OBJECTIVE:

EXPERIENCE:

12/2014 - Present

Sr. Software/Systems Security Engineer

Top Secret (TS) ClearanceProvide software engineering support and technical assistance during the planning, deployment, and maintenance phases of product life-cycle. • Provides DIACAP and FISMA technical expertise (Assessing IA controls, documentation support and assisting in the development of architectural drawings) • Development of technical Information Assurance reports for systems owners, government liaisons, and/or military officials. • Provide C&A support for existing Programs of Record and/or new systems and networks. • Certification and Accreditation (C&A) package preparation - DIACAP, DCID 6/3, SSAA.• Represents the customer as the technical SME for security engineering in meetings with vendors, military, and civilian teams on highly visible programs. • Assists the IAM and Program Management with department and program-level efforts and other mission- critical events as needed• Provides completion of C&A packages, White Papers, Policy and Procedure documents,• Assists to streamline technical IA processes, make solid technically sound recommendations, validate technical solutions, and validate level of effort associated with projects and assigned tasks.• Assists and Conducts assessments on systems, networks, IA processes, and operations to include determining the security status and adherence to IA policy, procedures and standards.• Identifies, verifies, and consolidates specific vulnerabilities, causes, and recommend corrective actions from each assessment conducted.• Provides experience in Operating Systems (OS) security architecture, Security Audit tools (Retina, DISA Gold Disk, Nessus, NMAP, ACAS, Backtrack, Metasploit, etc.), security requirements documentation generation, and a sound working knowledge of routing and switching fundamentals (TCP/IP).• Demonstrates solid ability in Windows, Unix, Networking, and/or Security administration experience. • Carry’s out system hardening in accordance with Security Technical Implementation Guides and Security Requirements Guides, documentation, vulnerability scanning and management, assisting with setting up and preparing systems for certification activities, creating and maintaining DIACAP certification packages. • Develops and Implements instances of Host Based Security System (HBSS)• Configures and deploys modules (HBSS, DLP, RSD,etc) as needed • Tunes HBSS for configuration need to speciation• Demonstrates understanding of malicious code and exploit activities• Provides design, maintenance, modification, and scope solutions for Information Assurance Vulnerability Management deployment. • Conducts risk assessments• Provides Risk mitigation analysis• Develops and implements security recommendations to mitigate risks• Provides technical domain knowledge and contributes to the design/implementation of sophisticated architectural systems

4/2015 - 3/2016

Security Operations Center (SOC) Analyst

• Provide software engineering support and technical assistance during the planning, deployment, and maintenance phases of product life-cycle. • Conduct analysis to understand cyber threats using SPLUNK, SourceFire, FireEye, and BroIDS to

• Provide software engineering support and technical assistance during the planning, deployment, and maintenance phases of product life-cycle.• Conduct analysis to understand cyber threats using SPLUNK, SourceFire, FireEye, and BroIDS to recommend enhancements to security and system devices, tuning, or other architectural and security changes to bolster the agency’s protective posture• Administer, tune, and optimize Security Information and Event Management (SIEM) tool ArcSight, and associated event feed systems, devices, and processes.• Assist in the design, testing, deployment, and day to day operations of enterprise cyber security solutions and devices such as next-gen firewalls, secure file transfer, network Intrusion Detection/Prevention (IDS/IPS) products, Host-based Security Systems/Host-based Intrusion Prevention Systems (HBSS/HIPS), and Asset Discovery and Scanning systems.• Support Cyber Threat Intelligence gathering by providing up to date knowledge on emerging cyber threats and mitigation techniques• Technical documentation development, such as Standard Operating Procedures (SOPs), Design recommendations, product test and evaluations metrics, other cyber security technical documentation as needed/required.• Support CIRT incident response analysis and activities, as required• Perform vulnerability scanning of development systems and brief results and mitigation/correction approaches to technical stakeholders• Evaluate contingency plans, configuration management plans, security configuration checklists, STIGs and IAVAs, and other direction and guidance.• Security Device and product monitoring, detection, and analysis.• Train and develop cyber security team skills to improve overall team posture to detect and prevent intrusions

