Sr. Cyber Security Engineer responsible for providing Cyber Security engineering guidance and development of System Security Plans, Incident Response, Software/Network Cyber Security Interaction, and Vulnerability Management relating to classified Cyber Security postures supporting Dept. of Treasury Secure-Data-Network (TSDN) and Foreign Intelligence Network (TFIN) classified networks. Additional responsibility included development of FISMA compliance assessment and cyber security posture. Participated in multi-level Cyber Security discussions with Treasury Office of Intelligence Analysis (OIA) regarding Cyber Operations Test Environment (COTE) Cyber security operations/functions of networks involving executive branch interoperations. Researched Cyber-CI/CT efforts involving domestic/international issues utilizing Google, Intelink and classified resources.
- Cyber Security Engineer / ISSO at Avineon
- Cyber Security Engineer /DHS National Protection and Programs Directorate (NPPD) at Computer Science Corporation
- Lead Cyber Engineer/ DHHS Centers Medicare & Medicaid Services/ MITRE Center for T/Health at Aligned Development Strategies, Inc
- Lead IA /ISSO/ Cyber Security Analyst/DHS Immigration and Customs Enforcement at Knowledge Consulting Group (KCG)
4 years, 9 months at this Job
- Bachelor of Science - Cyber Security
Cyber Security Engineer in a small team for Cooperative Engagement Capabilities embedded systems. Responsible for the cyber security posture of CEC as well as supporting the Assessment and Authorization process of CEC components. Provide ongoing cybersecurity recommendations and requirements for over 90 US Naval ships as well as various USMC CEC-capable vehicles. Achievement Highlights: * Provided subject-matter expertise in secure systems engineering practices during various stages of the lifecycle design, including System Requirements Review (SRR), System Functional Review (SFR), Preliminary Design Review (PDR), and Critical Design Review (CDR). * Integrated systems engineering process improvements and derived cybersecurity requirements by analyzing the current and proposed hardware and software architecture, Software Design Descriptions (SDDs), Concept of Operations and other system design documentation at various levels of maturity. * Authored and edited various DIACAP and RMF documents, including System Security Plans (SSP), System Level Continuous Monitoring (SLCM) Strategy, Contingency Plans, Incident Response Plans, and Configuration Management Plans, ensuring compliance with DoD policies * Maintained program compliance by tracking IAVA's within OCRS and carrying out Nessus scans for monthly uploads to VRAM * Worked as a team member through the Assessment and Authorization Process, carrying out cybersecurity vulnerability assessments for numerous RMF accreditations * Worked intimately with Visio Suites to create accurate Ethernet maps as well as accurate Hardware/Software network flow charts
- Cyber Security Engineer at Centurum, Inc
- Systems Administrator at George Consulting
- Information Technology Specialist at SC National Guard
9 months at this Job
Subject Matter Expert/Analyst/Architect/Engineer with expertise and experience in multiple areas (e.g., protection needs assessment, requirements elicitation, security architecture, threat assessment, computer security, communication security, networking, security technologies, hardware and software development, test and evaluation, vulnerability assessment, penetration testing with a Graduate degree in Telecommunications, Certified Chief Information Security Officer DoD 8570/8540 Compliant, experienced in Cyber Security/Risk Management Framework/Capability Maturity Model, Critical Infrastructure Protection, Continuous Monitoring, Systems Security Engineering, Security Authorization, Assessment and Authorization, Operating System, Network/Digital Media/Mobile Forensics, Enterprise Resource Planning, Network Applications, Database Security, Technical/Proposal Writing, Request for Information and Information Assurance related fields: Defense-in-Depth, Evaluation of Firewalls, Audit, Intrusion Detection Systems, Identity Access & Management tools, Enterprise Patch and Vulnerability Management, Insider Threat tools, Computer, Network Forensics, Design and Security Analysis, Security Readiness Reviews, Security Test and Evaluation of SOA, Web Services and N-Tier Architectures in accordance with Agency's Cyber Security Framework for Military/Law Enforcement/IC/Federal Civilian Agencies. A generalist who can understand complex systems with an in-depth knowledge of a broad range of convergent areas of Telecom and Computer Networking, concepts of Common Criteria, NIAP, physical, computer, application, communication, personnel, administrative, information, and information systems security disciplines, able to evaluate technical proposals concerning security auditing, intrusion detection, etc., and able to lead evaluation of security control arrangement teams. Able to analyze and evaluate a multitude of systems to meet specific Cyber Assessment & Authorization (A&A) requirements, analyze customer requirements and advise on potential solutions, exercise judgment within loosely defined parameters in a dynamic workplace environment.
