Security Officer System
Resume:
Security Clearance: TS/SCI/CI Poly
Certifications:Comptia Security +
Objective
Provide my expertise in information security practices and compliance regulations to implement robust security strategies and mitigate cyber risks, seeking a challenging ISSO role within a dynamic organization focused on proactive threat management and data protection.
Experience
December 2024 – Present
Information System Security Officer
Jacobs
Chantilly, VA
Manage security-related program milestones/deadlines to meet contract requirements.
Perform cybersecurity activities, including change management, account management, auditing, media protection, user training, file transfers, etc
Create and update Body of Evidence (BoE) for system accreditation using XACTA, ServiceNow (SNOW) or similar risk management software (NIST 800-53
Develop and enforce cyber security policies and procedures for accredited systems
Manage the plan of action and milestones (POA&Ms) by working with project managers and system engineers to develop schedules and engineering actions that mitigate open items
Maintain, update and conduct routine vulnerability and compliance scans across all sponsor networks using NESSUS or similar software.
Configure and perform required system audits and related continuous monitoring tasks
May 2023 – November 2024
Information System Security Officer
Radiance Technologies
Huntsville, AL
Served as the Information System Security Officer (ISSO) support to the Organizational ISSM, in the management and administration of authorization and accreditation (A&A) package processing. Responsible for IA of tactical networks, systems, security practices, and the application of IA concepts to rapid hardware/software prototype development.
Participated, as a team member, within the assessment of confidentiality, integrity, and availability of systems, networks, and data through the coordination, planning, analysis, development, implementation, and enhancement of information assurance programs, policies, procedures and tools
Served as the front-line team member to the organization’s Authorizing Official team ensuring the dissemination and adherence to IA policies, procedures, guidance, and training requirements. Enforces IA standards and procedures for all phases of hardware and software lifecycle management process and assists in developing solutions to complex problems.
Assisted in the administration management support of the RCCTO by carrying out and responding in a timely manner to IT/IA tasks and requests; and manage internal office IT/IA work tasks
Developed and maintain relationships between Program/Project Management Offices, RCCTO program staff, and outside organizations to ensure proper communication, development and deployment of information assurance technologies, products, and systems
Assisted in preparing briefing materials, supporting engineering and development meetingsn coordinating security testing events, scheduling, and supporting teleconferences and video teleconferences and other administrative support tasks as directed
Monitored and managed system accounts in eMASS
November 2019 – April 2023
Consulting Technical Manager
Oracle
Reston, VA
Responsible for ensuring the confidentiality, integrity and availability is implemented into the concept, development and transition to production of information systems.
Performed, reviewed. technical security assessments of cloud computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategies
Assisted the Government Security Personnel in the oversight, inspection, review and accreditation of Information Systems
Assessed and mitigated system security threats/risks throughout the program life cycle and contributed to the security planning, assessment, risk analysis, risk management, certification and accreditation activities for system and network operations
Developed and managed Standard Operating Procedures (SOP), System Security Plan (SSP), Continuous Monitoring Plan (CMP), Incident Response Plan (IRP), and Emergency Plan as well as provide feedback on recommended and required modifications
Reviewed and tracked progress of sites Plan of Action and Milestone (POA&M)
January 2017 – November 2019
Information System Security Engineer
Radiant Solutions
Herndon, VA
Responsible for ensuring the confidentiality, integrity and availability is implemented into the concept, development and transition to production of information systems.
Reviewed as
Builds IA into systems deployed to development and operational environments and assisting architects and system developers in the identification/implementation of appropriate information security functionality to ensure uniform application of Agency security policy and enterprise solutions
Provided support to the planning, designing and implementing of security controls which safeguard and monitor events for information systems and applications and data
Utilized various scanning tools such as Nessus Tenable
Drafted, reviewed and edited assessment and authorization (A&A) documentation, providing feedback on completeness and compliance of its content
Created and maintained Plan of Action and Milestones (POAMs) as required
Utilized various databases such as XACTA IA Manager, XACTA 360, and eMASS
August 2013– January 2017
Security Analyst
Blue Canopy Group, LLC
Reston, VA
Responsible for Certification and Accreditation of security systems and advancing them through the ICD 503 process achieving approval to operate (ATO)
Ensured systems are operated, maintained, and disposed of in accordance with internal security policies and practices outlined in the security plan
Developed and maintained security artifacts and ensure they are written and adhere to customer policies, procedures, techniques, and industry best practices (ICD 503)
Monitored and maintained Configuration Management (CM) for security-related IS software, hardware, and firmware
Participated in Integrated Product Teams to ensure system security control requirements are understood and integrated into the system
Led system testing before granting approval to load to production environment through Security Testing and Evaluation (ST&E)
June 2012 – August 2013
Security Control Assessor
General Dynamics, AIS
Chantilly, VA
Responsible assessing security controls for more than 80 NRO Assets
Coordinated and collaborated with primary stakeholders to include the Designated Authorizing Official (DAO), Program Security Officers (PSO), Information System Security Engineer (ISSE), and Information System Security Officer (ISSO) during assessment and authorization under ICD 503 RMF
Coordinated, tracked, and organized IA requirements and facilitates flow of required documentation for ICD 503 transition.