7/2014 - 12/2014

Sr. IT Security Analyst / Network Security / Cyber Security

• Interacted with the Information System administrators and coordinated meetings• Identified discrepancies in work products and reported progress of C&A project milestones tasks to the Team Leads• Assisted in managing project timelines and delegated tasks to Security Analysts to achieve documentation and project milestones• Managed the development and Quality Assurance of C&A artifacts, identified discrepancies in work, ensured standardization and continuous process improvement.• Initiated and/or updated artifacts from clients providing supporting system artifacts and templates• Assisted in the development and finalization of artifacts and ensured that C&A packages met the requirements outlined in DHS/NIST C&A templates, IA Control Validation Procedures, and DHS/Federal cyber security regulations using the NIST Framework• Conducted and documented NIST IA Control Compliance Checks• Developed and completed system authorization packages to include: System Security Plans, Privacy Threshold Analysis, Privacy Impact Analysis, and E-Authentication Assessments• Conducted assessments using tools: WebInspect, AppDetective, Nessus/Retina• Developed Security Test Reports, Architecture Documentation, POA&Ms, and System Boundary Definition• FIPS-199/200

1/2014 - 7/2014

Afloat Network Technician

• Serve as a Field Technician in support of Local Area Networks, and various other ADP equipment installed aboard US Navy ships • Support a senior analyst with both technical and administrative tasks related to the project with direct responsibility for assuring the correctness of a product• Evaluate, design, document, install, implement, test, and perform problem isolation and resolution and monitor, tune, and maintain a range of computer network components and systems. Perform these functions across some, but not all, physical media, protocol stacks, hubs, routers, bridges, gateways, and network management components.• Provide client consulting and training on the interface and use of the network facilities• Work within groups as applicable to begin to plan research; evaluate and recommend new computer network equipment; and utilize new technologies.• Use monitoring, performance analysis, network management, software and hardware equipment to troubleshoot and isolate problems; gauge network performance; and trace data and protocol activity.• Utilize the Remedy incident management tool along with the MSC Global Service Help Desk, and the Network Operations Center (NOC) to provide technical guidance, information and support, computer operations, workstation support, and organizational management• Conduct Information Assurance Vulnerability Management (IAVM) to include alerts, bulletins, technical advisories, and installation of all IA-related operating systems and application patches• Evaluate and recommend new computer network equipment and utilize new technologies• Utilize monitoring, performance analysis, network management, software and hardware equipment to troubleshoot and isolate problems, gauge network performance, and trace data and protocol activity• Produce/review substantive and/or complex technical documentation reflecting detailed knowledge of technical areas including but not limited to systems design, system architecture, feasibility studies, and system specifications• Devise solutions to operational problems within the capacity and operational limitations of installed equipment• McAfee ePolicy/End Point Protection Suite administration including virus protection, HIDS/HIPS, firewall, encryption and other workstation security technologies• Monitor and report on the protection suite status including endpoint versions• Monitor and report on virus detection activity• Deploy technology updates and ensure ongoing vendor support and licensing for technology deployment technologies• Identify process and technical improvements for the environment• Report on ticket status and updates on issues when in progress• Provide outstanding technical support and customer service• Resolve and document complex issues including root cause analysis, prevention and workarounds

7/2013 - 11/2013

Industry: Computer/IT Services

Information Assurance Officer (IAO)

