TECHNICAL SKILLS:

Skills/Tools: LAN/WAN, Checkpoint Firewall, Mcafee Sidewinder Firewall, Linux(RedHat), Cisco, TCP/IP, Network Security, Network Security Design/Architecture, Cybersecurity, Information Assurance(vulnerability scanning, C&A), Product Design Testing & Training, Penetration Testing, Windows Server 2000, 2003, 2008, Active Directory, Exchange, VMware ESX/ESXi5, Wireshark, Nmap, Nessus, BurpSuite, HP Fortify, Metasploit, Web Inspect, Spirent Testing Suite and Equipment, DIACAP, DITSCAP, NIST SP, FISMA, DISA STIGS, DISN Circuit Accreditation, IAVA, IAVM, IA Assessments, VMS, Risk Analysis/Risk Management, SANS (CAG 20), COBIT business framework, HIPAA, PCI DSS, Microsoft Office Suite, Technical Writer, Policy Writer, Security Awareness Training, Security Assessments, Audit Compliance, Continuous Monitoring, Hardware/Software Asset Management, Configuration Management, Project Management

PROFESSIONAL EXPERIENCE:

Confidential

Sr. Security Engineer

Responsibilities:

• Providing Fully Qualified Navy Validation services for Naval systems pursuing ATO re - accreditation
• Reviewing Risk Assessment Reports, Plan of Action and Milestones (POAM), and other DIACAP/NIST RMF artifacts to analyze and confirm risk of system
• Reviewing SSP, 8500.2 / 800-53 rev4 IA controls, and RMF documents for systems going through assessment and authorization to receive ATO accreditation.
• Entering documents/artifacts into eMASS for control compliance, updating eMASS with applicable statements for Not Applicable Controls, and entering assessment findings into eMASS POAM related to automated/manual technical assessments as well as control non-compliant findings based on lack of documentation.
• Creating Certification and Determination letter to provide to Navy Certification Authority (CA) and receive confirmation on system risk.
• Participating in collaboration calls for system re-accreditation with PM and other stakeholders on remediation/mitigating vulnerabilities found in the system.
• Assisting with Nessus scans of system and helping system administrators understand vulnerabilities and how to patch/ remediate the findings to resolve the problems or mitigate/implement security solutions to reduce the risk.
• Executing manual testing of software/hardware system components using DISA STIGs/SRGs and creating Plan of Action and Milestones (POAM) to work with system administrators to remediate/mitigate risk of open findings.
• Executing automated web application testing with HP Fortify on web applications and providing results to application POC's for remediation and mitigation efforts
• Executing software application vulnerability assessment/penetration testing looking for code security flaws and vulnerabilities with automated tools.
• Assisting with internal/external security audits, regulatory compliance reviews, and updating organization IT policy to meet the current best security practices and governance.
• Reviewing architectural designs for healthcare applications installed on-premise or in cloud providers (AWS and other SaaS providers) against company policy/guidance's. HIPAA privacy guidance for PII/PHI, and PCI-DSS guidance's.
• Reviewing technical specifications for healthcare applications to include encryption for data at rest and in transit, vulnerability assessments, SOC II reports (cloud providers), and assessing risk of installing healthcare applications transmitting and storing PII/PHI.
• Conducting vendor assessments of outside healthcare applications and providing risk assessment reports to management and applicable stakeholders on overall risk of application related to HIPAA for PII/PHI as well risk to the system owners.

