Post Job Free
Sign in

Remote IT & Security Project Specialist with TS/SCI Clearance

Location:
Randallstown, MD
Posted:
April 14, 2026

Contact this candidate

Resume:

NELLIE JARBO HAMELBERG

********@*****.***

773-***-****

PROFESSIONAL PROFILE

Highly accomplished, Client-focused, process-driven professional with proven experience managing detailed projects through to successful completion. A proven talent for analyzing and providing technical support to existing business applications, solution-oriented, customer service driven collaborator with solid knowledge and thorough understanding to collaboratively influence personnel at all project levels, as well as synergies between end users and developers. Deep knowledge of operating systems, network protocols, scripting, vulnerability scanning tools, and cybersecurity frameworks, skills to explain complex security issues and recommendations to technical and non-technical audiences. Currently, I have a Top-Secret clearance/SCI with polygraph.

Areas of expertise include:

• System Analysis Problem Resolution Database Management

• User Documentation Project Documentation Technical Support

• Analytics, Dataflow, CNO, & Customer Interaction

• System Development & Implementation

• Policy Analyst Computer Applications System security

• Staff training Security Administration Risk Assessor

• System architecture Vulnerability Scan Nessus Security and infrastructure TECHNICAL SKILLS

SAP/R3, Window NT Workstation & Server, Visual Basic ADV. Microsoft Access & Excel 2003, Programming Logic v.4.0, C++ Local Area Network/Novell IntraNetware 4.11, SQL, UNIX SAS Fundamentals A programming approach, MS-Office, Oracle Financials HTML, JCL, Active Directory, Splunk, CSAM, JIRA /Confluence IPost, iMatrix, Business Object, PeopleSoft, Application, Mercury, BAAN PCN, Catalyst, Visual Source Safe

Mainframe and Manugistics, SAFe DevOps, Agile Scrum environment Security Clearance: Active TS / SCI Full-Scope Polygraph EDUCATION

• MBA – Management, Strayer University, Owings Mills, MD, 2018

• MS - Computer Security Management, Strayer University, Owings Mills, MD, 2009

• BS - Networking Specialist / Programming, Robert Morris College, Chicago, IL, 2004 Sr. System Vulnerability Analyst April 2022 – Present Arundel, MD Gormat LLC, DOD

• Perform enterprise-level system and data analysis across DOD Weapons and Space Systems supporting modernization and platform migration efforts; leverage advanced critical thinking capabilities to identify organizational cybersecurity risks and impacts.

• Work with Computer Network Operations (CNO) dataflow systems involving how data is acquired, processed, and transmitted within specialized, often sensitive, intelligence or defense environments.

• Conduct detailed analysis of legacy system architectures, identifying data structures, relationships, and security dependencies used to inform modernization strategies.

• Support data risk modeling, data integrity validation, and security controls for sensitive mission systems.

• Serve as a technical bridge between product development and policy / compliance / legal requirements.

• Perform quantitative and qualitative data analysis across multiple systems to assess integrity, vulnerability, and usability.

• Use Confluence to document complex system interactions.

• Develop formal reports and executive visualizations translating complex system data into actionable insights.

• Track risk exposure, data trends, and remediation progress across enterprise systems.

• Collaborating with team members in creating a new Risk Methodology in identifying, assesses, and prioritizes security weaknesses in an organization's networks and systems to reduce the risk of cyberattacks in the organization.

• Conducts evaluations on assessment reports of systems, networks, and applications to determine the severity and potential impact of vulnerabilities.

• Conduct Tier 1 (organization) and Tier 2 (business/mission) level cybersecurity risk assessments in accordance with NIST Federal Information Processing Standards and Special Publications, Office of Management and Budget (OMB), DOD Operational Directives, and other regulatory authorities.

• Perform detailed quantitative and qualitative organizational research and analysis regarding cybersecurity risks (threats, vulnerabilities, likelihood, and impact).

• Identify and develop detailed actionable recommendations for remediating cybersecurity risks in alignment with the organization’s defined risk tolerances and risk threshold.

• Gather threat and vulnerability information from internal and external information sharing forums and sources.

• Communicate cybersecurity risk evaluations results through written narrative reports and executive-level presentations.

• Identify, coordinate, track remediation, and monitor risk exposures; identify and communicate trends in data.

• Evaluate cybersecurity program effectiveness in identifying, managing, and reducing risk.

• Collaborate cross-functionally with internal analysts and engage external stakeholders to build awareness of cybersecurity risk assessment initiatives by using Risk Methodology.

• Characterize attacks with respect to resources and capabilities required to accomplish attacks.

• Attend and participate, as needed in technical exchange meeting (TEM) for vulnerability assessment reports, to be informed about emerging threats and vulnerability to anticipate and prevent future attacks to related vulnerabilities and attacks to their effects on the operations and missions supported by those systems.