• Review various Federal Civilian and Defense Information Assurance Policies and Guidelines for best practices in implementing secure systems for a DoD Acquisition Program* Follow Defense Information Assurance Certification and Accreditation Process (DIACAP), JAFAN 6/3 (Joint Air Force Army Navy Manual) and CNSS 1253 C&A (Committee on National Security Systems 1253 Certification & Accreditation) guidance for authorizing and maintaining the secure state of the systems* Review weekly Cyber Security bulletins and advisories, including CERT bulletins, that impact security of site Information Systems (IS) to include, US-CERT, AFCERT, ACERT, IAVA, and DISA ASSIST bulletins and report IAVA's & security alerts as applicable.* Design new IA processes and capabilities to defend against the current cyber threats facing the JSF Program and in accordance with DoD policy.* Work with IT personnel to improve security awareness and integrate security into the system development life cycle* Support Certification and Accreditation activities through reviews, comments and recommendations to the government & prime contractor.* Work with the Government IAM along with the DAA to ensure the development of system accreditation/certification documentation.* Formally notify the DAA/IAM (Government) when a system no longer processes classified information. Formally notify the DAA/IAM (Government) when changes occur that might affect accreditation/certification.* Ensure system security requirements are addressed during all phases of the system life cycle.* Establish audit trails and ensure their review.* Perform Security Tests & Evaluations to validate that security controls are in place as described* Collaborating with the specific government and/or industry C&A authorities at all primary and remote sites to ensure IA security compliance.* Working knowledge of networking technologies, Windows workstation and server technologies, and IA tools* Will support Unclassified environments* Coordinate with the IT staff to ensure all IA related issues are addressed during the preliminary and follow- on engineering phases* Provide IA Oversight and Regulatory Compliance support* Develop or Review system security documentation, to include the System Security Plan (SSP), DIACAP Package, and other required documents of the system requiring an accreditation decision* Develop and execute Security Test and Evaluation Plan (ST&E Plan) to achieve Authority to Operate (ATO)* Conduct periodic analysis of IT systems using Retina Network Security Scanner or other related tools to determine current IA posture, assessing system vulnerabilities; determining adequacy of security controls, and mitigating residual risk* Maintain systems in the DISA Vulnerability Management System (VMS), responding to Communicati

3/2013 - 5/2013

Industry: Computer/IT Services

IA Tester

• Assisted with Mobile User Objective System (MUOS) with DIACAP package development• Provided Microsoft Windows, Linus, and UNIX system engineering support to perform C&A security testing• Completed numerous assessments using Gold Disk, STIGS, Retina, and NESSUS• Collected and analyzed testing results to generate documentation to support DIACAP C&A activities to obtain Approval To Operate (ATO)• Performed manual assessment using Checklists and STIGs on databases (MS SQL, MySQL, Oracle, PostgreSQL)• Performed System Administration tasks as an example on how to fix/mitigate specific vulnerabilities.

7/2012 - 1/2013

Industry: Government and Military

MSC Infrastructure Support

Top Secret Clearance• Performs vulnerability assessment, mitigation, and remediation • Performs Security Test and Evaluation (ST&E) • Reviews RETINA scans and reports for certification and accreditation (C&A), risk assessments, and develops mitigation strategies.• Provides Information Assurance support in accordance with current DoD policies for IA and IA related matters, and with appropriate public law, National Institute of Standards and Technology (NIST), Defense Information Systems Agency (DISA), and DoD Information Assurance Certification and Accreditation Process (DIACAP) guidance• Performs IA risk assessments and assists with risk mitigation recommendations. • Reviews Defense Information Technology Security Certification and Accreditation Process

4/2012 - 7/2012

Industry: Computer/IT Services

IA Lab Team Member

• Top Secret Clearance• Assisted with Military Sealift Command’s (MSC) lab setup and build of lab network infrastructure• Assisted with setup of numerous servers, switches, and routers in an effort to mimic the shipboard environment• Maintained and monitored of SQL server, Windows 2003 server, and Windows XP workstations.• Performed vulnerability assessment, mitigation, and remediation • Performed Security Test and Evaluation (ST&E) • Reviewed RETINA scans and reports for certification and accreditation (C&A), risk assessments, and develops mitigation strategies • Provided Information Assurance support in accordance with current DoD policies for IA and IA related matters, and with appropriate public law, National Institute of Standards and Technology (NIST), Defense Information Systems Agency (DISA), and DoD Information Assurance Certification and Accreditation Process (DIACAP) guidance• Backed up, restored, and maintained Ghost images• Responsible for Active Directory structure• Provided Incident Response and guidance for information spillage • Provided Incident Response for all SQL related items• Assisted and conducted compliance reviews and IA audits. • Performed IA risk assessments and assists with risk mitigation recommendations. • Reviewed Defense Information Technology Security Certification and Accreditation Process

