• Led enterprise-wide vulnerability management programs using Qualys and Tanium to identify and remediate security vulnerabilities.• Developed CISA reporting workflows for compliance with federal guidelines and timely submission of Known Exploited Vulnerabilities reports.• Implemented a structured vulnerability lifecycle process to prioritize remediation efforts based on risk scores and business impact.Automated vulnerability detection and reporting processes, reducing manual efforts and enhancing the accuracy and efficiency of security operations.Orchestrated cross-functional collaboration between IT, DevOps, and security teams to streamline patch management processes and minimize disruption during remediation activities.Designed and delivered executive-level dashboards and reports, providing clear visibility into vulnerability trends, remediation progress, and compliance metrics for senior stakeholders.

▪ Monitored and analyzed security events using SIEM tools (e.g., Splunk, Qradar, SOPHOS) to identify and mitigate potential threats in real-time.▪ Performed vulnerability scans and assessments using Tenable and Qualys, identifying and prioritizing remediation actions to enhance system security.▪ Investigated and responded to security incidents, including malware infections, phishing attempts, and unauthorized access, minimizing potential damage and downtime.▪ Developed and maintained incident response playbooks, streamlining the detection, containment, and recovery processes for diverse cybersecurity threats.▪ Analyzed network traffic and system logs to detect anomalies and proactively address potential breaches or misconfigurations.▪ Managed endpoint security solutions, including antivirus(SOPHOS), EDR, and DLP tools, to ensure comprehensive protection across enterprise devices.▪ Created detailed incident reports and presented findings to technical and non-technical stakeholders, ensuring clear communication of risks and recommendations.▪ Supported compliance audits and assessments, ensuring alignment with regulatory frameworks such as ISO 27001, NIST, and SOC.Collaborated with cross-functional IT teams to implement security best practices, including patch management, secure configurations, and access control policies.

Led vulnerability forensics analysis and resolution efforts, engaging stakeholders for enhanced cybersecurity. Investigated emerging threats and correlated data with global intelligence resources.• Provided cybersecurity status notifications to System Owners and Administrators based on agreed-upon risk thresholds.• Conducted trend analysis on scan results to identify vulnerability trends impacting system assets.• Championed improvement of identity and access management processes and controls.

• Composed and implemented POA&M remediation processes to perform vulnerability management using various agile methodologies to include Kanban and Scrum.• Provided integration, vulnerability detection management and implementation of the computer system cybersecurity framework.• Develop roadmaps and participate in the standards process for Identity and Access Management (IAM) solutions• Respond to incidents and vulnerabilities, troubleshooting while executing corrective action.• Provided cybersecurity analysis and written reporting relating to the IT production environment to include development of action plans, the implementation of new processes/procedures to enhance current operations, and the roll out of new products.• Briefed executive staff and key stakeholders on NIST 800-53, FIPS-199 compliance standards, maintaining cybersecurity framework. • Fostered collaboration across project team(s) built on mutual dependencies and understanding among personnel to include management, staff, and contractors.• Developed detailed project plans and schedules to track contractual deliverables, providing top-notch execution of projects on-time, within scope and budget. • Developed project scope and objectives, involving all relevant stakeholders and ensuring technical feasibility.• Developed and maintained comprehensive project documentation reflecting POA&M and Data Center Migration projects.

• Created and implemented patch management and remediation plans, initiating a vulnerability managememt security programs. • Matured test environment to replicate on premises production environment for application deployments. • Developed roadmaps and contributed in the standards process for Identity and Access Management (IAM) solutions. • Managed operations within the IAM environment at the client, including application patching and upgrades and certificate management.• Perform vulnerability detection and risk analysis of computer systems and applications during all phases of the system development life cycle.• Introduced initial cybersecurity framework, wrote secrutity policies and best practices.• Briefed executive personnel and key stakeholders on NIST 800-53 compliance standards. • Analyzed information assurance-related technical problems and provide basic engineering and technical support in solving these problems.• Compiled comprehensive documentation of cybersecurity assessments.• Disseminated updates, patches, upgrades on multiple Windows platforms mitigating the risk of outdated Microsoft and outsourced applications affecting end user devices and servers. • Performed redundancy testing in group policy and SCCM deployments to remdiate configuration vulnerabilities. • Developed performance metrics/measurements for the user access attestations, delivering collected (IAM) data to key stakeholders.

• Provided analytic support towards the execution and implementation of federal and agency strategic human capital planning and processes.• Actively managed the performance of supporting teams (approximately a workforce of 50 contract employees) to ensure quality and efficient delivery of services and support. Also managed the coordination and oversight of employee labor relations with government counterparts. • Established and maintained excellent working relationships with all IAM customers. • Worked with project teams on implementing the defined policies within Identity & Access Management (IAM) solutions. • Responsible for 24 x7 monitoring and reporting of all network incidents ensuring USPTO management is informed of the operational readiness of the network infrastructure. • Document standard operating procedures in an ITIL format to ensure NIST and FISMA compliance.• Developed technical standards and procedures for LAN/WAN implementation and management; established performance management metrics and evaluated overall LAN performance against relevant standards.• Defined project/task requirements; developed plans and schedules, estimated resource requirements, defined milestones and deliverables, monitored activities, and reported on accomplishments on USPTO EUS Task Orders. • Generated monthly, weekly, and quarterly reports to reflect compliance with SLA’s.• Created and revised SOP’s to reflect updated systems, personnel, and escalation policies. • Processed change management requests and incident reports in ITSM for Enterprise and Security Analysts.

• Supervised employees in accordance to deployment schedules and timeframes to include disseminating instructions and procedures to reflect client standards. • Built and deployed new technologies/reconfigurations designed to improve the INFOSEC footprint of the network while adhering to group policy according to DoD security standards;• Transition network objects from a multi-platform system into one unified secure infrastructure;• Ensure compliance of assorted applications and programs differing between multiple components of the Dept. Of Defense;• Provide recommended advice and guidance on DoD IT hardware/software standards;• Configure network settings, IP addresses, DNS servers, and basic router settings according to network standards;• Install various customized software applications while ensuring customer satisfaction and approval;• Perform system improvements, upgrades, and repairs on DoD computer’s systems; • Respond to calls and user requests through NIPR/ SIPR network ticketing systems to troubleshoot, assess, and resolve pre-approved and/or emergency connectivity issues and change requests;• Provide consultation on enterprise operational upgrades and changes across the domain.

Monitored server performance to include troubleshooting and maintenance of user accounts, profiles, Microsoft Exchange issues and Symantec antivirus updatesImplemented group and security policies in Active DirectoryMonitored, updated, and maintained assignments in ticketing systemUpdated patches and required software releasesProvided support to the Project Management Team by addressing incidents

Installed, configured, and maintained Department of Defense compliant hardware and softwareSupported escalated Tier 1 and Tier 2 trouble tickets for all end usersResonsible of the administration and management of Active Directory, Microsoft Exchange, Citrix, Windows Server 2003, and Microsoft Office applicationsDisseminated Sun Microsystem thin clients to all DIA annexes throughout the National Capital Region

Provided multi-level information security for over 550 personnel and 7 facilitiesAnalyzed weekly audits on over 45 Solaris systems to identify, remove, and document unauthorized accountsLead technician for the installation and implementation of the Defense Messaging SystemAdministered server maintenance on the DHCO, DNS, SMTP, and Microsoft Exchange ServersAdministered and supported internal LAN/WAN infrastructure consisting of Windows 2003 Active Directory and Windows XP Professional desktops