| 20,000+ Fresh Resumes Monthly | |
|
|
| Related Resumes Project Management, Systems Engineer, Testing,Quality and Acquis Upper Marlboro, MD Information Systems Data Engineer Alexandria, VA System Planning Team Members Baltimore, MD Systems Security C# Bowie, MD Customer Support Systems Administrator Severn, MD Information Systems Security Officer Upper Marlboro, MD Information Systems Security Officer Chesapeake Beach, MD |
| Click here or scroll down to respond to this candidateGladysCurtissPHONE NUMBER AVAILABLEUSACitizenDOJUSMS/NTT-MAMAGRLLC/GuidehouseSeniorInformationSystemSecurityOfficerJanuaryStreet Address July2023 Providessupportforaprogram,organization,system,orenclavesinformationassurance program. Maintainsoperationalsecuritypostureforaninformationsystemorprogramtoensure informationsystemssecuritypolicies,standards,methodologies,andproceduresareestablished andfollowed. Assistswiththemanagementofsecurityaspectsoftheinformationsystemandperforms day-to-daysecurityoperationsofthesystem. FollowingNIST800-53andFedRAMPrequirements Evaluatesecuritysolutionstoensuretheymeetsecurityrequirementsforprocessingclassified information.Performsvulnerability/riskassessmentanalysistosupportcertificationand accreditation. PreparesandreviewsdocumentationtoincludeSystemSecurityPlans(SSPs),RiskAssessment Reports,CertificationandAccreditation(C&A)packages,andSystemRequirementsTraceability Matrices(SRTMs).SupportssecurityauthorizationactivitiesincompliancewithNational InstituteofStandardsandTechnologyRiskManagementFramework(NISTRMF). ProvidesupportfortheATOprocessdocumentation,MitigationsPlanofAction&Milestones, PrivacyImpactAssessment,DisasterRecoveryPlan,IncidentResponsePlan,BusinessImpact Analysis UseeMASS/CSAMtostoreandtracksecurityrelatedartifactsanddocumentationrelatingtothe productAuthoritytoOperate(ATO). ProvideCloudAWSsupportmonitorAWSconsoleandserversactiveonandoffpermises Monitorandconductanalysisaroundsecurityalertsfromavarietyofnetwork,endpointand cloud-basedsensorsandsources(e.g.signaturebasedIDS/IPS,EDR,networkinfrastructure, identityandaccesscontrollogs,etc.). Investigationsandmitigationofsecuritythreats. Ensureaccuratedocumentationofanalysisfindings. Assistinresolvingsecurityincidentsandcontributetoincidentreports. Regularlycommunicatewiththeteamthroughmeetings,workflowtracking,andincident managementsystems. Collaboratewithsub-componentorganizationsandexternalentities. PrepareIncidentReports,After-ActionReports,andSOCAnalysisreports. Supporttheoperationandtuningofmonitoringandanalysiscapabilities(e.g.detection signatures,correlationrules,automationplaybooks,etc.) Supporttheassessment,testing,anddeploymentofnewmonitoringandanalysiscapabilities(e.g. sensors,cross-capabilityandexternalintegrations,etc.). Establishprojectgoalsandsuccessfactors,developprojectplans,budgetsandscheduleswith inputandbuy-infromkeystakeholdersandteammembers. Collaboratewithstakeholdersindevelopingrepeatableinformationassuranceandcybersecurity processesandaidSecurityControlAssessorsinsupportoftheAssessmentandAuthorization process. Providerecommend,install,configure,operate,andmaintainclient-approvedITsecuritytools andapplicationstosupportoverallinformationassuranceactivities Assistwithpreparationandmaintenanceofdocumentation Assistintheevaluationofsecuritysolutionstoensuretheymeetsecurityrequirementsfor processingclassifiedinformation AssistwiththeCMforinformationsystemsecuritysoftware,hardware,andfirmware DevelopandmaintaindocumentationforC&Ainaccordancewithguideline Developsystemsecuritypolicyandensurescompliance Evaluatesecuritysolutionstoensuretheymeetsecurityrequirementsforprocessingclassified information Maintainoperationalsecuritypostureforaninformationsystemorprogram