Confidential , FT. Meade, MD

Senior Security Architect

Responsibilities:

• Worked at DISA testing and implementing Security Technical Implementation Guides (STIGs) on VMware virtual mobile system solutions in commercial and NIPRnet lab environments.
• Worked at DISA preparing for FSO IT security audits of virtual mobile system against DoD best practices, vulnerability scanning/penetration testing, proper STIG implementation, and other risk assessment activities
• Worked at DISA executing application security assessments of internal and external applications via automated and manual techniques to understand the risk and security posture.
• Worked at DISA inputting/mitigating/remediating vulnerabilities within he Vulnerability Management System (VMS). Creating and maintaining POAMs in eMASS and VMS while tracking risks.
• Worked at DISA supporting Certification and Accreditation documentation creation, updating, and modifying in eMASS for system to obtain and maintain IATO/ATO accreditation.
• Worked at DISA applying SRGs to mobile system solution while working with vendor and FSO on STIG development of system components
• Worked at DISA with PPSM team to get non-approved ports approved to the PPSM CAL through vulnerability assessments
• Worked at DISA assisting in security architecture discussions and policy creation for virtual mobile system solutions within enterprise environments.
• Worked at DISA supporting DIACAP to NIST RMF (Risk Management Framework) system transition for virtual mobile system solution including selecting system categorization, data types, and compliancy of system with NIST controls related to DIACAP controls for accredited system.

Confidential , Arlington, VA

Sr. IA Consultant/ Security Architect

Responsibilities:

• Worked at DoDEA editing C&A documentation (SOPs, Visio Diagrams, User Manuals) in preparation for DoDEA FIAR Audit.
• Worked at DoDEA creating network diagrams, architectural diagrams, system overviews, dataflow diagrams, and narratives based off PM and management input of applicable system.
• Worked at DoDEA assisting in Business Impact Analysis (BIA) meetings to assist in Continuity of Operations (COOP) and Disaster Recovery Planning (DRP) for DoDEA key financial assets.
• Worked at DoDEA assisting in gathering Service Level Agreements (SLA) and identifying missing SLAs that need to be put in place for core processes where external parties were responsible for data security, data integrity, data availability, and data confidentiality.
• Worked at DoDEA participating in risk assessment meetings, interviewing stakeholders, identifying issues and non compliant audit controls with respect to FIAR audit. Worked with stakeholders and management to come up with budget conscious/long term solutions for security problems within the organization technically and administratively.
• Worked at DoDEA assisting in PCI-DSS audit of business systems processing payments checking for compliance with regulations reviewing source code with HP Fortify.
• Worked at DoDEA executing application assessments of internal and external applications via automated and manual techniques to understand the risk and security posture.
• Worked at DoDEA providing written reports featuring validation evidence, exposure, remediation recommendations, and overall risk posture to explain business needs against security concerns to both executive management and technical teams.

Confidential , Washington, DC

PM/Sr. Information Systems Engineer

Responsibilities:

• Worked at Confidential as a PM managing several C&A resources (ISA's/ISE's) on two separate contracts for on schedule burn rate and ensuring contract deliverables are submitted on time and above client’s expectations. Creating cost reports, weekly status reports, monthly invoice status reports, Performance Assessments, project plans for short and long term C&A FY goals. Coordinating with the COR, ACOR, and TPOC weekly on contractual and business issues ensuring that the SOW is met and any changes that need to occur due to change in scope are discussed and agreed upon before moving forward.
• Worked at Confidential as a Sr. Information Systems Engineer creating DIACAP system documentation for certification and accreditation (Network architecture, accreditation boundary, POAMs) for ATO accreditation/re-accreditation. Worked with system admins to implement STIGs and document STIGs not applied for risk assessment purposes. Applied Retina scans to system to provide automated risk assessment of systems within the enterprise architecture.
• Worked at Confidential as a Validator validating DIACAP packages for Ashore Systems and Afloat Systems/Sites. Validating CAP, DIP, SIP and associated artifacts/documentation for correctness and completeness within IATS/EMASS for correctness and completeness. Analyzing Security Testing (Retina, Gold Disk(If applicable before 1 Apr 13), STIG's, SRR, SCAP Tool Test Results, and Manual 8500.2 IAC testing), POAM's, Scorecard, and Validation Report for IAC traceability ensuring package represents complete and current risk posture of reviewed system/site or type before creating certification and determination letter to present to Navy CA for review and approval. Reviewing PIT packages to be submitted for PIT designation and subsequent PIT Risk Assessment for PIT ATO consideration. Assisting government client with eMASS C&A package validation/package submission, annual security review compliance, FISMA review compliance, and C&A package re-accreditations.

