Professional Experience

Confidential

Security Engineer/Analyst

• Configuring AlienVault SIEM, ingesting data via ossec-hids agents and syslog from Cisco, Windows, Active Directory, network monitoring software. Developing and fine tuning of data parsing rules in regexp to ensure collection of forensically data value is discovered, stored and alarmed on. Management of alarms and alerts, creating custom reports. Monitoring traffic patterns. Deep dive analysis in search of the ever elusive APT. Health, maintenance, and updates of AlienVault.

Confidential

Senior System Engineer GPSOCX Information Assurance

• Encryption/CAC/PKI SME. Standardized the creation of PKS 10 NPE certificates Creating PKS 12 certificate packages for deployment Created method of deploying certificates. Created program to track the certificates throughout their lifespan.
• Leading effort to harden GPS OCX project for DIACAP compliance via IA Controls and STIG Security Technical Implementation Guides requirements. Distilling STIGs into understandable language and procedures. Staging STIGs into progressive baselines POA M as product is developed. Monitoring System Administrators and System Engineers in the application and updating of STIG controls. Revised STIG Program Directive to reflect current program requirements and procedures.

Confidential

Senior Engineer CIS SNOC

• Worked in the Security Network Operations Center in two aspects.
• Computer Security Incident Response Team CSIRT Primary
• Conduct confidential investigations on users that have violated their user agreements.
• This can include network traffic capture, gathering hard drive data via imaging, monitoring Internet usage.
• Tracking and neutralizing malware and examining for attack vectors and payload behaviors.
• Critical Incident Response Team CIRT Secondary
• Respond to critical infrastructure and applications impact and outages
• Conducting bridge calls with all technical staff, service owners, and third party vendors to
• Bring network systems and applications back in service as expeditiously as possible.
• Software utilized in both aspects include but not limited to Remedy, ArcSight, NetWitness, LanDesk Mgr., McAfee EPO, and FTK forensic software,

Confidential

Network Security Engineer MDA-CERT:

• ArcSight SME. Maintenance of ArcSight servers, addressing database, connector, and management console issues.
• Utilize ArcSight to track and monitor network activity. Design and implement dashboards for successful monitoring
• Monitor Enterprise for network anomalies, improper usage, and intrusion attempts.
• Developing Low and Slow pattern discovery and monitoring. Perform ArcSight maintenance and apply configuration changes as needed.
• Utilize EnCase hard drive forensics software V6 to examine and collect evidence from systems suspected of containing inappropriate or unauthorized data

Confidential

Security Application Engineer

• Assist with the management of the Enterprise Information Assurance/Security application solutions for enterprise systems based on testing, analysis and deployment best practice centric target to application.
• Assist in maintaining server infrastructure health checks IAVA's, patches, hotfixes, definitions , connectivity troubleshooting, bandwidth and alert monitoring of all security tools and process invested by the government.
• Assist to execute recovery procedures for clients utilizing enterprise security applications/tools.
• Assist in maintaining role based access permissions for Tier 2 support staff and others that may request access to infrastructure assets.
• Assist in the monitoring and recommending policy modifications
• Propose and create enterprise communications for government review and approval prior to release
• Assist as a liaison with security application technical support for timely and accurate issue remediation, using LAB or testing environment leveraging support action against enterprise assets.
• Participate with the Government in technical working groups strategizing for future enterprise information assurance requirements
• Assist in providing customized reporting using built-in and custom tools
• Assist in researching, testing, validating and deploying Enterprise Application Solutions and upgrades to the AMEDD Enterprise.

Confidential

Network Security Engineer MDA-CERT

• Utilize ArcSight to track and monitor network activity. Design and implement dashboards for successful monitoring. Monitor Enterprise for network anomalies, improper usage, and intrusion attempts. Developing Low and Slow pattern discovery and monitoring. Perform ArcSight maintenance and apply configuration changes as needed.
• Utilize EnCase hard drive forensics software V6 to examine and collect evidence from systems suspected of containing inappropriate or unauthorized data.
• Design and implement DR COOP Disaster Recovery, Continuity of Operation for MDA CERT.
• Research incidents, tabulate data. Utilize Remedy for tracking incidents.
• Collect data from regional offices across the Enterprise.
• Coordinate cleaning and sanitizing of virus infections and unauthorized information releases. Requires interfacing across multiple agencies and contractors for successful resolution.
• OpSec coordinator for the MDA CERT

Confidential

System Administrator II

• Daily operations in a Enterprise Windows Server 2003 NIPRnet
• Exchange 2003 email server.
• Assure IAVA compliance
• DHCP reservations, Printer queues
• Backup/Restore utilizing Backup Exec and Veritas Netbackup,
• Assigning user rights, policy assignments.
• Citrix Farm management