Post Job Free
Sign in

Software Development Security Clearance

Location:
Summerville, SC
Salary:
120000
Posted:
February 03, 2025

Contact this candidate

Resume:

Employee Name

Security Clearance

Johnny Taylor

Secret

Email: *****************@*****.***

Phone: 843-***-****

Task Order Labor Category

Company Position/Title

Employment Status

Engineer/Lead

Functional SME

Current (VNE)

Education / Training

Education:

Master of Arts; 2009; Webster University; Business Organization and Security Management

Master of Arts; 2005; Webster University; Computer Resources and Information Management

Bachelor of Science; 1995; South Carolina State University; Computer Science

Training/Certifications:

CompTIA Security+ CE Certification

McAfee Host Base Security System (HBSS) Certification

Labor Category Qualifying Professional Experience

Over 28 years’ of IT experience in which 12 years’ experience has been on C4ISR software development and integration programs similar to DCGS-MC such as GCCS-M, TACMASS, P-8A, STACC and USMC-MEGFoS performing software development, systems administration, technology analysis and assessment, requirements analysis, design definition, architecture, integration, test, and cybersecurity to include but not limited to developing and maintaining hardware and software baselines as well as patching via scripts and other utilities. In addition, he has over 12 years of Mainframe and COBOL performing software development, systems administration, technology analysis and assessment, requirements analysis, design definition, architecture, integration, testing using numerous databases utilities.

Chronology of Professional Experience

Vickers & Nolan Enterprises, LLC // March 2023 – October 2024 // Engineer/Cybersecurity Lead/SME

Supervised the testing and configuration of systems against DoD requirements using Security Content Automation Protocol Compliance Checker (SCAP SCC), Assured Compliance Assessment Solution (ACAS, RHEL 8), and other security and risk compliance tools to ensure system compliance with the NIST and Risk Management Framework (RMF).

Lead cybersecurity support and advisement aided by DoD testing tools, DoD and federal guidance, and NIST SP 800-53 controls to assist in securing the information system to the greatest extent possible without affecting mission completion.

Maintain the software baselines; maintenance efforts shall include installing vendor patches, applying security updates, configuring system in accordance with cybersecurity guidance, installation of new software, and integration of new hardware, troubleshooting/debugging problem reports, and responding to any other requested changes to the baseline.

Provide detailed installation and update procedures, documenting the processes followed to enable system Assessment and Authorization (A&A) and the ease of future system updates.

Support programs in providing patches for security releases in accordance with the Authority to Operate (ATO) for the program’s fielded builds.

Geodesicx, Inc. // August 2022 – March 2023 // Engineer IV

Perform scan analysis on multiple naval marine sites to provide adequate feedback on appropriate security posture.

Conducts manual reviews to ensure documentation is efficient for fleet support.

Conducted risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs on Window Servers 2008, 2012, 2016, MS SQL and Linux 6.x, 7.x, RHEL 8 systems and containers, ESXI, VMware and vSphere Client using HBSS/ESS, ACAS, and manual and automated scripts.

Guided the team in developing recommended courses of action needed to transition current policies and procedures to the NIST and Risk Management Framework (RMF) approved processes to support the Certification and Accreditation (C&A) process necessary to achieve an ATO or an Interim ATO (IATO).

Unemployed// November 2021 – July 2022 // Injured – surgery

Nesco Resource/KBRwyle // November 2020 – October 2021 // Vulnerability Analyst/System Engineer

Instructed and performed all tasks related to the Assessment & Authorization for Navy Medicine for the Defense Health Agency (DHA) to ensure assigned DoD systems/enclaves/networks can obtain and maintain Authorization to Operate (ATO) certifications.

Lead tasks to implement DISA STIGs/FDCC requirements, CTO's TASKORD's, FRAGORD's and emerging threats.

Conducted risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs on Window Servers 2008, 2012, 2016, MS SQL and Linux 6.x, 7.x systems, ESXI, VMware and vSphere Client using HBSS, ACAS, and manual and automated scripts.

Guided the team in developing recommended courses of action needed to transition current policies and procedures to the Risk Management Framework (RMF) approved processes.

Moseley Technical Services, Inc. // April 2020 – November 2020 // Systems Administrator/System Engineer

Responsible for Navy TacMobile C4ISR system software development, installation, testing, integration, verification, documentation, and system troubleshooting.