Confidential , Washington, DC/Alexandria, VA

Sr. Cyber Security Engineer/Security Architect

Responsibilities:

• Worked at federal client as a Sr. Cyber Security Analyst on a high-performance team that designs, develops, integrates and tests cyber security solutions that solve a range of critical problems in an non DoD operational environment.
• Worked at federal client as a Sr. Cyber Security Analyst performing account recertification, penetration testing, vulnerability scanning, developing hardening guidance, security architecture assessment, and implementing hardening configurations in accordance with the SANS CAG 20 controls.
• Worked at federal client as a Sr. Cyber Security Analyst assisting Tech PM with product refresh of network equipment and implementing product life cycle management into the CFTC culture. Worked with PM's and technical POC's to get product requirements, researching vendor capabilities with respect to product requirements and budget, setting up vendor presentations for Tech PM and other applicable POC's, Worked with vendor on lifecycle cost of product (purchase, implementation, upgrades, warranty, maintenance), performing alternatives of analysis assessments of other security solutions available and recommending the best solution to management based on need, budget, and long term ROI.
• Worked at federal client as a Sr. Cyber Security Analyst assisting the PM with creating and executing project schedules, revising as appropriate to meet changing needs and customer requirements, and managing resources within budget and project schedule
• Worked with federal client to do a gap analysis of current network security architecture with existing security. Reviewing CISCO router and switch configurations, ForeScout NAC security implementations, SAN configurations, IDS/IPS configurations, and Firewall configuration to ensure they meet vendor best practices and HIPAA safeguards to be in compliance.
• Worked with federal client in overseeing enterprise-wide security guidance and centralizing the creation, editing, and finalization of security documents. Ensuring any changes went through a thorough and extensive CAB (Change Advisory Board) ensuring all person's of interest were not adversely effected by an upgrade, system/maintenance change, or any change to a system as well as the security of the enterprise architecture.
• Worked with federal client executing application assessment of internal and external applications via automated and manual techniques to understand the risk and security posture of an application.
• Worked with federal client conducting source code analysis and audits using HP Fortify Software Security Center. Administered and configured application assessment, vulnerability scanning and penetration test tools such as: RetinaCS, Nessus, Metasploit, WebInspect, BurpSuite.
• Worked with federal client providing written reports featuring validation evidence, exposure, remediation recommendations, and overall risk posture to explain business needs against security concerns to both executive management and technical teams.

Confidential , Ft. Meade, MD

Lead Sr. Information Assurance Analyst/CDS Team Lead

Responsibilities:

