The Most Visited Job Board for Women
- Featured in the Wall Street Journal
Status: Logged Off
- Featured in the Wall Street Journal
Status: Logged Off
Search All Resumes | Submit Your Resume | Search Jobs
Marilyn
---------
10+ yrs
No
Yes
C&A Team Security Auditor - Information Assurance Security Engineer
CAREER PROFILE:
* Contract work for security compliance, risk assessments and implementation. Recommend appropriate action implementation and ongoing review of information security program strategy, policy, and processes. Analyze information system requirements and provide technical documentation.
* Demonstrated briefing skills, strong organizational and interpersonal skills. Experienced with NIST, DIACAP, PCI DSS, risk assessment, certification and accreditation (C&A), SSAA’s, SSP’s, ST&E Reports, POA&Ms, and security policy development for systems while delivering a high quality product meeting FISMA standards.
* Experience as US Air Force active duty, contractor for Department of Defense (DoD) and Federal Government and commercial world experience. Background in WAN, LAN, Telephony and InfoSec.
MARILYN SOUSA
5455 Marabou Way
Colorado Springs, CO 80911
e-mail: sousamk@gmail.com
(719) 650-3161
CAREER PROFILE:
* Contract work for security compliance, risk assessments and implementation. Recommend appropriate action implementation and ongoing review of information security program strategy, policy, and processes. Analyze information system requirements and provide technical documentation.
* Demonstrated briefing skills, strong organizational and interpersonal skills. Experienced with NIST, DIACAP, PCI DSS, risk assessment, certification and accreditation (C&A), SSAA’s, SSP’s, ST&E Reports, POA&Ms, and security policy development for systems while delivering a high quality product meeting FISMA standards.
* Experience as US Air Force active duty, contractor for Department of Defense (DoD) and Federal Government and commercial world experience. Background in WAN, LAN, Telephony and InfoSec.
CLEARANCE: DoD Top Secret clearance
PROFESSIONAL EXPERIENCE:
Moved back to Colorado.
Sr. Systems Analyst
Yoh IT
SPAWAR - North Charleston, SC
April 2010 – June 2010 (Funding cut and slot was eliminated)
* Contracted to SAIC to provide Information Assurance (IA) Certification and Accreditiation (C&A) and Cross Domain Solution (CDS) support to the Navy at the Space and Naval Warfare Systems Command (SPAWAR).
* Provided engineering, integration, technical and administration support consistent with IA, C&A and CDS activities for both ship and shore locations.
Moved to Charleston, SC (for the sun, beach and bugs)
Sr. Consultant - Systems Security Engineer
BAH, Inc.
North Charleston, SC
December 2009 – April 2010
* Writing and providing FISMA/NIST PowerPoint presentations for new work from NSF (National Science Foundation). Developing guidance documents for POA&Ms and Security Planning.
* Accomplished a FIPS / NIST compliance and PCI DSS verification for the US Department of Veterans Affairs system hosted at Terremark.
* Reviewed and provided input on recommended POA&M closures for the SPAWAR NSF OPP ISM for validation of compliance.
C&A Security Analyst
G&B Solutions, Inc.
Dept of Interior - National Business Center, Lakewood, CO
December 2008 – December 2009
* Contracted to provide the Department of Interior’s (DOI) National Business Center Division (NBC) with FISMA / NIST auditing, FIPS 199, assessment and INFOSEC direction by identifying unique system characteristics, interviewing key organizational personnel (technical, administrative, and executive), working with consulting team to compose requisite documentation (security categorizations, risk assessments, contingency planning, etc.), and mapping complex technical requirements, functionality, and capabilities to prescribed security controls, policies, and practices.
* Developed, updated, and maintained appropriate Certification & Accreditation (C&A) packages based on NIST standards for general support systems (GSS) and major applications (MA). Recommended appropriate FIPS 199 impact level designations and identify appropriate security controls.
* Developed System Security Plans (SSP), Risk Assessments (RA), and Asset Valuations. Proficient in information security concepts and application security “best practices”. Responsibilities included preparing documentation and ensuring compliance with security standards and procedures.