6/2011 - 3/2012

Information Assurance Lab Lead

• Top Secret Clearance• Assist with Military Sealift Command’s (MSC) lab setup and build of lab network infrastructure• Performs vulnerability assessment, mitigation, and remediation • Performs Security Test and Evaluation (ST&E) RETINA scans for certification and accreditation (C&A) risk assessments and develops mitigation strategies.• Provides Information Assurance support in accordance with current DoD policies for IA and IA related matters, and with appropriate public law, National Institute of Standards and Technology (NIST), and Defense Information Systems Agency (DISA) guidance. • Assists and conducted compliance reviews and IA audits. • Performs IA risk assessments and assists with risk mitigation recommendations. • Reviews Defense Information Technology Security Certification and Accreditation Process (DITSCAP)/Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) documentation for compliance with Federal, DoD, and U.S. Navy information systems security directives and requirements critical accreditation, risk, and threat/vulnerability reviews• Displayed indepth knowledge of MSC’s IA policy, COMSCINST 5239.3A and DON DIACAP Handbook

4/2011 - 6/2011

IA/CND Instructor

• Trained Navy Information Technology (IT) personnel in computer network defense, specifically HBSS• worked as a specialist within the SPAWAR Systems Center (SSC) Pacific C4ISR Training Development and Support Center (TDSC) functional area of Information Assurance/Computer Network Defense (IA/CND)• Assisted other SSC IA/CND professionals to ensure that they understood training requirements associated with IA/CND products• Developed and update training materials in accordance with Navy training standards as required• Tested and operated firewalls, intrusion detection systems, enterprise anti-virus systems and software deployment tools• Safeguarded local networks against unauthorized infiltration, modification, destruction or disclosure.• Provided information regarding the negative impact caused by theft, destruction, alteration or denial of access to information. • Provided recommendations on information assurance engineering standards, implementation dependencies, and changing information assurance related technologies. • Presented instruction at CONUS and OCONUS locations and responded to client requests and questions

7/2010 - 2/2011

Industry: Government and Military

Information Assurance Engineer

• Top Secret Clearance• Supported the creation and maintenance of DICAP and related documentation for both unclassified and classified information systems and networks.• Advised and assisted in providing research, guidance, technical support and expertise on policy/procedures on both unclassified and classified information systems and networks.• Researched, reviewed, and recommended computer security levels of core service information systems prior to implementation or test• Developed/maintained/managed certification and accreditation packages• Reviewed accreditation • Maintains situational awareness and initiates actions to improve or restore IA posture as well as conducting annual security reviews of all IA controls and the testing of selected IA controls

5/2009 - 6/2010

Industry: Computer/IT Services

Information Asurrnace

•  Top Secret Clearance •   Serves as Information Assurance Analyst directly supporting Commander Second Fleet •   Performs Security Test and Evaluation (ST&E) RETINA scans for certification and accreditation (C&A)     risk assessments and develops mitigation strategies. •   Provides Information Assurance support in accordance with current DoD policies for IA and IA related     matters, and with appropriate public law, National Institute of Standards and Technology (NIST), and    Defense Information Systems Agency (DISA) guidance. •  Assists and conducts compliance reviews and IA audits. •  Performs  IA risk assessments and assists with risk mitigation recommendations. •  Prepare and review  DITSCAP and DIACAP  certification and accreditation documents •  Lead IA analyst performing Gold Disk and Retina scans •  Lead IA analyst performing remediation of findings of Gold Disk and Retina scans •  Lead IA analyst performing administration of Host-based Intrusion Prevention System (HIPS) using    McAfee E-Policy Orchestrator 4.0 and 3.6 •  Assists in maintenance and administration of Cisco routers and switches •  Assists in maintenance and administration of Windows 2003 and 2000 machines • Installed and maintained Blackberry Enterprise Server (BES) 4.x • Provided Help Desk support for provisioning over 200 Blackberry Handhelds

