ISSO
RAYTHEON
Total years of experience :7 years, 5 Months
Assessing and monitoring system compliance, auditing, security plan development and delivering information systems
security education and awareness.
• Investigating information system security violations and help prepare reports specifying corrective and preventative
actions.
• Reviewing and approving configuration management requests. Conducting technical and administrative assessments.
Integrating new cybersecurity processes, procedures, and tools.
• Support the creation, review and update of cybersecurity documentation and other technical writing.
• Completion of monthly metrics. Primarily responsible for system compliance, auditing, security plan development and
delivering information systems security education and awareness.
• Assist in investigating information system security violations and help prepare reports specifying corrective and
preventative actions.
• Collaborate with the facility security team, program personnel, and government representatives.
• Security sustainment activities (hardware change management, software change management, account management,
media protection, user interface, file transfers, etc.)
• Complete and review weekly audits, data transfer, patching, antivirus, user briefings, device control management, validate
SCAP, TBS, SCC, SCT scans, audit switches and PPSM,
• Validate trainings, user accounts, user briefings and add new users to systems.
• Validate and review Hardware and software baseline, maintenance logs, trusted downloads logs and sanitization logs.
Experience in VMWare and virtualization technologies
• Supports the full life cycle of the assessment and authorization (A&A) process by updating the following documents: System
Security Plan, Contingency Plan, Disaster Recovery Plan, Incident Response Plans, Business Impact Analysis, Configuration
Management Plans, Risk Assessment, E-authentication, and Plan of Actions and Milestones (POA&M).
• Provides policy, program, and risk management support to systems related to FISMA audits security and privacy policies and
procedures.
• Identifies operational risks associated with key existing internal controls, IT regulatory compliance, and information security.
• Establishes and continually updates disaster recovery and general security programs for all operating divisions. Coordinates
responses to information security incidents.
• Stays aware of the latest security threats, assessing impact, and suggesting solutions in addressing the emerging risks.
• Submit and Monitor findings, remediation plans, recommendations, risk mitigation strategies, risk acceptance, and milestones.
• Ensures all Plans of Action and Milestone (POA&M) actions are completed to provide Continuous Monitoring.
• Ensures identified weaknesses from vulnerabilities scans are remediated in accordance with the defined time frame.
• Develops and revises Information Security Policies, Standard Operating Procedures, Standards, and Guidelines.
• Initiate compliance and vulnerability scan request to identify and report weaknesses. Ensures that vulnerability scans are
performed on a recurring basis.
• Completes research, analysis, and reporting of compliance activities. Produces metrics that support Cybersecurity strategic
direction