Security Engineer Risk Management
Resume:
Edward Spaay
Engineer
Sykesville, MD ***** 717-***-**** *********@*****.***
LinkedIn: edward-l-8604001b0 – while with MissionSquare Retirement.
https://www.linkedin.com/in/EdwardS-Engineer “to see my previous roles”.
FYI – I prefer not communicating via SMS, use my email, please.
U.S. Citizen
SUMMARY
IT Security Engineer with over 18 years of hands-on experience in IT governance, risk, and compliance. Demonstrated expertise implementing enterprise technology solutions, leading infrastructure security initiatives, and driving compliance with leading frameworks (CIS, DISA, NIST). Proven ability to manage Active Directory, harden operating systems, streamline GPO deployment, and coordinate with security teams to ensure secure, stable environments. Skilled at risk mitigation, control assessment, and process improvement through plans of action and milestones (POA&Ms).
PROFESSIONAL EXPERIENCE
Senior Engineer Infrastructure Configuration
MissionSquare Retirement Washington, DC (Remote) last five years.
Jan 2016 – May 2025
Managed and secured core enterprise technologies, ensuring alignment with CIS, DISA, and NIST security benchmarks.
Led Active Directory clean-up and GPO management for Windows Server Domain Controllers (2019/2022), driving compliance and operational efficiency.
Coordinated with Enterprise Security and technical teams to implement and verify controls across nine key technology platforms.
Served as Subject Matter Expert (SME) for macOS, leading deployment, support, and technical documentation for enterprise and end users; leveraged Intune for device management and software provisioning.
Oversaw and maintained ServiceNow CMDB entries, tracked technology renewals, and ensured timely updates to security baselines.
Actively contributed as a member of the Security Ambassadors, supporting security awareness and compromise prevention initiatives across business units.
Utilized compliance tooling including Tenable.sc, Tenable.io, Wiz, ThreatLocker (for macOS), and Microsoft security products.
Platforms: Apple macOS (including Sequoia), Azure Foundation, NX-OS/Nexus, Oracle Cloud/Data/WebLogic/Solaris, Salesforce, Windows Server 2019/2022.
Software: Keeper Password Manager, ServiceNow, Microsoft AVD, Microsoft Defender, Microsoft 365, InTune, Azure, Microsoft Query.
Security Consultant
MAD Security Woodlawn, MD
Start Feb 2015 – End Jun 2015
Provided cybersecurity consulting for Centers for Medicare & Medicaid Services (CMS), delivering GRC and technical remediation expertise.
Skills: RedSeal, Vulnerability Management, POA&M’s and Risk matrix
Group Policy Consultant
Softworld, Inc. Columbia, MD
Start Mar 2014 – End Feb 2015
Specialization in Windows Group Policy design and implementation, supporting enterprise clients with secure access controls and policy baseline enforcement.
Skills: POA&M’s and Risk matrix, GPOs, Group Policy Preferences, Active Directory
OBXTek (Client: Social Security Administration)
Expert Security Engineer
Start September 2012 – End March 2014 Woodlawn, MD
Authored security configuration guides for multiple platforms.
Monitored enterprise-wide GPO changes, led Microsoft CAT teams for patch deployments, and managed Security Control Groups (SCGs).
Skills: POA&M’s and Risk matrix, Governance Risk Compliance (GRC),GPO Management, FDCC Templates.
Aligned Development Strategies, Inc.
Cyber Security Specialist (Client Centers for Medicare & Medicaid Services).
start January 2012 – end September 2012 Baltimore, MD
Created vulnerability assessment reports for 19 data centers.
Verified patch compliance and delivered cross-platform security recommendations for Windows, Unix, and Solaris.
Skills: POA&M’s, Vulnerability Management, Governance Risk Compliance (GRC), Patch Compliance
OBXTek (Client: Social Security Administration)
Expert Security Engineer
start December 2011 – end January 2012 Woodlawn, MD
Managed GPOs across 12 domains; monitored AD security controls and facilitated agency-wide patch rollouts.
Skills: POA&M’s and Risk matrix, Governance Risk Compliance (GRC),GPO Management, FDCC Templates.
MicroTech LLC (Client: Social Security Administration)
Senior Windows Security Engineer
Start August 2007 – End December 2011 Woodlawn, MD
Oversaw configuration and patch management across 128,000+ devices.
Authored SSA-specific security documentation aligning with NIST, DISA, and Microsoft standards.
Skills: POA&M’s and Risk matrix, Governance Risk Compliance (GRC), GPO Management, FDCC Templates
RS Information Systems Inc. (Client: Social Security Administration)
LAN/WAN Security Engineer
Start February 1999 End August 2007 Woodlawn, MD
Led Windows patch management across 120,000+ devices and ensured compliance with NIST and US-CERT standards.
Developed configuration documentation and security response protocols.
Skills: Governance Risk Compliance (GRC), GPO Management, FDCC Templates.
MEDEX Assistance Corporation, Inc.
Network Administrator
Start March 1997 – End February 1999
Maintained Microsoft NT4 infrastructure and antivirus solutions for secure enterprise operations.
Skills: Windows NT4, Antivirus Administration
Dryden Oil Company, Inc. (Castrol Heavy Duty Lubricants)
Network Administrator
Start March 1995 – End July 1998 Baltimore, MD
Supported and managed Windows NT4/Windows 95 environments across 16 locations.
Executed software rollouts and provided hardware diagnostics and troubleshooting.
Skills: LAN/WAN Support, Windows NT4.0
Kemper National Services, Inc.
Support Technician
Start March 1991 – End September 1993 Fort Lauderdale, FL
Skills: Novell Networking, Legacy Windows Systems
EDUCATION
Western High School, Diploma
Broward Community College, Davie, FL (Completed coursework, 12 credits short of degree)
TECHNICAL SKILLS
Active Directory & GPO Management
IT Governance, Risk & Compliance (CIS, DISA, NIST)
Security Baselines & Vulnerability Management
Windows Server (2019/2022), macOS
Microsoft Cloud (365, Azure, Intune, AVD)
Oracle Cloud Infrastructure & Databases
Cisco NX-OS & Nexus
ServiceNow (CMDB)
Keeper Password Manager, Tenable.sc/.io, Wiz, ThreatLocker, Microsoft Defender
Documentation, Knowledge Transfer & Training
Team Leadership, Mentoring, Collaboration
Core Strengths:
Critical Thinking Process Improvement Cross-Functional Teamwork Initiative Security Awareness.
Contact this candidate