| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Waldorf, MarylandEMAIL AVAILABLEPHONE NUMBER AVAILABLESUMMARYSenior Information Assurance Security Engineer proficient at providing system security support to a fast-paced, highly demanding federal agency the Defense Information Security Agency (DISA) Joint Force Headquarters Department of Defense Information Network JFHQ-DoDIN, Services Development (SD13). Scan software for vulnerabilities analysis using Micro Focus WebInspect and Micro Focus Fortify Static Code Analyzer (SCA) in Joint Interoperability Test Command (JITC) Lab. Experience with technical documentation related to Open Web Application Security Project (OWASP) 2021, NIST SP 800-53 REV 5 and continuous monitoring, checklist and POA&M management. Prepare and document reports including assessment-based findings, outcomes and vulnerability metrics.CERTIFICATIONCompTIA Security + Certificate, July 2025DISA HBSS Admin (201) ePO 5.9 Course (2018)TECHNICAL SKILLSOperating Systems IBM AIX v5.3, Red Hat Enterprise Linux v5&6; Sun Solaris 10; HPUX-IA64, ALTOS UNIX; Windows (7, 10, 2012, 2016)Software Microsoft Defender for Cloud, Qualys Vulnerability Scanning, Oracle 9i, 10g, 11g, 12c; Oracle Enterprise Manager (OEM) 11g and 12c; JIVE, Oracle Weblogic, Oracle Business Intelligence, MySQL Workbench, MySQL Migration Toolkit, MySQL Enterprise Monitor (MEM), Opentext Fortify SCA, Fortify Audit Workbench, WebInspect, Fortify Software Security Center (SSC), Burp Suite, OWASP Zap, Apache Tomcat, SonarQube, Serena, Eclipse, TOAD, Erwin, Informix, Putty, WinSCP; SSH, VMWare, NetBean, Neo4j, Subversion.PROFESSIONAL EXPERIENCEDecember 2019 PresentASRC Federal Broadleaf Division, Reston VirginiaInformation System Security OfficerConduct an annual review of the Information Security Program Plan for NIST 800-53 Control Families for accuracy.Collaborate with development teams to establish and enforce code standards and best practices.Analyze the results of vulnerability scan, check for false positives, and escalate for remediation. Meet with the developer(s) to discuss false-positives vulnerabilities and remediate CAT Is and CAT IIs vulnerabilities with severity levels of Critical and High.Maintain knowledge of complex industry trends, current security issues and security technologies.Create Application Security and Development (ASD) checklist that provides due diligence to ensure security standards have been made to an application.Create Plan of Actions and Milestones (POA&Ms) and generate Fortify Legacy Report, BIRT Report (DISASTIG) and WebInspect Reports.Lead a team of Cyber/Information System Security Officer (ISSO) engineers which includes, mentoring, scheduling and reviewing work to ensure milestones are completed in accordance with the project schedule.Ability to read Java, JavaScript, Coldfusion, HTML, Python, C/C+, CSS and XML code.Hands on experience and knowledge of OWASP secure coding practice.Install, configure, upgrade, research and troubleshoot Fortify SCA, Audit Workbench, rulepacks, Fortify SSC, SonarQube, WebInspect Product Suite v23.1.0 and MySQLv5.6 database issues.Involved in DevOps CD/CI migration/automation process for build and deployed systems.Evaluate complex system and architectural documentation for privacy impacts and develop required system privacy compliance documentation including PIAs and SORNs.Responsible for operating and maintaining Microsoft Defender for Endpoint (MDE) Receive Joint Enterprise Service (JES) application source code in DoD SAFe from Configuration Management TeamMap Zero Trust Architecture (ZTA) to NIST 800-53 Rev5 policies and procedures for two pillars Application Workload and DataInstall Qualys Cloud Agent for identifying and reporting Vulnerabilities for Security.Monitor IT systems for vulnerabilities and threats with Qualys.Subscribe to Cybersecurity and Infrastructure Security Agency (CISA) to stay abreast of the latest vulnerabilities and cyberattacks.Responsible for operating and maintaining Microsoft Defender for Endpoint (MDE) Security Manager, MDO365 and Microsoft Defender for Cloud Apps (MDCA).Analyze endpoint application data in real time to identify potential threats, rogue systems, vulnerabilities, unauthorized devices, system changes and data loss prevention.Familiarity with Elasticsearch Kubernetes, Containers, GitLab and AWS Cloud.October 2019 - December 2019NextGen Federal Systems, Columbia MDSr. Information Assurance EngineerStarted the Independent Verification & Validation (IV&V) process on Global Command & Control System - Joint (GCCS-J) S/W packages and conducted high level assessment to identify showstoppers using the Developer's Workbook, checklist and Fortify .fpr files.Filled out and submitted a Change Request (CR) for GCCS-J S/W package delivery.Ensured network engineers were in compliance building the SIPRNet Global Test Infrastructure Services (GTIS) production environment for for GCCS-J S/W.Mentored junior staff, attended meetings and reviewed technical documentation for accuracy.Conducted thorough analysis and evaluation of software and systems to ensure compliance requirements, standards, and regulations.Used OWASP Top 10 Web Application Security Risk to create a list of showstoppers which are CAT Is vulnerabilities with a severity level of Critical and High.Identified and documented anomalies, and discrepancies in software and hardware components.April 2016 September 2019General Dynamic Information