SUMMARY:

• ArcSight Content Author - wrote custom integration command programs, created dashboards, monitors, channels, filters, active lists, rules, and field sets.
• Proficient at analyzing Juniper and Cisco devices, including PIX, ASA, ASR.
• Understanding of the various types of network security vulnerabilities, including cross-site scripting, ARP spoofing, mitm, and session cookie hijacking.
• Experience in static and dynamic malware analysis, including reverse engineering, CnC traffic detection, OS level system changes, VM-aware bypassing.
• Proficient with Linux shell, file system navigation, log files and content identification, and shell scripting to create automated or specific tasks.
• Capable of monitoring network traffic with Wireshark and snort IDS, and creating filter rules for specific protocols.
• Experience managing Windows 2003/2008/2008 R2 as well as VMWare servers.
• Ability to use the command prompt to diagnose, repair, and modify Windows 95/98/2000/XP/Vista/7 systems, including user account management, mapping network drives, and fixing corrupted file systems.
• Eight years of experience in building, troubleshooting, and upgrading computers, including designing and implementing liquid-cooled heat dissipation systems.
• Five years of cyber and network security experience in investigation, analysis, resolution of malicious activity, and malware analysis.

TECHNICAL SKILLS:

Protocols and Technologies: ArcSight ESM, SourceFire, RSA NetWitness and Security Analytics, Splunk iMPERVA WAF, CheckPoint IDS, Blue Coat: Proxy, Director, Reporter Juniper JunOS; Cisco ASA, ASR, PIX Nessus SecurityCenter, Rapid7 NeXpose, SiLK Einstein, Confidential Trust Retina wireshark, tcpdump, Snort IDS, BroIDS, Moloch, burp suite, ettercap, zed attack proxy emacs, vi, iptables, route, ip, nc, bash, sh, grep, sed, awk, perl ARP, SSH, TCP, UDP, SSL, FTP, RDP, VNC, PKI, REST, SNMP, SYSLOG, REGEX, LAMP SAN, DAC; Linux Logical Volume Manager: mdadm, lvm, pv, vg, lv Symantec SEPM, Blackberry BES VMWare ESX, Citrix XenApp, vSphere Client, VCloud, Sun VirtualBox Mandiant, FTK, WSUS, WDS, Norton Ghost, Samba, AD tools: Vision, Prolog Remedy, RiskVision, WebEx, Bomgar, Aventail, and Casper SalesForce, JIRA, HelpStar, Confidential, FootPrints, Primus SQL 2003/2008, SSMS 2008, SSMS 2012, Flat - file database, Flash, HTML, CSS

Platforms: Unix/Linux (REMnux, Kali, Backtrack, RHEL, Solaris, FreeBSD, CentOS, Debian, Fedora, Ubuntu, Arch, Mint) Windows 95/98/2000/ME/XP/Vista/7/8; Server 2003, 2008, 2008 R2 Mac OS X (10.4 10.7); Android Development (4.1.0 and above) Office 2007/2010/2013 , Visio, Access, Outlook, Word, Excel, PowerPoint.

PROFESSIONAL EXPERIENCE:

Confidential - Rockville, MD

IT/IR Security Engineer & Network Architect

Responsibilities:

