| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Professional SummaryMr. Green has devoted over fifteen years to supporting intelligence community clients providing information assurance and information technology security services; including performing assessments, analyzing and documenting test results and risks. Mr. Green has created and reviewed over ten Body of Evidence documents to include Security Controls Traceability Matrix (SCTM), System Security Plan (SSP), Concept of Operations (CONOPS), Security Assessment Report (SAR), Plan of Actions and Milestones (PoA&M), System Security Plan Questionnaire (SSPQ), Continuous Monitoring Plan. Mr. Green performs assessments on systems that include both Windows and Linux platforms. He utilized AppDetectivePRO, Nessus/Security Center, and WebInspect to perform assessments on networks, web applications, and databases. Mr. Green has performed A&A for over ten systems which received full accreditation. He currently plays an active role in monitoring the systems and environment of operation to include developing and updating the security plan, managing and controlling changes to the system, application, system architecture, design documents, test plans and assessing the security impact of those changes.Professional ExperienceIngenium Consulting October 2019 to PresentCyber Security EngineerCyber Security EngineerAs lead ISSE for a team of four, Mr. Green managed the daily responsibilities to ensure 11 systems were in compliance with the customer defined Green Light and Xacta Certification and Accreditation process. Implemented all system through the Risk Management Framework (RMF).Perform, and review, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations and recommend mitigation strategies.Validates and verify system security requirements definitions and analysis and establishes system security designs.Designs, develops, implements and/or integrates IA and security systems and system components including those for networking, computing, and enclave environments to include those with multiple enclaves and with differing data protection/classification requirements.Builds IA into systems deployed to operational environments.Assist architects and systems developers in the identification and implementation of appropriate information security functionality to ensure uniform application of Agency security policy and enterprise solutions.Supports the building of security architectures.Enforce the design and implementation of trusted relations among external systems and architectures.Assesses and mitigates system security threats/risks throughout the program lifecycle.Contributes to the security planning assessment, risk analysis, risk management certification and awareness activities for system and networking operations.Reviews certification and accreditation (C&A) documentation, providing feedback on completeness and compliance of its content.Applies system security engineering expertise in one or more of the following: system security design process; engineering life cycle; information domain; cross domain solutions; commercial off-the-shelf and government off-the-shelf cryptography; identification; authentication; and authorization; system integration; risk management; intrusion detection; contingency planning; incident handling; configuration control; change management; auditing; certification and accreditation process; principles of IA (confidentiality, integrity, non-repudiation, availability, and access control) and security testing.Support security authorization activities in compliance with NSA/CSS Information System Certification and Accreditation Process (NISCAP) & DoD Risk Management Framework (RMF), the NIST Risk Management Framework (RMF) process, and prescribed NSA/CSS business processes for security engineering. Advocate and recommend system-level solutions to resolve security requirements. Monitors and suggests improvement to IA policy.Mr. Green ensured that the full Certification and Accreditation process was completed on a timely basis. He ensured systems maintain their full accreditation thru the life cycle while in production. While working with the Sponsors systems, Mr. Green maintained an in-depth knowledge of each systems System Security Plan (SSP). Mr. Green was directly responsible for updating security plans, conducting vulnerability assessments and mitigation strategies in preparation for re-certification of the existing systems. In addition, he also had SSP preparation responsibility for all new systems.He was responsible for ensuring the appropriate operational security posture was maintained throughout the information systems lifecycle and he worked in close collaboration with the Information System Owner. Mr. Green conducted periodic reviews of the information systems to ensure compliance with the security authorization artifacts. He played an active role in monitoring the systems and their environment of operation to include developing and updating the SSP, managing and controlling changes to the system, and assessing the security impact of those changes.ProAptiv CorporationApril 2018 to October 2019Cyber Security EngineerLeesburg, VAMr. Green conducts technical security assessments of applications and infrastructure and performing security design reviews as well as risk assessments within a diverse, complex global enterprise infrastructure.Mr. Green is responsible for conducting security assessments as part of a formal system security accreditation process. This includes performing a review of the Certification and Accreditation (C&A) packages to ensure completeness and compliance with the applicable security requirements in effect within the customers environment (e.g., Intelligence Community Directive (ICD) 503, the Federal Information Security Management Act (FISMA) and the applicable National Institute of Standards and Technology (NIST) security standards). This activity also includes auditing the information systems utilizing a standardized checklist to certify that required security controls have been implemented, conducting onsite interviews with the system owners, performing vulnerability scans, performing visual inspections and conducting penetration tests as required. This activity also included creating detailed reports on the findings made as part of the assessments and providing detailed