TECHNICAL SKILLS:

Assured Compliance Assessment Solution (ACAS),RMF, FISMA, NIST 800 - 53, NIST 800-37, RiskVision, eMASS, XACTA, Tenable Nessus Scanner, Microsoft Office 2010/2013, Microsoft Windows 7/8/10, Microsoft Windows Server 2012r2, Splunk, BMC Remedy Ticketing System, HBSS, DISA STIG Viewer, SCAP Tool.

PROFESSIONAL EXPERIENCE:

Confidential

Security and Assessment &Authorization Analyst

• Conduct Assessment and Authorization (A&A) process for Operational information systems and networks within Navy Enterprise Mission Assurance Support System (eMASS) in accordance with current DOD, DON and NAVSEA A&A policies.
• Conduct in-depth technical reviews of A&A documentation from NAVSEA field activities seeking accreditation by the Functional Authorizing Official (FAO)/Functional Security Control Assessor (FSCA) in accordance with appropriate policies and procedures and develop recommendations accordingly. Such documentation include the Categorization Form, Security Plan (SP), Security Assessment Plan (SAP), Security Assessment Report (SAR), Privacy Impact Assessment (PIA), Risk Assessment Report (RAR), Accreditation Decision Letter (ATO), Plan of Action and Milestones (POA&M), Security Test and Evaluation (ST&E) test reports, and other documentation as required by the FAO/FSCA, e.g., Architectural/Network Diagram (traceability).
• Strong knowledge of NIST 800-53 Revision 3/4, NIST 800-37, FISMA, Risk Management Framework (RMF), and additional cyber security standards and policies.
• Complete reviews and provide appropriate feedback within the timelines dictated by appropriate policies and procedures.
• Perform information assurance certification and accreditation analysis, security assessments, and make recommendations to the Information System Security Managers to bring their systems into compliancy.
• Document and analyze deficiencies in Plans of Actions and Milestones (POA&Ms) or requests prepared for Acceptance of Risk (AoR)
• Assist NAVSEA HQ and NAVSEA field activities in preparing their A&A documentation for submission to the Navy FAO/FSCA.
• Maintains the Enterprise C&A Tracking (ECAT) database, used to record the present status of all NAVSEA accreditation packages as well as storing/archiving information on accreditations already received and systems that have since been inactivated. Modify the database as required.

Confidential

Senior Information Assurance/Security Specialist

• Determine enterprise information assurance and security standards.
• Develop and implement information assurance/security standards and procedures.
• Coordinate, develop, and evaluate security programs for an organization. Recommend information assurance/security solutions to support customers' requirements.
• Overhaul continuous monitoring program by spearheading Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP), and Security Technical Implementation Guide (STIG) engineering and analysis activities.
• Identify, report, and resolve security violations.
• Working knowledge of: McAfee EPO (HBSS), Windows Architecture and other security tools.
• Document and report incidents from initial detection through final resolution using standard DoD incident reporting channels and methods .
• Deploy, configure and maintain the full capabilities of the Host Based Security System (HBSS) products to all enterprise-wide managed systems including, McAfee Agent (MA), HIPS, Device Control Module (DCM), Policy Auditor (PA), Data Loss Prevention, Rogue System Detection (RSD) and VirusScan (VSE) for McAfee Host Based Security System (HBSS).
• Monitor open source feeds and reporting on the latest threats against computer network defenses.
• Establish and satisfy information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
• Identifying and validating system/service vulnerabilities
• Support customer at the highest levels in the development and implementation of doctrine and policies.
• Perform analysis, design, and development of security features for system architectures.
• Create and present reports and other artifacts on the vulnerability assessment and penetration testing processes and routines to support Agency and Federal security and privacy compliance goals and requirements
• Design, develop, engineer, and implement solutions that meet security requirements.
• Provide integration and implementation of the computer system security solution.
• Analyze general information assurance-related technical problems and provides basic engineering and technical support in solving these problems.
• Perform vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle.
• Identify, track, and remediate vulnerabilities identified by Information Assurance Vulnerability Alerts (IAVA), A&S teams, or by scanning with automated security tools.

