Past Performance

SecureSoft Technologies LLC, (SST) is proud to report successful performance on an array of past projects and contracts. SST provides highly adaptive cybersecurity services (HACS), including penetration testing, incident response, systems security engineering, vulnerability risk assessment, security architecture design & reviews, and cyber threat hunting. In addition, SST also provides other Cybersecurity Risk Management and IT support services.

SERVICE CATEGORY

Cybersecurity: Highly Adaptive Cyber Services (HACS)

DISA - Cybersecurity Support to Multiple DISA Systems (2011 – 2019)

NBIS Program (2017 – 2019)

High-Value Asset Assessments

  • Performed vulnerability management services including creation and implementation of vulnerability management policy, risk, threat, and security assessments including code reviews and external assessments like penetration tests, and resolution of findings by ensuring implementation of safeguarding configurations for all identified assets including high-value assets.

Risk and Vulnerability Assessments

  • Performed DoD Security Technical Implementation Guides (STIGs) assessments for all assets to identify threats and risks for each component of the security architecture.
  • Performed risk assessments on networks including ports and protocols, web applications, operating system, and databases.
  • In addition to the STIGs assessments, conducted vulnerability scans for all security architecture components and supported independent external assessments like penetration tests and code reviews.

Cyber Threat Hunt

  • Performed cyber security activities that resulted in multiple layers of implemented security controls; this ensured a low-risk cybersecurity posture for the applications under this project.
  • The cyber threat hunters validated the low-risk cybersecurity posture of the applications we were tasked to protect.

Incident Response

  • Created and implemented an Incident Response Plan or Policy for the set of systems/applications under the contract. The policy and implementation covered incident reporting, notification procedures, incident analysis, handling, impacted asset isolation, containment, and recovery.
  • Worked with Service Desk teams on the notification and reporting procedures. We also worked with DoD Cyber Security Service Provision teams to coordinate forensic investigations where applicable.

Penetration Testing

  • Supported all external testing including penetration testing for all applications under the contract.
  • Reviewed and validated results of penetration tests as well as ensured all validated findings were resolved.

DCS (2013 – 2016)

High-Value Asset Assessments

  • Performed vulnerability management services including creation and implementation of vulnerability management policy, risk, threat, and security assessments including code reviews and external assessments like penetration tests, and resolution of findings by ensuring implementation of safeguarding configurations for all identified assets including high-value assets.

Risk and Vulnerability Assessments

  • Performed DoD Security Technical Implementation Guides (STIGs)assessments for all assets to identify threats and risks for each component of the security architecture.
  • Performed risk assessments on networks including ports and protocols, web applications, operating system, and databases.
  • In addition to the STIGS assessments, conducted vulnerability scans for all security architecture components and supported independent external assessments like penetration tests and code reviews.

Incident Response

  • Created and implemented an Incident Response Plan or Policy for the set of systems/applications under the contract. The policy and implementation covered incident reporting, notification procedures, incident analysis, handling, impacted asset isolation, containment, and recovery.
  • Worked with Service Desk teams on the notification and reporting procedures. We also worked with DoD Cyber Security Service Provision teams to coordinate forensic investigations where applicable.

Penetration Testing

  • Supported all external testing including penetration testing for all applications under the contract.
  • Reviewed and validated results of penetration tests as well as ensured all validated findings were resolved.

DEOS (2016 – 2017)

Risk and Vulnerability Assessments

  • Performed DoD Security Technical Implementation Guides (STIGs) assessments for all assets to identify threats and risks for each component of the security architecture.
  • Supported all external testing.
  • Performed risk assessments on networks including ports and protocols, web applications, operating systems, and databases.
  • In addition to the STIGS assessments, conducted vulnerability scans for all security architecture components and supported independent external assessments like penetration tests and code reviews.

SERVICE CATEGORY

Cybersecurity: Risk Management - Oversight and Compliance

For Defense Information Systems Agency: (2011 – 2019)

  • Provide Assessment and Authorizations (A&A) Risk Management Framework (RMF) support from interim Authority to Test (IATT) to Authority to Operate (ATO).
  • Worked with Product teams to implement secure cloud computing architecture (SCCA).
  • Oversaw vulnerability management and incident response plans and policies.
  • Provide information risk assessments and design security countermeasures to mitigate identified risk.

SERVICE CATEGORY

Cybersecurity: System Networking and Engineering

For United States Air Force (2018 – Present)

  • Provided Network Engineering and Security design and implementation for over 100K endpoints.
  • Provided Application and Network Security Information and Event. Management tools, design, implementation, and configuration support.
  • Manage mission-critical Network tasks across multiple functional areas for an Air Force foreign military sales (FMS Contract).

For Defense Logistics Agency (May 2019 – Present)

  • Provide system design and security architecture services.
  • Support implementation of Information System Security compliance.
  • Oversee, direct, and manage personnel support on compliance project.
  • Gather, collect, review, and analyze all applicable requirements documents.

SERVICE CATEGORY

Cybersecurity: Systems Integrations

For United States Air Force (2018 – Present)

  • Provided Network Engineering and Security design and implementation for over 100K endpoints.
  • Provided Application and Network Security Information and Event Management tools, design, implementation, and configuration support for over 100K endpoints.
  • Manage mission-critical Network tasks across multiple functional areas for an Air Force foreign military sales (FMS Contract).

For Defense Logistics Agency (May 2019 – Present)

  • Provide system design and security architecture services.
  • Support implementation of Information System Security compliance.
  • Oversee, direct, and manage personnel support on compliance project.
  • Gather, collect, review, and analyze all applicable requirements documents.

SERVICE CATEGORY

Cybersecurity: Managed Cybersecurity Services

NBIS (DISA) Program (2018 - 2019) and EPOS (2019 - Present)

  • Provided cyber, operational, maintenance and system administration support for all applications within the National Background Investigation Services (NBIS) under contract.
  • Managed all day-to-day cybersecurity operations including administrative, technical, and operational functions, assessing risks and identifying unstated assumptions, and resolving all related issues, as well as interpersonal conflicts for the Electronic Point of Sale (EPOS) program solution.

SERVICE CATEGORY

IT: Service Desk

NBIS (DISA) Program (2018 - 2019) and EPOS (2019 - Present)

  • Provided cyber, operational, maintenance and system administration support for all applications within the National Background Investigation Services (NBIS) under contract.
CMMC, RPO certified. 3PAO certification pending GSA IT 70 Schedule HACS Provider
HubZone Certified

© 2022 SecureSoft Technologies. All rights reserved. Privacy Policy

Website by 
Ocean 5 Strategies
crosschevron-down