DevelopandupdatethesystemsecurityplanandotherIAdocumentation AdministertheuseridentificationandauthenticationmechanismoftheInformationSystem(IS) FederalAviationAdministrationFAA/KnowledgeAnalyticsIncKAI ITAuditorApril2019-October2019 DevelopFISMAReportingworkflowandprocessplanfor"FISMACIOandPrivacyReporting Metricstoenhancetheefficiencyofdatacalls,datacorrelationandroll-up,andreportingof agencyFISMAresponses. Correlate"FISMACIOandPrivacyReportingMetricstoOpenActionItemsfromcurrentand prioryearFISMAaudits.Evaluateautomatedcapabilitiestotrack"FISMACIOandPrivacy Metricsreportingdatacallsandresponsesasrequested,providesupportforFOIArequestand documentationfollowup. Assistswiththedevelopmentofanauditworkflowandprocessplanforauditstoenhancethe efficiencyofauditcoordination,datacalls,responsesandremediationeffortsrelatedtoaudit findings. Attendauditmeetings,conductdatacallsinsupportofallauditsasdirected.Reviewaudit findingsfortechnicalaccuracyandrecommendcorrectivesolutionsCorrelateauditfindingsto OpenActionItemsfromcurrentandprioraudits,Maintainandtrackstatusallexistingopenaudit findingstoclosure. Evaluateautomatedcapabilitiestotrackallauditdatacalls,responsesandremediationefforts. Assistswiththedevelopmentofandimplementanautomatedcapabilitytotrackallauditdata calls,responsesandremediationefforts,inclusiveofpopulationandmaintenanceofautomated capability. Assistwiththedevelopmentofaninternalcomplianceworkflowandprocessplantoenhancethe efficiencyandaccuracyofcomplianceaudits.Assistwiththedevelopmentofcompliance requirementsframeworkstoincludethemostcurrentlegislative,departmental,andagency requirementsasrequested.Assistwiththedevelopmentandimplementationofcompliance communicationsandprogrammanagementplansasrequested. SupportandparticipateinIS&Pcompliancereviews,inclusiveofgatheringandenteringdata, verifyingtheaccuracyofdatasubmitted,analyzingandreportingresults,draftingnoticesof findings,recommendingremediationoptions,andmonitoringandreportingtheprogressof remediationactivities,create,modifyandclosePOA&M, Administerbaselinecomplianceassessmentforpersonallyidentifiableinformation(PII)Systems andconducttargetedcompliancereviewsasneeded.Supportincludesgatheringandentering data,verifyingtheaccuracyofdatasubmitted,analyzingandreportingresults,draftingnoticesof findings,recommendingremediationoptions,andmonitoringandreportingtheprogressof remediationactivitiesandsupportingsystemAuthoritytoOperate(ATO). PerformPrivacyContractReviews,whichrequirescoordinationwithContractingOfficers. ReportfindingsanddevelopremediationplansasdirectedandRiskManagementFramework(RMF).CentersforMedicare&MedicaidServices(CMS)/Ernst&Young,/I-Visionet ITSecuritySeniorStaffAuditor(SeasonalAuditor)May2016December2018 Evaluatedthedesignandeffectivenessoftechnologycontrolsthroughoutthebusinesscycle. IdentifiedandcommunicatedITauditfindingstoseniormanagementandtheclient. Supportedspecificrequirementsforhardwareandsoftwareevaluation,systemsmanagement,or systemdevelopmentmaintenanceandsupportingsystemAuthoritytoOperate(ATO). ProvidedITsupportusingbestpracticesinconjunctionwithexistingpolicyandprocedures withinaGovernmentinfrastructureenvironment. Performedsystemsanalystdutiesrelatingtotheevaluationofcomputerhardwareandsoftware. Providedsupportinestablishingandmaintainingadequateinformationresourcemanagement solutionsandRiskManagementFramework(RMF). Conductdatacallsinsupportofallaudits,asrequired. Managedthedevelopmentofdetailedprojectplansandbudgetsandbeaccountableforexecuting Providedsupportfortheinformationresourcemanagementactivities. Asassigned,helpsupportotherdepartmentsanddivisions,servingasaknowledgeableresource