Administer and maintain security controls for Identity and Access Management and Governance Risk and Compliance on the GCCS-M, TACMASS, P8-A and C4ISR systems using HBSS, ACAS, Window Servers 2008, 2012, 2016, MS SQL and Linux 6.x, 7.x systems, ESXI, VMware, and vSphere Client.

Install, Configured, Administered and maintained Security Information and Event Management (SIEM) solutions to detect, prioritize, and manage incidents.

Develop and deliver systems specifications and security guidance and training to business partners by performing security program presentations, both internally and externally.

Identify and communicate unresolved security exposures as well as misuse or noncompliance situations to management.

Use requirements analysis and engineering expertise to generate Build Plans (BP), System Version Documents (SVD), and Installation Guides (IG) for critical systems.

Trident Solutions, Inc // July 2019 – April 2020 // Information Systems Security Analyst/System Engineer

Conducted engineering analysis on the legacy environment to established requirements, dependencies, and risks associated with transitioning systems and applications.

Administered and maintained security controls for Identity and Access Management and Governance Risk and Compliance.

Developed and delivered systems specifications and security guidance and training to business partners by performing security program presentations, both internally and externally.

Identified and communicated unresolved security exposures as well as misuse or noncompliance situations to management.

Responsible for creating, editing, executing, and managing HBSS, ACAS/Nessus and Tripwire vulnerability compliance scans.

Maintained compliance for IT control frameworks (NIST, HIPAA) and published informational procedures and guidelines, including compliance monitoring procedures across several departments.

Participated in investigations of suspected information security issues or in compliance reviews as requested by auditors.

Monitored key controls for the annual review and approval process for IT Controls. Responsible for providing feedback, discussing results, and required actions with management quarterly.

NexGen Data Systems // October 2018 – January 2019 // HBSS Admin/System Engineer

Expert in Host Based Security Systems (HBSS) for Enterprise Information Technology for Navy C4ISR systems at SPAWAR, to include HBSS design definition, architecture, implementation, information systems integration, software development methodologies, security engineering, communications, and network systems management.

Applied security patches to all vulnerability findings on Windows and Linux platforms in the following infrastructures: Window Servers 2008, 2012, 2016, MS SQL and Linux 6.x, 7.x systems, ESXI, VMware and vSphere Client.

Reviewed Information Assurance Vulnerability Alerts (IAVAs) for applicability and impact to the range networks. Ensured all systems were patched and reported compliance or problems in achieving compliance to the Cybersecurity Manager.

Evaluated information systems for compliance with Defense Information Security Agency (DISA) Security Technical Implementation Guidelines (STIGs) and reviewed measures needed to bring systems into compliance.

Built, configured, administered and maintained the McAfee HBSS and DISA Assured Compliance Assessment Solution (ACAS) in accordance with STIG/Security Requirements Guide (SRG), applicable Taskords, and security best practices.

Managed Windows and Server Administration and Group Policies (GPO) using Active Directory (AD) for added security per DISA STIGs to provide or deny access to users and/or accounts to segregate duties on as needed basis.

SPAWAR (now NIWC) // October 2015 – June 2018 // Various

As System Engineer/Windows Sustainment SME:

Oversaw the C4SIR systems resources (i.e., performance, capacity, availability, serviceability, and recoverability of Virtual Machines [VMs]) for Navy PMW790 Shore Tactical Assured Command and Control (STACC) program to recommend appropriate actions for improving operational efficiency.

Assisted with trouble tickets in Remedy supporting windows sustainment applications.

Managed Windows and Server Administration and GPOs using AD for added security per DISA STIGs to provide or deny access to users and/or accounts to segregate duties on an as needed basis.

Installed, configured, integrated, and maintained windows VMs (Window Servers 2008, 2012, 2016, MS SQL and Linux 6.x, 7.x systems, ESXI, VMware and vSphere Client), software and interfaces to ensure systems availability. Troubleshot efforts from start to finish ensuring outages are resolved in a timely manner.

Applied information security/information assurance policies, principles, and practices to ensure safe continuing availability of network systems.

Maintained systems configuration to perform requirements analysis using feasibility determinations for additional requirements within existing capabilities.

Managed the installation and integration of system fixes, updates, and enhancements to ensure capabilities meet customer requirements.

As MARS Reviewer:

As a C4ISR Mitigation and Remediation (MARS) Reviewer, reviewed Plan Of Actions and Milestones (POA&Ms) from vendors to recommend Approval or Denial to the Information Assurance Manager (IAM) after researching all IAVMs and vulnerabilities from all tools such as ACAS, SCAP, HBSS, etc., using the required DISA STIGS and benchmarks.