Able to write publication-quality deliverables (documents, proposals, presentations, and statements of work). Keeps current with emerging security technologies, communicates with the ability to wear many hats, with engineers responsible for the technical elements involved in designing, developing, and operating advanced information security systems, adapt quickly to challenges in a complex computer environment and exhibits skills. Strive to be comfortable with ambiguity, maintain credibility, raise difficult issues, flexible and resilient, curious and creative and willing to work more than traditional work week hours to meet deadlines. Assist in developing white papers and coach/mentor customers on projects. Worked independently at customer sites, or as part of a team as required. Sought by management and staff at Forbes, Fortune, Big 4 companies for advice and direction on information assurance, security, client-server internetworking, messaging, in a complex Local Area and Wide Area Networking environment and an emerging Subject Matter Expert on Information Assurance and Telecommunication Security. Able to provide subject matter expertise support for client information assurance (IA) needs, including system security engineering requirements analysis, system development, integration, test and evaluation (T&E). Developed System Security and IA documentation, including IA strategies, System Security Plans, A&A packages, Test plans, and Test reports. Able to research and track all higher-echelon guidance and mandates defined in DoD/DISA/Army Intelligence policies and documentation. Able to assist with developing secure systems that meet performance and accreditation requirements and work in a proactive collaborative environment and willing to work with people who go the extra mile to get things done with services rendered in highly charged political and schedule driven environments. Able to work in a frequently changing and unstructured environment and ambiguity. Self-starter with the ability to run audit or consulting projects independently using subject matter expertise with minimal guidance. Able to identify areas of risk, opportunities and improvement. Works under consultative direction towards predetermined long-range goals and objectives with assignments often self-initiated. CACI - Sr Principal Cyber Security Engineer/Technical Security Control Assessor- February 2018-February 2019
• Support the Agency by conducting technical security assessments of Sponsor's IT systems. Roles and responsibilities included but not limited to: Evaluation of Customer systems against, ICD 503, NIST 800.53 R4/A, RMF, and other security standards and publications, as well as the sponsor's internal security regulations. Provide analysis of vulnerabilities identified by compliance tools. Conduct TEM's to verify and validate systems against NIST, RMF Sponsor internal security regulations. Identify mitigating countermeasures to identified threats, vulnerabilities, and shortfalls. Experience in understanding, applying and testing IT systems against NIST 800-53/A and CIS/DISA Industry Standards.
• Experienced in testing active directories and group policy objects against security controls. Experienced with traditional A&A using NIST Special Publications (SPs) including SP800-53 Rev 3/4 and SP800-37. Experienced with cyber security policies and guidance, as well as assisting in researching, evaluating, and developing relevant security policies and guidance. Evaluate Agency systems with Continuous Risk Engine (CRE) and C2S Access Portal (CAP) and document findings in XACTA in accordance with ICD 503 guidelines
- Sr Principal Cyber Security Engineer at CACI International Inc
- Cyber Security Subject Matter Expert at Booz Allen Hamilton
- Sr Cyber Security Intel Analyst/Security Control Assessor at Leidos/Lockheed Martin IS&GS
- Sr Information Assurance Engineer Stf at Cyber Security SME
1 year at this Job
- Master's - Telecommunications
• Configured, setup and installed agents on Trend Micro, Deep Security, ArcSight, Nessus and monitored events on Deep security and Google Cloud consoles.
• Utilized Windows, Linux RedHat and Centos to troubleshoot the various networks from VM's.
• Utilized Splunk to monitor and analyze Metadata throughout various networks.
• Responsible for interpreting MS SQL Server, and other database instances script output to ensure NIST, HIPAA and PCI DSS compliance.
• Provide technical analyses and course of action in response to emerging and persistent cyber threats.
• Created network diagrams; created, documented, and implemented Standard Operating Procedures.
• Analyzed IT systems to identify, assess, and design security features.
- Cyber Security Engineer at Cyber Security Enterprise
- Senior Bilingual Technical Support Lead at Cablevision
- IT Bilingual Support Specialist at Cablevision
2 years, 2 months at this Job
- Master's degree - Cyber/Computer Forensics and Counterterrorism
- BA in Computer Science - Computer Science
Serves as a Cyber Security Engineer contracted to the Defense Health Agency under the Department of Defense
(DHA/DoD) to provide (Risk Management Framework (RMF) support for Systems and Applications.
• Conducts security assessments with a variety of vulnerability identification tools including SCCM, ACAS, HBSS, SCAP, DISA Security Requirements Guides (SRG) and DISA Security Technical Implementation Guides (STIGs) to implement security solutions for systems and network environments.