ofprocesscontrolandreview. Helpedidentifyperformanceimprovementopportunitiesforassignedclients. DeliveredITsupportusingbestpracticesinconjunctionwithexistingpolicyandprocedures withinaGovernmentinfrastructureenvironment,providesupportforFOIAfollowupand documentation. Performedsystemsanalystdutiesrelatingtotheevaluationofcomputerhardwareandsoftware supportingGRC. Providedsupportinestablishingandmaintainingadequateinformationresourcemanagement solutions SupportedthroughtheChangeAdvisoryBoardandConfigurationmanagementcontrolsto introduceandimplementimprovementstocurrentprocessesandservicedeliverystrategy. ProvidedsupportfortheinformationresourcemanagementactivitiesfortheGovernmentacrossa diversesetoftechnologicalandbusinesselementsbyapplyingsoundinformationresource managementtoolsandtechniques.TekSystems/ICMA-RC,Washington,DCSeptember2017February2018ITSeniorSecurityEngineer-Contract ManagedthePOA&MprocessandcoordinateswithISSM,auditors,andassessorsforinputsto supportprocesses. Reviewedandapproved/rejectedPOA&Mcreationtemplatesandmitigationstrategies. ProvidedfeedbacktoISSMs,auditors,andassessorsonrejectedPOA&McreationTemplates, MitigationStrategiesARs,andevidencepackages. CreatedPOA&MinCSAMfollowingreviewandapprovalbythetechnologyoffice. Reviewedsysteminformation(includingsystemsecurityandprivacyinformation)andsystem securitydocumentationinCSAMtoensureitisup-to-date. SupportedspecificrequirementsforhardwareandsoftwareevaluationsupportingGRC,systems management,orsystemdevelopmentmaintenance,andsystemAuthoritytoOperate(ATO) processes,andcreatingartifacts. ProvidedITsupportusingbestpracticesinconjunctionwithexistingpolicyandprocedures withinaGovernmentinfrastructureenvironment. Performedsystemsanalystdutiesrelatingtotheevaluationofcomputerhardwareandsoftware. Providedsupportinestablishingandmaintainingadequateinformationresourcemanagement solutions. Managedthedevelopmentofdetailedprojectplansandbudgetsandbeaccountableforexecuting Providedsupportfortheinformationresourcemanagementactivities. Asassigned,helpsupportotherdepartmentsanddivisions,servingasaknowledgeableresource ofprocesscontrolandreview. Maintainedcurrentsoftwarelicensesandensuredsecurityrelateddocumentationiscurrentand accessibletoproperlyauthorizedindividuals. Conducteddatacallsinsupportofallaudits,asneeded. ProvidedsupportthroughtheChangeAdvisoryBoardtointroduceandimplementimprovements tocurrentprocessesandservicedeliverystrategy. SupportedtheinformationresourcemanagementactivitiesfortheGovernmentacrossadiverse setoftechnologicalandbusinesselementsbyapplyingsoundinformationresourcemanagement toolsandtechniques. ValidatedremediationevidenceforopenPOA&MsandsupportingdocumentationforARs. ClosedPOA&MsandARsuponreceiptandvalidationofenoughevidence. ProcessedAuditAccountabilityandresolutiontrackingsystem(AARTS)POA&MsinCSAM workingwiththeofficeofthecomplianceofficer(OCO)toobtainremediationevidence. SupportedRiskAssessmentsandreviewsystemauditingscan;usingIAtools:Nessus,emass, Xacta,andSplunk. ProcessedGuarantyAgency(GA)reviewPOA&MS.APEX/GlobalNetwork/NoFederalSeptember2016December2016InformationAssuranceAnalyst Performingvulnerability/riskassessments MusthaveindepthknowledgeofNIST,FISMA,andOWASPcontrols/framework Experienceperformingorleadingsecurityaudits,aswellasanalyzinguncoveredrisks,and presentingsolutions/mitigationtechniquestouppermanagement. Experiencewithoperatingsystems(Windows,Linux&Cisconetworks) Workingknowledgeofsystemfunctions,cybersecuritypolicies,andcybersecurityprotection requirements Strongcommunicationskillsandexperiencepresentingtokeystakeholders/management Workedwithvulnerabilitymanagementtools:Qualys&Nessus SupportingSystemAuthoritytoOperate(ATO)Processes,andcreatingartifacts,controls