• Address questions and concerns regarding assessment reports that have automated vulnerability scanners, penetration testing tools, and custom scripting to find and validate vulnerabilities.

• Keeping up to date with emerging cyber threats, new vulnerabilities, and evolving security policies and regulations

.

Sr. Security Engineer March 2021 – April 2022 Columbia, MD Leidos Inc., DOD

• Supported designs for large-scale systems are validated and verified with the system security requirements from validation plan, defining system requirements, validation protocol, test specification, testing, develop/revise procedures, and final report are established.

• Conducted system design reviews impacting databases, applications, and data pipelines.

• Assisted with the development of system requirements, functional requirements, and allocation of the same to individual hardware, software, facility, and personnel components.

• Conduct architecture reviews and suggest enhancements to improve security posture across infrastructure, network, and endpoint environments.

• Ensure, leading and/or contributing to the security planning, assessment, risk analysis, risk management, certification and awareness activities for various system and networking operations.

• Collaborate with internal and external stakeholders to implement security initiatives across the enterprise.

• Manage problems and conflict resolution within the team and with customers, ensuring smooth operations.

• Support incident, change, and problem management processes following ITIL best practices.

• Provide status updates, metrics, and reporting to leadership on security posture and initiatives and familiarity with eMASS, Xacta, or similar compliance management platforms.

• Working externally with System Engineering, Test Engineering, and Integration teams from other agencies to ensure that the hardware and software architecture and implementation meet the security requirements for processing classified information which uses COTS like DB Protect, Venafi related agile team activities.

• Ensure, analyzing and assessing system implementation against multiple security compliance policies and recommending and implementing enhancements.

• Managed, evaluating the impact of new development on the operational security posture of the system and reviewing, and testing security-critical software which uses COTS like DB Protect.

• Ensure and identified systems monitoring, reviewing audit logs, searching, analyzing, and visualizing the machine-generated report in real time by using Splunk.

• Resolve and identified systems vulnerabilities attacks by capturing, indexing, and correlating the real time data in a searchable container and produces graphs, alerts, dashboards, and visualizations of systems by using Splunk.

• Familiarity with federal compliance frameworks (DoD, STIGs, NIST, FISMA)

• Lead and mature the security operations team, driving best-in-class operational practices.

• Participate in cybersecurity governance meetings, providing expert recommendations and insights.

• Serving as a subject matter expert in security architecture to include providing advice to Program Managers, Customer technical experts, and internal program teams.

• Supporting risk assessment, risk management, security control assessment, continuous monitoring, service design, and other program support functions. Team Lead Info. Security Systems Officer Jan 2020 – Oct. 2020 Washington, DC ManTech, DOJ

• Lead and manage a diverse team of Information Security professionals for the assessments of systems, networks and applications within the networking environment or enclave to identify vulnerabilities, misconfigurations, and deviations of enclave for local policies.

• Maintaining and enforcing all Information Security policies, standards, and guidelines is in accordance with published federal, state or industry regulations, requirements, or standards.

• Create and maintain existing information system security documentation, including System Security Plan (SSP), Security Controls Matrix and/or Assessment, and Security Configuration Guide (controlled changes to the system) in RiskVision application.

• Conduct systems vulnerability scan in Tenable Nessus and AppScan that quickly and easily identify and fix vulnerabilities including software flaws, missing patches, malware, and misconfigurations across a variety of operating systems, devices, and applications.

• Implement vulnerability management programs, including tracking that identify, investigate, and prioritize the remediation of vulnerabilities and misconfigurations in the systems, security patches, accessing applicability to existing systems, and ensuring closure.

• Provides leadership, support and guidance to Director, Unit chief, Program Managers by ensuring compliance with established organization and regulatory guidelines and procedures to provide high quality service and outstanding customer care.

• Monitor system recovery processes to ensure security features and functions are restored and function correctly following an outage while working with the UNIX and DBA team.

• Create and maintain systems audit log report in Splunk and review and track the remediation process as needed for KPMG and A-123 audit.

• Prepare system documentation from assessment report in accordance with NIST Special Publications (800-37, 800-53 and others), the Risk Management Framework (RMF), and conduct system report to identify deficiencies of systems and provide recommendations for solutions to improve information security, strengthen the risk management processes, and encourage reciprocity among federal agencies.

• Create and track findings with Plan of Action and Milestones (POA&M) through mitigation and/or risk acceptance in CSAM and Change Request of systems security policies and maintain existing information system security documentation in JIRA.

• Involved in KPMG and A-123 audit by conducting daily, weekly, and monthly audit review and management of the audit collection system to ensure compliance with the authorization package.