* Conducted in-depth technical reviews of new and existing IT systems in order to identify the appropriate mitigation strategies required to bring these systems into compliance with established policy and industry guidelines during C&A security test and evaluations for the Department of the Interior (DOI) and the Department of Transportation (DOT). Performed security analysis on multi-tiered systems according to vulnerability, risk, security features, and technical areas.
Sr. Systems Security Engineer
Boecore, Schriever AFB, CO
December 2007 – December 2008
* Contracted to provide technical expertise in Information Assurance (IA) for the Joint National Integration Center (JNIC) and Missile Defense Agency (MDA) for systems security compliance support associated with classified and unclassified systems.
* Responsibilities included but were not limited to providing technical security engineering support for complex software, hardware, network systems; design, develop, and execute security tests and evaluations (ST&E), vulnerability assessments and audits; risk mitigation and analysis of security threats.
* Experienced with DOD Information Assurance Certification and Accreditation Program (DIACAP); Control Validation Tests (CVT) and insider threat auditing. Performed evaluation, risk identification, and definition of mitigation strategies for DoD requirements. Maintained integrity and confidentiality of client information by ensuring appropriate standards were in compliance with department standards and procedures. Develop, track with the system owners and maintained the POA&M for all accepted risks upon completion of system C&A.
* Assisted with computer security engineering for classified and unclassified networks. Supported the government in preparation of C&A documentation; planning and implementation by reviewing and developing program documentation; ran RETINA scans and DISA Gold Disk; reviewed ArcSight logs; recommended computer security requirements and development of local area and wide area networks.
Sr. Systems Security Engineer
HireReturn, Inc.
Dept of Interior - National Business Center, Lakewood, CO
June 2007 – December 2007
* Contracted to G&B Solutions to provide the Department of Interior’s (DOI) National Business Center Division (NBC) with FISMA / NIST auditing, assessment and INFOSEC direction.
* Development of System Security Plans (SSPs), Risk Assessments, and Asset Valuations. Proficient in information security concepts and application security “best practices”. Responsibilities include preparing highly confidential documentation and ensuring compliance with security standards and procedures.
* Development and execution of C&A, ST&E and SSP documentation along with vulnerability testing. Exercised excellent judgment in structuring and organizing work, setting priorities, balancing the interests of clients and readily adjusting priorities to respond to customer demands. Conducted C&A security test and evaluations for the DOI of over 200 highly specific security tests for their systems handling personal information. Perform FIPS 199 and NIST security standards-compliant statistical security analysis on a multi-tiered system according to vulnerability, risk, security features, and technical areas.
Sr. Systems Security Engineer / Assistant Lead
Northrop Grumman Mission Systems, Schriever AFB, CO
March 2004 – June 2007
* Responsible for systems/security engineering related projects and tasks. Provided technical expertise in Information Assurance (IA) for the Missile Defense Agency (MDA) and Joint National Integration Center for systems security compliance support associated with classified and unclassified systems and cross domain information solutions for networks meeting DODI 8500.2 IA Implementation requirements.
* Responsibilities included but not limited to providing technical security engineering support for complex software, hardware, network systems; design, develop, and execute security tests and evaluations (ST&E), vulnerability assessments and audits; risk mitigation, analysis of security threats, and current trends; developed System Security Authorization Agreements (SSAAs) in accordance with DITSCAP and later DIACAP and DISA Security Technical Implementation Guides (STIGs); Cross-Domain Solutions (CDS / SABI), Control Validation Tests (CVT) and TEMPEST checks.
* Performed and conducted system-level designs reviews and risk management assessments. Assisted with computer security engineering for classified and unclassified networks; planning and implementation by reviewing and developing program documentation, ran Internet Security Scanner (ISS) and RETINA scans for certifications; recommended computer security requirements, supported development of local area network and wide area networks.
* Analytical support included research for conducting Proof of Concepts in the IA laboratory by performing tests of new software and hardware products providing feedback, recommendations, verification, and report findings in technical briefs. Briefed upper management on findings and recommendations to meet DoD Standards for Common Criteria.
Network Engineer
Innovative Inc, Peterson AFB, CO, 6-month contract
September 2003 – March 2004
* Contracted to SAIC to provide engineering and network support for the government enterprise-wide client-server network operating on their classified network (SIPRNET and RELCAN) environments utilizing Cisco and Enterasys (Cabletron) products.