implementationdetailinPOAMsIntelliDyneLLC,FallsChurch,VA/DepartmentofJustice(DOJ) February2014August2016SystemSecuritySpecialist-Contract WorkedwithOASATRChief/SystemOwnerprovidesecuritysupportdirectlyandworkingwith GovernmentISSMsupportingsecurityoperationsassociatedwithPre-Authorization(Certification)/CoreControlAssessment,RiskManagement,ConfigurationManagement,Change Control,andAccessControl. Providedguidelinestoimplementsecurityconfigurationbaselinesandreviewnewrequirements STIGEnsuresecurityconfigurationbaselinescomplywithcustomerstandards. SupportedRiskAssessmentsandreviewsystemauditingscans;usingIAtools:Nessus,emass, Xacta,andSnort. ResolvePlanofActionandMilestones(POA&M)toincluderisklevel. Establishedinformationassuranceandsecurityrequirementsbasedupontheanalysisofuser, policy,regulatory,andresourcedemands. Performedanalysis,design,anddevelopmentofsecurityfeaturesforsystemarchitectures. Supportedspecificrequirementsforhardwareandsoftwareevaluation,systemsmanagement,or systemdevelopmentandmaintenance. ProvidedITsupportusingbestpracticesinconjunctionwithexistingpolicyandprocedures withinaGovernmentinfrastructureenvironment. Performedsystemsanalystdutiesrelatingtotheevaluationofcomputerhardwareandsoftware. Providedsupportinestablishingandmaintainingadequateinformationresourcemanagement solutions. Monitorandconductanalysisaroundsecurityalertsfromavarietyofnetwork,endpointand cloud-basedsensorsandsources(e.g.signaturebasedIDS/IPS,EDR,networkinfrastructure, identityandaccesscontrollogs,etc.). Collaborateoninvestigationsandmitigationofsecuritythreats. Ensureaccuratedocumentationofanalysisfindings. Assistinresolvingsecurityincidentsandcontributetoincidentreports. Regularlycommunicatewiththeteamthroughmeetings,workflowtracking,andincident managementsystems. Collaboratewithsub-componentorganizationsandexternalentities. PrepareIncidentReports,After-ActionReports,andSOCAnalysisreports. Supporttheoperationandtuningofmonitoringandanalysiscapabilities(e.g.detection signatures,correlationrules,automationplaybooks,etc.) Supporttheassessment,testing,anddeploymentofnewmonitoringandanalysiscapabilities(e.g. sensors,cross-capabilityandexternalintegrations,etc.). Managedthedevelopmentofdetailedprojectplansandbudgetsandwasaccountablefor executing. Providedsupportfortheinformationresourcemanagementactivities. Assistedotherdepartmentsanddivisions,servingasaknowledgeableresourceofprocesscontrol andreview. Maintainedcurrentsoftwarelicensesandensuresecurityrelateddocumentationiscurrentand accessibletoproperlyauthorizedindividuals. ProvidedsupportthroughtheChangeAdvisoryBoard/ChangeManagementtointroduceand implementimprovementstocurrentprocessesandservicedeliverystrategy. AssistedtheinformationresourcemanagementactivitiesfortheGovernmentacrossadiverseset oftechnologicalandbusinesselementsbyapplyingsoundinformationresourcemanagement toolsandtechniques. ProficientwiththeNIST/FISMAprocesses,frominceptiontocreatingPOA&M's;Successful withauditingandreportingonnetworkandsystemsecurity,reviewsystemscananddetecting systemvulnerabilities,performingcomplexriskanalysesandriskassessment,andmitigating riskstosystemssecurity ProvidedknowledgeableinsightwiththeNationalInstituteStandardsandTechnology(NIST) 800series,andFederalInformationSecurityManagementAct(FISMA) Created/Modifiedpoliciesforcontrolsusedtoensuresecurityserviceconfigurations,andaccess controlrulesforusersaccessingresources,forallsecuritydevicesProvideSharePointsiteand contentadministrationformaintenanceofusersandsitecontentincludingadding/deletingusers, adding/maintainpermissions,creating/maintainingsites,workspaces,listsandlibraries. CustomizedandmaintainedSharePointportalstoautomatebusinessprocessestoprovidebetter servicetothecustomerand/orefficienciesinprogrammanagement. DevelopedSharePointandNintexworkflowsaswellasgeneraltroubleshootingofSharePoint