10/2007 - 5/2009

Industry: Computer/IT Services

Information Assurance Analys

•   Served as Information Assurance Analyst directly supporting Commander Second Fleet •   Performed Security Test and Evaluation (ST&E) RETINA scans for certification and accreditation (C&A)     risk assessments and develops mitigation strategies. •   Provided Information Assurance support in accordance with current DoD policies for IA and IA related     matters, and with appropriate public law, National Institute of Standards and Technology (NIST), and    Defense Information Systems Agency (DISA) guidance. •  Performed as lead IA analyst while conducting compliance reviews and IA audits. •  Performed IA risk assessments and assists with risk mitigation recommendations. •  Prepared and reviewed  DITSCAP and DIACAP  certification and accreditation documents • Performed as lead IA analyst performing Gold Disk and Retina scans •  Performed as lead IA analyst performing remediation of findings of Gold Disk and Retina scans •  Performed as lead IA analyst performing administration of Host-based Intrusion Prevention System (HIPS)    using   McAfee Epolicy Orchestrator 4.0 and 3.6 •  Assisted in maintenance and administration of Cisco routers and switches •  Assisted in maintenance and administration of Windows 2003 and 2000 machines • Installed and maintained Blackberry Enterprise Server (BES) 4.x • Provided Help Desk support for provisioning over 200 Blackberry Handhelds

11/2006 - 10/2007

Industry: Computer/IT Services

Information Assurance Anlalyst

• Serves as Information Assurance Analyst directly supporting the Department of the Navy Designated Approval Authority (DAA).• Performs Security Test and Evaluation (ST&E) RETINA scans for certification and accreditation (C&A) risk assessments and develops mitigation strategies.• Develops System Security Authorization Agreement (SSAA) documentation in accordance with DoD Information Technology Security Certification and Accreditation. Process (DITSCAP).• Reviews System Security Plans (SSP) for National Institute of Standards and Technology (NIST) and Federal Information Processing Standards (FIPS) Compliance.• Validates application compliance with Unclassified Trusted Network Protection Policy (UTNPP).• Evaluates applications and systems for Federal Information Security Management (FISMA) compliance.• Reviews Business Continuity Plans (BCP) and Contingency Plans (CP).• Prepares and processes ATO and IATO accreditation packages for Department of the Navy networks and applications.• In Depth knowledge of NMCI, ONE-NET, Force-Net, IT-21 and Legacy accreditation processes.• Subject Matter Expert for Navy Marine Corps Intranet (NMCI) Infrastructure Steering Committees.

5/2006 - 11/2006

Industry: Government and Military

Information Assurance Analyst

• Perform all aspects of Information Assurance (IA) support at an expert level• Capability to analyze complex IA problems and issues and recommend solutions that impact the enterprise• Effectively communicate with senior management, both orally and in writing.• Responsible for oversight of DoD IA policy and regulations. • Provide Information Assurance support in accordance with current DoD policies for IA and IA related matters, and with appropriate public law, National Institute of Standards and Technology (NIST), and Defense Information Systems Agency (DISA) guidance. Additionally, perform the following:• Assist and conduct compliance reviews and IA audits. • Perform IA risk assessments and make risk mitigation recommendations. • Prepare and maintain policy guidance and handbooks. • Develop and maintain IA training plans. • Assist in DeCA and DoD reporting requirements. • Assist in obtaining accreditations. • Perform Security test and evaluations in accordance with DITSCAP. • Prepare DITSCAP certification and accreditation documents. • Maintain IA databases and documents.

