Experience

E&M Technologies, Inc.

• United States
• IT Services and IT Consulting
• 1 - 100 Employee

• Information Security Analyst IV

  • Oct 2022 - Present

  Safeguarding of data and information, focused on the tenets of security that include Confidentiality, Integrity and Availability Provide comprehensive support to protect and defend networks and all attached systems by validating configurations and ensuring regulatory compliance with DoD and Air Force directives Provide security architecture and design recommendations in support of the migration and integration of new hosting service clients. Support to the Department of Defense Cybersecurity training and refresh training program. Use of Government furnished security assessment software to conduct vulnerability assessment scanning. Support the Authority to Operate (ATO) efforts following the Risk Management Framework for DoD IT (RMF) process IAW DoD Instruction 8510.01 Risk Management Framework (RMF) for DoD Information Technology, DoD Instruction 8500.01 Cybersecurity, DoD Instruction 500.02 Operation of the Defense Acquisition System, Joint Capabilities Integration and Development Systems (JCIDS) Manual, Public Law (P.L.) 100-235 (Computer Security Act of 1987), Office of Management and Budget (OMB) Circular A-130, DoD Directive 5220.22, DoD 5220.22M and DoD 5220.22-M- Supplemental. Support to Authorization and Accreditation documentation and testing efforts to include development of plans, policies, and procedures and ensuring timely submission of accurate accreditation documentation. Support to achieve compliance in Information Assurance Vulnerability Assessment (IAVA) and Security Technical Implementation Guide (STIG) required postures using the Army approved scanning tools and reporting systems. Policy and procedure recommendations to the Enterprise Services Division in support of the migration and integration of new hosting service clients. Provide support to ensure personnel are properly classified and certified with DoD 8570.01 IA Certification Program. Show less



Ishpi Information Technologies, Inc. (DBA ISHPI)

• United States
• Information Technology & Services
• 1 - 100 Employee

• Information Technology Security Analyst

  • Jul 2022 - Oct 2022

  -Transmit documents via DoD public key infrastructure (PKI) encrypted email or place in government designated repository. -Serve as the Information Assurance Officer (IAO) for assigned applications -Review system or application audit logs either manually or through automated tools -Report any system anomaly that could result in an unauthorized disclosure of or access to sensitive information within one hour of identification. -Review current threats and outstanding vulnerabilities using Assured Compliance Assessment Solution (ACAS) -Perform monthly vulnerability scans for assigned applications or systems. If the scan must be performed by CEDC personnel, the contractor shall initiate the request. -The contractor shall protect the vulnerability scan results as UNCLASSIFIED/ SENSITIVE. -Support security and IA evaluations; develop/maintain test and audit records -Perform monthly access audits and suspend and restore user accounts as needed to control access. -Perform and document quarterly tests of the backup and restore capability for each assigned application or database. -Apply DISA STIGs to configure systems, operating systems and vendor updates, patches and version upgrades. -IA Vulnerability Alerts (IAVA), IA Vulnerability Bulletins (IAVB). Technical Advisories (TA) or Computer Tasking Orders (CTO) and Vulnerability Assessments and Management. Implement the necessary IA/CND mechanisms. Monthly scanning of the systems using the current CEDC vulnerability-scanning package. -Update and document applicable C&A artifacts to support accreditation or reaccreditation. -Support obtaining C&A for assigned applications or systems, to include process support, analysis support, coordination support, conduct of various IA control validation activities, compiling validation results, and creation or execution of Plan of Actions and Milestones. -Cyber Security Operational Services for protection of all sensitive information, the Information Systems, Information System Domains Show less



Sev1Tech LLC

• United States
• IT Services and IT Consulting
• 400 - 500 Employee

• RMF Cyber Analyst

  • Nov 2021 - Jul 2022

  -Providing mission cyber support for the HQ Air Combat Command (ACC) in support of Enterprise Mission Systems, the RMF Cyber Analyst applies expertise and work experience executing cyber risk assessments to perform duties assigned by the Security Control Assessor (SCA) for AF Enterprise systems. -Reporting to the Cyber Security Task Lead, RMF Cyber Analyst determines system vulnerabilities and residual risk based on analysis of technical artifacts, interviews, and evaluation of current system state. -Conduct System Categorizations, Security Plan Approvals, and Full System Security Assessments. -Applies expertise and work experience executing cyber risk assessments to perform duties assigned by the Security Control Assessor (SCA) for AF Enterprise systems -Contributes toward recommendations on processes and methodologies to assess cybersecurity risk on information technology within the SCA's appointed authorization boundary -Works with other Cyber Analysts, SMEs, and SCARs to ensure that all cybersecurity analysis and cybersecurity risk assessments are completed with time and quality standards established by Division leadership and Task Lead -Determines system vulnerabilities and residual risk based on analysis of technical artifacts, interviews, and evaluation of current system state -Evaluates effectiveness of proposed mitigations -Recommends technical/policy changes to mitigate cyber risk -Supports program and projects with security and information assurance requirements elicitation based on customer and subject matter expert communication and independent research -Support additional duties as required. Show less



Atlantic Systems Group INC.