• Reviewing DIACAP C&A packages consisting of ATO/IATT Letter, Scorecard, POA&M, SCQ, SIP, Network topology, and CTM given ATO/IATT accreditation by service DAA for SIPRNet.
• Scanning Classified SIPRNet enclaves for vulnerabilities and loading results into VMS for scan analysis. Scanning burned in classified SIPRnet enclaves approved by CYBERCOM with IATT accreditation requesting IATC/ATC connection accreditation.
• Analyzing SIPRnet enclave scans loaded in VMS. Providing customer scan analysis results along with customer service on how to fix moderately complex issues regarding customer's enclave and firewall.
• Providing technical security architectural expertise in planning, preparing and executing the DISN connection approval requirements for DoD and Non-DoD Service and Agency Information Systems.
• Resolving complex customer issues and reporting progress on problem resolution to management. Offering improvements to current testing procedures and assisting in test configuration management activities for work efforts. Using multiple client tools, client specific reference materials, customer service skills and problem solving skills to diagnose and solve internal and external/customer problems.
• Operating as CAO CDS team/CDTAB Secretariat team lead providing risk analysis of CDS implementations in customer’s network enclaves using NSA RDAC risk rating. Reviewing presentations prepared for and presenting at DSAWG (Defense Information Assurance Security Accreditation Worked Group) and CDTAB (Cross Domain Technical Advisory Board) meetings to receive concurrence for ST&E and Operational deployment of CDS’s within customer’s SIPRNet enclaves.
• Operating as CAO CDS team/CDTAB Secretariat team lead supervising several analysts providing risk analysis of CDS security architectural implementations in customer’s enclaves using NSA RDAC risk rating. Reviewing presentations prepared by CDS analysts and presenting at DSAWG (Defense Information Assurance Security Accreditation Worked Group) and CDTAB (Cross Domain Technical Advisory Board) meetings to receive concurrence for ST&E and Operational deployment of CDS’s within customer’s SIPRNet enclaves.
• Operating as CAO CDS team/CDTAB Secretariat team lead conducting Tiger Teams to correct remote compliance scanning issues and DoD guidance on SIPRNet circuit and Cross Domain Solution disconnects.
• Operating as CAO CDS team/CDTAB Secretariat team lead providing government client management WAR (Weekly Action Reports) weekly/monthly, and QPR (Quarterly Progress Reports). Providing updates to Connection Approval Office CPG (Connection Process Guide), CJCSI 6211, updating SOP (Standard Operating Procedures), CDTAB (Cross Domain Technical Advisory Board) Charter.
• Operating as CAO CDS team/CDTAB Secretariat team lead providing training and guidance on Grid Connectivity Threat Analysis and ratings. Creating risk analysis processes for the CDS Team to analyze risk for the four areas of Data Stream Integrity, Internal Protections, Enclave Isolation and Boundary Protections with regards to network topology, enclave diagrams, internal security implementations and data processing procedures to be submitted at CDTAB/DSAWG meetings for approval.

Confidential , Washington, DC

Sr. Information Assurance Analyst/Sr. Security Engineer Architect

Responsibilities:

• Worked for NAVSEA IA ODAA team reviewing Certification and Accreditation DIACAP and DITSCAP packages transitioning to the NMCI network looking to attain ATO accreditation.
• Reviewing Scorecards, POA&M's, DIP's, SIP's, C&A Plans, network architectural diagrams, retina results, SRR scripting results and other supporting documentation to ensure package was ready for validation and review by ODAA and CA reviewers.
• Checked document status in IATS and system registration in DADMS for packages being submitted for ATO accreditation.
• Worked for NAVSEA IA team reviewing packages(C&A Plan, SSP, network architectural diagrams, etc) for PIT/RDT&E PIT packages looking to obtain PIT determination and later PRA PIT accreditation.
• Technical Lead for NPCI/IG inspection of NAVSEA Naval activities auditing IS owners for proper scans of systems, checking Firewall configuration policies making sure they have the proper PPS and are compliant with UTNPP and CTNPP firewall policies, reviewing CISCO routers and switches ensuring they are STIG compliant. Ensuring system owner are implementing and enforcing IA policies and Naval guidance’s/CTO's. Ensuring IAVA reporting and IAVM is being conducted per DoD and DoN policy.
• Technical Lead for NPCI/IG inspection of NAVSEA Naval activities reviewing retina scans, gold disk baselines, and SRR Linux script results for systems that had ATO accreditation and those systems with expired ATO accreditations.
• Travel to bases, satellite offices, navy yards and NAVSEA locations to perform IA assessments and boundary reviews for IS owners to understand accreditation boundary of their network.
• Perform Retina scans on Classified and Unclassified networks to check for vulnerabilities within NMCI systems at the Washington Navy Yard and select assets in Spawar facilities.
• Provide Information Assurance security assessments related to network system design, server consolidation, information assurance policies, application development and rationalization, and future planning. Reviewed policies against HIPAA regulations for health related projects and PCI DSS for payment card systems.
• Perform New Technology and Network Design Information Assurance impact analysis on customer's IT operations.
• Support Information Assurance architectural assessments and transition planning
• Briefing CIO's, Naval Base activities/commands CO's, IAM's and other executive's on IA best practices and resolutions on correcting inefficiencies within their IA departments.