• Develops and implements systems security evaluations, audits, reviews, and contingency/recovery plans; writes and updates system artifacts necessary to achieve an Authorization to Operate (ATO) for DoD information system.
• Reads, analyzes, and interprets technical procedures and regulatory requirements and writes reports, business correspondence, and procedure manuals.
• Performs security assessments, mitigations, Information Assurance compliance and hardening on different platforms, operating systems, databases, and networks.
• Prepared systems and network for a Defense Health Agency (DHA) merger ROBERT M. RECTOR, MISM
• (816) 651-3944
• [email protected]
- Cyber Security Engineer at ECS Technology Inc
- Cyber Security Analyst/ISSO at Avosys Technology
- Security Architect, Team Lead at CB&I Federal Services
- Security Specialist at SBA Alliance/USDA Cyber Security Operations Center
1 year, 6 months at this Job
- Masters in Information Systems Management - Information Security
- Bachelor of science in Computer Information System - Information Security & Computer Forensics
on Continuous Diagnostics and Mitigation Program (CDM) (Fairfax, Virginia)
Lead Senior Network Implementation/Cyber Security Engineer August 2018- Present
• Applying the Risk Management Framework (RMF) to Federal Information Systems: a Security Life Cycle Approach, NIST 800-53 Rev 4 and NIST SP 800-137 - Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. Work on the Architecture and implementation of the DHS Phase 1, 2, 3 and 4 of Continuous Diagnostics and Mitigation Program (CDM) for HWAM, SWAM, VUL and CSM.
• Actively identify and mitigate a wide range of cyber risks and work closely with a wide variety of agencies, learning their mission, priorities, organization and unique challenges.
• Supporting the ESOC(Enterprise Security Operations Center) for Dept of labor, Inspector General and other agencies with system and application configuration of cyber security tools like Mcafee Epo, Nessus, Splunk, IBM Bigfix and other components. Analyze reports to understand threat campaign(s) techniques, lateral movements and extract indicators of compromise (IOCs).
• Work with various highly technical team focusing on integrating next generation cyber security technologies for a strategic federal customer.
• Hands on administration, implementation and configuration of security tools to enhance the risk posture of customer networks.
• Apply technical expertise in implementing efficiencies and creating strategies to better detect and respond to cyber incidents by prioritizing mitigation actions.
• Collaborate and lead a diverse group of security engineers in developing solutions for complex challenges.
• Working with customers/end clients and supporting current tasks and activities.
• Lead customer engineering teams on several Federal Agencies like DOL, OIG, BLS, DOS, an etc.
• Work closely with customer delivery managers to prioritize daily tasks. Participate in technical meetings with customers' technical specialists.
• Provide Tier 2/3 support for incidents relating to security tools/solutions.
• Continuously improve customers' security deployments, integrate new technologies.
• Extensive experience in implementing and managing boundary defense technologies to include firewalls, IDS/IPS, DLP and other.
• An extensive understanding and experience in implementing static/dynamic testing tools, web and database security assessment tools; for example: IBM Appscan, Fortify, BurpSuite, Appdetective, Guardium. SIEM technologies and managing suite of tools to include Mcafee various Modules, Splunk Enterprise Security, QRadar, HP ArcSight, IBM BigFix, Tenable Security Center, Forescout CounterAct, Tripwire, Rapid7, SailPoint.