• United States
• Computer and Network Security
• 1 - 100 Employee

• Cyber Security Analyst

  • May 2019 - Nov 2021

  -Review completed Assured Compliance Assessment Solution (ACAS) scans and Security Technical Implementation Guide (STIG) checklists and perform all coordination functions with the Security ------Control Assessor Liaisons and Navy Authorizing Official Cyber Security Analysts (CSA) for Security -Authorization Package review, processing requirements, and issues associated with Checkpoint schedules. -Conduct in-depth reviews of authorization packages and artifacts within Enterprise Mission Assurance Support Service (eMASS). -Reviewing, analyze and report on current authorization status and Authorization Termination Dates (ATD) for all systems within the client's portfolio and review Security Assessment Plans, System-Level -Continuous Monitoring Plans, Implementation Plans, Security Control Tailoring Plans, Plans of Actions and Milestones, and Security Assessment Reports (SAR). -Make determinations if there are risk posture changes when system modifications are requested for authorized systems, the brief status of RMF package reviews, and recommendations for concurrence to the client. -Develops plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs. -Reviews violations of computer security procedures and discusses procedures with violators to ensure violations are not repeated. -Monitors use of data files and regulate access to safeguard information in computer files. -Monitors current reports of computer viruses to determine when to update virus protection systems. -Review IAVM (information assurance vulnerability management) mitigation plans for approval. -Review and process CAR (conditional authorization request), HRE (high risk escalation), CLSA (component local service assessment), and BCR (boundary change request) requests. -Demonstrate and retain requisite cybersecurity knowledge in multiple areas to be able to properly inform and support the varied work activities. Show less



Invictus International Consulting, LLC

• United States
• Defense and Space Manufacturing
• 100 - 200 Employee

• Information Systems Security Officer

  • Dec 2018 - May 2019

  -Assist the Regional ISSM in the oversight, inspection, review, and accreditation of Information -Systems -Ensure and validate hardware and software inventory process and procedures to oversee equipment and software entering and departing the data center(s) -Ensure and validate backup and data restoration processes and procedures for customer managed systems and networks -Perform media and laptop inspections and scans -Provide review and progress reports of all Plan of Action and Milestones (POA&M) -Provide weekly metrics and reports of customer service activities -Conduct daily review of government provisioned ticketing system for required response to incidents, events, actions, and requirements. Provide management of assigned actions in accordance with agency prescribed timelines -Manage Media Control & Personal Electronic Devices (PED) Program oversight -Provide IA Exercise Support and as well as support for International Systems -Execute the system and site Risk Management Framework program in the region/AOR as outlined by CIO issuances -Conduct Risk Assessment for Sites within Region and provide Risk Assessment Reports (RAR) annually -Perform day to day tasks associated with the agency's Continuous Monitoring Plan -Support the management of the Data Transfer Officer Program (DTO) user requirements (Enterprise/Regional Level) -Support the establishment of end to end IA processes and procedures across CIO to streamline AO/DAO approvals and to establish IT security standards for region in accordance with current DOD and IC policy guidance -Support the development and execution of a checklist for required system security controls validation in accordance with the system/site Continuous Monitoring Program (CMP) -Develop key metrics for continuous monitoring of IA Ops functions which support FISMA reporting and compliance -Provide regional/associated sites and site specific assessment support, coordinated with A&A and local ISSM staffs Show less



Goldbelt Falcon, LLC

• United States
• Defense and Space Manufacturing
• 1 - 100 Employee

• Programmer Analyst

  • Nov 2016 - Aug 2018

  -Experience with C++ and Java programming, Microsoft operating systems, database servers, DT&E and ET&E testing , Unix, RHEL, and PowerShell scripting, software deployment methods, and software management applications (i.e. Subversion, Phabricator) -Designs Command & Control (C2) system software based on requirements and proficient in performing tasks necessary to develop, integrate and manage C2 software from conception, through design and development, to maintenance, improvement and conversion. -Proficiency in writing, editing and analyzing programs and processes including performance, diagnosis and troubleshooting of problem programs. -Design solutions to problematic programming. -Write, edit and debug computer programs. -Document code throughout the development process by listing a description of the program, special instructions, and any changes made in database tables on procedural, modular and database level. -Maintain client databases, configuration management tools, and develop reports. -Develop, test, and maintain software Show less



General Dynamics Information Technology

• IT Services and IT Consulting
• 700 & Above Employee

• Associate Programmer

  • Nov 2015 - Nov 2016

  -Builds and codes applications and/or models using various computer programming languages. -Performs routine programming activities according to project specifications. -Participates in the design, coding, testing, debugging, documentation, and maintenance of computer programs. -Confers with end-users to analyze specified methods and procedures, identify problems, and document specific requirements. -Troubleshoots various software products to determine source of errors. -Participates in the writing and updating of various technical documentation such as users manuals, product specifications, and training materials. -Maintains a current knowledge of relevant technologies as assigned. -Participates in special projects as required. -Maintains current knowledge of relevant technology as assigned. -Knowledge of the fundamental concepts, practices and procedures used in computer programming -Knowledge of Information Assurance procedures and practices including recognition of security threats and risks, scripting, analyzing IA scan results and application of security patches -Knowledge of Solaris, Linux and Windows operating system development and integration -Knowledge of System Engineering, Integration, Testing and Evaluation practices -Knowledge of DISA COE, National and International standards for software development, testing and integration -Proficient in the use of one or more specific technologies and languages (i.e. C#, C++, SQL, Java .NET) -Demonstrate ability to work independently or under general direction -Demonstrate effective written and oral communication skills -Demonstrate proficient knowledge of MS Office Suite -Expertise with Bash, PowerShell, and Python scripting -Knowledge of configuring Windows and Linux servers including setting up and initializing RAID disks. Show less