Jason James DeLuca

7797 Forest Valley Loop

Colorado Springs, CO 80908

Home/Cell: (757) 323-7461 Email: jdeluca9@live.com

 

Objective: Seeking full time employment as a Cyber security Analyst

Goals: Obtain DOD 8570 IAM/IAT Level III certification and Bachelor’s degree.

 

HIGHLIGHTS OF WORK EXPERIENCE

·           Maintained a Department of Defense (DOD) Top Secret/SCI clearance

·           Passed a CI polygraph in 2007

·           Awarded National Security Agency star award for outstanding performance

·           Honorably discharged veteran from the United States NAVY

·           Fifteen years work history

·           Eight years security engineering experience

·           Strong technical background

·           DOD 8570 IAT level II and IAM level II certified

 

PROFESSIONAL EXPERIENCE

 

DOD/USAF, Harris Corp., Colorado Springs COSep 2015 –Present

Cyber Security Analyst IV

·           Supervised a team of twelve cyber security engineers

·           Assisted with transitioning DIACAP accreditation packages to Risk Management Framework (RMF) authorization packages

·           Provided on-boarding instructions to new team members

·           Provided subject matter expert (SME) advise to the cyber security team

·           Ensured project tasks where completed by contractual end dates

·           Generated Power Point slides for bi-weekly cyber security working group meetings

·           Obtained custody of existing body of evidence artifacts from the Government representative

·           Distributed all Government Furnished Information (GFI) to the cyber security team

·           Partnered with the Government to identify new RMF body of evidence artifacts

·           Reviewed all Risk Management Framework (RMF) Security Authorization Packages (SAPs) before delivering to the Government

·           Tracked existing DIACAP accreditation statuses for each system

·           Created a Security Assessment Plan (SAP) template

·           Created Risk Management Framework (RMF) cyber security requirements for new projects

·           Communicated with the Government representative on a daily basis

·           Reviewed and commented on meeting minute notes

·           Briefed the Government during cyber security working group meetings

·           Trained the cyber security team on how to use DISA STIG Viewer, DISA SCAP/SCC tool, Vulnerator, Nessus and Security Center

·           Performed Risk Management Framework (RMF) cyber security site assessments

 

DOD/USAF, Harris Corp., Colorado Springs COMay 2015 –Sep 2015

Cyber Security Analyst III

·           Conducted Solaris, Linux, Unix and Windows vulnerability assessments

·           Conducted Network Layer 2 switching and Layer 3 switching vulnerability assessments

·           Conducted Microsoft SQL Database, Oracle Database vulnerability assessments

·           Conducted VMware ESXi, McAfee Anti-Virus, JAVA, .NET Framework, Microsoft Active Directory, Apache Server, DNS, Firewall and Microsoft Office vulnerability assessments

·           Utilized the DISA STIG viewer application to document and perform DISA STIGs assessments

·           Developed automated mechanisms to increase efficiency of Cybersecurity assessment

·           Interacted with system engineers and technical leads

·           Preformed peer review of security assessment plans

·           Created new Risk Management Framework (RMF) System Security Plan (SSP) template for DIACAP to

·           RMF transition

 

DOD/USAF, Omitron Inc., Colorado Springs CONov 2014 –Apr 2015

Software Security Engineer

·           Conducted Microsoft Windows, VMware ESXi, Host Based Security System (HBSS), DNS, DHCP, Solaris and IAVA assessments

·           Utilized the DISA STIG viewer application to document and perform STIGs assessments

·           Exported STIG results into database application

·           Analyzed STIG results for consistency and accuracy

·           Provided software and network security recommendations pertaining to vulnerabilities, findings and exploits

·           Collaborated with software and network integrators while implementing security requirements

·           Acted as a subject matter expert for Host Based Security System (HBSS) software implementation

·           Generated Host Based Security System (HBSS) configuration guide in accordance with the Host Based

·           Security System (HBSS) DISA STIG

·           Generated Plan of Action and Milestones (POAMs) documentation

·           Responsible for maintaining and configuring JIRA application

·           Installed and configured the Assured Compliance Assessment Solution (ACAS)