• Participate in the management change process, including reviewing Requests for Change

(RFC) and approve the assessment of a potential change's security impact.

• Involved in manager and senior management meetings, responsible for coordinating with the customer, external organizations and security professionals to identify and implement security solutions designed to monitor, detect, respond, and report to security relevant changes in operational systems.

• Ensures and promotes the development of the team succession through coaching, training, and leadership development.

• Ensures a strong and robust communications process between all managers and staff within the area and across the division, as needed by leading communications sessions and meetings with managers and ensuring the appropriate dissemination of communications to support staff.

• Manages the staffing through the appropriate hiring, firing, and disciplinary actions in collaboration with HR.

• Ensure all users have the requisite security clearance, authorization, need-to-know, and are aware of their security responsibilities before being granted access to the system, and periodically thereafter.

Sr. Security Engineer Sept. 2017 – Jan. 2020 Ballston, VA System High, DHS

• Supported enterprise system assessments focused on system dataflows, backend services, and database integrations.

• Led assessment teams performing deep technical review of applications, databases, and connected systems.

• Evaluated incident data, attack vectors, and system logs to improve data integrity and platform resiliency.

• Developed security and system documentation supporting mission databases, analytics platforms, and reporting systems.

• Managed and ensure that the Security Assessment task teams perform highly technical and advanced testing and evaluation to discover and demonstrate vulnerabilities in information systems to provide assessment support, artifact collection, findings, analysis, and conclusions.

• Managed and ensure that interconnection agencies of all sizes better understand, administer, and reduce their cybersecurity risk and protect their networks and data by using the National Institute of Standards and Technology's (NIST) Risk Management Framework as described in NIST SP 800-53 and system security control requirements described in the Committee of National Security Systems Instruction 1253;

• Ensure the creation of comprehensive security technical documentation, including System Security Plans, SOPs, Incident Reports, Threat-Actor capability reports and evaluate site system security readiness as part of an assessment team.

• Managed and ensured advanced research of cyber incidents and development of incident response and remediation recommendations by using findings to develop SCTM results, SAR, and POA&Ms.

• Ensure that intrusion detection and prevention by developing summary findings and recommendations and evaluate, assess, and recommend new application and coding security techniques and strategies.

• Evaluate and recommend new and emerging security products and technologies.

• Managed and ensure that Security Information and Event Management (SIEM) is implemented by recommending risk posture and mitigation strategies.

• Managed high visibility, high impact Cyber Security teams.

• Provide security assistance in consulting with clients to define needs and issues, developing requirements, and analyzing findings to advise and recommend solutions to clients. Info Security Eng. Principal March 2016 – Sept. 2017 Washington, DC ManTech, DOJ

• Develop and implement security strategies and architectures aligned with organization goals to protect information and systems by proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies.

• Maintain operational security posture for an information system, proactively identify, assess, and mitigate security vulnerabilities, threats, and risks through testing and analysis to ensure information systems security policies, standards, and procedures are established and followed.

• Supported continuous monitoring of system data, logs, and audit trails.

• Managed system POA&Ms affecting backend systems and business applications.

• Developed and implemented security strategies and architectures aligned with organization goals to protect information and systems by proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies.

• Maintained operational security posture for an information system, proactively identify, assess, and mitigate security vulnerabilities, threats, and risks through testing and analysis to ensure information systems security policies, standards, and procedures are established and followed.

• Supported continuous monitoring, risk assessment, and evaluation activities throughout the system's lifecycle by assessing the security impacts on an information system resulting from planned and unplanned changes to the hardware, software, firmware, or environment of operation.

• Evaluated security solutions to ensure they meet security requirements for processing classified information; perform vulnerability/risk assessment analysis to support certification and accreditation; provide configuration management (CM) for information system security software, hardware, and firmware.

• Manage changes to system and assess the security impact of those changes; prepare and review documentation to include Systems Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, Risk Vision, testing, and liaison activities; support secure systems operations and maintenance.

• Supported and ensure compliance with annual FISMA deliverables and reporting.

• Lead and support efforts in responding to and resolving security incidents and breaches, managed and supported annual self-inspection.

Security Specialist Sept. 2013 – March 2016 Rosslyn, VA Pragmatics, Department of State

• Develop, implement, and maintain security policies, procedures, and strategies that address how the organization intends to assess risk, respond to risk, and monitor risk and develop security policies, implement security systems, monitor for threats, and ensure compliance with regulations.

• Oversee security systems, networks, and servers for incursions and respond to data breaches or malware attacks, based on the findings of the appraisal, prepare recommendations for decisions on nonstandard requests, such as exceptions to policy, deviations from standards, and changes to policy that affect the operational information risk profile of the Department in accordance with NIST SP 800-30, SP 800-37, and SP 800-39;

• Create and enforce security policies, standards, and procedures to safeguard organizational risk estimate in lieu of an assessment when insufficient vulnerability data exists to support a full assessment.