10/2003 - 5/2006

Sr. Consultant

• Member of Navy’s Red Team for the Fleet Information Warfare Center • Maintained and administered Checkpoint Firewall on Windows 2000 platform • Maintained and administered CISCO routers and switches • Maintained Windows VPN between production and test lab • Responsible for maintaining connectivity between Red Team Operations Center and Fleet Battle Group.• Loaded and configured numerous desktop and laptop computers and with dual boot operating systems Fedora Core X, Red Hat Linux and Windows 2000 and XP • Scanned multiple Navy networks for vulnerabilities, cataloging and prioritizing the vulnerabilities for exploit and correction.• Conducted onsite network security surveys using multiple tools including ISS Internet Scanner, Retina, and Nessus Scanners • Lead four man teams to conduct in depth onsite physical and network security assessments by using multiple exploits to evaluate the Navy’s network security highlighting vulnerabilities for correction.• Spent over 50% of the past year on travel to numerous Navy sites promoting network/information security and performing Service Level Agreement (SLA) testing and certification.• Worked extensively on Unix and Unix variants such as Linux • Worked with Symantec security suite which includes Personal firewalls, and Antivirus clients • Conducted tests against firewalls such as Raptor and Pix, as well as reported how well Intrusion Detection Systems reported anomalies on the network.

3/2002 - 10/2003

Network Admin

• Responsible for back-up and restore process (Veritas 4.1) • Responsible for planning and implementation of software and hardware • Troubleshooting client email clients Eudora, Outlook, and Goldmine • Responsible for management and administration of multiple domains • Responsible for planning and implementation of software and hardware • Responsible for Cisco router configuration and connectivity • Responsible for management and maintenance of Checkpoint Firewall 4.1 and Checkpoint Firewall 4.1 logs • Management and maintance of multiple servers including IIS, DNS, Exchange, and FTP • Troubleshooting (Win 9x, NT, 2000, XP, LAN, WAN) • SQL Server 7 Administration • Programming in ASP, HTML, JAVA Script, and SQL

7/2000 - 3/2002

Technical Support Analyst

• Managed and maintained multiple servers including IIS, Exchange, and FTP • Was responsible for management and administration of multiple domains • Implemented and managed network servers (including configuration of Active Directory) • Implemented network security (firewalls, virus software) • Used network monitors and sniffers to measure site bandwidth usage • Administered of network backups (using NTBackup and Backup Exec) • Troubleshot and administered Win 9x, NT, Windows 2000, Office 97/2000 LAN, WAN (such as performed diagnosis of software, Bios updates, OS service packs, and option packs) • Was responsible for multiple databases including Oracle 8, SQL 7, and 2000 • Managed, maintained, and administered multiple servers including IIS, Apache, Exchange, and FTP • Was responsible for planning and implementation of software and hardware • Was responsible for implementation and maintenance of proprietary fundraising software (Millennium) on client's networks. • Advised customers on topologies and modifications of networks • Provided extensive direct user support

2/2000 - 4/2000

Cable Technician

• Fabricated and installed CAT-5 cable• Installed and fused fiber optic cable• Installed and troubleshot servers• Troubleshot Creston systems

2/2000 - 4/2000

Computer Consultant/Technician (contractor)

• Configured more than thirty work stations for network access • Installed and configured network interface cards • Installed and configured SCSI devices (i.e. scanners, hard-drives, etc.) • Troubleshot and replaced equipment as necessary

11/1998 - 12/1998

Contract Programmer

• Programmed Windows in TCL/TK • Analyzed end-user programming and computer resource requirements • Analyzed data handling procedures for efficiency, effectiveness,and security • Developed and tracked project completion schedules

6/1998 - 8/1998

Computer Consultant/Technician

• Installed software to multiple platforms (WIN95,98,NT,and Linux) • Installed and maintained software for more than 1,500 customer users • Assembled computers from fundamental components • Troubleshot problems as needed for customers • Installed and configured SCSI devices (i.e. scanners, hard-drive,etc.)

EDUCATION:

10/2004

Certification

CISSP (Certified Information Systems Security Professional)

8/2004

Certification

CEH (Certified Ethical Hacker)

6/2002

Certification

Microsoft Certified Professional

12/1999

Bachelor's Degree

Computer Science

CERTIFICATION:

4/2008

10/2007

3/2004

LANGUAGES:

Languages

Proficiency Level