Confidential , Washington, DC

Sr. Security Architect/Network Engineer & Assistant Product Manager

Responsibilities:

• Worked for SPAWAR Norfolk to provide on-site C5RA and IA assessments aboard CVN-75 for security accreditation prior to operational introduction to the Fleet.
• Worked for SPAWAR San Diego on E2C project to help implement MANET network for Secure SIPRnet and Unsecure NIPRnet communications from Naval Ship to Aircraft to Submarine environment.
• Training Navy Personnel and SOVT’ed CVN-75 crew on TTN (Tactical Terrestrial NetWorked) System on QRA and provided COMOPTEVFOR personnel with data captures for reports and viability of TTN system.
• Supporting NSWC Carderock with network designs and system prototypes that address efficient technology transition strategies for Quality of Service, native format IPv6, Simulator Augmented Network Management and TransSec encryption interoperability in joint and multi-platform ConOps. Developed IA architecture and transition roadmap for ADNS/ADMS and its interfaces into the DISN
• Worked with sub-contractors to create prototype Cross Domain Solution for Navy customer with Locked down SE Linux and proprietary software on VMware solutions.
• Created test networks to mimic afloat and ashore networks for integrating new network devices such as routers (CISCO, JUNIPER), switches (CISCO), and firewalls (Checkpoint, CISCO, JUNIPER) with vendor equipment to show client different scenarios of traffic flow to meet project requirement. Created VPN tunnels and to authenticate to Radius and LDAP directory in DMZ for test environments.
• Worked with HIPAA and NIST regulation to accredit system with outside connection from DoD network that needed private users to access data on DoD networks. Assisted Program manger and client with ensuring HIPAA guidance with respect to health records along with NIST security guidance was followed and implemented in external connection. Assisted in MOA/MOU agreement between DoD customer and private client on external connection. Updated network security architectural diagrams to reflect external connections and all security implementations protecting the confidentiality, integrity, and availability of the data traversing the connection.
• Worked with company to assist in PCI DSS security assessment and HIPAA assessments for auditing projects. Assisted Business units and Divisions in conducting audits of customers systems, policies, security implementations, and provided current compliancy as well as gap analysis for customer to get in compliance with applicable regulations.
• Information Assurance vulnerability scans on Windows and Unix/Linux machines with Gold Disk, Retina, and SRR scripts to lockdown systems going into mission critical and mission support environments.
• Penetration testing network devices and servers in a test environment looking for covert channels, open PPS (ports protocols and services) that can be used by hackers to exploit and compromise sensitive data. Once the devices were penetration tested and vulnerabilities were discovered, they were then patched and re-scanned for to ensure risk was lowered and only vulnerabilities accepted by system owner were remaining. These devices were then installed in live environments and re-scanned to ensure that risk was not introduced to secret and Top-secret environments that had not been accepted by the government client.
• Network testing using Spirent Smartbits for DUT including Throughput, Latency, QOS. Combined with Dejavu Traffic Replay device to test actual network traffic in Lab simulated environment.
• Performed EQT testing and MIL-STD testing for cPCI products going into rugged Grade A military environments.
• Writing and presenting test plans for networked communications (i.e QoS in a multiplexed IP/ATM network, IP over satellites/terrestrial radios) and Integrate Bridge Network Systems (IBS) machine to machine message translation in a cross-domain inter-network architecture.
• Researched, Evaluated, and Tested Common Criteria Certified firewall products such as Checkpoint(R55, R60, R61,R65), Mcafee Sidewinder, Fortinet FortiGate, and Borderware for implementation into Naval IBNS/HME/MCE/GEDMS/FODMS environments. Tested products under DISA STIG, and NIST policies.
• Prepared SSAA/C&A plan for DITSCAP/DIACAP accreditation of systems in Naval environments. Created, edited, and reviewed documentation such as Scorecards, POA&M's, architectural diagrams, etc.
• Conducted C&A processes, CT&E, ST&E, Vulnerability assessments, and IAVA reporting to attain Authority to Operate (ATO) on Naval platforms.
• Assisted Project/Product Manager with Product Lifecycle management of IT products. Duties included Worked with clients on requirement specifications, researching capabilities for in-house production or outsourcing, product design, customer testing, integration/implementation testing, change management, document management, and product management post product acceptance and implementation. I conducted Product Specification meetings, vendor meetings, and created the WBS with the PM to stay on budget and on schedule.

