approval. He provided support to ensure systems were functioning properly with no violations. Mr. Green created dashboards to monitor servers and other devices and he supported Certification & Accreditation (C&A) activities for Testing and Evaluation Programs. Mr. Green served as technical advisor to internal users and professionals; maintained open positive communications with clients building collective understanding of information being presented to multiple customers. He investigated new technologies and determine how they could be leveraged to enhanced and improve the security posture, service and reliability and performance of the customer enterprise infrastructure. Mr. Green held the primary role in the testing and evaluation of networking hardware and software systems as well as providing technical and systems configuration recommendations in support of Information Security services for ISTAC Testing and Evaluation Program. Mr. Green performed complex technical analysis, lead and direct lab staff and work effectively as part of a team.

Independent Consultant/Independent Contractor

February 1998 – March 2000

Senior Network Engineer

McLean, VA

Mr. Green was responsible for Infrastructure Network Assessment including hardware and circuit installation, upgrade and replacement. He installed and deployed servers, workstation and printers. Developed and maintained network systems policies and procedures. Developed and maintained network system policies and Monitored servers for load balancing and optimization. Interfaced with clients and supervised junior-level technicians. Conducted hardware and application testing in Windows/NT and OS/2 environment.

Klein Technologies, Inc.

October 1996 – December 1998

System Engineer/WAN Technical Engineer

McLean, VA

Mr. Green provided engineering support for Wide Area Network (WAN) to ensure collaboration with other customers within the National Intelligence Council (NIC) engineered support which involved supporting four existing networks. He led a team in the technical planning, engineering, deployment and support of over 3000 desktop and laptop images to local and remote users. He also led a team installing McAfee Endpoint and PGP Disk encryption software to all desktops and laptops throughout the enterprise. He managed a team on imaging and software distribution enterprise wide. Mr. Green led a support team in the Maintenance & Support of desktop PCs, Laptops & Servers running Windows-based operating systems.

Mr. Green also led a support team in providing support to users with, email, MS Office Suite and other applications. He managed and maintained the Security of the Network infrastructure. He managed and performed application installations and troubleshooting assisted users with all level of support. He provided engineering support on research database for intelligence and open source information. He provided engineering support and administration for Stone Ghost network to ensure Intelligence customers can communicate via e-mail and intranet collaboration. Finally, he provided engineering and database support.

Science Application International Corp (SAIC)

April 1995 – December 2011

Senior Network Engineer

McLean, VA

Mr. Green was responsible for planning, configuration and implementation of Microsoft Windows/NT environments. He maintained the Microsoft SQL servers within a WAN environment. He managed installation, testing and upgrades of MS SQL and Access databases. He provided upgrade, system administration and user training on SQL and access databases.

United States Air Force (USAF)

July 1971 – March 1995

Superintendent, Customer Computer Support

USA/Europe

Mr. Green managed, planned, supervised and coordinated the implementation, installation and directed the daily operation and maintenance of all network services. Mr. Green was the lead Technician on Operational Test and Evaluation of Voice and Data network system worldwide

Mr. Green retired from the Air Force with over 20 years of faithful service.

Certifications

Microsoft Certified Systems Engineer (MCSE) 02/2012

CompTIA Security+ 08/2002

Education

University of Maryland - University College – B.S. Cyber Security In-Progress

Barrington University – B.S. Computer Science 2004

Prince Georges Community College – Information Security Certificate 2014

Prince Georges Community College – IM Security Management Certificate 2014

Contact this candidate