| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Cary, North Carolina Street Address PHONE NUMBER AVAILABLE EMAIL AVAILABLEPROFESSIONALSUMMARYInnovative and accomplished Senior Cybersecurity Controls and Compliance Engineer with extensive experience in Risk Management Framework (RMF), establishing and overseeing Authorizations to Operate (ATO) processes, plans, and policy documentation. Accustomed to driving efficiency, effectiveness and supporting Financial/ DOD-Military / Federal, Cybersecurity Strategy and Operational Risk Management Certifications.SKILLS Security Control Evaluation System Security Planning Developing security plans [RMF] Data Loss Prevention Risk Mitigation and Remediation Privacy regulations PII/PIA/HIPPA-SORN Vulnerability Assessment Security Best Practices Compliance Management DOD/RMF/EMASS/POAMDocumentation Audit Support-Documentation Information Governance Problem-solving aptitude Security assurance Vulnerability Analysis Incident Response Management Penetration Testing Security policy development-Benchmarks Cloud Security Knowledge andImplementationWORK HISTORYSENIOR CYBERSECURITY ENGINEER 04/2018 to 02/2024Truist Bank Raleigh, NCReduced cyber-attack incidents by developing and enforcing robust security controls, policies, and validation procedures. Increased enterprise Vulnerability Management network security policy coverage over 60% bringing total Truist network security OS/APPs to first-ever 90%+ risk reduction. Enhanced network security by implementing advanced threat detection and prevention measures, (Continuous Monitoring). Reduced cyber-attack incidents by developing and enforcing robust security policies and procedures in accordance with detection, protection and preventative guidelines in NIST, ISO 27001, PCI-DSS, SOX, GBLA and Risk Management Framework / EMASS type security documentation. Bolstered companys cybersecurity posture with regular security baseline configuration assessments, and updates to security infrastructure. Led cross-functional teams in identifying potential vulnerabilities and implementing proactive safeguards to mitigate risks near real-time. Applied Center for Internet Security (CIS) benchmarks to verify Enterprise Systems performance of ongoing security measures. Collaborated with IT teams to address identified security weaknesses, fostering a proactive approach to risk management. Advised organization on selecting suitable automated tools for monitoring network activity and detecting potential intrusions, contributing to a more robust security posture. Recommend improvements in security systems and procedures. SENIOR CYBER SECURITY ENGINEER (ISSO/IAO) 08/2013 to 04/2018 TEKsystems Roanoke, VAEnhanced network security by conducting regular vulnerability assessments and implementing or recommending necessary patches, and or updates. Earned distinguished Army PEO EIS Accolade for 1st RMF NIST Program Cloud Datacenter 3yr A&A ATO-2016. The shared [eMass] package was used as Army Platform Model reference documentation. Led technical security evaluations, impact analysis and recommendations for complex Information systems on prem and Cloud computing SLAs or service models: IaaS, PaaS, SaaS, Hybrid, Private network configurations. Ensured the implementation of confidentiality, integrity, and availability of hosted systems in the Data Center. Implemented simultaneously nine multiple Organization and customers Risk Management Framework (RMF), and or, DIACAP packages and processes in accordance with DoDI 8510.1, DoDD 8500.01, 8530.1 and NIST 800-37/53A, guidance. Developed and implemented comprehensive Organization Cybersecurity policies, resulting in improved data protection and compliance with industry security standards. Collaborated with IT team to design secure system architectures, effectively reducing potential cyber threats. Trained employees on cybersecurity Risk Mgmt. Framework / NIST Security Controls 300+ best practices and promoted a culture of security awareness around Cybersecurity. Review and implement System Security controls assessments, selection for organization Policy governance and Service Level Agreements (SLA) compliance. Provided autonomous support and development for System Security Plans (SSP), Incident Response Plans (IRP), Disaster Recovery Plans (DRP) / Business Continuity Plans (BCP), Business Impact Assessments (BIA) and Configuration & Service Release Management (CM) documentation. Implement and review security overlays for Classified, Privacy and Cloud controls in support of (RMF/ eMass) Assessments and Authorizations (A&A) process. Developed metrics to measure the effectiveness of implemented security measures, allowing for continuous improvement in organizational defense strategies and Plans of Action & Milestones, [POAM] activities. Influenced organizational culture by promoting a proactive RMF / NIST security controls approach towards cybersecurity awareness