- Managed two compliance analysts including task assignment, performance discussions, and career mentorship.- Established a task tracking format adopted across the GRC Public Sector team, improving 1:1 meetings and team agendas.- Automated container scan analysis using Python which reduced manual work from 3-4 hours to seconds, enhancing efficiency and accuracy for monthly deliverables.- Created an Audit Operations Hub to consolidate system documents, resources, and audit deliverables for streamlined team organization.- Drove the restructuring of the Public Sector Jira, building a business case for process improvements to enhance team agility, scalability, and workload visibility.

- Spearheaded the development of a comprehensive resource suite for the vulnerability management program, including checklists, guides, procedures, templates, and automated tools, resulting in standardized processes for Continuous Monitoring (ConMon) activities.- Matured container scanning and remediation processes by collaborating with 5 cross-functional teams, driving improvements and ensuring compliance with FedRAMP SLAs.- Created and implemented a repeatable method for container vulnerability analysis using the Snyk dashboard, significantly advancing container scan maturity for the FedRAMP program.- Led the integration of two teams into the vulnerability management program, ensuring timely remediation and alignment with compliance requirements.- Mentored analysts to take ownership of the vulnerability management operations, providing extensive training on scan analysis, report development, and automation tools to improve efficiency and accuracy.

- Core member of a 3-person team that prepared Atlas for Government for its initial FedRAMP assessment, leading to a successful Authorization to Operate (ATO).- Managed monthly Continuous Monitoring meetings with agency sponsors and internal stakeholders, addressing vulnerability management, security incidents, and significant changes.- Developed a streamlined, repeatable process for internal vulnerability management reporting.- Collaborated with engineering teams to ensure compliance with vulnerability management SLAs.- Owned and improved authorization boundary diagrams for the FedRAMP environment.- Interviewed candidates for program manager, analyst, and intern roles; mentored the summer intern.

- Conducts FedRAMP Security Control Assessments by performing examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4.- Develops engagement deliverables, including but not limited to the Security Assessment Plan, Security Assessment Report, and Security Requirements Traceability Matrix (SRTM).- Creates effective tools, templates, and guidance material for improved workflow.- Provides mentorship to interns and associate consultants.

- Conduct Risk and Vulnerability Assessments (RVA) for web applications and general support systems (GSS). - Perform manual testing and utilize tools such as Kali Linux, Burp Suite, NMap, DirBuster, Hydra, John the Ripper, Nessus, and MetaSploit to ensure thorough assessment of systems. - Utilize cross site scripting (XSS), cross site request forgery (CSRF), and SQL injection (SQLi) techniques to exploit system vulnerabilities. - Draft, review, and finalize RVA deliverables prior to submission.

- Provide independent security and privacy controls assessments of CMS systems to ensure that they are compliant with CMS, NIST, FISMA, and HIPAA security and privacy policies. - Review technical documentation for completeness and accuracy, including System Security Plans (SSP), Contingency Plans (CP), and Information System Risk Assessments (ISRA).- Develop and provide quality assurance reviews of security assessment deliverables, including Test Plans, Findings Spreadsheets, Briefing Agendas, Test Reports, Controls Spreadsheets, and Final Packages.- Deliver value to the client by performing thorough assessments of major applications (MA) and general support systems (GSS) security configurations and implementations and provide relevant feedback for the security controls in scope.

- Image, harden, monitor, and troubleshoot end-user workstations, including hardware failures and software such as Microsoft Office, Adobe products, Java and proprietary applications.- Utilize Software Center Configuration Manager (SCCM) 2012 R2 for operating system deployment, software updates and security patches. - Employ Assured Compliance Assessment Solution (ACAS) to ensure hardware compliance that satisfies the Defense Information Systems Agency (DISA) mandated Security Technical Implementation Guides (STIGs). - Coordinate directly with Systems, Network, and Security Engineers to ensure systems receive thorough Quality Assurance (QA) testing and compliance with policies and procedures

- Critical member of hardware refresh for over 1200 users nationwide. - Complete detailed and thorough Quality Assurance (QA) on all systems prior to end-user deployment. - Maintain accurate hardware inventory throughout the project. - Promoted to Help Desk Support team during hardware deployment.