Jessica Tomassi

Work History

NASA Marshall Space Flight Center

04.2025 - 09.2025

TekFive subcontractor
Used endpoint detection and response tools (EDR), as well as extended detection and response tools (XDR).
Analyzed and reported organizational Agency vulnerability scanning security posture trends.
Analyzed and reported Nessus technical system security posture trends.
Conducted web application scanning
Utilized BurpSuite and Tenable Nessus for vulnerability discovery and remediation.
Presented complex information to both technical and non-technical audiences.
Created technical documentation, such as security policies and vulnerability scanning instructional guides.
Active Top Secret Security Clearance, no SCI.
Role concluded end of September 2025 due to loss of contract funding/mass layoff at NASA.

Monster Worldwide Inc

02.2022 - 04.2025

Managed Bug Bounty Reporting program.
Executed coordination of penetration tests with third-party vendors. Remediated discovered vulnerabilities.
Directed and implemented annual training on Secure Coding for Developers, reached 100% annual Pass Rate.
Ensured compliance with relevant legal and regulatory requirements (ISO/IEC 27001, GDPR, HITRUST CSF, MITRE ATT&CK framework)
Used endpoint detection and response tools (EDR), as well as extended detection and response tools (XDR).
Conducted monthly DAST scans of web apps, lowered Critical and High severity vulnerabilities by 35%.
Conducted technical investigations of security related incidents and post incident digital forensics to identify causes and recommended future mitigation strategies
Evaluated emerging technologies, staying current on industry best practices and trends in information security.
Conducted vulnerability assessments to identify potential risks within the organization’s infrastructure.
Leveraged various tools, such as CrowdStrike Falcon, Invicti Enterprise, Rapid7 Insight IDR, Microsoft Defender, Splunk Enterprise and Cloud, Confluence, AWS, GitHub, Azure, JIRA and Oort.
FT position
Role concluded due to company filing for bankruptcy

Karthik Consulting LLC

12.2020 - 02.2022

Addressed challenges collaboratively during team discussions.
Developed high-quality documentation to support training efforts, helping employees fully understand new systems and procedures.
Improved business processes by analyzing current practices and recommending optimization strategies.
Developed guidelines for secure information handling.
Developed and implemented information security standards and procedures
Guaranteed adherence to RMF SA-14 guidelines across all stakeholder information systems.
Conducted priority evaluations of project elements to assess importance and impact.
Guided stakeholders through the criticality analysis process.
Utilized eMASS information to finalize criticality analysis.
Knowledge of NIST 800-53 rev 4 security controls
Top Secret Clearance

BAE Systems

03.2020 - 12.2020

Softworld subcontractor
Short term contract position
Maintained compliance with industry standards such as ISO 27001, NIST, and SOC2 by enforcing strict protocols and controls.
Coordinated with external partners and vendors during joint cybersecurity initiatives or investigations.
Conducted quarterly SCAP scans utilizing updated DISA STIGs.
Mitigated risks identified in audits.
Applied expertise in security auditing and tracking mechanisms.

Raytheon IDS

01.2019 - 03.2020

Ensured RMF compliance
Worked on various classified Information System environments
Presented security awareness training to new hires
Led Assured File Transfer (AFT) trainings to new Data Transfer Agents (DTAs)
Developed and implement security policies, protocols, and procedures.
Conducted regular security audits and assessments.
Monitored network traffic for unusual activity and respond to security incidents.
Coordinated with IT staff to ensure that security measures are integrated into system designs.
Maintained up-to-date knowledge of the latest cybersecurity trends and threats.
Provided training and support on security protocols to staff.
Prepared and presented security status reports to management.
Ensured compliance with relevant legal and regulatory requirements (NIST 800-53, NIST CSF)
Managed security tools and technologies, such as firewalls and intrusion detection systems.
Performed risk assessments and recommended mitigation strategies.
Collaborated with external auditors and regulators.
Investigated and responded to security breaches. business continuity plans.
Investigate and responded to security breaches.
Role concluded due to moving states.