Tracey Lewis

Candidates Name: Tracy Lewis

Candidate Contact Number: 772-260-2507
Candidate Email: treclewis@gmail.com
Position: CLM Security Engineer
Current Salary (required):
Salary Expectations: $120k/ Annum

 Date available: ASAP

 Have you ever worked at Froedtert Health System before? No

 What shift do you prefer to work? Any Shift

 Education (Masters, Bachelors, Associates degree or High School Diploma)? Master’s

 If an Epic-related position: Please list all Epic certifications w/ years: No

 Are you flexible to work as needed and scheduled including holidays and weekends? Yes

 Do you have any time off requests? No

 When is the best time for the manager to reach you? Anytime

 Why are you interested in this opportunity? I am looking for remote work that fits within my scope of expertise and
background.

 What would your current/previous Manager say about you? I am very agile and a quick learner. I go above and beyond
and also do anything I can to support the team.

 What are your greatest:

 Strengths? Attention to detail and ability to work well in any environment.
 Weaknesses? Tend to take on more responsibilities than in job description to make sure team goal is met

 What are your salary expectations? $120k/ Annum

 What are your career goals? To find a company I can settle into and move away from short contract positions.

Summary
 Tracey is security expert having more than 10+ years of experience.
 She is responsible for cybersecurity specifications such as Risk Management Framework (RMF), IAVM (Information
Assurance Vulnerability Management), STIGs and other government security specifications and guidelines.
 Assists with developing System Security Plans (SSPs) and supporting Assessment and Authorization documentation
 Responsible for performing multiple cybersecurity roles (e.g, ISSE, ISSO, ISSM) for Department of Defense (DoD) and
Intelligence Community (IC) programs.
 Implemented the information systems security program for assigned programs/systems in compliance with NISPOM Chapter
8, NIST RMF, JAFAN 6/3, DCID 6/3, ICD 503, and JSIG requirements.
 Applied cyber security standards including DISA STIGs, RMF security controls, and Draper policies and procedures to
classified computing systems.
 Responsible for the preparation, update, and review of IS authorization packages (SSP, POA&M, SCTM, etc.) along with
performing self-inspections to provide security coordination and success of system test plans.
 Maintained NextEra Energy power grid protection in many parts of the United States in accordance with government
mandated North American Electric Reliability/Critical Infrastructure Protection (NERC/CIP) guidelines.
Skills and Proficiencies
 Skills and Proficiencies: Risk Management Framework (RMF), Joint Special Access Program (SAP) Implementation Guide
(JSIG), DSS Assessment and Authorization Process Manual (DAAPM), Security Content Automation Protocol (SCAP),
Security Technical Implementation Guide (STIG), Windows, Linux, Unix, HPUX, Solaris, Military Counter-Intelligence,
Joint Intelligence Operations, Operations Security (OPSEC), Communication Security (COMSEC), Signals Intelligence
Collection (SIGINT), Electronic Intelligence Collection (ELINT), TS/SCI +CI poly, Microsoft Word, PowerPoint, Excel,
SharePoint, and Administration and Procedural Processes.

Awards and Activities

 Four Block Veteran’s Career Development Member, Operation Delta Dog Participant and Volunteer
 Dean’s List Award Recipient, Veteran’s Service Organization Volunteer

Certificates
 CompTIA Security+ CE (2019)

Education
 Master of Science in Security and Resilience Studies Cyber from Northeastern University, Boston, MA
 Bachelor of Science in Business Administration Management of Information Systems
 Associate of Science Degree in Information Technology Security from Bunker Hill Community College, Boston, MA

Professional Experience
Confidential Client Jul 2020 – Till date
Senior Advanced Information Assurance Engineer
Responsibilities
 Responsible for cybersecurity specifications such as Risk Management Framework (RMF), IAVM (Information Assurance
Vulnerability Management), STIGs and other government security specifications and guidelines.
 Assists with developing System Security Plans (SSPs) and supporting Assessment and Authorization documentation
 Supports patch management, system hardening, and verification of STIG compliance for OSs (e.g. Windows 2012, Windows
10, and Linux operating systems), COTS applications, and other IA products and IA enabled products.
 Conducts security assessments/hardening with such tools as ACAS-NESSUS & SCAP Scans, STIGs, SCC benchmarks, and
Vulnerator
 Experienced with XACTA and eMASS risk management and compliance automation tools