* Actively involved in solving network outages such as router connectivity, troubleshooting switches and IP troubleshooting.
* Tasks included performing network operation, maintenance; upgrade implementations, version upgrades, DISA STIGs and Security Test & Evaluations (ST&E) checklists for new installs and documentation of existing networks.
C4 Systems Engineer
Space Mark International / Arrowhead Global Solutions, Schriever AFB
January 2002 – September 2003
* Contracted to provide network engineering, architecture support and guidance to the government on current and future technologies in the C4 Systems Engineering (SCX) section to include planning, defining, technical analysis, reviewing trades and studies, price quotes, risk assessment and assisting with implementing of the final product for the DoD customer both military and civilian.
* Provided documented technical network and systems solutions for the base and tenant organizations. Procured the equipment, installed the racks and communication equipment and ensured the cabling was installed, terminated and tested. Responsible for reviewing the technical packages (consisting of network drawings, conceptual risk assessments, system configuration documents, etc) to ensure compliance with the base standards.
* Researched industry technology and recommended for purchase network, system, computer and IT equipment to improve the quality of the technology that supports the governments command, control, communications and computer (C4) systems. Providing secure architectural & engineering solutions to support future growth and services.
CERTIFICATIONS & EDUCATION:
* Certified Information Security Manager (CISM) - tested June 2010 waiting on results
* Information Systems Auditor (CISA) passed - applying for certification
* Security+ Certified 2006
* Auditing and Monitoring Windows 2003 Server 2006
* Certified Multimedia Design Networks Specialist 2000
* State-of-The Art Program – Frame Relay, Fast Packet and ATM & ISDN 1996
* A.A., Associate of Arts, University of Maryland 1992
* A.A.S., Electronic Systems Technology, Community College of the Air Force 1990
TECHNICAL TRAINING:
* Cyber Security Assessment Management Certification & Accreditation Washington, DC 2009
* SANS System Forensics, Investigation & Response Course Denver, CO 2005
* eEye Retina REM Administrator CBT Course 2005
* SANS Intrusion Detection Course Denver, CO 2004
* Cisco CIM Voice Over IP (VoIP) 2001
* Cisco Aironet Wireless Site Survey Class Englewood, CO 2000
* Siemens 9751 CBX Automatic Call Director (ACD) San Jose, CA 1998
* Siemens 9751 System Administration Rolling Meadows, IL 1998
* Cisco Router Configuration (ICRC-GeoTrain Corp.) Worchester, MA 1998
* AT&T T1/DS0 Bandwidth Management & SONET Course Waltham, MA 1998
* Racal-Datacom Network Monitoring Systems 400/9000 Waltham, MA 1995
TECHNICAL SUMMARY
Network Equipment:
Various Modems, CSU/DSU, Multiplexers, Encryption devices, Hubs, Switches, 3Com and Cisco Routers / Switches, one-way data devices (Owl Guard), associated LAN equipment.
Network Analysis Tools:
Network Monitoring System (NMS) for Paradyne and Racal, NetX, CiscoWorks, HP Openview, Spel, Spectrum, Network General Sniffer, Fluke LANMeter and Fluke OptiView Integrated Network Analyzer.
Computer Experience:
Windows 2000/XP, Unix, MS Word, Excel, Access, PowerPoint, Visio, various other applications.
Security Analysis Tools:
DISA Gold Disk, BCWipe, NT ToolBox, NMap, Nessus, Ethereal, Retina Network Security Scanner.
A job posting is required to contact candidates.
Click here to post a job now.
Customize the look of your own job list right on your website. Click here to see how it looks and for installation instructions.
Financial Aid Advisor Chester County Operations...
High Performance Computing (HPC) Systems...
Senior Vice President/Director of Public...
Director of Sales Cox Business
Delaware County Community College
The Corporation of the Presiding Bishop of the Church of Jesus Christ of Latter-
MPHARMA IN PHARMACEUTICAL CHEMISTRY...
**==Witty Front Desk Office Administrator...
Director of Marketing and Sales...
QUALITY CONTROL CHEMIST IN CIPLA...
