PROFESSIONAL EXPERIENCE

Confidential

Splunk ITSI/Threat Intelligence Technologist

Responsibilities:

• Assigned to the IRS Enterprise Technology Implementation Division (ETID) PMO team supporting the Integrated Enterprise Portal (IEP) Splunk expansion program. In this capacity, designed and implemented an Operational Intelligence and Log Analytics Prototype using Splunk IT Service Intelligence (ITSI) module to streamline the IRS IEP Incident/Problem Management process from Triage (TR) orchestration, Service Restoration (RS) facilitation, Root Cause Analysis (RCA) execution and Predictive Analytics (PA) enablement. Transformed IRS ETI User Requirements into Splunk ITSI Use Cases. Performed technical impact assessment on IEP technology stack, Enterprise Operations (EOps), IT Operation Command Center (ITOCC) and Incident Management Branch (IMB) to determine Splunk ITSI Integration points with IRS existing operational entities. Created and published numerous Splunk ITSI Log Analytics artifacts describing IEP Services, defining Key Performance Indicators (KPIs), configuring Thresholds, constructing Correlation Searches, performing Deep - Dives, creating ITSI Dashboards/Glass-Tables, setting up Multi KPI Alerts and generating complex operational Reports.
• Installed and configured multiple Threat Intelligence Platforms Anomali, FireEye, LookigGlass, Splunk Core 6.5.3/Splunk ITSI 2.4.0 on Red Hat Enterprise Linux (RHEL) 2.6.32 to monitor the IEP infrastructure components (Apache Web-Server, Red Hat JBoss Enterprise, Oracle 11g R2 Enterprise Edition, Forum Sentry Gateway, MySQL 5.7, IBM WebSphere MQ).
• Proficient in the following government regulations and standards: National Institute of Standards and Technology (NIST), Risk Management Framework (RMF), Continuous Diagnostics and Mitigation (CDM), Cyber Security Framework (CSF), NIST SP 800-53 rev3/rev4, Federal Information Security Management Act (FISMA), Federal Information System Controls Audit Manual (FISCAM), Gramm Leach Bliley Act (GLBA), HUD Handbook, Sarbanes Oxley (Sox) and National Housing Act.

Confidential

Identity Access Management (IAM) Architect

Responsibilities:

• Assigned to the Chief Information Officer, Enterprise Architecture group supporting an Enterprise Identity & Access Management (IAM) Initiative that enabled Confidential employees and business partners single sign-on (SSO) access to numerous cloud SaaS Applications like Office365, NetSuite, UltiPro, Salesforce, Grovo & Halogen TalentSpace.
• In this capacity, worked directly with clients to gather requirements, document solutions & design, configure the relevant Salesforce application, and ensured successful engagements and project go-lives through disciplined project management practices. Additionally, designed & implemented Identity-as-a-Service (IDaaS) solutions utilizing Service Provider Cloud methodology and platforms (Okta, SailPoint, PingIdentity, Centrify, OneLogin, Microsoft Azure Active Directory Premium) in migrating production applications to a Software-as-a-Service (SaaS) environment by adhering to identity management Industry standard protocols such as ADFS, OAuth2, SAML 2.0, WS-Federation, and OpenID-Connect.
• Developed Identity Governance and Administration (IGA) — This included the ability to provision identities held by the service to target applications, and User-Provisioning
• Developed Access Control — This included User Authentication, Single Sign-On (SSO), and Authorization Enforcement
• Developed Operational Intelligence — This included logging events and providing reporting on Access Control, Alerts, Remediation and Vulnerability Assessment using Splunk ITSI Module

Confidential

Splunk Architect/Cloud Security Architect/Information Risk Officer

Responsibilities:

• Performed Security Assessment & Authorization (SA&A), Cybersecurity Monitoring, Malware Analysis, Threat Analysis, Network/Host Intrusion Detection, Security Operations Center (SOC), Triage, Containment, Reviewing Nessus Scans, Remediation recommendations for high risk business systems and reporting within the NIST SP-800 61r2, Incident Response Life Cycle. Designed and implemented Identity & Access Management (IAM), Single Sign On (SSO) and Log Analytics solutions using Splunk Enterprise, Splunk Enterprise Security and Splunk IT Service Intelligence (ITSI) monitoring Complex GinnieMae Production environments.
• Worked closely with the Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) and the Security Operations Center (SOC) team as an Splunk Architect in implementing a SIEM solution using Splunk Enterprise in a 24x7x365 monitoring a large-scale enterprise environment using numerous security tools such as ArcSight, Nessus, Tripwire, BurpSuite and DbProtect in operating a full-featured Security Operations Center (SOC).
• Proficient in the following government regulations and standards: National Institute of Standards and Technology (NIST), NIST SP 800-53 rev3/rev4, Federal Information Security Management Act (FISMA), Federal Information System Controls Audit Manual (FISCAM), Gramm Leach Bliley Act (GLBA), HUD Handbook, Sarbanes Oxley (Sox) and National Housing Act.

Confidential

Sr. Security Enterprise Architect

Responsibilities:

• FedRAMP Compliance & Implementation (CSP, 3PAO, Continuous Monitoring, Threat & Risk Assessment, FISMA, NIST SP 800-Series)
• Enterprise Mobility Roadmap (HTML5, CSS3, WebKit, jQuery Mobile, PhoneGap, Responsive Design, IBM Worklight Mobile Platform)
• Emerging Technologies & SOA Roadmap
• Technology Standards and Products Guide (TSPG)
• Content Management System (CMS) & Collaboration (HP Autonomy TeamSite, SharePoint)
• Business Intelligence Tools Comparative Analysis & Recommendation (ETL, Data Warehousing, Data Marts, OLAP, Dashboards)
• Service Oriented Architecture & Governance (Oracle Fusion Middleware Stack)
• Virtualization using VMware Horizon View (VDI), Hypervisors, Citrix NetScaler, Citrix XenApp

Confidential

Sr. Security Cloud Architect

Responsibilities:

• Assigned to the Department of Treasury, Confidential OCIO PMO technical support team implementing a Cloud Service Model by Integrating Infrastructure Services as an eCommerce Software as a Service (SaaS) Transactional solution in supporting the Sales & Marketing, Finance, Legal, Enterprise Operations & Manufacturing department. Responsible for Governance, Technical Architecture, Project Management and Systems Integration for the following functional areas: Interface Design, Business Process Monitoring, Human Workflow User Interface, Business Process Management (BPM), Connectors, Transaction Manager, WS-Security, Web-Services, Application Container, Messaging Services, Metadata Repository, Naming and Directory Service and Distributed Computing Architecture.
• JBoss Enterprise Service Bus (ESB), Oracle Fusion Middleware 11g, Oracle SOA Suite 11g, Venda Cloud Commerce Platform, MS-Active Directory Federation Services (ADFS), Security Assertion Markup Language (SAML), Single Sign On (SSO), Red Hat Enterprise Linux Server, VMware Private Cloud Solution, Cloud Lifecycle Management, Application Release Automation, Service Level Management, Dashboards and Analytics and Orchestration.

Confidential

Sr. Security Specialist

Responsibilities:

• Worked closely with the Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) and the Security Operations Center (SOC) team as an Splunk Architect in implementing a SIEM solution using Splunk Enterprise in a 24x7x365 monitoring a large-scale enterprise environment using numerous security tools such as ArcSight, Nessus, Tripwire, BurpSuite and DbProtect in operating a full-featured Security Operations Center (SOC). SME in various network and host-based security applications and tools, such as network and host assessment/scanning tools, network and host based intrusion detection systems, and other security software packages.