As a Cyber Security Engineer, task includes to perform tasks related to Assessment & Authorization (A&A) ) process IAW DoDI 8510.01 Risk Management Framework (RMF) and NIST 800-37 for DoD Information Technology (IT) within the Defense Health Agency to ensure assigned DoD systems/Enclaves/Networks in order to obtain and maintain Authorization to Operate (ATO) and Authorization to Connect (ATC) certifications. Also, Conduct risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs. On this team I am part of a team developing recommended courses of action needed to transition current policies and procedures to the Risk Management Framework (RMF) approved processes. That provides solutions to complex problems that require the regular use of expertise and creativity. Problems are broadly defined and solutions require the continuation of specialized theories and knowledge. A member of the DHA Independent Verification and Validation (IV&V) team that inspects the security baselines of DHA MedCoI network in accordance with numerous DISA Security Technical Implementation Guides (STIGs). Also a member of Cyber Health Readiness Inspection Program (CHRIP) team that inspects the security baselines of DHA MedCoI network in accordance with numerous DISA Security Technical Implementation Guides (STIGs) in the continuous monitoring step of RMF. Knowledgeable on variety of softwares: STIGViewer, eMASS, Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP), Portable Cyber Assessment Tool (PCAT), Bassline Assessment Supplemental Scripts (BASS)

As a Cyber Security Engineer, tasks include implementation and updating the DoD Assess and Authorize (A&A) process IAW DoDI 8510.01 Risk Management Framework (RMF) for DoD Information Technology (IT). Assess systems using automated tools such as ACAS / Nessus, and Security Content Automation Protocol (SCAP), and Manual STIGs. Development and test of DoD STIGs and devising mitigation strategies to system owners, applying Information Assurance Vulnerability Management (IAVM) patches to systems and complete security compliance scans upon applying patches or updates to the system. Also provding implementation and maintainence for the RMF process in the Enterprise Mission Assurance Support System (eMASS). Responsible for the security processes and controls that ensure system security postures meet and/or exceed FISMA and other Federal security standards as required. Review and advise on information security matters including, system security scans (ACAS, SCAP, STIG results), review and evaluate system architecture and technical implementations within the hosting environment. Document system architectures, architecture diagrams, PPSM spreadsheets, Hardware/Software inventories, and Data Flows.Continue assessing and documenting security control implementation information and create documentation in support of the A&A efforts to include Security Control Assessment Report, System Security Plan and Security Standard Operating Procedures Foster an innovative and inclusive team-oriented work environment. Very proficient with various Operating System (OS) such as Cisco IOS, JUNOS, EXOS, Windows, RH Linux, CentOS, FreeBSD and able to learn new OS.

As a cyber Security Specialist II processed RMF packets for approval to the MEDCOM Authorization Officer (AO) to obtain an Authority to Operate (ATO) via the DOD eMASS system, throughout the MEDCOM Clinics globally, to improve the security posture of the MEDCOM networks. Helped reduce the amount of time it takes to process a package in the eMASS system from start of a package to the ATO through process standardization for Medical devices, Common IT, and Facility related Control Systems (FRCS) such as Air conditioners and power and generator systems that have embedded IT. Helped develop all DoDI 8510.01 Risk Management Framework (RMF) and NIST 800 documentation needed to meet DOD and Army validation requirements. All documentation was delivered to the US Army-appointed SCA-V in a timely manner so that system/device met the go live dates at the MTFs. Reviewed RMF-related publications such as those within the DOD, those within the US Army, and provided input on those RMF or similar regulatory processes that are implemented through Army Best Business Practices. Provided recommendations on draft RMF and IA-related publications and was tasked to provide input in both written and oral form. Aided in the RMF process by providing expert advice on the number of team members required to perform validation activities on each device/system, the amount of time it will take to validate the RMF IA controls on each device or system, and with validating the RMF or similar regulatory controls in accordance with Federal, DOD, and US Army RMF or similar regulatory requirements. Conducted threat and vulnerability assessments and submited effective measures to minimize such risk to the MEDCOM Cyber Security Program Office.

Responsibilities included coordinating support of events and assessments between the customer and Army organizations to include private sector per event that I was assigned to. Assited with Pre/Post assessment analysis logistics and research to the event. Determined enterprise cybersecurity standards; developed and implemented cybersecurity standards and procedures; coordinated, developed, and evaluated security programs for an organization; recommended cybersecurity solutions to support customers’ requirements; identified, reported, and resolved security violations; satisfied cybersecurity requirements based upon the analysis of user, policy, regulatory, and resource demands; supported customers at the highest levels in the development and implementation of doctrine and policies. Performed cybersecurity theoretical/technology assessments, network security architecture and protocol studies, certification and accreditation (C&A), cybersecurity modeling and simulation, code analysis, penetration testing, risk assessments, mitigation recommendations, cybersecurity Network Vulnerability Assessments, Red teaming, cyber threat testing, cybersecurity protect/detect/react/respond analysis and evaluation support in various remote military installations. Performed vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle. Ensured that all information systems were functional and secure. I have great experience with numerous cyber security testing/analysis tools. Some of these include: Nmap, Scapy, Nessus, Metasploit, CutyCapt, Burpsuite, Dirbuster, Nikto and WireShark. Have good knowledge with numerous operating systems, such as: Windows, Linux, and Cisco IOS Supported and participated in research and development of various tools, techniques and methodologies.