INNOCENT B. NJUNKANG
Waldorf
Summary
Dynamic Information Assurance Security Specialist with proven success at OBXtek Inc., leading RMF processes and achieving multiple ATOs. Expert in vulnerability management and continuous monitoring, enhancing risk mitigation by 30%. Adept at collaborating with stakeholders and implementing Zero Trust principles to strengthen security posture.
Overview
9
9
years of professional experience
1
1
Certification
Work History
Information Assurance Security Specialist (RMF / ATO Support Lead)
OBXtek Inc.
Remote
01.2025 - Current
- Led RMF and ATO support, conducting Security Impact Analyses (SIAs) for system and application changes to uphold authorization posture
- Led vulnerability management activities using Nessus, ACAS, and Qualys, driving remediation efforts and POA&M updates for continuous monitoring
- Developed, reviewed, and maintained SSPs, SARs, SIAs, and POA&Ms within eMASS and ServiceNow to support ongoing ATOs
- Coordinated with ISSOs, system owners, developers, and governance teams to integrate RMF controls into SDLC and change management processes
- Developed and maintained Splunk queries and compliance reports for continuous monitoring, audits, and risk reporting
- Supported audits, assessments, and incident response activities by collecting and submitting RMF artifacts on schedule
Information System Security Officer (ISSO)
LATCH LLC
Fort Belvoir
06.2024 - 01.2025
- Led ISSO for multiple systems, executed end-to-end RMF processes, and achieved multiple Authorities to Operate (ATOs) across primary and alternate environments.
- Implemented Zero Trust principles and network segmentation to strengthen overall security posture
- Directed continuous monitoring activities, improving risk mitigation and threat detection by 30%
- Managed vulnerability management lifecycle, utilizing Nessus, ACAS, and Nmap for scanning, developing POA&Ms, and tracking remediation to closure
- Executed STIG compliance and system hardening efforts, validating checklists and coordinating remediation with system administrators to enhance security posture
- Developed and maintained RMF artifacts including SSPs, POA&Ms, RARs, SARs, and ASRs in ServiceNow and eMASS
- Presented risk posture, vulnerabilities, and authorization status to system owners and government stakeholders to inform decision-making
Cybersecurity Analyst (RMF & Vulnerability Management)
United States Army
Fort Campbell
01.2021 - 06.2024
- Coordinated RMF and FedRAMP initiatives for Army systems with Third-Party Assessment Organizations (3PAOs) during Security Control Assessments to ensure compliance and security posture
- Performed SIEM-based threat detection, incident response, and compliance reporting using Splunk
- Installed and configured Nessus for credentialed vulnerability scanning, establishing repeatable vulnerability management processes
- Managed POA&Ms and tracked remediation, enhancing vulnerability closure rates and effectiveness of continuous monitoring
- Supported cloud security assessments aligned with NIST 800-53, 800-37, and 800-60
Information System Security Officer (ISSO)
T&N Reliable
Washington
04.2017 - 01.2021
- Acted as primary ISSO and RMF authority for Air National Guard Readiness Center (ANGRC) systems at Joint Base Andrews
- Led full ATO lifecycle for new and existing systems, coordinating with stakeholders to ensure authorization readiness
- Developed system categorizations (FIPS 199 / NIST 800-60), selected and implemented NIST 800-53 controls, and authored SSPs
- Managed vulnerability remediation and POA&Ms in alignment with NIST 800-137 continuous monitoring guidance to enhance security posture
- Prepared FedRAMP systems for 3PAO assessments and secured Joint Authorization Board (JAB) authorization to ensure compliance and operational readiness
- Created, reviewed, and maintained RMF and privacy artifacts including SSPs, POA&Ms, CPs, CMPs, PIAs, and PTAs
- Reviewed privacy documentation and ensured PII findings were properly recorded in SORNs
- Guided government leadership on RMF compliance and risk posture, facilitating informed decision-making on security risks
Education
Master of Science - Cybersecurity Technology, Cybersecurity Management and Policy
University of Maryland Global Campus (UMGC)
Skills
- RMF (NIST 800-37) & ATO Lifecycle Management
- Vulnerability Management & POA&M Remediation
- Continuous Monitoring (ConMon / ATC)
- Security Control Assessment (SCA) Support
- FedRAMP Moderate & High
- STIG Compliance & System Hardening
- Security Impact Analysis (SIA)
- Audit & Compliance Readiness
- Risk Assessments & Authorization Packages
- NIST SP 800-53 / 53A / 30 / 39 / 60 / 137
- FedRAMP
- FIPS 199 & 200
- Zero Trust Architecture
- EMASS
- Archangel
- ServiceNow GRC
- Nessus
- ACAS
- Qualys
- Splunk (SIEM, monitoring, compliance reporting)
- AWS Cloud Security
- Hybrid & On-Prem Environments
Certification
- Certified Information Security Manager (CISM)
- CompTIA Security+
- CISSP – Expected 2025
Clearance
Active DoD Secret Clearance
Frameworks And Regulations
- NIST SP 800-53 / 53A / 30 / 39 / 60 / 137
- FISMA, FedRAMP, FIPS 199 & 200
- DoDI 8500.01, OMB Circular A-130
- Zero Trust Architecture
Timeline
Information Assurance Security Specialist (RMF / ATO Support Lead)
OBXtek Inc.
01.2025 - Current
Information System Security Officer (ISSO)
LATCH LLC
06.2024 - 01.2025
Cybersecurity Analyst (RMF & Vulnerability Management)
United States Army
01.2021 - 06.2024
Information System Security Officer (ISSO)
T&N Reliable
04.2017 - 01.2021
Master of Science - Cybersecurity Technology, Cybersecurity Management and Policy
University of Maryland Global Campus (UMGC)