andworkflowproblems. Gatheredrequirements,documentedprocesses,andbusinessprocessreengineering. Providedfront-endwebdevelopmenttechnologiesinordertoprovideknowledgemanagement supporttoneworevolvedversionsofknowledgemanagementportal Cambridge,Washington,DC/CensusBureauFebruary2013-February2014InformationAssuranceSecuritySpecialist Providedsupportandimplementedsecuritysolutionsforoperationandmaintenancetothe InformationTechnology(IT)systemsandTelecommunications(TCO)infrastructure. Developedsecurityconfigurationbaselinesfortechnologycomponentsinaccordancewith FederalNISTandCenterforInformationSecurity(CIS)benchmarks. Workedcloselywithadministrators/systemownerstoimplementallsecurityconfiguration baselinesEnsuresecurityconfigurationbaselinescomplywithcustomerstandards. Conductedriskassessments,systemauditinganddatacalls. ResolvedPlanofActionandMilestones(POA&M)toincluderisklevel. Establishedinformationassuranceandsecurityrequirementsbasedupontheanalysisofuser, policy,regulatory,andresourcedemands. Supportedhighlevelcustomersinthedevelopmentandimplementationofdoctrineandpolicies. Responsibleforspecificrequirementsforhardwareandsoftwareevaluation,systems management,orsystemdevelopmentandmaintenance. ProvidedITsupportusingbestpracticesinconjunctionwithexistingpolicyandprocedures withinaGovernmentinfrastructureenvironment. Performedsystemsanalystdutiesrelatingtotheevaluationofcomputerhardwareandsoftware. Establishedandmaintainedadequateinformationresourcemanagementsolutions. Managedthedevelopmentofdetailedprojectplansandbudgetsandbeaccountableforexecuting Providedsupportfortheinformationresourcemanagementactivities. Asassigned,helpsupportotherdepartmentsanddivisions,servingasaknowledgeableresource ofprocesscontrolandreview. Maintainedcurrentsoftwarelicensesandensuresecurityrelateddocumentationiscurrentand accessibletoproperlyauthorizedindividuals. HelpedtheChangeAdvisoryBoardtointroduceandimplementimprovementstocurrent processesandservicedeliverystrategy. ProvidesupportfortheinformationresourcemanagementactivitiesfortheGovernmentacrossa diversesetoftechnologicalandbusinesselementsbyapplyingsoundinformationresource managementtoolsandtechniques. UpdatedcontentonKnowledgeManagementportalsofallapplicableprogramandproduct managementartifacts. ProficientwiththeNIST/FISMAprocesses,frominceptiontocreatingPOA&M's. Auditedandreportedfornetworkandsystemsecurity,scanninganddetectingsystem vulnerabilities,performingcomplexriskanalysesandriskassessment,andmitigatingrisksto systemssecurity,usingIAtoolseMASS,XactaIAManagerProducts,andNessus. ProvidedSharePointsiteandcontentadministrationformaintenanceofusersandsitecontent includingadding/deletingusers,adding/maintainpermissions,creating/maintainingsites, workspaces,listsandlibraries. CustomizedandmaintainedSharePointportalstoautomatebusinessprocessestoprovidebetter servicetothecustomerand/orefficienciesinprogrammanagement. DevelopedandtroubleshotSharePointandNintexworkflows GeneralDynamics,Washington,DC/LibraryCongressMay2012December2013InformationAssuranceSecuritySpecialist-Contract EstablishedandmaintainedaSecurityConfigurationBaselineprogramperNationalInstitute StandardsandTechnology(NIST)800-53,FederalInformationSecurityManagementActof 2002(FISMA),andFederalInformationProcessingStandards(FIPS)series140(U.S. Governmentcomputersecuritystandards)guidance. Developedsecurityconfigurationbaselines(hardeningguidelines)foreachtechnologyin accordancewithFederalNIST(USGCB)andCenterforInformationSecurity(CIS)benchmarks. Workedcloselywithadministrators/systemownerstoimplementallsecurityconfiguration baselines. Conductedauditstoensurethatsecurityconfigurationbaselinesareincompliancewithcustomer