The Charles Stark Draper Laboratory Cambridge, MA Feb 2020 – Jun 2020
Cyber Security Analyst
Responsibilities
 Responsible for performing multiple cybersecurity roles (e.g, ISSE, ISSO, ISSM) for Department of Defense (DoD) and
Intelligence Community (IC) programs.
 Implemented the information systems security program for assigned programs/systems in compliance with NISPOM Chapter
8, NIST RMF, JAFAN 6/3, DCID 6/3, ICD 503, and JSIG requirements.
 Applied cyber security standards including DISA STIGs, RMF security controls, and Draper policies and procedures to
classified computing systems.
 Assists with preparation and maintenance of security Assessment and Authorization (A&A) documentation (e.g., IA SOP,
SSP, RAR, SCTM).
 Performed Continuous Monitoring (ConMon) of security controls, to include audit log review and archive, security updates
and patching, compliance scanning (SCAP), configuration management, account management, vulnerability management,
and control status reporting.

ManTech International Hanscom AFB, MA May 2019 – Feb 2020

Information System Security Officer (ISSO) III
Responsibilities
 Responsible for the preparation, update, and review of IS authorization packages (SSP, POA&M, SCTM, etc.) along with
performing self-inspections to provide security coordination and success of system test plans.
 Conducted security surveys at subordinate facilities to gather pertinent security documentation for inclusion into system
authorization packages and to identify IS vulnerabilities and implement countermeasures.
 Assist Department of Defense, National Agency and Contractor organizations with the development of assessment and
authorization (A&A) efforts.
 Ensured IS and network nodes are operated, maintained, and disposed of in accordance with security policies and practices.
This includes using the SCAP Compliance Checker tool and DISA STIG library.
 Provides briefings along with leadership, mentoring, and quality assurance to team members.

Raytheon Company Woburn, MA May 2018 – May 2019

Cyber Defense Technologist II, ISSO
Responsibilities
 Provided support to classified computing environments regarding system functions, security policies, technical security
safeguards, and operational security measures.
 Maintained system compliance through the Risk Management Framework (RMF) and sustained integrity of various systems
including Windows, Linux, Network Devices and peripherals.
 Investigated information system security violations and delivers information systems security education and awareness to
users across Raytheon.
 Routinely interfaced with facility security team, program personnel and government representatives.

Raytheon Company Andover, MA Jan 2017 - Jul 2017

Technology and Metrics Analyst (Co-op) – Global Business Systems
Responsibilities
 Independently developed and produced weekly metrics and reports for consumption across all levels of the GBS organization
to better manage Integrated Defense Systems.
 Supported team member's by producing dashboards for audits, management reviews, and special projects.
 Served on project management team to deploy metrics dashboards and reporting tools, partnering with IT and Supply Chain
to accomplish tasks and become more agile.

NextEra Energy Juno, FL Oct 2011 – Feb 2013

Security Operations Specialist
Responsibilities
 Maintained NextEra Energy power grid protection in many parts of the United States in accordance with government
mandated North American Electric Reliability/Critical Infrastructure Protection (NERC/CIP) guidelines.
 Ensured the security of and reliability of a multitude of critical NextEra Energy assets in accordance with NERC procedures
while interacting with various government agencies.
 Monitored and worked on several cyber infrastructure applications to complete daily tasks simultaneously.
 Led investigations and audits in accordance with government mandated NERC/CIP standards.
 Created and revised numerous global corporate procedures and processes in support of the security operations team’s goals,
with resounding success.

United States Navy Norfolk, VA Jan 2007 – Jan 2011

Cryptologic Technician
Responsibilities
 Collected, analyzed, exploited, and disseminated Electronic Intelligence (ELINT) and Signals Intelligence (SIGINT) in
accordance with fleet and national tasking.
 Ensured safety of platform with Indications and Warning (I&W), and Anti -Ship Missile Defense (ASMD); and provided
technical and tactical guidance to Warfare Commanders and national consumers in support of surface, subsurface, air, and
special warfare operations.
 Responsible for the security of highly classified material and operational security processes.
 Efficiently and effectively briefed superiors and peers on time sensitive information.
 Trained over ten peers on security guidelines and counter- intelligence collection procedures.
 Supervised and maintained departmental personnel and property with over 60% productivity increases.