·           Generated ACAS Software Design Document (SDD) for future deployment efforts

·           Utilized Wireshark to troubleshoot scanning issues

·           Updated and assessed Ports Protocols and Services Matrix (PPSM) documentation

·           Documented system upgrades and new capabilities within existing DIACAP packages

 

DHS/FEMA, Washington, DC.Jul 2014 – Oct 2014

Cyber Security Analyst/ Security Assessor

·           Conducted site visits and assessments to inspect and verify information system reports and plans at Industrial and Government locations

·           Performed compliance testing as it relates to NIST 800-53 controls

·           Interviewed site personnel/subject matter experts

·           Inspected SSL implementation in accordance with FIPs 140-2 requirements

·           Inspected physical security implementation

·           Provided inputs to the Security Assessment Results (SAR) package

·           Provided security advice and guidance in accordance with FISMA/NIST requirements

·           Generated System Security Plan (SSP), FIPS-199 Categorization worksheet, E-Authentication worksheet and

·           Privacy Threshold Analysis (PTA) document

·           Generated Plan of Action and Milestones (POA&Ms)

·           Gathered and produced Security Assessment Packages (SAP)

·           Provided authorization recommendation/risk recommendation to Government liaison

·           Performed documentation Quality Assurance (QA) tasks

·           Experienced with documentation content management process

 

DOD/USAFA, Solers Inc., Colorado Springs, CODec 2013 - Jun 2014

Senior Information Assurance Engineer

·           Defined and managed network security infrastructure components in accordance with DOD,  HIPPA, Privacy

·           ACT and PII requirements

·           Developed and delivered preliminary design review package for network security architecture

·           Experienced with Certification and Accreditation (C&A) under DOD DIACAP requirements

·           Knowledgeable in DIACAP, DOD 8500.2, DISA and NIST documents

·           Experienced with Nessus vulnerability and compliance scanning tool, Host Based Security System (HBSS)

·           suite, SCAP compliance scanning tool, DISA STIGs and Retina vulnerability scanning tool

·           Drafted and submitted Information System Security Plans

·           Experienced in Certifying and Accrediting VMware ESXi virtual environments

·           Performed vulnerability and compliancy scans and documented results

·           Managed and configured Host Based Security System (HBSS) implementation

·           Evaluated and submitted FIPs140-2 encryption recommendation to government customer

·           Experienced with HIPPA and PII security requirements

·           Drafted and submitted security relevant documentation for Certification and Accreditation (C&A)

·           Experienced with DOD Certification and Accreditation (C&A) application (eMASS)

·           Responsible for developing overall system security architecture

·           Experienced with Jira/Agile process related to Software Development Life Cycle (SDLC)

·           Experienced with scanning, hardening and accrediting Windows and Linux environments

·           Validated DISA STIGs for Cisco Nexus virtual switches and Cisco virtual Adaptive Security Appliances

·           (ASAs)

·           Validated Red Hat Linux and Oracle Database STIGs

 

NOAA, Solers Inc., Greenbelt, MDOct 2013 - Dec 2013

Lead Enterprise Security Architect

·           Experienced with Assessment and Accreditation (A&A) under the Risk Management Framework (RMF)

·           Provided technical design, implementation planning, testing expertise for network and security infrastructure components

·           Knowledgeable in NIST 800-53, NIST 800-53A and NIST documents

·           Experienced with Nessus vulnerability and compliance scanning tool, Host Based Security System (HBSS)

·           suite, Arch Sight audit solution,

·           SCAP compliance scanning tool, DISA STIGs, CIS compliance requirements, Tripwire log center and Retina vulnerability scanning tool

·           Reviewed and submitted security deliverable documents

·           Experienced in Assessing and Accrediting (A&A) Red Hat Kernel Based Virtual Machine (KVM)

·           environments

·           Reviewed vulnerability and compliance scans results

·           Performed and reviewed static code analysis vulnerabilities utilizing HP Fortify software

·           Performed and reviewed web vulnerabilities utilizing HP Web Inspect software

·           Witnessed security test cases performed

·           Researched and prepared recommendations for Cisco ACS implementation

·           Responsible for overseeing the development of the system security architecture

