SUMMARY

• Championed comprehensive security - oriented assessments for clients with differing mission requirements, handling conflict resolution and collaborating with team leads & clients, appropriately translating functional needs into security requirements
• Deployed Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry-Data Security Standard (PCI-DSS), General Data Protection Regulation (GDPR), National Institute of Standards and Technology (NIST), and Federal Risk and Authorization Management Program (FedRAMP) compliant infrastructure on-premise and in the Cloud
• Architect for a Cloud Platform dat supported twenty-five million end users
• Designed and executed eleven end-to-end cloud implementations
• Expertise in leading the secure design of new cloud services and solutions in-line with defined security strategies
• Led several high-profile successful security engagements for major commercial clients, resulting in high profit margin and customer satisfactions
• Leveraged expertise in the system development life-cycle; designing, developing, configuring, deploying, and troubleshooting major software applications and databases to provide a variety of solutions
• Provided thought leadership and architectural expertise to a cross-functional team charged with deploying a host of customer-related applications and data to the Cloud
• Architected cyber security solutions for multiple corporations
• Oversaw cross-departmental engineering teams and help them define, assemble and integrate cyber security components based on security standards and business requirements (examples: hardware, software, availability, scalability, disaster recovery and reliability)
• Oversaw cross-divisional security team using a multi-disciplinary focused approach to cyber and information security and compliance, operational risk management, client security management, workforce protection, and business resilience
• Expertise in planning, executing & spearheading IT projects, deploying, and streamlining systems with skills to enhance IT infrastructure and security operational TEMPeffectiveness
• Worked across multiple industries providing cloud security services
• Provided design-time review and guidance to teams building & deploying new technology and integrating with services provided by public cloud platforms Google Cloud Platform, Amazon Web Service, and Microsoft Azure
• Developed technical and managerial level reports and risk assessments for Cloud based applications and infrastructure
• Background in securing and deploying multi-tenant system, and/or architecting security controls in Cloud systems
• Integrated systems between Public Cloud Providers
• Provided thought leadership to Network, Platform, Engineering, QA, and Development teams in architecture design and review sessions

TECHNICAL SKILLS

Operating Systems: Windows 10/8/7/Vista/XP, Linux, UNIX, Cisco IOS

Networking Hardware: 29XX, 19XX, 65XX, 76XX, 45XX, 37XX, 38XX, 35XXEnterprise Operating Windows 2012/2008/2003/2000 , Microsoft Server 2013/2010/2007/ 2003 , XML

Scripting Languages: Python, BASH, Ruby, Perl, PowerShell, IAC; TerraForm

Cloud Computing: Amazon Web Services, Google Cloud Platform, VMWare, Microsoft Azure

Networking Protocols: DHCP, HSRP, SNMP, OSPF, EIGRP, IGRP, BGP, VRRP, TLS/SSL VTP, STP

Business Application: Microsoft Office 2013/2010/2007/ XP, Microsoft Access 2013/20102007/2003/2002 Exchange 2013/2010/2007/ 2003 , SAP, SharePoint

Engineering Software: AutoCAD, Multisim, Rockwell, MES Security Automation & Ansible, Puppet, Jenkins

J2EE Platforms: JBoss, Tomcat, WebLogic, and WebSphere

PROFESSIONAL EXPERIENCE

Confidential, Hebron, KY

Senior Azure Cloud Security Architect

Responsibilities:

• Responsible for guiding the development teams on secure software & hardware configuration management and secure testing automation strategies associated with Cloud-based solutions.
• Responsible for guiding engineering teams in the development and deployment of dashboard(s) which display security metric solutions to provide a single-pane-of-glass of operational status for senior leadership and/or operational teams.
• Interfaced with technical and senior leadership to turn business directives into functional implementations.
• Assisted in defining Azure Cloud services portfolio of offerings.
• Provided security architecture evaluation and established a process for assessing and auditing security exceptions.
• Responsible for guiding engineering teams in deployment of industry-standard frameworks for authorization, like OAuth 2.0, OpenID Connect (OIDC), User-Managed Access (UMA).
• Defined cloud architecture, design, and implementation plans for hosting complex application workloads in Azure.
• Provided Azure technical expertise including strategic design and architectural mentorship, assessments, POCs, etc., in support of the overall lifecycle or consulting engagement process.
• Responsible for guiding engineering teams in deploying Azure API Management, Security, Cloud-to-Cloud Integration (Public, Private).
• Educated customers of all sizes on the value proposition of managed services on Azure, and participated in architectural discussions to ensure solutions are designed for successful deployment in the Cloud.
• Responsible for guiding Network teams in deploying cloud network architecture utilizing Azure virtual networks, VPN, and express route to establish connectivity between on-premise and Cloud.
• Assisted leadership with the ongoing development and deployment of policies & procedures for the purpose of consistent solutions delivery.
• Responsible for guiding engineering teams in deploying PowerShell scripts, JSON and ARM templates to automate the provisioning and deployment process of Azure PaaS and IaaS services.
• Participated in internal, external, and customer meetings assisting with the ongoing evolution of technology offerings.
• Provided technical guidance on building solutions using Azure PaaS, SaaS, IaaS, and other services.
• Deployed, created, and maintained project related documentation (Statement of Work, technical design document, bills of materials, etc.).
• Led the design, architecture and deployment of solutions in Azure.
• Assisted customers in simplifying the Architecture by utilizing Azure Kubernetes Service automation.
• Architected and designed n-tier applications from the ground-up using Azure IaaS, PaaS, and SaaS services.
• Responsible for guiding engineering teams in deploying Azure Active Directory B2C and B2B setup and management.
• Deployed Cyber Security Standards for Security Level Deployed Cloud controls, Cloud Governance and Azure Security.
• Deployed Azure architecture blueprints and developer documentation.
• Responsible for guiding engineering teams in migrated applications from on premise or other clouds to Azure.
• Responsible for guiding engineering teams in deploying Azure Service Fabric Azure PaaS in Big data, IoT, Machine Learning spaces to end client(s).
• Published articles on technology trending topics to the company Wiki.
• Agiled/Scrummed with multiple cross-functional teams.
• Prepared capacity and architecture plans to create the Azure Cloud environment to host migrated IaaS VMs, PaaS and SaaS role instances for refactored applications and databases.
• Responsible for guiding engineering teams in deploying a subset of on-premise machines to the Azure IAAS offering which will be used for disaster recovery.
• Worked as a senior architect to design automation solutions for Azure environment.
• Responsible for guiding engineering teams in identifying prospective issues in the Azure migration and suggesting feasible solutions to clients.
• Transitioned new technical projects and ensured smooth go-live for Azure operations.
• Executed technical feasibility assessments solution estimations for datacenter migration with public and hybrid Cloud migration and deployment.
• Created, validated, and reviewed solutions and effort estimate for data center migration to Azure Cloud environment cloud-based service.
• Conducted current state assessment of Infrastructure framework to identify gaps and recommend solutions.
• Leveraged assessment results to enhance existing framework and designed strategic solutions for owners and users.
• Point of contact between offshore implementation team(s) and functional experts to convert business needs into reporting solutions.
• Deployed key deliverables, Process definition, best practices, user acceptance criteria, system integration and system test plan.
• Responsible for guiding engineering teams in deploying technical feasibility solutions for new. infrastructure designs and suggested options for performance improvement of technical objects.
• Responsible for guiding engineering teams in deploying LinkerD and Sysdig.
• Responsible for guiding engineering teams in deploying Cosmos and SQL databases.
• Responsible for guiding engineering teams in deploying, planning, design, and implementation of enterprise-wide container vulnerability management scanning services utilizing Twistlock.
• Responsible for guiding the engineering team in deploying maintaining, and updating the Azure Security Center policies.

Confidential, Menomonee Falls, WI

Cloud Security Architect

Responsibilities:

• Architected IaaS, PaaS, and SaaS utilizing Google Cloud Platform (GCP).
• Delivered seventy-six million dollars in reoccurring savings with new technologies and tool consolidation.
• Developed cyber security plans projects and performed cyber security risk assessments using NIST standards.
• Responsible for guiding the design and implementation of SIEM solutions utilizing Splunk & QRadar across business and IT areas using architecture standards, best practices and processes.
• Worked with project teams to determine security requirements for applications and SIEM solutions and determine how best to implement them.
• Drove the IAM strategy for all types of identities for the digital business by designing an identity architecture dat strategically combines responsibilities/access for employee, contractor, vendor, business partner, and customer/consumer types of identities.
• Technology architect for infrastructure components such as: Tanium, Darktrace, FIM/HIDS, CASB, Cloud Configuration Management and Cloud Security Posture Management.
• Responsible for guiding engineering teams in the development of the technical design and documentation.
• Provided vendor evaluation for new technologies, changes to existing technology.
• Established application ecosystem assessment protocol and toolset.
• Identified combinations of risk not clearly indicated by existing monitoring capabilities.
• Prioritize findings and make recommendations to relevant LOB for action.
• Prepared, documented, and updated assessment playbooks.
• Wrote ad-hoc TerraForm modules to deploy Infrastructure-as-Code.
• Worked with 14 Engineers and up to 44 remote contractors.
• Mentored Security Engineers on new technologies.
• Architected User Life Cycle Management Processes.
• Managed Vendors/Partners relations and worked closely with the Engineers from all types of technologies.
• Partnered with internal teams to protect employer and client information by the delivery of security analysis, recommendations, projects and compliance methods & practice.
• Designed an e-Fraud strategy and partnered with vendors to create a custom automated methodology for identifying potential electronic payment fraud providing increased early detection capabilities.
• Redesigned and implemented security standards for the entire organization practices and industry standards dat enforce SOX controls.
• Responsible for guiding the engineering teams in deploying identity access management tools such as; BeyondTrust, SailPoint, and iSIM.
• Developed an information-based security management program and strategy, associated security policies, procedures and SDLC integration activities.
• Created an IT security technical reference architecture and documented current state security capabilities, current state gaps and future state roadmap aligned with IT and business strategies.
• Responsible for guiding engineering teams in the planning, design, and implementation of enterprise-wide Data Loss Prevention (DLP).
• Responsible for guiding engineering teams in the planning, design, and implementation of enterprise-wide container vulnerability management scanning services utilizing AquaSec.
• Responsible for guiding engineering teams in deploying Istio for service mesh security.

Confidential, Richmond, VA

Senior System Engineer

Responsibilities:

• Configured and maintained PLC & HMI and establish protocol and communication parameters between electrical power SCADA systems, and Remote Terminal Unit (RTU) using MODBUS and DNP3.
• Supported and administered Active Directory apps and servers.
• Designed and developed security architecture for Windows products.
• Created supporting architecture systems for Active Directory applications.
• Committed PowerShell scripts and projects to Team Foundation Server.
• Worked closely with offshore analysts, development team and QA team to define MES solution architectures and develops detailed design specifications.
• Created prototypes to develop and demonstrate special project features.
• Provided the Lead Engineer with all necessary support and information to ensure dat they are fully informed of progress.
• Deployed, DNS, IP networks and virtualization.
• Experienced in deploying Shopfloor Processes and MES Implementation.
• Experienced in deploying Process Factory Automation Application development using different technologies such as Siemens S7 300/400 PLC, Delta v.
• Knowledge of PLC Programming, implementation and troubleshooting.
• Identified KPI (Key Performance Indicators) for the processes and ensuring the KPI data visualization through shop floor integration with ERP systems with MES.
• Proficient with interfacing MES systems with plant automation systems and data collection historian systems.
• MES System interface with LIMS and other quality systems with real time problem identification and resolving.
• Defined functional requirements for MES solutions through documentation analysis and implementing the test Syncade MES Solutions dat met client requirements.
• Supported the implementation of the MES application and subsequent development of electronic batch records (eBRs) for manufacturing operations deployment of the bidirectional interface between MES and SAP.

Confidential, Ann Arbor, MI & New Brunswick, NJ

Technical Operation Security

Responsibilities:

• Performed real-time log analysis to provide network and data security both internally and external while evaluating the type and severity of security events by making use of packet analyses, and an in-depth understanding of exploits and vulnerabilities.
• Architected IaaS, PaaS, and SaaS utilizing Amazon Web Services (AWS).
• Developed and prepared Monthly Information Security Metrics reports.
• Provided thought leadership in pre-releasing products in the area(s) of support responsibility in order to support them when released.
• Responsible for guiding engineering teams in the deployment of security architecture and guiding principals at macro & micro level across all cloud initiatives AWS, GCP, Azure.
• Software systems development life cycle (SDLC); principals of computer data processing; business system applications; principals and techniques of software and systems quality assurance and control; principals and practices of technical problem solving; design, installation and maintenance of enterprise.
• Evaluated and deployed firewall change requests and assess organizational risk.
• Managed security events using ITIL incident management.
• Created Pentesting and Vulnerabilities assessment framework.
• Deployed virtual machines, servers, Dockers, Kubernetes, and other containers using Puppet.
• Responsible for guiding engineering teams in the deployment of new code and patches though Foreman and Jenkins.
• Utilized Rundeck & Cisco Tidal Enterprise Scheduler to gather data from UNIX/Linux variants
• Responsible for guiding engineering teams in the deployment of Security Incidents Event Management (SIEM) utilizing Splunk and ELK.
• Responsible for guiding engineering teams in the deployment of security information analysis tools: Qualys, SecureWorks, AlertLogic, Nexpose, HostMonitor.
• Architected User Life Cycle Management Processes.
• Actively looked for security vulnerabilities in our application and network, documenting issues and describing possible solutions.
• Developed a Plan of Action and Milestones (POA&M) of all team's control deficiencies and vulnerability remediation.
• Asset management as needed as related to team's infrastructure systems portfolio.
• Monitored and reported on system patching status, including operating systems, and third-party applications reporting access and potential inappropriate network or information access.
• Led, a team to in corporate security while developing highly scalable, distributed applications involving DevOps teams.
• Ensured secure migration methods are defined and followed to move workloads from On-Premises to defined cloud providers.
• Responsible for guiding engineering teams in the deployment of infrastructure employing SOX, PCI-DSS, and HIPAA Security Rule.
• Deployed cloud access security brokers (CASB), including single-sign-on (SSO), authorization, encryption, two-factor autantication, Multi-Factor, etc.
• Developed and deployed innovative and concise technical security solutions as senior enterprise security architect.
• Vendor evaluation for new technologies, changes to existing technology.

Confidential, Louisville KY

System Engineer

Responsibilities:

• Led a six-person QLS deployment team.
• Provided a level 3 point of contact for all level 2 and 1technicians.
• Performed periodic performance reporting to support capacity planning.
• Maintained data center environment and monitoring equipment.
• Coordinated and communicated with impacted constituencies.
• Performed daily backup operations, ensuring all required file systems and system data were successfully backed up to the appropriate media and sent off site as necessary.
• Performed daily system monitoring, verifying the integrity and availability of all hardware, server resources, systems and key processes, reviewing system and application logs, and verifying completion of scheduled jobs such as backups.
• Deployed new servers, hardware, peripherals, services, settings, directories, storage, etc. in accordance with Confidential Motor Company’s global requirements.
• Liaised with vendors and other IT personnel for problem resolution.
• Wrote and maintained custom scripts to increase system efficiency and lower the human intervention time on any tasks.
• Used SCCM to deploy OS, packages, updates, and software updates.
• Participated in the design of information and operational support systems.
• Proactively ensured the highest levels of systems and infrastructure availability.
• Managed and monitored all installed systems and infrastructure.
• Deployed multiple DNS servers.
• Deployed upgraded supervisors in Cisco switches.
• Certified in Sarbanes-Oxley SOX corporate financial responsibility.
• Deployed NetApp Enterprise SAN.
• Monitored the network and infrastructure using Watsup Gold.
• Managed active directory for over 5000 users.

Confidential, Chicago, IL

System Engineer

Responsibilities:

• Deployed Domain Controllers, servers and certificate servers dat allowed onsite and/or remote administrators to manage user accounts and the digital certificates dat allows them to access certain services and systems.
• Deployed systems meeting the clients’ specific computer needs.
• On-site system Engineer for the following clients; Home Depot, CarMax, Sunrise of Louisville, YumBrand PCM/SARCOM, AT&T, Wells Fargo Bank, Hilton Hotel, Sam’s Club, Red Wing Shoes, and Huntington Bank.
• Deployed server configuration per designated security requirements (experience administrating central management through RHEL Satellite, Puppet, & etc.
• Deployed Windows 2003/2008/2008 R2 Server and/or RHEL support and troubleshooting or administrative and troubleshooting.
• Designed and deployed resiliency testing.
• Actively liaised with the development team to ensure thorough automated testing of all source code (e.g., via Test-Driven Development) and a secure architecture.
• Developing technical and security specifications for the targeted applications/workloads in the Cloud Services service catalog.
• Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation.
• Deployed host-based intrusion detection system (HIDS) and network intrusion detection system (NIDS).
• Developed & built Security (both tools & processes) into the Cloud Services delivery standards.
• Deployed FreeIPA for access management with open source solutions.
• Deployed security, backup, and redundancy solutions.
• Deployed Tomcat, Apache, and NGINX servers.
• Deployed Zabbix enterprise monitoring solution.
• Deployed JBoss and HornetQ middleware.
• Deployed resilient, scalable and secure IaaS and PaaS application platforms.
• Deployed public key infrastructure (PKI) hierarchies.
• Utilized available design data to develop ecosystem transaction and data flow diagrams.
• Conducted systems design, feasibility and cost studies and recommend cost-TEMPeffective cloud solutions.
• Designed and lead the deployment team dat created end state services which are self-sustaining and scalable aligning with business needs and cloud best practices.
• Designed, and implemented a project to provide network security stack providing visibility, redundancy, and consistency for all applications hosted in the cloud.