Served as the security expert by articulating security policy and technical requirements for system design, development, and operations
August 2011 – June 2012
Security Specialist
Welkin Associates
Chantilly, VA
Advised and assisted with getting COMM assets certified and accredited through the ICD 503 process
Acted as a liaison between the Program, PSOs, ISSEs, and ISSOs to complete all documentation required for system Approval to Operate (ATO)
Reviewed information system security artifacts for accuracy, relevance and compliance
Applied knowledge of IC, DoD, AF, and local requirements for system assessments
United States Air Force (December 1989 – July 2011)
January 2009 – July 2011 National Reconnaissance Office Chantilly, VA
Program Security Officer
Logistics Facility Support Group (L&FSG) Manager with oversight of 15 military and contractor personnel including $20M in security assets
Project Manager for physical and technical security infrastructure projects supporting classified programs
September 2007 – December 2008 National Reconnaissance Office Chantilly, VA
Manager, Information Management
& Technology Program
Led IT Program ensuring 24/7 computer support to 22 military, 4 government civilians, and 45 contractor personnel
Directed and managed acquisitions, repair, operation, and upgrade of 150 IT systems and served custodian of all IT material
September 2004 – August 2007 National Reconnaissance Office Chantilly, VA
Manager, Information Systems
Certification
Provided certification and accreditation assistance to Industrial Security Representative and contractors on Information System (IS) requirements
Led inspections at contractor facilities in accordance with established DCID 6/3 policies and implemented procedures, standards, and regulations governing the safeguarding of classified information
Reviewed, edited, and approved system security plans, CONOPs, Risk Management Matrix (RMM) and modifications to ensure compliance with DCID 6/3
October 2002 – August 2004 National Reconnaissance Office Chantilly, VA
Deputy Chief, Video
Network Operations
Managed and accounted for over $55M in operational multimedia communications equipment that governed the global videoconferencing network and services
April 2001 – September 2002 Air Force Studies and Analyses Agency Rosslyn, VA
Compute Systems Operator
Managed Information Technology (IT) support to 200 DoD and contract research analysts who provided critical analytic support to the Secretary of the Air Force, AF Chief of Staff, Office of the Secretary of Defense, Joint Staff, Air Staff and Major Air Force Commands (MAJCOM)
June 1999 – March 2001 United States Air Force Laughlin AFB TX
Logistics Manager
Managed two military Communications-Computer Systems (C-CS) operators who isolated faults, determined causes, and recovered from malfunctions due to hardware, software and communications failures. Applied security techniques to preclude unauthorized access to sensitive information and misuse of automated resources
December 1989– March 1999 Various Miliary Bases
Manager, Information Management
& Technology Program
Managed the supply of logistics-related data to support customers in the day-to-day general areas of acquisitions, supply, configuration management, technical requirements identification, installation and maintenance of equipment, safety and documentation development and maintenance
Education
Strayer University
Woodbridge, VA
Bachelor of Art, Computer Information Systems 2004
American Military University Charlestown, WV
Master of Science, Security Management 2012
Relevant Training
eMASS CBT Training
Cyber Security Fundamentals (CSF) 2023
Certified Information System Security Professional (CISSP) Certificate Training, 2018
Harvard Kennedy School Executive Education Cambridge, Cybersecurity: The Intersection of Policy and Technology, 2014
Certified ScrumMaster Training 2016
XACTA ISSO Training, 2015
ICD 503 Risk Management Framework (RMF), 2013
Introduction to CCTV Course, 2010
Survival Skills for the Acquisition Workforce, 2010
Building and SCIF Construction Course, 2009
DNI Physical Security DCID 6/9, 2009
Noncommissioned Officer Leadership School, 2007
Certifying and Accrediting Information Systems (C&A) DCID 6/3, 2004
Information Systems Security Workshop (ISSW) 2004
Skills
Tenable Nessus (ACAS), Fortify, Sonar Qube, XACTA, HBSS, Splunk, eMASS, Service Now (SNOW)
Mobile: 571-***-****
Email: ******.******@*****.***
Contact this candidate