standards(hardeningguidelines). Establishedandimplementedthecorrecthardeningguidelinesforserversintheproduction hostingenvironment Assistedwiththedevelopmentandexecutionoftheassetinventoryfortheorganization'sIT resourcestodeterminewhichhardwareequipment,operatingsystems,andsoftwareapplications areusedwithintheorganization. PerformITsystemauditsandconducteddatacallsinsupportofallaudits,requestingadditional evidentasrequired. Createdpoliciesforcontrolsusedtoensuresecurityserviceconfigurations,andaccesscontrol rulesforusersaccessingresources,forallsecuritydevicesandapplicationsincludingantivirus, firewall,andintrusiondetectionandprevention. Appliedbaselineprotectionanalyzesthesecurityrequirementandrecommendssecuritymeasures deemedadequate. Monitoredsecuritysourcesforvulnerabilityannouncements,patchandnon-patchremediation, andemergingthreatsthatcorrespondtothesoftwarewithinthePVG'ssysteminventory. Createdavulnerabilityremediationdatabaseandprioritizedtheremediationofvulnerabilitiesfor theorganization.GrantThornton,Washington,DCOctober2011-May2012SeniorAssociate-Contract AssessedITsystemsanddeterminedstatusofinformationsecuritycontrolsforcompliancein accordancewithNIST800-53apublications. Metwithvariousclientsandconductinterviewsregardingsysteminformation;analyzesystem documentationtodeterminethestatusofcontrols;developandpresentresultsoftheassessments. Interpretedandapplied(NIST)NationalInstituteofStandardandTechnologypublications governingtheFederalInformationSecurityManagementAct.Analyzedvulnerabilityand compliancescanresultsonvarioussystems;networks;andgeneratedfindingsofnon-compliance andsecuritydeficiencies. WorkedwithVAmanagementstaffteamleads;providingsupportandidentifyingaccurate vulnerabilitysolutions. Performedriskassessments,systemauditing,developingsecurityplans,conductingsecuritytests andevaluations(ST&E)fortechnicalverificationandvalidationofsecuritycontrols. EvaluatedcomplexITnetworksandsystems. Conductedvulnerabilityassessmentsandpenetrationtests;providedfullscopesecurity integration;utilizationofNIST,FISMA,PrivacyAct,HIPPA,OMB,andFIPSfederalITsecurity standards;policies;andproceduresasdeemedappropriate. Maximizedcompliancetofederallawsanddirectives;includingpreviousexperienceadvisingthe governmentonhowtoconvertlawsanddirectivesintoagency-levelpolicyandothergovernance documentation. Conducteddatacallsinsupportofallaudits. ResponsibleforITSecurityrequirementstechnicalsecuritycountermeasures,riskmanagement processes,contingencyplanning,anddatacommunicationsnetworking. ConductedsecurityriskassessmentandremediationandconfigurationTools:ArcSight,Retina, Nessus,Snort,RiskVision,Xacta,andNmap. UsedMicrosoftOfficeSuite;MSProjectandVisio,tocreate,publish,anddeliverbriefing materials. Developedandpresented,bothverballyandinwriting,technicalinformationandpresentationsto non-technicalaudiencesLochHarborGroup,Alexandria,VA/VeteransAffairsFebruary2010October2011SeniorInformationAssuranceEngineer/DataBreachAnalyst-Contract DevelopedRiskAssessmentBestPracticesChecklistforIncidentManagerforsecurityand vulnerabilitybreaches ProvideITsupportusingbestpracticesinconjunctionwithexistingpolicyandprocedures withinaGovernmentinfrastructureenvironment. Performsystemsanalystdutiesrelatingtotheevaluationofcomputerhardwareandsoftware. Providesupportinestablishingandmaintainingadequateinformationresourcemanagement solutions. Managethedevelopmentofdetailedprojectplansandbudgetsandbeaccountablefor executing Analyzedvulnerabilityandcompliancescanresultsonvarioussystemsandnetworksthat generatedfindingsofnon-complianceandsecuritydeficiencies Providesupportandidentifyingaccuratesolutionsforweaknesses/vulnerabilities