• List of responsibilities include: ArcSight Engineer, monitoring CheckPoint IPS, FireEye IDS, FireEye Malware Analysis System (MAS), iMPERVA SecureSphere, Mandiant MCIC, Nessus SecurityCenter, RiskVision and Remedy project coordination, Security Analytics, TippingPoint, Websense Triton, FTK, VMware ESXi 5, Splunk, and Malware Static and Dynamic Analysis.
• Provided support in resource creation and knowledge transfer in ArcSight.
• APT monitoring utilizing CheckPoint firewall logs in correlation with Splunk logging and over 800 terabytes worth of network traffic in Security Analytics.
• Analysis and reporting on suspicious file transfers over the network, leveraging FireEye MAS in providing a full OS change report and if it is malicious.
• Investigating CnC activity discovered by FireEye and utilizing CheckPoint firewall logs to track, disconnect, and remediate infected user machines.
• Provided updates to PII incidents and all required follow-ups.
• Pulled full disk machine images over the network using FTK and filesystem audits with Mandiant.
• Monitoring of iMPERVA firewall logs in real-time for attacks against over 130 web applications and servers, such as SQL injections, XSS, as well as traffic inspection.
• Reported IP’s and domains conducting network scans, exploit attempts, USCERT listed CnC servers, and malicious network traffic; and verified all Websense URL blocks, IP and domain blocks.
• Created Unix, Linux, and Windows Server ESXi and VirtualBox VMs to conduct malware investigation, log and data analysis, memory dump analysis, shell scripting, and data parsing.
• Provided and written documentation of all security tools and procedures for analysts to monitor network traffic and firewall logs.
• Reported machine migration and patch status of all HHS machines connected to the domain using Nessus SecurityCenter.
• Investigated spearfishing campaigns resulting in over a dozen compromised accounts requiring all users to retake security awareness .

Confidential - Reston, VA

RSA NetWitness and Security Analytics, Level 3 Engineer

Responsibilities:

• Created shell scripts used for initializing appliances into network environments.
• Knowledge transfer of Linux environments and shell extended capabilities.
• Integrated ArcSight and BlueCoat into NetWitness and SA appliance suite.
• Deployed and maintained multiple ESX VM proof of concept environments for testing new code releases, and fuzzing to reveal errors.
• Maintained diagnostic shell scripts that tarball multiple system proc data, kernel modules, RAID array health, Virtual Disks, LVM volumes, SAN and DAC mounts, disk usage, routes, arp, iptables, adapter configurations, flat-file database health.
• Created shell scripts automating resetting of appliance index databases.
• Tracked error analysis reports of bugs discovered throughout the software.
• Created Primus articles and documentations on solutions, bugs, possible workarounds, affected appliances, and any information deemed useful.
• Accessed remotely through WebEx to analyze service malfunctions, rebuild appliance infrastructures, grep system event logs to determine cause of errors.

Confidential - Washington, DC

IT Security Engineer

Responsibilities:

• Implemented ArcSight SIEM, including racking and configuring for the environment. Created resources including integration command programs, filters, correlation rules, active/session lists, variables, dashboards, monitors, channels. Also, dashboards with relevant information, such as intrusion alerts, failed Windows and VPN login attempts, DoS attacks, port scans, and user access to foreign IPs.
• Authored a full evaluation of Blue Coat’s Director, including its centralized management capabilities using profiles and overlays, OS upgrade plans, including roll-back procedures to reverse the changes in case of hardware or software issues, as well as a complete backup scheme for an automated full daily and weekly backup of all department Blue Coat proxies to a secure remote server.
• Created and documented all necessary requirements and steps for load balancing critical analytic servers using Blue Coat’s web proxy.
• Setup reverse proxying using Blue Coat’s web proxy to allow external users access to sensitive internal resources and servers.
• Authored an evaluation report of Rapid7’s NeXpose vulnerability scanner, including asset management, different methods of network vulnerability and discovery scanning, its reporting abilities, as well as usability issues and many feature requests.
• Created s for ArcSight SIEM, Blue Coat proxies, Director, and NeXpose.
• Captured and analyzed traffic with SourceFire’s CLI (shell) and Blue Coat to ensure Reflect Client IP was working in order properly track malicious user activity through ArcSight ESM.
• Configured Blue Coat proxies to properly report health alerts whenever a service became unavailable, such as DNS and crucial web servers behind the reverse proxy.
• Diagnosed and resolved performance issues with Symantec Endpoint Protection Management and SQL servers that improved the efficiency of reporting and monitoring malicious activity.
• Suggested the use of Blue Coat web proxies along with its whitelisting features to block all external java application packages as a method for suppressing java-related vulnerabilities and protection from zero-day exploits.
• Created the daily check-in report template for the weekend shifts.
• Utilized Symantec Endpoint Protection Manager in combination with IPs from Blue Coat Reporter to identify users.
• Created detailed and thorough report through incident response on findings, actions, and remediations of issues booting a workstation suspected to be involved in a botnet detected by SourceFire IDS sensors.
• Filtered specific addresses in ArcSight to provide insight on the location of specific user workstations that needed to be located to remove infected files with SEP.

