SUMMARY:

• 32 years in Information Technology (IT) as a security engineer, technical analyst, systems programmer, application programmer, and technician. The last 18 years have been specialized in Information Assurance (IA). Currently possess a DoD Top Secret security clearance and CISSP .

PROFESSIONAL EXPERIENCE:

Confidential, Merrifield, VA

Senior Security Engineer

Responsibilities:

• Senior IA Engineer for the Air Force Deliberate Crisis Action Planning and Execution Segments (DCAPES), Joint Capabilities Requirements Manager (JCRM), and Preferred Force Generation (PFG) Automated Information Systems (AISs). Appointed as the Information Assurance Officer for Defense Information Systems Agency (DISA) Joint Planning and Execution Services (JPES). Performs IA requirements analysis to include the review of DoD and Air Force IA policy, directives, instructions, and guidelines. Develops security test plans based an examination of system components. Interfaces with application requirements and engineering teams to ensure that IA requirements are addressed throughout the Software Engineering Lifecycle. Participates in software design reviews.
• Performs IA compliance assessments and validation of Security Technical Implementation Guides (STIG) requirements to include UNIX, database, web server, application server, and application development. Coordinates Security Readiness Reviews (SRRs) for systems going through the DoD Information Assurance and Accreditation Process (DIACAP). Prepares, coordinates, and manages the SRR team schedule. Performs SRRs and Secure Configuration Compliance Validation Initiative (SCCVI) eEye Retina scans. Utilizes Security Content Automation Protocols (SCAP) contents and tools. Expert knowledge of the DoD Vulnerability Management System (VMS) to include asset maintenance and vulnerability compliance reporting. Evaluates security review results, performs risk assessment, and develops an IA compliance assessment report for the customer. Assists in Plan of Action and Milestones (POA&M) development and finding resolution.
• Develops and maintains DIACAP package and IA artifacts in support of and Accreditation (C&A) activities in the DISA Enterprise Mission Assurance Support Service (eMASS). Develops and maintains the System Security Plan (SSP), Vulnerability Management Plan (VMP), and Disaster Recovery Plan (DRP) for systems. Reviews Information Assurance Vulnerability Management (IAVM) notifications and Air Force Technical Compliance Network Orders (TCNOs) to determine applicability, performs initial impact analysis, and provides remediation recommendation.

Confidential, Herndon, VA

Software Systems Engineer

Responsibilities:

• Certifying Authority Representative and Team Lead for the DoD System branch of DISA Field Security Operations (FSO). Coordinated Security Test and Evaluation (ST&E) visits for systems going through the DIACAP and DoD Information Technology Security and Accreditation Process (DITSCAP). Examined systems to assess IA requirements and composed the technical team for the ST&E. Prepared, coordinated, and managed the SRR schedule for all team members. Developed and provided briefings regarding the SRR process and visit status to site and internal senior level management. Assisted in POA&M development and finding resolution. Evaluated the SRR results, performed risk assessment and root cause analysis, and developed a Certifier’s accreditation recommendation letter and slides for the Designated Accrediting Authority (DAA). Used the DoD VMS to manage and report on ST&E assets and activities.
• Directly responsible for the development and maintenance of the DISA OS/390 and z/OS STIGs used by the DoD community. Researched and evaluated security requirements for numerous software products on OS/390 and z/OS platforms. Reviewed, evaluated, and integrated all technical updates submitted by team members and DISA organizations into the STIGs. Hosted annual Technical Interchange Meeting (TIM) for the DISA community to discuss security topics on OS/390 and z/OS platforms. Presented the status of OS/390 and z/OS projects directly to Directors at quarterly meetings.
• Performed OS/390 and z/OS SRRs, developed audit reports, and performed resolution support to correct security exposures identified at the sites. Performed program code review and analysis of site - developed system and application exits.
• Responsible for the development, maintenance, testing, and packaging of the OS/390 and z/OS SRR tools used by DISA FSO. These tools included auditing checklists, automated SRR scripts, and an extensive array of database tracking and reporting elements.

Confidential, Tyson’s Corner, VA

Technical Support Analyst

Responsibilities:

• Solely responsible for North American support of Legent's TSO performance products, TSO/MON and TSOPLUS. Assisted customers with product installation, problem determination, and resolution for TSO related problems. Primary technician responsible for TSO/MON and TSOPLUS quality assurance, including testing of new versions, releases, and maintenance. Designed product test plans. Coordinator of all new general availability offerings for these TSO products. Taught on-site seminars and assisted sales staff in pre-sales support.

Confidential, Springfield, VA

Systems Programmer

Responsibilities:

• Responsible for systems programming support for MVS/XA running on two IBM 4381 mainframes. Performed operating system upgrades, installation, customization, and monitoring of numerous mainframe software products. Provided support to the application programming staff.

Confidential, Washington, DC

Systems Programmer

Responsibilities:

• Responsible for system level support of MVS/SP and associated subsystems. Performed installation, maintenance, and testing of numerous mainframe software products. Performed DASD management. Provided mainframe security support to include user account management and resource access permissions using ACF2.

Confidential, Washington, DC

Programmer

Responsibilities:

• Responsible for the development of new programs utilizing assembler, COBOL, and ROSCOE (RPF with ETSO) programming languages in a CICS/VS environment under MVS/SP and MVS/XA operating systems. Developed program documentation, installed various in-house software packages, and provided basic programming specifications for junior staff members.