As Cyber Security Tester/Validator/System Admin:

Performed all tasks related to the Assessment & Authorization for Navy Medicine for the Defense Health Agency (DHA) to ensure assigned DoD systems/enclaves/networks can obtain and maintain Authorization to Operate (ATO) certifications.

Conducted risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs on Window Servers 2008, 2012, 2016, MS SQL and Linux 6.x, 7.x systems, ESXI, VMware and vSphere Client using HBSS, ACAS, manual and automated scripts.

Assisted the team in developing recommended courses of action needed to transition current policies and procedures to the Risk Management Framework (RMF) approved processes.

As Resident Lab Manager:

Oversaw all the C4ISR and other systems daily management, operations, and compliance for Bldg 3147, Lab 125. Provided instructions on keeping the lab safe and compliant with all government mandated security task orders. Conducted training meetings and instructed over 200 individuals with access to the lab on policies.

Conducted site walk-throughs, site security inspections, and visitor events with vendors. Assisted in updating the Standard Operating Procedure (SOP) for Restricted Areas and processed all access requests for the lab.

ByLight Professional // November 2014 – October 2015 // Computer Programmer IV/HBSS Analyst/System Admin

Provided support in engineering, developing, and maintaining SPAWAR's Navy RDT&E network NETWEB application using Perl and PHP programming.

Assisted with trouble tickets in Remedy supporting HBSS, AD and networking applications to provide or deny access to users and/or accounts to segregate duties on a as needed basis.

Monitored and corrected McAfee IDS/IPS, ACAS, Retina eEye Digital security and McAfee ePO suite vulnerabilities.

Helped maintain virus protection and firewalls as well as provided system hardening and patching.

Managed Windows and Server Administration and GPOs using AD for added security per DISA STIGs to provide or deny access to users and/or accounts to segregate duties on an as needed basis.

Sotera Defense Solutions // May 2013 – November 2014 // HBSS Analyst/IA Engineer/System Admin

For Navy TacMobile C4ISR systems, developed an appropriate HBSS software architecture and engineering design definition.

Installed, configured, managed, and troubleshot McAfee ePolicy Orchestrator (ePO) as well as the HBSS Framework package to include all additional modules (VirusScan, Host Intrusion Prevention, Secure Web and Email Gateways, and Policy Auditor).

Built and hardened VMs using VMware and other Virtual Machine tools for HBSS and other TacMoblile systems for testing and implementation and integration.

Installed, configured, maintained, and troubleshot the HBSS ePO server and associated policies and content.

Managed Windows and Server Administration and GPOs using AD for added security per DISA STIGs to provide or deny access to users and/or accounts to segregate duties on an as needed basis.

Assisted in the Information Assurance (IA) activities to support the Certification and Accreditation (C&A) process necessary to achieve an ATO or an Interim ATO (IATO) and support policy and requirements analysis.

Participated on identified TacMobile Teams and Working Groups as required.

Developed and maintained inputs to system POA&M and brief to system security engineering team, Certification Authority (CA), and Designated Approval Authority (DAA) personnel.

Assisted in the oversight and compliance of DISA STIGs to ensure compliance with standards and best practices and hardening of the system to implement DISA STIGs, Gold Disk, REM/Retina scans, or ACAS scans.

BAE Systems, Inc. // September 2012 – May 2013 // Systems Engineer

Used systems engineering expertise to implement and install C4ISR systems document change requests and document change notices associated errors and system inadequacies.

Managed Windows and Server Administration and GPOs using AD for added security per DISA STIGs to provide or deny access to users and/or accounts to segregate duties on an as needed basis.

Configured equipment on the automated gates networks, troubleshoot, and implement security needed on computers.

Ensured compliance with applicable DoD Configuration Management (CM) guidance, regulations, policies and best practices, taking into account the owning organization as well as the nature and complexity of the system being developed.

Performed user administration (setup and maintaining account), setup security policies for users, implemented the policies for the use of the computer system and network, monitored network communication, and created backup and recovery policies.

Performed logistics support by assembling and integrating equipment racks, vehicle lane equipment and/or other equipment making up subsystems/systems supporting multiple programs and platforms.

Configured software and licensing of the Data Switch (Cisco), Control Switch (Cisco) Routers (Cisco), Servers (Microsoft 2003/2008), NVR, Express Cluster, and other computers apart of the Automated Gates Installation Program before Pre-field testing.

