MARTIN LOGO

Responsibilities:

• Designed, implemented, and maintained the security framework and policies
• Conducted risk assessments, developed secure network solutions, monitored for security breaches, responded to incidents, and educated staff on security best practices
• Handle security assessments, prioritized remediation actions, and worked closely with Product and Operations teams.
• Designed and maintained security controls, enhanced monitoring, and fostered a security-first culture across the company.
• Worked on a dynamic tech stack and made significant contributions to our security posture
• Process and prioritize security assessment reports
• Design and maintain security controls for applications and infrastructure
• Implement WAF configurations, network segregation, and device security
• Enhance security monitoring and detection systems
• Conduct security training and awareness programs

Skills:

• Training in RMF, Computer Science, System Engineering, Information Security
• 4+ years in security roles (Red or Blue team experience)
• Hands-on experience with application, system, and network security within Git GoTechology.
• Familiarity with cloud computing, Linux administration, and TCP/IP protocols
• Strong knowledge of security fundamentals and best practices
• Excellent communication skills in English and french.

Responsibilities:

• Provided advisor to the information system owner and the CISO/ISSM on all matters (technical and otherwise) involving the security of the information system.
• Took proactive security measures, assessing risks, and responding to security breaches.
• Monitored networks, databases, and computer systems and created a risk management plan for IT systems.
• Troubleshooting software to minimize any security threats or performance issues
• Charged with collating authorization package (SSP, SAR, and POAM), managing, and ensuring all Assessments and Authorizations (A&A) documentation are included
• Oversee controls post-authorization to ensure continuous compliance with security requirements on various contracts and private projects using appropriate Risk Management Framework.

Skills:

• Had hands-on experience using vulnerability scanners such as Nexpose or Netsparker
• Hade a background in developing and implementing information security policies and programs.
• Assisted with the loading and unloading of buses, as assigned.

Results-oriented risk-based vulnerability management expert with strong Information System Security officer (ISSO) and Analyst background; skilled in enterprise-wide security strategy, preparing organizations for Risk Management Framework using NIST Special Publications Series

Responsibilities:

• Reviewed & Put ATO packages (SSP, SAR, POA&M) together; Master all NIST 800-Series
• Conducted risk assessments to identify potential security threats and vulnerabilities.
• Supported new ATO packages in eMASS and XACTA.
• Provided cybersecurity planning and maintenance services, including updates of security documentation to reflect new or changed physical configurations and security requirements.
• Coordinated the implementation of security measures in workstations, servers, and other system components.
• Ensured that hardware and software deliverables meet cybersecurity requirements as specified under DoDI 8500.01, RMF IT, and NIST SP 800-53, including guidance from Authorizing Officials (AOs).
• Evaluated scans, artifacts, plans, and STIGs to ensure compliance with all system security controls, facilitating waivers as required.
• Ensured that system hardware and software installation on ONI networks complies with ONI assessment and authorization (A&A) processes for all enclaves and cross-domain systems.
• Develop, maintained, and updated security documentation, including System Security Plans (SSPs), security assessment reports, and plans of action and milestones (POA&Ms).
• Prepared and managed Authority to Operate (ATO) packages and other accreditation documentation.
• Monitored information systems for security incidents and vulnerabilities.
• Conducted regular security audits and assessments.
• Reported security status and incidents to appropriate authorities and stakeholders.
• Stayed updated on the latest security threats, trends, and technologies.
• Continuously improved security processes and controls to enhance the overall security posture of the organization.

Skills:

• Training in Certified in Governance, Risk and Compliance (CGRC)
• Training in certification in Information Systems Security.
• 5+ years of experience in Vulnerability Management
• 6 + years of Experience with categorizing, STIGing, and developing ATO packages using the RMF playbook.
• Proficient in eMASS and XACTA.
• Strong understanding of DoDI 8500.01, RMF IT, and NIST SP 800-53 guidelines.
• Experience in cybersecurity planning and maintenance.
• Strong analytical and problem-solving skills.
• Excellent communication and teamwork abilities.

• Joined/participated in client interviews to determine the security posture of the system
• Supported Information Assurance (IA) team; conducted risk assessments, and audits, provided documentation for security control assessment, and conducted vulnerability testing/scanning
• Partnered with System Owner to develop and perform periodic testing of contingency and disaster recovery plans
• Led, composed, and updated the Security Plan, Plan of Action, and Milestones (POA&M)
• Led successfully, prepared, and submitted the Security Assessment Plan (SAP) for approval
• Led, prepared, and updated the Security Assessment Report (SAR) and ensured FISMA compliance using NIST guidelines and controls
• Aided in the development of Information System Categorizations using appropriate standards and NIST guidance
• Built and updated system security plan (SSP) to provide an overview of federal information system security requirements and implementation of security controls
• Spearheaded kick-off meetings with the IT client team to gather evidence, and develop test plans, and test procedures
• Led and managed controls post-authorization to ensure continuous compliance with the security requirements.