Performingriskassessments,developingsecurityplans,conductingsecuritytestsand evaluations(ST&E)fortechnicalverificationandvalidationofsystemsecuritycontrols evaluatingthesecuritycontrolsofcomplexITnetworksandsystems,conductingvulnerability assessmentsandpenetrationtestsofITsystemsandnetworksaplus.developmentlifecycle andsecurityintegration,FederalITsecurityregulations,standards,policies,andprocedures(e.g.,NIST,FISMA,PrivacyAct,HIPPA,OMB,andFIPS)technicalbackgroundwitha varietyofcomputerhardware,software,andcommunicationsystemsincludingsystem integration,networkarchitectures,andphysicallogicalcommunicationsystems/devices. Usesecurityriskassessmentandremediationandconfigurationtoolsincluding:ArcSight, Retina,Nessus,Snort,RiskVision,andNmap. Businessprocessandimprovementplansandpolicyandproceduralsupportriskincident managementandvulnerabilitydetection. ProvideSharePointsiteandcontentadministrationformaintenanceofusersandsitecontent includingadding/deletingusers,adding/maintainpermissions,creating/maintainingsites, workspaces,listsandlibraries. CustomizeandmaintainSharePointportalstoautomatebusinessprocessestoprovidebetter servicetotheDoDcustomerand/orefficienciesinprogrammanagement. DevelopmentofSharePointandNintexworkflowsaswellasgeneraltroubleshootingof SharePointandworkflowproblems.Requirementsgathering,documentprocessing,andbusinessprocessreengineering GlobalCommerce&Information,Inc./LockheedMartin,Baltimore,MD/SocialSecurity AdministrationSeniorSecurityAnalystContractFebruary2009-February2010 WorkedcloselywithSSACATFDirectorandProjectmanagergatheringinformationtodevelop andstreamlinequalitydocumentoutline. Analyzed,defined,anddocumentedrequirementsfordata,workflow,hardwareandoperating systemenvironments,interfaceswithothersystems,internalandexternalchecksandcontrolsand outputsfortheirpolicy,guidelines,standards,andprocedures. Assignedresponsibilityrelevanttotheirdecisiontaskathand. Providedsupportinestablishingandmaintainingadequateinformationresourcemanagement solutions. Managedthedevelopmentofdetailedprojectplansandbudgetsandbeaccountableforexecuting Providedsupportfortheinformationresourcemanagementactivities Maintainedcurrentsoftwarelicensesandensuresecurityrelateddocumentationiscurrentand accessibletoproperlyauthorizedindividuals. ProvidesupportfortheinformationresourcemanagementactivitiesfortheGovernmentacrossa diversesetoftechnologicalandbusinesselementsbyapplyingsoundinformationresource managementtoolsandtechniques. DocumentedCATFPolicyandfollowedNIST,FISMA,OMBandSSArequirementsfor disseminationintheirfunctionalarea. CapturedCATFday-to-dayactivitiesoftheireffortsandimportanttoAgency. Wroteandmaintainedtechnicalapplicationspecifications. Developedandmaintainedplansoutliningstepsandtimetablesforimplementingapplications. Researched/referencedSSAintranetforrelateddocumentedpolicies,procedures,standards, guidelines,forms,etc. Describedtheoverallobjectives,functions,ortasksthattheprocedureisdesignedtoaccomplish andthecircumstancesunderwhichtheprocedureshouldbeused. ProvidedSharePointsiteandcontentadministrationformaintenanceofusersandsitecontent includingadding/deletingusers,adding/maintainpermissions,creating/maintainingsites, workspaces,listsandlibraries. CustomizedandmaintainedSharePointportalstoautomatebusinessprocessestoprovidebetter servicetotheDoDcustomerand/orefficienciesinprogrammanagement. RLMCommunications,Frederick,MD/DepartmentofDefense June2008February2009IAInstructor DevelopedandupdatedmaterialsbyservingasacontentexpertforTrainingandDevelopment. TrainedMaterialsincluded:InstructorandParticipantGuides,OnlineHelpProcedures,Business ProcessFlows,ApplicationSimulationTutorials,CourseAssessments,ConceptSlidesandOther