SAIC // April 2011 – May 2012 // Systems Engineer I

Installed, managed, tested, performed technology analysis, and provided problem resolutions for C4ISR hardware and software elements of network security on Naval vessels for SPAWAR.

Managed Windows and Server Administration and GPOs using AD for added security per DISA STIGs to provide or deny access to users and/or accounts to segregate duties on an as needed basis.

Conducted HBSS, SCRI, SCCVI, MSQL management and installation to ensure compliance with all information security/information assurance policies, principles, and practices.

Knowledge and experience with Unix/Linux shell scripts, programming, and utilities to harden servers and security settings.

Performed user administration (setup and maintaining account), setup security policies for users, implement the policies for the use of the computer system and network, monitor network communication, and create backup and recovery policies.

Installed and configured McAfee HBSS on Naval vessels and submarines using VMware ESX server virtualized environment that includes MS SQL database on MS Server 2003/2008, McAfee ePolicy Orchestrator (ePO) server, and eEYE Retina vulnerability scanning tool SCCVI.

Troubleshot networking problems involving switches routers, workstations, ESX servers, VLANS, SANS, and VMware.

STG, Inc. // September 2008 – April 2011 // Various

As Programmer Analyst:

Assisted in the requirements gathering and validation phase to replace the Department of State's (DoS) legacy payroll systems with the Commercial off the Shelf (COTS) PeopleSoft Payroll Software, which became the baseline to design the Global Foreign Affairs Compensation System (GFACS) solutions definition.

Performed technology analysis and assessment and created flowchart diagrams of legacy COBOL programs for the program development team.

Applied and adapted new and improved approaches to the design definition, development, and implementation of data mining, data warehousing, and related data storage and retrieval systems.

Developed guidelines for application of data modeling practices for the development of data management applications; developed and maintained enterprise data models that defined the organization's information needs and mission and business processes, and updated models to reflect minor changes in requirements and the introduction of new data management technologies.

Developed and produced reports for end-users using PeopleSoft Query, XML Publisher, SQR, Application Engine, and SQL Plus while accessing data thru Oracle database (10g).

Knowledge of Oracle (10g / 11g) internals including RAC, RMAN, Dataguard and High availability architecture.

Experience with SharePoint document and control management.

As Computer System Specialist:

Provided support for the implementation and production operation of the Regional Financial Management System (RFMS) and Global Financial Management System (GFMS) by developing, documenting, and overseeing daily, bi-weekly, monthly, and annual operating procedures.

Integrated, automated, and monitored RFMS cycles through an automated batch manager, “Control-M”.

Stayed abreast of, and developed, implemented, and documented schedules and operating procedures for the processing of the RFMS and GFMS cycle.

Performed technology analysis and assessment, planning, design definition, implementation, documentation, assessment, and management of the financial and structural framework to align the IT strategy, plans, and systems with the mission, goals, structure, and processes of the organization.

Montric Technologies // June 2004 – September 2008 // Software Developer

Assisted a team of developers in design definition, developing and maintenance of a custom-built application, known as Kitchen Kompanion, using Visual Basics 6 and MYSQL database.

Hagemeyer NA, Inc. // January 2000 – November 2003 // Programmer Analyst

Provided enhancements and support for CONTROL (IMS) system applications which included order entry management, purchasing, account receivable, account payable, general ledger, inventory and billing using Cobol, CICS, JCL, MQ Series, EDI, VSAM and IMS database and other system tools.

Sara Lee Hosiery, Inc. // December 1997 – October 1999 // Technical Consultant

Provided enhancements and support for the Hanes Order System applications which included order entry management, purchasing, account receivable, account payable, general ledger, inventory and billing using Cobol, CICS, JCL, EDI, VSAM, Endeavor, DB2, Ideal and other system tools. Used Unix shell scripts, programming and utilities to retrieve, restore and process customer/vendors data.

PMSC // September 1996 – December 1997 // Programmer Analyst I

Performed coding, unit testing, and documentation to support the development and maintenance of the Claims Handling and MMS Rating Systems in the MicroFocus COBOL Workbench and Mainframe environment. These applications were designed to rate insurance policies and handle claims for external customers.

SAIC // June 1995 – September 1996 // Software Engineer

Provided development assistance to support the CA-Datacom/DB and DB2 relational database management system for the SAMMS application system for DoD DFASS. These programs were migrated from the SAMMS flat master files, which were stored using BDAM (Sequential and Random read modes), VSAM, and ISAM access methods, to the relational database environment.

.



Contact this candidate