Confidential , Laurel, PA

Security Engineer

Responsibilities:

• Breaking down Windows Server 2000 servers and installing new Windows Server 2008 IBM Blade Servers for Confidential locations after hours.
• Performing Quality Assurance testing on-site for proper network connectivity and profile management of CISCO routers and switches
• Fix problems that may occur with improper login scripts, SQL scripts, netWorked NIC mis-configured, and any other issues that occurred at site.

Confidential , Radnor, PA

Telecommunications Security Architect/Engineer

Responsibilities:

• Managing, administering, and supporting Blackberry Server (BES), wireless devices, contracts, and setups (includes Verizon, ATT/Cingular, Sprint/Nextel devices). Worked with devices including Blackberries, cell phones, and air cards.
• Providing backup support and administration for Avaya (VOIP) phone systems
• Provided backup support and administration for video conferencing
• Provided backup support and administration of CISCO routers and switches
• Managed Blackberry Server 4.1 running on windows 2003 by connecting users profiles to their blackberries and making sure proper permissions and security certificates were provisioned to allow push and pull of email, trained users on blackberry usage, managed and completed blackberry rollout of over 250 maintenance workers adding them to the domain and creating profiles in active directory then training on blackberry message and work order retrieval. Mapped drives on maintenance workers computer and then connected the blackberries so that all push applications were downloading properly.
• Providing backup plans for Exchange and Blackberry Server with monthly maintenance and disaster recovery testing. Setting up Wiring for new business clients in local and Out of State offices.

Confidential , Norristown, PA

Network Security Architect/Engineer

Responsibilities:

• Using the Remedy Ticketing System along with other infrastructure systems (Snooper, Webaxe, MTI, Snap) I troubleshot network issues.
• I monitored and helped maintain Lucent, Nokia (GSM), Erickson (GSM & TDMA), Nortel, and Cisco Switches and routers within the NOC facility. Upgraded catalyst switches and router via console connection or Tivoli Enterprise console with Cisco Cat OS and with Cisco IOS. Monitored network traffic through Infinistream Sniffers, and occasionally with Cisco works. Configured different routing protocols ranging from OSPF, RIP, and BGP; also ACL configurations, firewall(CISCO,JUNIPER) configurations and VLAN setups to be integrated into the WAN/LAN topology.
• Worked with infrastructure engineers to ensure network design allowed for scalability with added users and little to no latency throughout the network. Enforcing perimeter security along with access control within the internal network as well through Radius servers and LDAP configuration.
• Tracked call records using CDRlive and Traffica to determine what switches and trunks problems were occurring on to find a solution and resolve the issue.
• Ran SS7 traces to find call failures in network. Worked with Change Management on MOPS for system reboots, antennae turndown, and other change related operations. Worked as On-call for issues during the weekends facilitating and answering any minor or major questions that may occur during non-business hours. Monitored Remedy tickets assigned to different regions and field technicians that were affecting the NE region and worked with different departments to quickly resolve issues.

Confidential , Allentown, PA

Network Security Architect/Engineer

Responsibilities:

• Troubleshoot cellular issues ranging from Blackberry’s, PDA’s, and cell phones on the network.
• Worked on Remedy tickets assigned to the NE NOC for tower issues, server issues and other telecom related outages. Monitored GSM/GPRS network servers for outages, and helped the NOC with upgrading catalyst OS’s and router IOS’s via console connection or Tivoli Enterprise console. Assisted Senior network engineer in routing configurations, VLAN setups, ACL configurations, CISCO firewall configurations, and integrating components into the network. Assisted senior engineer in adding components to LAN.
• Worked with Technical Support to manually configure unsupported phones for customers