Instructionalmaterials,asnecessary. WorkedcollaborativelywithclientSMEstodefine,develop,reviewandfinalizecontent. Incorporatedallreviewfeedbackandobtainedsign-offonalldeliverables/workproductsfrom processownersandSMEs. Ensuredalltrainingmaterialsconformtothedevelopmentstandardsandprocedures. Ensuredmaterialsmaintainqualityandtraceabilitytorequirementsthroughoutthedevelopment process Workedwithothertrainingdeveloperstoensurethatconsistencywasmaintainedinboththe approachandprocess,includinginformationgatheringanddocumentation. Updatedtrainingmaterialsandperformedanimpactanalysisinordertomakeappropriate updatestocoursematerials. GainedexpertisewithSystems,ApplicationsandProductsintheDataProcessing(SAP)system. PresentedclassroomtrainingforautomatedIAToolsincluding:eMASS,XactaIAManager Productsandothertoolsasneededininstructor-led,exercise-basedtraining. VigilantServicesCorporation,Wash,DC/FederalBureauofInvestigation June2005June2008SeniorSecurityAnalystISSR ImplementsecuritypoliciesandprocedurestoensurecompliancewithFBI/OMBandNIST. EnsuredtheSystemSecurityPlan'sformaldocumentprovidedanoverviewofthesecurity requirementsfortheinformationsystemanddescribedthesecuritycontrolscurrentlyinplaceto meetrequirements(NIST800-37,NIST800-53A,NIST800-60,NIST800-30andFIPS199and 200.). ReviewedC&ApackagesandworkedwiththeassignedsystemOfficerandsystemOwnerto ensurethesystemrequirementshavebeendocumented,testedandimplemented. ProvidedSecurityAssessmentReport(SAR)andprovide(POA&M)PlanofActionand Milestoneswithlistofrisk. Attendedweeklyprojectsecuritymeetings. Ensuredspecialattentiontosecurityduetotheriskandmagnitudeofharmresultingfromloss, misuse,orunauthorizedaccesstoormodificationoftheinformationintheapplication. ProvidedprogrammanagementassistancetomultipleInformationSystemSecurityManagers(ISSM)andFBIITProgramManagers(PM). FulfilledtheroleoftheInformationSystemSecurityRepresentative(ISSR)dailyfunctions consistedof,butwerenotlimitedto,facilitatinginteractionbetweenPMs,system/dataowners, andtheISSMs. ProvidedguidancetosystemownersandPMsasitrelatedtotheC&Aprocessusingboththe NISTSP800seriesaswellastheD/CIDregulations. MentoredProjectManagersregardingITSystemDevelopmentLifeCycle(SDLC)aswellas providingguidancetosystemownersonmeetingcomplianceforFederalInformationSystem ManagementAct(FISMA)standards. TraveledtovariousFBIfieldofficesandconductedassessmentsofthesitesoverallITsecurity postureasitrelatedtoInformationAssurance(IA). Areasassessedincluded:OperationalSecurity(OPSEC),CommunicationSecurity(COMSEC), InformationSecurity(INFOSEC)andPhysicalSecurity. Identifiedandregisteredsystemsthathavenotbeenproperlycertifiedandaccredited. AddressedandsolvedproblemseverinstallationandconfigurationwithOracle,Unix,SAP DQM.Harris/OrkandCorporation,Washington,DC/DepartmentofState February2000June2005NetworkSupportIII/SecurityEngineer CreatedsecuritystandardsandguidelinesfollowedbytheConsularAffairsandthePassport Agency. ProvidedsupportwiththeCertificationAuthority(CA).Thisiscomprisedofhardware,software andPKIaccesscontrolanddigitalsignatures. Createdcertifieddocumentstovalidatesecurityauthenticity. Protectedcontentfrombeingaccidentallyormaliciouslyalteredandpreventedunauthorized accesstoconfidentialandsensitiveinformation. Supportednon-repudiationofelectronictransactions;maintainedsecuritydocumentlifecycle; anddevelopedsystemdocuments,guidance,issueresolution,policyadherence,andsystems analysiswithrespecttosecurityandtraining. Conductedstrategicresearchandmonitoringofevolvingsecurityapplicationsinordertoprovide currentmethodsformaintainingtheintegrityofnetwork PerformedandensuredappropriateoperationalIAandIDSposturewasmaintainedforall systems,programs,orenclavesforConsularAffairsandPassport25siteswithover35,000users and125+servers. |