·           Responsible for performance work evaluations of security team members

·           Worked closely with government customer

 

NRO, Solers Inc., Chantilly, VANov 2011 - Oct 2013

Information Assurance Engineer

·           Experienced with Assessment and Accreditation (A&A) under the Risk Management Framework (RMF)

·           Knowledgeable in NIST 800-53, NIST 800-53A, ICD-503, ICDs and NIST documents

·           Experienced with ACAS continuous monitoring solution, Arch Sight audit solution, SCAP compliance scanning tool, DISA STIGs, Retina vulnerability scanner and WASSP scanning tool.

·           Drafted and submitted Information System Security Plans (SSPs)

·           Experienced in Assessment and Accreditation of VMware ESXi virtual environments

·           Performed vulnerability and compliancy scans and documented results

·           Performed internal and external security audit reviews

·           Maintained and updated security-relevant documentation

·           Created and executed security test cases

·           Submitted software requests on behalf of users

·           Familiar with Fed Ramp’s Assessment and Accreditation (A&A) process and requirements

·           Experienced with scanning, hardening, certifying and accrediting Windows and Linux environments

·           Installed and configured RADIUS server

·           Installed and configured root Certificate of Authority (CA) servers

 

NRO, General Dynamics AIS., Chantilly, VAMar 2010 - Nov 2011

Classified Domain/Systems Administrator (evening support)

·           Maintained Windows servers, network components and Windows workstations

·           Responsible for maintaining and configuring Symantec backup servers, Microsoft SQL and MySQL

·           databases, Microsoft IIS web servers, Windows domain controllers and Windows DNS severs

·           Installed Windows operating systems, applications and drivers

·           Skilled in troubleshooting computer systems, servers, software and fiber optic networks

·           Advanced knowledge in computer hardware, Microsoft applications and operating systems

·           Responsible for maintaining security Certification and Accreditation (C&A) documentation

·           Responsible for Information Assurance Vulnerability Alerts (IAVA) installed on computers

·           Responsible for purchasing and installing new server and desktop equipment

·           Responsible for maintaining inventory of all Government IT assets

·           Collaborated with network technicians to resolve network related issues

·           Expert in deploying, configuring and managing Microsoft WSUS patch management solution

 

Abbtech Staffing Inc., Herndon, VAJun 2009 - Feb 2010

Domain/Network Administrator (part time job)

·           Responsible for maintaining and configuring Symantec Backup Exec server, QuickBooks database server, Domain Controller servers, DNS severs, DHCP server, Microsoft Active Directory server and WatchGuard Firewalls

·           Applied patches utilizing Microsoft Windows Update Server (WSUS)

·           Responsible for rotating and labeling backup tapes

·           Ordered new servers, laptops, network devices, monitors and UPS equipment

·           Migrated network from a 100MB backbone to a 1GB backbone

·           Installed switches, media converters and network cabling

·           Troubleshot and resolved hardware, network and software issues

·           Maintained software and asset inventory spreadsheets

·           Installed Microsoft Windows PC and server operating system, applications and drivers

·           Interacted with hardware vendors to schedule on site repairs

·           Securely wiped laptops with WipeDrive Pro application before offering to employees

 

NRO, General Dynamics AIS., Chantilly, VANov 2008 - Nov 2011

Senior Information Assurance Engineer

·           Managed and maintained software security risk web application

·           Designed new web application and performed alpha and beta testing

·           Maintained application data integrity by performing random audits

·           Conducted briefs and training pertaining to software security risk application

·           Collaborated with other intelligence communities pertaining to software security risk assessment procedures

·           Performed basic reviews and evaluations of software products proposed for installation

·           Provided help desk support to users

·           Issued software risk alerts to users

 

 

 

 

 

NRO, AT&T Technical Solutions, Chantilly, VAOct 2007 - Oct 2008

Classified Systems Administrator/Tier II Help Desk

·           Experienced with government ticketing system application

·           Resolved tickets within a specific time interval

·           Responsible for hardware and application troubleshooting

·           Experienced with Altiris to rapidly deploy host operating systems

·           Experienced with Microsoft SCCM as a patch management solution

·           Experienced with Retina scanning tool and resolved systems non-compliant with Retina vulnerability scans