Confidential

Information Systems Security Officer

• Ensure that assigned information systems are operated, maintained and disposed of in accordance with approved security policies and practices
• Ensure that system security requirements are addressed during all phases of the IS lifecycle.
• Develop and maintain SSPs and all other system security documentation, reviewing and updating them at least annually for all assigned systems
• Author or coordinate the development of other required system security plans: Configuration management (CM), Contingency Plan (CP), Continuity of Operations (COOP), Disaster Recovery Plan (DR) and Incident Response Plan (IRP).
• Support risk assessment and evaluation activities throughout the system's lifecycle.
• Implement a strategy for continuous monitoring for assigned systems including: Establishing system audit trails and ensuring their review, reporting all identified security findings and initiating  the periodic review of security controls
• Knowledge utilizing Risk Vision to update the security controls for various systems
• Performing Vulnerability scanning using Nessus and AppDetector
• Request or conduct required information system vulnerability scans in accordance to establish policy; Develop system POA&Ms in response to reported vulnerabilities
• Ensure compliance with annual FISMA deliverables and reporting.
• Investigate any information technology or system security incidents
• Assesses and mitigates system security threats/ risks throughout the program life cycle; determines/ analyzes and decomposes security requirements at the level of detail that can be implemented and tested; reviews and monitors security designs in hardware, software, data, and procedures,
• Perform system certification and accreditation planning and testing and liaison activities; supports secure systems operations and maintenance.
• Perform security engineering analysis, risk and vulnerability assessment, etc. Monitor and analyze security functional tests. Prepare C&A documentation such as SSP, SCONOPS, ST&E reports, etc.

Confidential

Senior SQL Server DBA/Database Security

• Responsible for the operation, maintenance and support of the high-availability SQL server database/SAN platforms located in remote Data Centers across multiple time zones. 
• Support daily operations including monitoring, alerting, troubleshooting, capacity management, software configuration, patching, upgrades, proactive performance monitoring/maintenance and backup/recovery of all installed MSSQL databases across all environments 
• Help with cyber defense of client networks at the DB and related technology level.
• Create, manage and troubleshoot Windows Clustering and SQL Server
• Sustainment of SQL 2008 and 2012 clusters and migration of various disparate SQL environments onto new clusters.
• Under general supervision, operated all aspects of Information Systems, data availability, integrity, authentication, confidentiality, and non-repudiation.  
• Ensure timely resolution of vulnerabilities on agency IT Systems
• Work with team members in identifying potential vulnerabilities to cyber and information security
• Usage of SCOM and SCCM for the monitoring and applying patches of SQL and the servers they reside
• Resolve all DBA incident tickets and provide a DBA Status Report on a weekly basis on DBA incidents escalated from Tier I organizations.
• Provide guidance and instruction to the service desk for handling standard network infrastructure related incidents and service requests.
• Administration, implementation, monitoring, and operations and maintenance of SQL databases on VMware servers and on non-virtualized servers.
• Provide DBA Documentation to Tier I organizations on the procedures for completing the task.
• Support multiple servers and multiple databases of medium to high complexity with multiple concurrent users, ensuring control, integrity and accessibility of the data.
• Allocation and management of drive space on the servers.
• Maintain the overall health of technologies associated with Database Infrastructure.
• Monitor the health of Database Infrastructure with MCNOSC provided event management tools.
• Provide MCNOSC project support for Database Infrastructure related technologies.
• Coordinate with S5 and other MCNOSC sections on DBA issues and participate in a Change Review Board. Escalate DBA issues to third party product vendors.
• Conduct Certification and Accreditation using Department of Defense (DOD) Standard Implementation Guidance (STIG) for SQL Server

