Cyber Security Engineer

CAREER SUMMARY

A Security professional with over 30 years experience in the IT field, strong ability to communicate both orally and written; good organizational skills and able to analyze and evaluate information, identify priorities, interpret and apply policies, processes and procedures. Knowledge of Scanning tools, systems integration, and CyberSecurity; a history of identifying business risks, developing solutions, and implementing changes. Experienced in forming coalitions, developing and implementing strategies for efficiency gains.

EDUCATION

Marquette University

Milwaukee, Wisconsin 53233

Journalism, French attended 1979-1981

EMPLOYMENT HISTORY

Senior Cyber Security Engineer

Clear Focus Technologies

Leesburg, VA March 2023 to Present

Perform oversight of the maintenance, monitoring and administration of a suite of Vulnerability Management tools (Cofense Triage/Reporter, Tenable VM, CrowdStrike, IP360)

Analysis and Remediation of reported Phishing and Malware emails

Analysis and management of Compliance and vulnerability scans

Daily review of Active Threat Intelligence reports

Provide training to Information System Security Officers on Governance, Risk and Compliance Tool

Provide technical direction to Information System Security Officers

Provide weekly reporting on Vulnerability Management activities, i.e. Known Exploitable Vulnerabilities, Zero Day Exploits

Cyber Security Analyst III

Scientific Research Corporation (SRC)

Patuxent Naval Base, Patuxent, MD June 2021 to March 2023

Knowledge of methods, tools, and procedures, including development of information security plans, to prevent information systems vulnerabilities, and provide or restore security of information systems and network services

Conduct risk assessments and provide recommendations for application design

Experience using Vulnerability Assessment tools Tenable/ACAS, Tenable Security Center, Nessus, SCAP, Retina, STIG Viewer and other tools

Conduct code reviews and analysis (C++, C# Java )

Participate in the design and development of new systems, applications, and solutions for external customer enterprise-wide cyber systems and networks

Provide SME expertise on current systems with threats/product vulnerabilities, with a particular focus on how they relate to other systems

Produce quality assurance and information assurance-related reports and documentation.

Knowledge of National Institute of Science and Technology (NIST) and Defense Information Systems Agency (DISA) standards, guidelines, and requirements as related to Cybersecurity and Risk Management

Participate in risk assessment analyses of results, identify potential for exploitations and assign risk levels to systems

Preparation and review of cyber security documentation and participation in the establishment of procedures and processes to monitor progress

Senior Cyber Security Engineer

SAIC – Fort Meade, Maryland September 2020 to March 2021

Analyze and define security requirements for multilevel security (MLS) systems.

Conduct security audits.

Conduct Self-Assessments

Apply knowledge of IT Governance requirements, risk mitigation strategies, and encryption and decryption capabilities to establish secure solutions.

Generate system-level security documentation.

Support the development of System Operation Procedure documents.

Performs risk analysis, including risk assessment processes and procedures.

Recommend information assurance/security solutions to support customers’ requirements.

Perform analysis of security features for system architectures.

Analyze general information assurance-related technical problems and provides basic engineering and technical support in solving these problems.

Researches and evaluates cyber capabilities and new security tools and products against operational requirements and introduces them to the enterprise in alignment with IT security strategy, and to support the offensive and defensive capability design and troubleshoot and problem solve technical and non-technical issues.

Senior Security Engineer/Information Security Analyst

SAIC – Springfield, Virginia June 2019 to September 2020

Supporting System Owners through the RMF processing identifying and coordinating technical activities.

Gathering requirements, performing gap analysis, developing and presenting potential solutions, and creating detailed design and implementation plans.

Integrating security into the design and implementation process to conform to established State Department security standards, policies, and procedures.

Reviewing evolving security requirements and policies and making recommendations for existing systems to ensure compliance.

Identifying security architecture and implementation gaps, vulnerabilities, and risks; developing, testing, and implementing solutions to address the gaps, and new or updated requirements.

Evaluating emerging technology (e.g., social media, mobile computing) and making recommendations.

Supporting Assessment & Accreditation, to provide recommendations on meeting required controls.

Information Assurance Specialist

Leidos – Alexandria, Virginia September 2017 to May 2019

Advise the program on NIST compliance requirements

Provide guidance regarding adherence to Corporate policies and procedures

Provide solutions to operational challenges regarding information security considerations

Brief the team on present and projected threats.

Assist management with producing formal and informal reports, briefings, and input to the customer regarding security and functionality requirements, system architecture, security designs, policies and procedures.

Conduct risk assessments throughout within the program, as well as continuously monitoring security relevant changes.

Interpret NIST controls accurately with regard to system security posture, policy updates and configuration for information systems

Draft system security plans and other artifacts to satisfy certification and accreditation requirements; conduct periodic reviews to ensure compliance with established policies and procedures; ensuring all software, hardware and firmware changes are recorded as required by established configuration management procedures; ensuring systems are operated, maintained and disposed of in accordance with applicable federal security policies and procedures.

Lead investigations of security incidents as well as providing protective and corrective measures

Create, update and review Plan of Action and Milestones (POA&M) documentation for accreditation review Work with team members to remediate and mitigate findings

Attend onsite/offsite briefings

Information Systems Security Manager/COMSEC Manager

National Capital Region

Leidos - Vienna, Virginia March 2015 to September 2017

Support security authorization activities in compliance with NISP and NIST 800-53 standards

Advise in the application of Defense Security Service standards for nine sites across the National Capital Region

Identify and document unique threats

Provide input for proposal efforts

Direct staff on cleanup procedures for Classified spills

Oversee weekly reviews of networked and standalone Information Systems

User Clearance verification

Develop and implement certification tests

Brief users on their responsibilities for safeguarding classified information

Prepare and review documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs)

Direct staff in the configuring and management of security configurations of Information Systems

Conduct site reviews

Responsible for COMSEC material management

Information Systems Security Officer

National Capital Region

Leidos - Vienna, Virginia August 2013 to March 2015

Supported security authorization activities in compliance with NISP and NIST 800-53 standards

Responsible for the compliance with Defense Security Service standards for nine sites across the region

Identified and documented any unique threats

Performed cleanup procedures for Classified spills

Provide input for proposal efforts

Perform or oversaw weekly reviews of Information

User access verification

Developed and implemented certification tests

Briefed users on their responsibilities for safeguarding classified information

Prepared and reviewed documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs)

Configured and managed the security configurations of Information Systems (standalone/networked)

Conducted site reviews

Information Systems Security Officer

SAIC – McLean, VA September 2011 to August 2013

Conduct weekly system audits

Ensure the implementation of security measures, in accordance with facility procedures

Identify and document any unique threats.

Perform risk assessments

Develop and implement certification tests

Prepare, maintain, and implement SSP's that accurately reflect the installation and security provisions

Conduct ongoing security reviews and tests of Information Systems to periodically verify that security features and operating controls are functional and effective

Implement and maintain security-related software for the detection of malicious code, viruses, and intruders (hackers), as appropriate

References available upon request

Contact this candidate