- Lead Senior Network Implementation/Cyber Security Engineer at CGI Federal
- Cyber Security Engineer/Incident Response/Forensics at United States Government Department of Labor/ Maximus Federal-Cybecys Inc
- IAM System Security Engineer/ Vulnerability Engineer at United States Government Department of Veterans Affairs / Technatomy Corporation
- Senior Cyber Security Engineer/ Compliance Assurance Assessor at United States Government Department of Veterans Affairs / ASM Research- Accenture Federal
7 months at this Job
- Masters in Information Technology - IT Project Management
- Bachelors in Information Technology - Network Administration
- Associates in Business Administration - Business Administration
-Serving as Cyber Security Engineer with DIACAP and/or RMF documentation to support DOD systems and efforts to achieve their Authorization to Operate (ATO). -Assisting the Software Engineering Center with completing the full life-cycle Assessment and Authorization (A&A) management through all 6 Steps of the RMF process in support of the Government ISSM. -Providing support activities in accordance with NIST 800-53 Rev.4, FIPS 199 and other DOD instruction manuals and directives which support systems from the perspective RMF requirements. -Review systems to identify potential security weaknesses and recommend improvements to amend vulnerabilities, implement changes, and document upgrades. -Creating, Proof reading and Editing SOP’s, Cyber policies, risk assessment reports, and other documentation as needed for all of SEC, affiliates and directorates as required. -Reviewing and validating security documentation to ensure necessary security controls are in place and operating as intended. -Running ACAS (Nessus) scans as needed, checking for vulnerabilities in the system per policy and STIG regulations to ensure compliance. Monitoring by criticality and severity of vulnerability, creating reports and submitting to Admins for patching and management for follow-up. - Reviewing and maintaining ACAS compliance per eMass CCI requirements and DOD policy, and reporting to management for corrective action -Providing Cybersecurity analysis, with a focus on Assessment and Authorization (A&A), under the implementation of the Risk Management Framework (RMF) - Evaluating Security Controls in emass and ensuring that company is compliant with DOD regulations NIST 800-53, FIPSS 199 and other DOD requirements as required per control -Meeting with senior management and stakeholders to discuss progress as tasks are completed. -Working with a team of 10 other Cyber Engineers to ensure that SEC under Department of the Army is able to acquire ATO. -Performing research on DOD manuals, directives and instruction to ensure that SEC is following DOD direction. -Working under strict deadlines with team and ensure that milestones are met -Providing documentation as needed for upload into eMass to acquire approval from CECOM to move on to the next phase as needed. -Tracking Milestones in danger of falling behind in meeting goals as needed per ATO tracker. -Providing instruction to government client on how to adequately categorize systems etc. -Proof reading team member work for efficiency and completion of task 1. Serving as the backup to my team lead as the go to person with questions on completing assigned tasks. 2. Managing 3 other Cyber professionals to ensure they are completing SOPs as requested, Meeting tasks with senior management and other tasks as assigned.
- Cyber Security Engineer at Avenue Technologies
- Cyber Security/ IT Security Specialist at Department of the Army
- Tier 3 Support Specialist at Department of Finance and Accounting Services
- Senior Support Specialist at Roche Diagnostics
5 months at this Job
- Graduate Certificate - Homeland Security Management
- Graduate Certificate - Cyber Security
- Bachelors of Science - Business Administration/Marketing
Fort Meade, MD / Cyber National Mission Force 2013-Present
Cyber Security Manager | Senior Cyber Security Analyst | Cyber Security Engineer | Program Owner
● Advise high-level staff and principal partners on recommended courses of action to defend the nation, specifically focused on U.S. Critical Infrastructure and Key Resources (CIKR) in and through cyberspace.
● Directed and managed 39 personnel in defensive cyberspace operations, to include manning, training and equipping team.
● Managed training requirements set by United States Cyber Command to ensure team was fully trained and qualified.
● Sourced employees into 39 specific positions and work roles based on knowledge, skills and abilities.
● Built Accountable Property and Inventory Program.
● Provides software security configuration recommendations Key Achievements
● Built and Configured BRO, ELK Stack (Elastic, Logstash, Kibanna), SPLUNK and MOLOCH on RHEL servers to conduct local and remote traffic collection and analysis.
● 3 Incident Response Missions, Identified network intrusion point and associated malicious files.
● Conducted initial MALWARE triage to identify associated files and or tactics and techniques adversary used to export intelligence.
● Eradicated malicious files across the network to include sharing malicious binary to other intelligence agencies and organizations.
● Identified and reported Active Directory GPO security violations/concerns found while analyzing network PCAP and METADATA.
● Used various intelligence platforms to build and identify adversary lifecycle, tactics, techniques, and procedures to forecast adversaries' next move and attack vector and targets of interest.
● Used known Indicators of Compromise to configure IDS to alert for known IOCs for specific advanced persistent threats.
● Provided proven solutions to protect identified network and host vulnerabilities for Windows, Linux and Unix operating systems.
● Completed full scope assessments and identified various threats and security vulnerabilities using SPLUNK, ELK, MOLOCH, and with end point solutions such as ENDGAME, TANIUM and CARBON BLACK.
● Planned, tracked and executed missions including certifying two teams, assessed on protecting Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems, both teams achieved Full Operational Capability.
● Developed mitigation strategies, and security countermeasures to improve network security posture.
● Provided software configuration recommendations to better log user actions to include Powershell Logging, TANIUM and NESSUS configuration management recommendations.
● Established policy and procedures for more than $1.7 million of operational equipment used to conduct mission with overall 99% accountability.
● Oversaw Assured Compliance Assessment Solution (ACAS) scans, patches, and updates for Windows Platforms, various types virtual machines using ESXi and CISCO devices complying with an average 1.53 vulnerabilities per device.