Confidential

Information Security Analyst

• Guide System Owners and ISSOs through the Certification and Accreditation (C&A) process, ensuring that management; operational and technical controls for securing either sensitive Security Systems or IT Systems are in place and are followed according to federal guidelines (NIST 800-53).
• Conduct the IT risk assessment and documented the control, Conduct meetings with the IT client team to gather evidence, develop test plans, test procedures and document test results and exceptions.
• Conduct walkthroughs, formulate test plans, document gaps, test results, and exceptions; and develop remediation plans for each area of testing.
• Develop the audit plan and perform the General Computer Controls (GCC) testing of Information Security, Business Continuity Planning, and Relationship with Outsourced Vendors.
• Implement information security requirements for IT systems throughout their life cycle from the requirements definition phase through disposal.
• Create or update the System Security Plan and conduct an Annual Self-Assessment.
• Conduct Systems Risk Assessment through Risk Analysis, assess the various Assets within the systems boundaries and rigorously identify all the possible vulnerabilities that exist within the system.
• Supports determinations of who should have classification authority, and reviews plans for document and access controls, transmission of sensitive information and materials, and related information controls and safeguards.
• Create or update the System Security Plan and conduct an Annual Self-Assessment.
• Inspect configuration, check configuration compliance, test IT Controls functionality and inspected logs. Review signatures within IDS/IPS tools (Snort) to ensure signatures are up to date to minimize false positive and false negative in the System.
• Perform IT operating effectiveness tests in the areas of security, operations, change management, and email authentication.
• Administers and coordinates policies and procedures for analyzing and evaluating the character, background, and history of employees, candidates for employment, and other persons having or proposed to be granted access to classified or other sensitive information, materials, or work sites. Prepares visitor access requests (VARs), as appropriate.
• Working experience with Security Technical Inplementation Guide (STIG), DoD Information Assurance polices and experience with the NIPR, SIPR or CENTRIXS certification process

Confidential

SQL Server Database Administrator

• Responsible for all functions associated with the implementation and maintenance of SQL server databases including security, backup, reporting, and recovery procedures.
• Install, configure, and maintain database instances; create various database objects, create users with appropriate roles and levels of security
• Evaluate, test and deploy new releases, patches, and upgrades related to the database management system
• Perform database performance analysis, capacity planning, system sizing and ongoing maintenance/tuning to ensure maximum performance and availability
• Assist application development teams with planning and implementing database changes as well as query / job optimization
• Develop report using SQL Server Reporting Services (SSRS)
• Review database design and integration of systems and make recommendations for any improvements
• Maintain a secure environment across all application environments
• Provide support for all SQL server needs and enforcement of naming conventions, relational databases modeling and other database standards
• Develop and maintain “Best Practice” services in support of databases

Confidential

Business Systems Analyst

• Responsible for providing Remedy IT Service Management (ITSM) Suite development and Administration expertise on Remedy Systems.
• Configure and troubleshoot the ITSM Suite as well and assist in collecting, organizing and editing information required for preparation of functional requirements document and technical design documents.
• Maintain an understanding of IT trends in order to predict and prepare for upcoming changes.
• Assist in developing ITIL operational processes or procedures related to Configuration Management
• Implement all aspects of configuration management for deployed systems on base .
• Maintain, enforce, and enhance the configuration management solutions ensuring the timely availability of all control items for operational use.
• Create and maintain a configuration management database and all necessary documentation and policies, including detailing the policies and procedures necessary to maintain the integrity of all IT services, updating all policies and procedures as necessary, maintaining an up-to-date record of all components of the IT systems, and maintaining a record of the location and address of all hardware. (servers, etc.)
• Maintain an accurate asset management database and using the system to determine if needed assets are in stock or must be purchased.
• Create the asset management strategy and plan and aligning it with both business and service requirements; ensuring the success of the asset management strategy and plan.
• Enhance asset management automation to increase information integrity and accuracy and reduce variances.
• Understand asset management technologies, including best practices and trends; communicating new developments in asset management standards, procedures, and technology.
• Maintain the integrity of all service assets and configuration items by ensuring that only authorized components are used and only authorized changes and upgrades are conducted.
• Act as a subject matter expert for new project requests where asset management is a major project component.