Confidential, Louisville, KY

IT Specialist

Responsibilities:

• Assisted with increasing production from instrument panels a shift increasing the company’s profit $525,000.
• Managed the Active Directory for more than 200 users.
• Led contact during 2nd/3rd shift for all service providers, customers, and third-party vendors.
• Interfaced with corporate decision makers in North America to implement network designs.
• Coordinated presentations to introduce new technologies and topologies.
• Presented new designs to the business unit and conducted network planning meetings.
• Collaborated with Quality and production Engineers to develop and update engineering processes based in a 24/7 environment.
• Tier one supplier to Confidential Motor Company.
• Electronics troubleshooting AC (Allen Bradley and Siemens) and DC Drives; PLC.
• Led continuous improvement efforts using lean manufacturing principals.
• Deployed, managed, and updated multiple Microsoft Windows 2008 and 2012 servers using VMWare.
• Worked with vendors to source parts, designing, updating older electronics and equipment dat are no longer supported by manufacturing to improve equipment functionality.
• Managed capital projects including identifying scope, cost, milestones, etc.
• Experience using strong business knowledge and perspective, synthesize complex information and develop theories to arrive at logical recommendations.
• Adept at viewing situations from the stakeholder’s perspective to better address their needs and expectations.
• Fulfilled service level agreements and ensure solutions remains current with industry best practices.
• Maintained and managed LAN and WAN infrastructure systems such as routers and firewalls.

Confidential, Chicago, IL

System Engineer

Responsibilities:

• Deployed computer networks such as local area networks (LANs), wide area networks (WANs), wireless, load balancers, VPN, QOS, etc.
• Supervised help desk technicians.
• Administered servers and server clusters.
• Configured hosted IP voice services remote support of on-site engineers and end users/customers during installation.
• Remote troubleshooting and fault finding if issues occurred upon initial installation.
• Liaised with project management team including speaking with customers via email and phone for initial requirement capture.
• Developed monthly reports, and recommendations for Managed Services Clients.
• Deployed systems for improving resilience of the current environment, scheduled upgrades, network optimization, securing networks by establishing and enforcing policies, and defining and monitoring access.
• Create and maintain the strategic plan and roadmap for Access Management as part of Identity and Access Management (IAM) overall.
• Created and maintained Identity and Access Management (IAM) autantication and authorization procedures.
• Deployed performance monitors and evaluating logs to determine performance problems or recommending steps to remedy a situation.
• Deployed, maintained, and managed the collection of customizable puppet manifests designed to automation the hardening of Red Hat servers.
• Managed and monitored all installed systems and infrastructure for potential bottlenecks identifying potential solutions.
• Identify departmental needs and made suggestions regarding technical direction.
• Deployed system security and data assurance in accordance with company policy.
• Deployed scripts to increase system efficiency and lower the need for human intervention.
• Tested software applications and systems.
• Developed different types of software, network control systems, and middleware.
• Deployed, configured, tested, and maintained operating systems, and application software.
• Provided level 3 support.
• Deployed performance monitors and evaluating logs to determine performance problems or recommending steps to remedy a situation.
• Scripting as necessary to support automation with Bash/Perl/PHP.
• Conducted security audits and resolved technical issues for remediation.
• Participated in understanding of cyber security programs and technical solutions.
• Conducted assessments of security operations, risks and software assurance.
• Knowledge of network and security tools (Snort, Nmap, Nessus/OpenVAS and Wireshark) with kali Linux.