Technology (GDIT), Alexandria, VAInformation Assurance Engineer ManagerProvide Daily and Monthly Status Report (MSR) detailing major accomplishments, ongoing activities, issues/concerns and other relevant information for the Contracting Officer Representative (COR) or other Government designated point of contact (POC) to maintain full situational awareness of the contractors ongoing work and schedule.Research secure coding practices in all common programming languageConduct static and dynamic scans, analyze results for false positives and meet with developers to discuss remediation strategy for CAT I and CAT II vulnerabilities.Create Application Security and Development (ASD) checklist that provides due diligence to ensure security standards have been made to an application.Use open-source license tool SONARQUBE to perform health checks of source code to identify software vulnerabilities, Code Smells, Bugs and Security Hotspots.Track trends, centralized metrics and history of SCA scan by uploading Fortify artifacts (.fpr) into Fortify Software Security Center (SSC).Ability to read Java, JavaScript, Coldfusion, HTML, CSS, python, and XML code.Fortify Code ReviewerExplain software vulnerabilities to both technical and non-technical audiences.Work with engineers and analyst assessing DoD Information Systems against the security controls NIST SP 800-53.Conduct static and dynamic scans, analyze results for false positives and meet with developers to discuss remediation strategy for CAT I and CAT II vulnerabilities.Prepare Code Review Reports (CRR) on scanned applications using the companys template and present the findings to management.Generate Fortify Security Technical Implementation Guide (STIG) Reports and perform DISA STIG scanned source code assessments of security controls, identify weaknesses and vulnerabilities, and track remediation activities in Plan of Action and Milestones (POA&Ms).April 2014 April 2016ASAP Resource Group Federal LLC, CSC ITIP, Arlington, VASr. Oracle Application EngineerProvided Database support to Dept. of Homeland Security (DHS) Transportation Security Administration (TSA) by creating documents and implementing standards and/or modeling to monitor and enhance the capacity and performance of the database. Developed data import and export routines to automate data loading. Built windows, screens, and reports.Performed analyses and reviewed complex applications being released into production. Developed test application code in client server environments to ensure that software conformed to build management practices.Developed back-up and recovery procedures and data archive/purge procedures. Created supporting technical documentation.April 2012 April 2014Lexes Associates Inc., Alexandria, VASenior Oracle/MySql Database AdministratorSupported JIVE databases (Core Application, Jive Engine and Analytics) and upgrades for Department of Commerce National Technical Information Service (NTIS) Center.Installed and configured Oracle Metadata Repository (RCU) to support Oracle Fusion Middleware. Worked with Oracle consultants to install and configure Oracle Fusion MiddleWare Weblogic, RCU, OIM, OID, OAM, OVD, ODSM, and OES on Linux RedHat 6 OS to support DHS NextGen/myhomeland Collaboration ICAM IOC (production) and UAT environments. Installed and configured OEM 12c.Installed and Configured MySQL Enterprise Monitor on the client and installed the Agent on the development server to evaluate product. Installed MySQL on Linux RedHat 6 OS.Performed Database and SQL tuning by using various tools like AWR, EXPLAIN PLAN, and Optimizer hints.Troubleshoot and resolved database and/or application problems encountered by end users. Successfully migrated oracle 9i and 10g databases from end-of-life servers to new oracle 11g db servers.Installed, upgraded and STIG, patched development, test, and production databases from Oracle 9i, 10g to Oracle 11gR2. Created and configured database to meet developer and user requirements applying access controls.Used mysqldump to do table level and full database exports. Lead DBA for migrating an Oracle schema into a MySQL production database using MySQL Migration Toolkit.November 2008 April 2012Northrop Grumman, Fairfax, VASoftware Quality Assurance/Database AdministratorFollowed Open Web Application Security Project (OWASP) best practices: use of Web Application Firewall to maintain awareness of cyber threats and vulnerabilities.Worked with Fortify consultants to install Fortify 360 software Source Code Analyzer (SCA) in the Army Knowledge Online (AKO) Portal test environment.Installed Fortify 360 SCA, Program Trace Analyzer (PTA), and Real Time Analyzer (RTA) on Windows and Linux OS. Installed and configured the Fortify 360 Server on Windows and Linux. Used 360Configuration.jar file to seed the SCA database.Documented the Fortify 360 software installation and created a baseline by scanning the AKO Portal, Instant Messaging, and Mail and Content security code using SCA. The data gathered from baseline was put into Change Management for the Fortify consultants to train the AKO Portal Team.Briefed customer management and NG staff on hardware configuration, deployment of Fortify in both NIPR and SIPR environments and result from the scanned applications.EDUCATIONM.B.A., Computer Information Systems and ScienceUniversity of the District of Columbia, Wash, D.C.B.S., Computer ScienceSaint Augustines University, Raleigh, North Carolina |