Confidential - Rockville, MD

Web and Database Developer

Responsibilities:

• Maintained SQL databases of over 180 schools and provided support for remote access and custom report creation using SQL Server Management Studio 2012 and proprietary software.
• Restored SQL databases from backups and modified tables to remove erroneous entries.
• Monitored and documented issues using Confidential ’s ticketing management system.
• Customized school websites using HTML and CSS.

Confidential - Rockville, MD

Lead Support Technician

Responsibilities:

• Provided full Windows XP and 7 software support for end users, including diagnosing Outlook connectivity, profile, and PST issues.
• Troubleshoot and documented solutions, software bugs and issues encountered by end users, such as the ability to print window selections in AutoCAD in landscape mode with PDF Creator.
• Assisted users over the phone and through remote screen sharing, Bomgar, to add or remove software, printers, and showed users how to use various applications. Such as, Aventail for connecting to the VPN, recovering deleted emails, managing Outlook, creating a new password, and shadow copy for recovering deleted data.
• Used Excel to performed data analysis on printers and copiers in the entire company to determine click count and cost per vendor and by each individual unit. This analysis resulted in cost savings of over $10K.
• Monitored systems for unusual behavior and reported findings through HelpStar, a ticketing system.
• Isolated and removed viruses, worms, and trojans from infected Windows XP and 7 workstations using various AV tools.
• Utilized Window image deployment to re-image infected machines, and Norton Ghost for creating hard disk image backups.
• Disabled infected computers accounts from accessing network resources in AD.
• Ensured proper installation of latest security patches and third party updates.
• Replaced and upgraded hard drives and memory of laptop and desktops.
• Managed user problems with Citrix XenApp by clearing problematic connections to allow users to reconnect and use their applications.
• Worked with vSphere Client to manage virtual machines, including SmartPrint copier data collection servers, CIFS data servers, and the Norton Ghost imaging server.
• Managed user account access through Active Directory, Vision, and Prolog.
• Activated and synced Blackberry devices through Blackberry Enterprise Server Express and swapped cell phones.
• Created work aid documentations for help desk operations and procedures, and software usages.
• Thoroughly documented all issues, resolutions, and work notes through HelpStar ticketing system.
• Created a printer management batch script to aid in adding and removing printer drivers and connections with administrative privileges while running under a restricted user account.

Confidential - McLean, VA

System Analyst

Responsibilities:

• Maintained AV software on client machines.
• Deployed Windows 7 and Mac workstations with necessary hardware and software requirements.
• Ensured Outlook network connectivity and Postini spam filtering was properly configured.
• Prepared various computer models with base system images and ensured proper network connectivity.
• Enhanced procedures to facilitate efficient completion of assigned work.
• Maintained very well organized and clean working condition.

Confidential - Washington, DC

Senior Technician

Responsibilities:

• Investigated infected machines and removed malware, adware, and viruses.
• Diagnose Windows 95, 98, 2000, XP, and 7 and Macintosh machines systems for hardware and software issues, documenting all findings, and properly replacing defective hardware and repairing system software.
• Facilitate a complete solution by providing recommendations regarding product, service, and content solutions to customers.
• Work remotely to deliver, integrate, network, and repair computer systems.
• Tutor customers on the operation of their products and our repair services.
• Personify and uphold the Confidential service and customer experience standards by following-up with customers and ensuring that all issues have been resolved.
• Optimize computers for usability by removing unnecessary startup items and programs to increase responsiveness.
• Assess data backup options and utilizing the most effective solution to ensure the recovery of the greatest amount of data possible.