·           Installed operating systems, applications and drivers

·           Skilled in troubleshooting computer systems, servers, software and fiber optic networks

·           Advanced knowledge in computer hardware, Microsoft applications and operating systems

·           Installed new desktop hardware

·           Responsible for updating inventory of Government IT assets

·           Performed annual inventory review with logistics office

·           Hardened laptops in accordance with security requirements

 

TruGreen Chem. Lawn, Virginia Beach, VAFeb 2007 – Oct 2007

Cool Season Lawn Technician (waiting security clearance renewal and start date with AT&T Technical

Solutions)

·           Held EPA pesticides license

·           Applied fertilizers and pesticides to lawns according to schedule, safety procedures, and label instructions

·           Drove company vehicle to customer locations

·           Completed required production forms and customer instructions

·           Assisted in sales to current customers through contact on route

·           Measured lawn of potential customers to provide them with an accurate cost of TruGreen’s service

·           Performed a daily three-minute, 360 degree inspection of truck and equipment before taking the vehicle out on the road and upon returning

·           Completed production reports, new sales forms, customer invoice forms, daily vehicle inspection report, and cancel/skip notices as required daily

·           Maintained vehicle and equipment through cleanliness, safety, and general maintenance

 

NSA/CSS Colorado, U.S. NAVY, Aurora, COJan 2005 – Dec 2006

Cryptologist Technician/Intelligence Analyst

·           Operated highly classified computer systems

·           Interpreted and analyzed ELINT signals of importance

·           Safeguarded highly classified materials

·           Researched historical intelligence records using classified databases

·           Experienced with analytical and message generating programs

·           Provided reports to Homeland Defense and other intelligence agencies

·           Trained personnel in analytical skills

 

USS Mount Whitney, U.S. NAVY, Norfolk, VAJun 2000 – Dec 2004

Electronic Warfare Technician/Torpedo Countermeasure Technician

·           Operated missile defense and torpedo countermeasure equipment

·           Experienced in troubleshooting missile defense and torpedo countermeasure equipment

·           Responsible for performing and documenting preventative maintenance

·           Experienced with power meter, oscilloscope and millimeter

·           Experienced with high voltage equipment

·           Safeguarded secret materials in accordance with DOD requirements

·           Interpreted and analyzed ELINT signals of importance

·           Researched historical intelligence records using secret publications

·           Experienced with message generating programs and secure voice communications

·           Trained and supervised personnel

·           Advanced knowledge in RF

 

Stuyvesant Town Parks and Recreation, New York City, NYJun 1999 – Aug 1999

Park Attendant (summer job)

·           Responsible for opening and closing parks in accordance with park hours

·           Responsible for maintaining safety of children within the park facilities

·           Reported suspicious activities to local police

·           Validated residency for those wishing to enter the park

·           Maintained logs of residence entering the park

·           Provided fun and energetic activities to younger children

 

Dean & DeLuca, New York City, NYJul 1998 – Jan 19

Receiving Clerk/Produce Clerk (High school part time job)

·           Verified invoices and made necessary changes to reflect actual count

·           Responsible for placing goods in storage

·           Responsible for wrapping pallets with shrink wrap before placing in storage

·           Operated manual freight elevator and pallet jack

·           Weighed produce for customers and printed price tags

·           Interacted with customers by answering questions concerning produce taste

·           Responsible for maintaining an impeccable produce display

·           Responsible for restocking produce during store hours and at the end of the day

·           Opened and locked the store doors

EDUCATION

Fiorella H. LaGuardia High School of Music and Arts, New York, NY1999

SUNY Maritime College, Bronx, NY1999-2000

TRAINING/CERTIFICATIONS

Electronic Warfare Operations “A” school2000

NRO ISSO workshop2011

HP Fortify2013

HP Web Inspect2013

HBSS Admin2014

CompTIA Security + CETM2014 (ISC)² CAP® Certified Authorization Professional              2015

CNSS-4016-I Certified (Risk Analyst-Intermediate)2015