● Supported ATO requirements yearly for operational gear
● Conducted Specifications Requirements Document (SRD) review, identified engineering shortfalls, software shortfalls, storage shortfalls and overall performance shortfalls to include system deployability for incident response missions.
- Cyber Security Manager | Senior Cyber Security Analyst | Cyber Security Engineer at SIXTY FOUR
- Digital Network Exploitation Analyst at Naval Special Warfare Special Reconnaissance Team ONE
- NSA Red Team Journeyman Network Exploitation Analyst at Navy Information Operations Command/National Security Agency
- Signals Intelligence Analyst at Navy Information Operations Command Pensacola
6 years, 2 months at this Job
- Bachelors of Science degree - Computer Management Information Technology
• Implement cyber security controls and security engineering for enterprise and tactical systems
• Patch management
• Create documentation according to Risk Management Framework
• Create Plan of Action and Milestones (POA&Ms) to address known vulnerabilities
• Performs cyber security analysis of information systems, facilities, software applications, components, or enclaves
• Develops, reviews, updates and implements cyber security policies and procedures
• Conducts risk assessments, security analysis, vulnerability scanning and remediation of vulnerabilities
• Reviews security controls to ensure they are applicable or to identify if additional controls are necessary based on risk assessment
• Ensures the configuration management process is operational and efficient
• Provided support and technical guidance in the System A&A process
• Knowledgeable with the DOD Accreditation process such as RMF, eMASS and ACAS
• Plans security control selection, implementation and the testing of selected security controls based on NIST SP 800-53 and 800-53(A)
- Cyber Security Engineer at DCI-Solutions INC
- GS-11 Information Technology Specialist at Maryland Army National Guard
- Fiber Customer Support Analyst at Verizon
- Senior Advanced Technical Support Representative at Hughes Network Systems
1 year, 2 months at this Job
- Bachelor of Science in Cybersecurity and Network Systems - Cybersecurity and Network Systems
- Associates of Applied Science in Computer & Information Science - Network Security
01/2017 - Present General Dynamics IT/CSRA
Cyber Security Engineer, Sr.
• Leveraged contractor for multiple federal clients, provides single point of service for each client through SoCaaS (Security Operations Center as a service)
• Lead cyber security engineer for the Federal Aviation Administration Cloud Services project, in charge of the on-boarding and training of security analysts
• Responsible for installation, updating, and monitoring of security tools that provide intrusion detection, logging, application control, threat hunting, and incident response for the Federal Aviation Administration Cloud Services, FAADroneZone UAS (Unmanned Aircraft Systems) and Enterprise Information Management environments and reports incidents and privacy spills in accordance with specific federal contracts standards
• Creates and reviews SOPs (Standard Operating Procedures)
• Creates, updates, and tracks incidents and change requests in Service Now as needed for any updates or modifications to the environment
• Downloads and installs security patches on Red Hat Enterprise Linux (RHEL) and Windows 2012 servers as required, due to newly discovered security vulnerabilities
• Installs latest versions of Carbon Black (CB) Response platform and Protection platform on designated servers, creates rules and policies for programs, installs latest sensors and agents on end-points, verifies reporting to WebUI, updates version as necessary
• Creates Watchlist items and monitors Triage alerts for threats daily with CB Response, reviews unresolved incidents and verifies incidents are not an active threat
• Installs Splunk forwarders on end-points and adds security logging monitors on each end-point, ensures endpoints report to Splunk WebUI
• Creates/Maintains SharePoint website as a collaboration tool for the team
• Monitors federal clients systems through ArcSight Management Console and Command center, report threats to necessary personnel within 15 minutes of receiving event alert
• Creates Queries, Query viewers, reports, and Active channels in ArcSight ESM to ensure compliance with FIPS security controls as outlined by contracts SSP
• Validates compliance with security initiatives such as FEDRAMP and FISMA requirements, completes annual 3PAO assessments to confirm requirements are fulfilled so project continues to be granted authority to operate (ATO)
- Senior Cyber Security Engineer - Lead at General Dynamics IT/CSRA
- Computer Assistant/Cybersecurity specialist at Air Force Global Strike Command
- Computer Assistant at 2d Maintenance Group
- Senior-Level Network Security Specialist/Infrastructure Technician (Contractor) at 2d Communications Squadron
2 years, 2 months at this Job
- Master's - Cyber security and Information Assurance
- Bachelor's - Computer Science/Information Network Security
- AAS - Computer Science/Information Network Security
- High School Diploma