and fostering a sense of responsibility among all employees. Educated and trained users on information security and the technical implementation of EMASS documentation, policies and RMF Program process entry procedures.INFORMATION ASSURANCE TEST MANAGER 04/2010 to 01/2013 P3I, Inc-Planning Performance Process and Innovation Hopkinton, MA Enhanced system security by implementing comprehensive risk management strategies and protocol processes throughout DevOps/DevSecOps. Directly supervised IA teams in achieving Air Forces Enterprise Systems (Type Accreditation ATO, for 3 years, 20+ individual AF Multi-Operational sites). Demonstrated leadership skills in managing simultaneous Risk Management projects from concept to completion. Increased Air Force Site remediation times by over 50% by correcting code, communication and technical gaps in OPS audit/survey processes. Teams gained cross-examination data access which allowed for real time, (non-delayed) risk reduction, security code modifications at the sites. Demonstrated creativity and resourcefulness through the development of innovative solutions which increased AOC Test productivity over 80-100%. Previous failing Sites were now passing A&A examinations. [Green light] Drafted EMASS security reports and metrics to track security performance and strategize SAP/SSP/POAM improvements.COMPUTER SECURITY ANALYST II, DRCDynamics Research Corporation Hampton, VA - As acting Cyber Defense Officer (CDO) 13+ months: Analyzed monthly security documentation/plans for over 100 remote and local connections to the NATO core Enterprise network in direct support to CIAO and the Risk Mgmt. NATO Security Accreditation Board.(Achieved NATO and DoD A&A for over 100 Systems/Network connections 2007-2010). SYSTEM NETWORK ENGINEER - U.S. NAVY, NATO Communication Service Agency Norfolk, VA - Implemented a cross-training program and a ITSM knowledge database for collection of technical solutions. Direct code modification contributions and ITIL implementation improved overall Help Desk Tier 1 through 3 incident resolution capability by over 50% percent. As a result, implemented ITIL processes and new code modified scripts throughout the majority of the organizational workflows to include Admin, Configuration Management, Hardware/Software Change Management, and for everyday Remedy service site operations. IT SUPERVISOR INFOSEC ADMINISTRATOR, - U.S. NAVY, NAVSEA Shipbuilding Newport News and Overseas Duty stations - Supervised 5+ network security technicians in daily operations of Network Security and Configuration Control Resource Management; Maintained, and organized hardware, software inventory of $1.7 Million. Monitored 3,200+ system users and 4,000+ computer workstations web and internet activities/auditing. Collaborated and developed Cyber judiciary investigative results with Navy Legal by providing systems data intelligence when warranted for litigation processing. EDUCATIONAssociate of Arts Information Technology Management Saint Leo University, Saint Leo, FLCERTIFICATIONSPROFESSIONALDEVELOPMENT Top Secret Secret SCI Clearances (Expired) CompTIA Security+ CE Information Systems Security (INFOSEC) Professional-(NSTISSI No. 4011) Senior Information Assurance Systems Manager-(CNSSI No. 4012) Contracting Officer Technical Representative, COTR-(2952.201-70) Cloud Security Profession (CSP) Qualys / Cloud View / Rapid7, CIS-CAT Pro, Nessus, Tenable/ACAS, Baseline Security / Policy Administration GitLab/GitHub Systems Risk Analysis and Methodology, FAIR, NATO CRAMM/PILAR implementation tools, Business Impact Analysis and Assessments Continuity Management, Disaster and Recovery Certified Information Systems Security Professional (CISSP) Network +, Hardware A+, Cisco Certified Network Associate (CCNA), Introduction to Cisco Networking Technologies (ICND) Help Desk Manager (HDI-ITIL foundation workflow process) Implementing MS Windows; Professional & Server, Administering Windows Active Directory Services, LDAP, Windows 2022 Server Security configurations VERITAS Backup Exec. SharePoint, Archer, Big Data, Hadoop/ Cloudera, Hive Contracting Officer Technical Rep. (COTR) / Source Selection (Plans and Process, RFPs, SOW) IT Project Mgmt. PMP, Agile, Version One, Rally, Remedy, Service Now [CMDB] Host-Based Security System (HBSS/McAfee. ePO), IDS/IPS, (SIEM Monitoring/Auditing) SPLUNK / SOAR (Threat Model-Hunting) / Monitoring Microsoft Azure, AWS, Application Program Interface-(API), O/M365 System Architecture (SA), VISIO Design Benchmarks: Windows, IBM-Mainframe, RACF, DB2, MACOS, RHEL, OpenShift, SQL, ASA, Checkpoint, VMWare vCenter, CISCO and Mobile IOS Security administration Familiar with Terraform, CrowdStrike, Trellix/ePO, DISA, Air Force-AOCs, Army PEO EIS, EMDS, GFEBS, PD ALTESS Datacenter/on-prem/Cloud/Hybrid / Navy Precom Unit / NAVSEA IT Networks, SCIF, FISMA, FedRAMP, FIPS 140-2/3 documentation, operations, and processes. |