• Determine the overall residual risk to the agency and the information contained in the information system that would result from operating the system.

• Support the determination of mission/business process protection and resiliency requirements.

• Conduct security audits, risk assessments, and tests to identify vulnerabilities and evaluate existing security plans in support of the organizational strategies, guidance, processes for managing risk, at all three tiers identified in NIST SP 800-39, 800-30 and the 800-53 “RA” family of controls and policies, including assessing the risk to the Agency that would result from granting exceptions to organizational policies;

• Develop a risk management strategy focuses on protecting the organization of risk and meet the standards and guidelines set forth in the NIST SP 800-30, Department information security policies that reflect Foreign Affair Manuel (FAM) and Foreign Affair Handbook (FAH).

• Managed/monitors work activities on iPost, iMatrix and a SharePoint site to ensure compliance with established policies and procedures; evaluates proposed changes to approved plans and specifications in a SharePoint site.

• Attends and participates in professional group meetings; stays abreast of current trends and innovations in the field of Computer Security.

• Develop internal standards, guidelines, and processes for conducting risk assessments and execute approved processes and report feedback from the field to the service management team to affect continuous improvement.

Policy Analyst

ARTI, Department of State Dec. 2009 – Sept. 2013 Rosslyn, VA

• Recommends approval of and submits memorandum to other departments with requirements ensure adherence to established policies procedures that reflect Foreign Affair Manuel (FAM) and Foreign Affair Handbook (FAH).

• Establish and implement effective requirements practices in the Department IT environment, to include use and continuous improvement in (e.g., FISMA/NIST and CNSS) security requirements. Coordinate/recommend with the development of the DoS requirements computer security policies, procedures, and tools.

• Interpreting and explaining DoS policies requirements and procedures in a requested memorandum from Foreign or Domestic departments.

• Recommend and coordinates while interpreting and preparing revisions to DoS Policy automatic processes using Visio design to plans, drawings, and specifications for DoS policy department automatic processes activities with other affected departments.

• Aids Division Chief Officer (DCO) in the interpretation of plans and resolution of problems during design of DoS Policy automatic processes.

• Managed/monitors work activities in an Access Database to ensure compliance with established policies and procedures, evaluate proposed changes to approved plans and specifications in an Access Database.

• Coordinate and recommend review of CNSS security policies to the Security Infrastructure Directorate (DS/SI).

• Prepares a variety of reports and correspondence on project matters including quarterly reports, monthly and final completion reports, and correspondence with other departments; and

• Attends and participates in professional group meetings; stays abreast of current trends and innovations in the field of Computer Security.

Computer Security Systems Specialist

TEKsystems, Federal Aviation Administration July 2009 – Dec. 2009 Washington, DC

• Initiate and Coordinate security management processes that keep malicious network incidents in check; Addressed and assessed Certification and Accreditation of all FAA systems security design issues in accordance with NIST Procedures documentation of all FAA security; Coordinate nationwide remediation actions for FAA Cyber Security Management Center issues and update in ARC tickets systems in accordance with FISMA compliance.

• Develop and maintain reporting systems that track security management processes and metrics.

• Tracking all POA&Ms in CSAM database; and

• Manage the SharePoint ARC Portals, including security/access, design, and implementation of new functionality to the Portals.

Security Application Analyst

Solo Cup Company Feb. 2004 – Dec. 2008 Owings Mills, MD

• Addressed security design issues and managed all aspects of application security including ID creation/management, deletion and testing in the Production, Test, Development and UAT environment. Procedures documentation.

• Create/modified/delete and testing users ID’s in Business Object, PeopleSoft Application, Mercury, BAAN, PCN, Catalyst, Visual Source Safe, Mainframe and Manugistics; Security tools, firewalls, Antivirus software; SAP project methodology in analyzing, designing, building, testing, troubleshooting & maintaining SAP Security in the Sandbox, Development; SAP Basis system monitoring (as related to SAP Security); Trouble-shooting skills including analytical and critical thinking approach;

Security Admin/ Systems Support Technician

National Multiple Sclerosis Society Jan. 2002 – Feb 2004 Chicago, IL

• Focusing on the installation and configure hardware and software, maintenance, and security of an organization's IT; Troubleshoot issues; Repair equipment (computer hardware) and manage physical security systems; Manage user access; Monitor security systems; Scan for vulnerabilities; Perform upgrades and patches and Enforce security policies documented procedures and training of various office applications.

• Setup and configured workstations while working in a LAN environment; Worked on TCP/IP, FTP, SCP, Firewall, Active Directory, and Anti-Virus administration; Involved in converting database to Citrix database.



Contact this candidate