Summary
Overview
Work History
Education
Certification
Timeline
Generic

Nhat Le

Springfield

Summary

ISSO/ISSE with 5+ years of professional experience performing Risk Management Framework (RMF), cybersecurity duties and responsibilities to include reviewing and developing artifacts and satisfying DoD, DHS and DoN requirements to achieve an Authority to Operate (ATO). High proficiency with Vulnerability Management supporting JFHQ-DoDIN in ACAS, DISA IAVMs, OCF Portal, and Vulnerability Scans. Well versed with RMF lifecycle support including DISA STIGS, DISA SCAP, DoD RMF Framework, NIST 800, Keystone, Vulnerator, XACTA and eMASS. Solid technical experience as a Cybersecurity specialist supporting both NIPR and SIPR, provisioning access to Confluence and Intelink, managing admin intra and extranets for client's access, and managing confluence Wiki spaces.

Overview

5
5
years of professional experience
1
1
Certification

Work History

Cybersecurity Engineer

Ignite LLC
01.2024 - Current
  • Experience with developing and reviewing security concept of operations, systems security plans, security control assessments, contingency plans, configuration management plans, incident response plans, plan of actions and milestones, risk management plans, vulnerability scanning, and/or vulnerability management plans
  • Demonstrated on-the-job knowledge and experience with performing security system scans for network, platform, database, and web services using different security tools (e.g. Nessus, ePO AESS)
  • Guide the application of DISA STIGs, SRGs, and other security hardening measures across the project’s components, documenting compliance efforts in the client RMF system of record.
  • Performs recurring self-assessments on all systems under their purview to ensure compliance with documented security requirements and to detect any system level vulnerabilities. Prepares a detailed report of the findings and ensures proper protection and / or corrective measures are taken immediately or develops a Plan of Action and Milestones (POA&M) to document planned actions.
  • Develop, review, and manage RMF accredited packages for the assigned IT boundaries
  • Develop Standard Operating Procedures, Incident Response Plans, Contingency Plans, and Plan of Actions and Milestones (POAM)
  • Provide security advice to System Owner and Project Manager on all matters (technical and otherwise) involving security of the information system
  • Ensure required updates are performed to key documents in accordance with NIST SP 800-37 for continuous monitoring
  • Support all Risk Management Framework (RMF) activities to include obtaining Authority to Operate (ATO) and supporting Ongoing Security Assessments (OSA) including updating control implementation statements and providing evidence to compliance assessment activities
  • Maintain an accurate inventory of system components, including hardware, software, diagrams, and other artifacts via the Enterprise Mission Assurance Support Services (eMASS)


Lead ISSO/ISSE

Systems Planning and Analysis, Inc.
08.2022 - 01.2024
  • Contribute to Navy programs, developing and documenting Cybersecurity requirements for PEO IWS 2.0 programs and assessing and mitigating system security threats/risks throughout the program life cycle
  • Work with the Cyber Security Lead and Information Systems Security Manager to ensure that Risk Management Framework (RMF) cybersecurity requirements are satisfied in accordance with applicable DOD, NIST, Department of the Navy (DON), and NAVSEA series instructions
  • Experience with developing and reviewing security concept of operations, systems security plans, security control assessments, contingency plans, configuration management plans, incident response plans, plan of actions and milestones, risk management plans, vulnerability scanning, and/or vulnerability management plans
  • Demonstrated on-the-job knowledge and experience with performing security system scans for network, platform, database, and web services using different security tools (e.g
  • Nessus, ePO AESS)
  • Guide the application of DISA STIGs, SRGs, and other security hardening measures across the project's components, documenting compliance efforts in the client RMF system of record
  • Performs recurring self-assessments on all systems under their purview to ensure compliance with documented security requirements and to detect any system level vulnerabilities
  • Prepares a detailed report of the findings and ensures proper protection and / or corrective measures are taken immediately or develops a Plan of Action and Milestones (POA&M) to document planned actions
  • Prepare and maintain documentation for specified networks that provide a reference for users to understand the established restrictions associated with those specific networks
  • Develop and maintain System Security Plans (SSP) to meet ongoing security requirements
  • Perform technical planning, system integration, verification and validation, and risk assessments.

Cyber Security Specialist

KBR
10.2020 - 08.2022
  • Supported Test Resource Management Center as an Cyber Action Officer and Cybersecurity Specialist, coordinating with over 10 enclaves to report, track and resolve JFHQ-DoDIn Cyber Tasking Orders (CTOs)
  • Coordinated with Joint Staff directorates, Office of the Secretary of Defense (OSD), combatant commands, Services, and external agencies for strategic and operational plans, concepts, orders, analytical products, requests for information, and other staff actions
  • Used Vulnerator for DISA Security Technical Implementation Guide(STIGs) and ACAS Coordinate and remediate any low, moderate or high critically IAVMs via ACAS scans
  • Conducted vulnerability compliance scans weekly, monthly and daily via ACAS (assured compliance assessment solution)
  • Developed and advised development of Assessment and Authorization (A&A) artifacts and security documentation to include, but not limited to System Security Plans (SSP), Plan of Action and Milestone (POAM), Contingency Plan, Incident Response Plan, Configuration Management Plan
  • Performed Risk Management Framework (RMF) activities to achieve Authority to Operate (ATO).

Configuration Management - Security Analyst

Global System Technologies
06.2019 - 10.2020
  • Provided Configuration Management and Security System support to DHS
  • Provided executive support to the Change Control Board(CCB) and Change Advisory Board(CAB)
  • Maintained Customer's document baseline-including processing of Requests for Change (RFCs), library management, SharePoint folder structure management and security, and any requests for document audits
  • Experienced with multiple Change Requests (CRS); Engineering Change Proposals (ECPs), Request for Deviation (RFD), Request for Waiver (RFW), and DEPs
  • Updated CMD (Configuration Management Databases) and Configuration Item List
  • Manage and document the configuration baseline and control process for customer applications, security processes and procedures, and monitored adherence of CM processes throughout development life cycle
  • Coordinated with Program Management Office to evaluate and improve the security of software and hardware implementations
  • Experienced in Physical Configuration Audits (PCA), Security Audits (SA) and prepared findings and reports, and tracked related action items.

Education

Bachelor of Science - Information Technology

George Mason University
Fairfax, VA
01.2019

Certification

Security+ CompTIA

Certified Advanced Security Practitioner CompTIA

Qualified Validator II Navy

Timeline

Cybersecurity Engineer

Ignite LLC
01.2024 - Current

Lead ISSO/ISSE

Systems Planning and Analysis, Inc.
08.2022 - 01.2024

Cyber Security Specialist

KBR
10.2020 - 08.2022

Configuration Management - Security Analyst

Global System Technologies
06.2019 - 10.2020

Bachelor of Science - Information Technology

George Mason University

Similar Profiles

CREATE PROFILE
Nhat Le