risk recommendations in support of a C&A determination by senior level security accreditation authorities.Xebec Global CorporationDecember 2017 to April 2018Cyber Security EngineerVienna, VAMr. Green conducted technical security assessments of applications and infrastructure and performed security design reviews as well as risk assessments for a wide array of systems.Mr. Green was responsible for conducting security assessments as part of a formal system security accreditation process. This included performing reviews of the Certification and Accreditation (C&A) packages to ensure completeness and compliance with the applicable security requirements in effect within the customers environment (e.g., Intelligence Community Directive (ICD) 503, the Federal Information Security Management Act (FISMA) and the applicable National Institute of Standards and Technology (NIST) security standards). This activity also included auditing the information systems utilizing a standardized checklist to certify that required security controls were implemented properly, conducting onsite interviews with the system owners, performing vulnerability scans, performing visual inspections and conducting penetration tests as required. This activity also included creating detailed security assessment reports outlining the findings made as part of the assessments and providing detailed risk recommendations in support of a C&A determination by senior level security accreditation authorities.Xebec Global CorporationMarch 2017 December 2017Senior Information Assurance EngineerVienna, VAMr. Green performed cyber assessments on over ten systems to include performing network and application scans. He Documented vulnerability scan and test results in a plan of action milestone document and he documented all risks identified in the assessments. Mr. Green performed cyber assessments of systems incorporating both Windows and Linux and operating systems. Daily, Mr. Green used Nessus/Security Center to scan for vulnerabilities within Linux and Windows operating system platforms. Mr. Green also used AppDetective and WebInspect to scan the applications and databases installed on each platform (Linux and Windows).Mr. Green has extensive experience using Nessus/Security Center on performing cyber assessments on Windows and Linux platforms. He is experienced with analysis of test results and with working together with the design/development teams to mitigate security vulnerability and findings.Mr. Green also worked with the engineering and development teams to analyze and make recommendations to the engineering and development teams. Mr. Green ensured that the security plans were written to the requirements specifications developed for the systems. He also ensured requirements specifications, system architecture, design documents and results from the test plans were properly documented in the security plans.ALQMIJan 2013 February 2017Senior Information Assurance EngineerMcLean, VAAs lead ISSO for a team of four, Mr. Green managed the daily responsibilities to ensure over 20 systems were in compliance with the customer defined Certification and Accreditation process.Mr. Green ensured that the full Certification and Accreditation process was completed on a timely basis. He ensured systems maintain their full accreditation thru the life cycle while in production. While working with the Sponsors systems, Mr. Green maintained an in-depth knowledge of each systems System Security Plan (SSP). Mr. Green was directly responsible for updating security plans, conducting vulnerability assessments and mitigation strategies in preparation for re-certification of the existing systems. In addition, he also had SSP preparation responsibility for all new systems.He was responsible for ensuring the appropriate operational security posture was maintained throughout the information systems lifecycle and he worked in close collaboration with the Information System Owner. Mr. Green conducted periodic reviews of the information systems to ensure compliance with the security authorization artifacts. He played an active role in monitoring the systems and their environment of operation to include developing and updating the SSP, managing and controlling changes to the system, and assessing the security impact of those changes.Mr. Green has extensive experience working with systems that follow and comply with DCID 6/3, ICD 503, NIST SP 800-53 Rev 3 and 4. Mr. Green has extensive experience conducting vulnerability assessments and performing network scans. His tool experience includes AppDetective, WebInspect, Nessus/Security Center, WASSP, MBSA, SECSECSCAN, and Nmap.ALON/XLAJune 2012 December 2013Senior Information Assurance EngineerMcLean, VAMr. Green served as the independent security assessor for the initial authorization and re-authorization of IT systems for the National Archives (NARA). He performed EnCase evidence file examinations on operating systems. He was experienced with XACTA IA Manager by providing security risk management through continuous assessment and security process automation. Mr. Green conducted ad-hoc vulnerability scan for systems using government supplied and commercial software with Tenable Nessus vulnerability scanner, WASSP, MBSA, SECSCAN and Nmap. Mr. Green provided weekly reports and analysis of scan results. He monitored intrusion detection systems for evidence of security events and suspected security incidents. He has also used netForensics Security Information Management (SIM) tool to monitor traffic and alerts generated by security countermeasure devices throughout the enterprise. He also used McAfee Network Security Manager to view and analyze network traffic flows throughout the enterprise.Booze Allen HamiltonAugust 2010 December 2011Cyber Security AnalystMcLean, VAMr. Green supported Certification & Accreditation (C&A) activities for the Precision Tracking Space System (PTSS). He provided recommendations and inputs on all Information Assurance issues pertaining to PTSS. He was the lead Cyber Security Engineer for the Cyber Working Group (CWG) tasked with gathering Insider threat and Supply Chain Risk information. Mr. Green led a team in creating a Cyber Threat Model to gather actionable intelligence to ensure better and timely integration of secure measures into the Ballistic Missile Defense System (BMDS) Capability Delivery. He attended Systems Engineering & Integration Council (SEIC) meetings to ensure Information Assurance (IA) requirements were incorporated in the Aegis Ballistic Missile Defense System. He provided IA with inputs on gathering information for the DIACAP package and primary artifacts for PTSS in accordance with NIST and FISMA documentations. Mr. Green provided support to the Security Operations Center in the detection, response, mitigation, and reporting of cyber threats affecting client networks. He maintained an understanding of the current vulnerabilities, responses, and mitigation strategies including Plan of Action and Milestones (POA&M) used to support cyber security operations. He produced and delivered reports and briefings to provide an accurate depiction of the current threat landscape and associated risks to the customer networks, infrastructure and data. He accomplished this using customer, community, and open source (all-source) analysis and reporting. He provided trend analysis for correlated information sources and network data such as event logs, IDS, and network captures.He provided critical analysis and detailed reporting of cyber threats as well as assisted in deterring, identifying, monitoring, investigating and analyzing computer network intrusions to meet the needs of the organization's goals.Dowless & Associates, Inc.November 2005 July 2010Senior Systems Security EngineerHerndon, VAMr. Green developed multiple System Security Plans (SSP) providing an overview of system security requirements and controls, documenting system characterization, management controls, operational controls, and technical controls to ensure compliance to agency and DCID 6/3, ICD 503, and NIST 800-53 documentation requirements. Mr. Green conducted pre-scans risk assessments for all systems and mitigated vulnerabilities wherever feasible prior to certification and accreditation. He generated scans reports in conformance with SSP, mitigated vulnerabilities and provided details to the ISSM for approval. He provided support to ensure systems were functioning properly with no violations. Mr. Green created dashboards to monitor servers and other devices and he supported Certification & Accreditation (C&A) activities for Testing and Evaluation Programs. Mr. Green served as technical advisor to internal users and professionals; maintained open positive communications with clients building collective understanding of information being presented to multiple customers. He investigated new technologies and determine how they could be leveraged to enhanced and improve the security posture, service and reliability and performance of the customer enterprise infrastructure. Mr. Green held the primary role in the testing and evaluation of networking hardware and software systems as well as providing technical and systems configuration recommendations in support of Information Security services for ISTAC Testing and Evaluation Program. Mr. Green performed complex technical analysis, lead and direct lab staff and work effectively as part of a team.Independent Consultant/Independent ContractorFebruary 1998 March 2000Senior Network EngineerMcLean, VAMr. Green was responsible for Infrastructure Network Assessment including hardware and circuit installation, upgrade and replacement. He installed and deployed servers, workstation and printers. Developed and maintained network systems policies and procedures. Developed and maintained network system policies and Monitored servers for load balancing and optimization. Interfaced with clients and supervised junior-level technicians. Conducted hardware and application testing in Windows/NT and OS/2 environment.Klein Technologies, Inc.October 1996 December 1998System Engineer/WAN Technical EngineerMcLean, VAMr. Green provided engineering support for Wide Area Network (WAN) to ensure collaboration with other customers within the National Intelligence Council (NIC) engineered support which involved supporting four existing networks. He led a team in the technical planning, engineering, deployment and support of over 3000 desktop and laptop images to local and remote users. He also led a team installing McAfee Endpoint and PGP Disk encryption software to all desktops and laptops throughout the enterprise. He managed a team on imaging and software distribution enterprise wide. Mr. Green led a support team in the Maintenance & Support of desktop PCs, Laptops & Servers running Windows-based operating systems.Mr. Green also led a support team in providing support to users with, email, MS Office Suite and other applications. He managed and maintained the Security of the Network infrastructure. He managed and performed application installations and troubleshooting assisted users with all level of support. He provided engineering support on research database for intelligence and open source information. He provided engineering support and administration for Stone Ghost network to ensure Intelligence customers can communicate via e-mail and intranet collaboration. Finally, he provided engineering and database support.Science Application International Corp (SAIC)April 1995 December 2011Senior Network EngineerMcLean, VAMr. Green was responsible for planning, configuration and implementation of Microsoft Windows/NT environments. He maintained the Microsoft SQL servers within a WAN environment. He managed installation, testing and upgrades of MS SQL and Access databases. He provided upgrade, system administration and user training on SQL and access databases.United States Air Force (USAF)July 1971 March 1995Superintendent, Customer Computer SupportUSA/EuropeMr. Green managed, planned, supervised and coordinated the implementation, installation and directed the daily operation and maintenance of all network services. Mr. Green was the lead Technician on Operational Test and Evaluation of Voice and Data network system worldwideMr. Green retired from the Air Force with over 20 years of faithful service.CertificationsMicrosoft Certified Systems Engineer (MCSE) 02/2012CompTIA Security+ 08/2002EducationUniversity of Maryland - University College B.S. Cyber Security In-ProgressBarrington University B.S. Computer Science 2004Prince Georges Community College Information Security Certificate 2014Prince Georges Community College IM Security Management Certificate 2014 |
