Review, develop, update, and/or maintain cyber security documentation which may include policies, plans, procedures, checklists, and work instructionsAssist in development and maintenance of System Security Plans, Plans of Action and Milestones (POA&MS), security and compliance-related information system monitoring schedules and related tasksParticipate in security assessments including coordination, evaluation of on premises and cloud environments, collection of evidence and artifacts, and documenting resultsWork collaboratively with internal teams to maintain applied knowledge of NIST 800-171, DFARS 252.204-7012 and other associated standards and regulations related to CMMC certificationLeverage growing knowledge and expertise to identify client problem areas and collaborate to provide effective suggestions for solutionsOther duties as assigned

Develop system operational and security test plans Preform and documents system level failure analysis Develop SOPs, CONOPs, and Contingency Plans to respond to events identified in monitoringand test plansMaintain and update documentation documentation detailing progress and test results to keepproject team informed.

• Provide Federal Information Security Management Act (FISMA) and Office of Management and Budget (OMB) guidance and support• Support Information System Security Officer (ISSO)• Support the analysis and review of information security programs and systems to ensure compliance to federal security policies.• Independently develop a variety of Security Authorization deliverables including: System Security Plans, Security Assessment Reports, Risk Assessment Reports, Privacy Impact Assessments, Annual Assessments, Contingency Plans, FIPS 199 Security Categorizations, Plan of Action and Milestones (POA&M), etc.• Analyze and review existing processes and procedures to determine areas of possible improvement that will lead to gains in efficiency and security.• Provide guidance on security threats, technology, standards, and practices.• Develop, review and monitor compliance with organizational security policies.• Monitor, track and report on the status of POA&M items.• Proactively manage risks, and systematically resolve or escalate issues in a timely manner.• Consult and advise on information security issues • Respond to security incidents • SME on FEDRamp

Perform security analysis of operational and development environments, threats, vulnerabilities and internal interfaces to define and assess complianceTransition SSP from C&A to the newest RMF format to be DSS compliant. Run SCAP Scans to compare vulnerability numbers to gain RMF compliance.Contribute to the Authorization and Assessment (A&A) process under the Risk Management Framework (RMF) for new and existing information systems.Facilitate Memorandums of Understanding (MOU), Interconnection Security Agreements (ISA), Risk Acceptance Letters (RAL) and Continuous Monitoring (CONMON).Conducted compliance review of operating systems (i.e., Windows, Linux, and Solaris) to governing requirements; assess test/analysis data to document state of compliance with security requirements. Execute appropriate risk mitigations, and oversee incident response activities, interface with the appropriate government customers, suppliers, and company personnel to implement protective mechanisms and to ensure understanding of and compliance with cybersecurity requirements.

Developed, reviewed and updated Information Security System Policies, established security baselines in accordance with NIST, FISMA, FIPS, and industry best security practices.Performed vulnerability scanning with the support of Nessus scanning tool to detect potential risks on a single or multiple asset across the enterprise network. Updated IT security policies, procedures, standards, and guidelines per the respective department and federal requirements.Performed risk assessments, help review and update, Plans of Action and Milestones (POA&M), Security Control Assessments. (SA&A) Security Assessment and Authorization using NIST SP 800-53 rev4/FIPS 200 (Security Controls), NIST SP 800-53A rev4 (Assessing Security Controls). Monitored controls post authorization to ensure constant compliance with the security requirements

Policy writing and understanding of NIST publication to include the Risk Management FrameworkExperience in reviewing and interpreting Nessus Vulnerability and Compliance scans, WebInspect scans, IBM Guardian, Burp suite and DbProtect scansConduct cloud assessments utilizing FedRAMP.Experience in interpreting and evaluating implementations of NIST 800-53 rev 4 security controls.Documenting findings within Requirements Traceability Matrixes (RTMs) and Security Assessment Reports (SARs).

Experience reviewing and interpreting Nessus Vulnerability and Compliance scans, WebInspect scans, IBM Guardian, Burp suite and DbProtect scansAssisted the SOC team in documenting and reporting vulnerabilities by utilizing tools such as Splunk and SNORT.Developed security reports and presented to supervisors as needed.Participated in sensitive briefings on security issues and classified information. Managed access to Task Force Falcon, which included identification checks and registration of all visitors and vendors entering and exiting the secured area.Managed and assigned staff to ensure sufficient screenings of all visiting personnel and cargo loads. Initiated communication with supervisors to discuss time sensitive security vulnerabilities as discovered during screening checks.Performed to the highest possible standards the following: inspected personnel, escorted personnel, screened and inspected equipment.

Performed biometric collection and managed data entry and organization.Compiled statistics and developed comprehensive reports. Supervised security coordinators, interpreters, badge production, and security issues and accountability. Performed to the highest possible standards the following: advanced security preparations, personnel protective services, identification checks, registration of visitors and vendors, security patrols, and lead driver of security motorcade vehicles.

Managed the primary visitor control center. Trainedlocalmembersofmilitaryondaytodayoperationsofthemilitaryinstallation. Mentored local members of military on conducting themselves in disciplined, professional manners. Taught local members of military how to successfully care and operate new equipment. Performed to the highest possible standards the following: monitored surveillance radars, video motion detection, and fence mounted sensors; force protection duties, including the use of deadly force to protect personnel and resources; patrols and secures military installation terrain; tactical drills, battle procedures, and convoys.

Assessed and documented facility vulnerabilities. Inspected and evaluated effectiveness of personnel. Implemented human resources strategies to enhance Air Force readiness. Processed personnel development reports. Analyzed reports, statistics, and briefing documents. Supported Commander in implementation of industrial security programs. Developed and initiated policies, procedures and instructions to implement security programs. Facilitated program for ground weapons qualification training. Facilitated program for armory operations training. Supervised and trained SG augmenters. Trained 22 Security Officers to ensure compliance with procedures established by DCIDs (Director of Central Intelligence Directives) 6/3, 6/4, and 6/9. Managed facility and infrastructure security inspections. Performed to the highest possible standard, monitored security of all entrances and exits of premises; Airforce aircraft security and protection; security drills; contraband sweeps of civilian and contractor vehicles; emergency response during national disasters and civil emergencies; protection and transportation of personnel; and inspection and testing of weapons and other instruments.