Linux Security Audit Engineer Resume Profile
SUMMARY OF QUALIFICATIONS
- Over ten years of experience working in Information Technology. Skilled and experienced as a Linux/Solaris Server Administrator, VMware and NT Administrator.
- Strong project management skills, proven problem-solving skills with the ability to work under exceptional high stress dynamic work environment.
SOFTWARE HARDWARE QUALIFCATIONS
- Operating System: Solaris 8/9/10, Red Hat Enterprise Linux, Windows Server
- 2003/2008R2.
- Program Language: Advanced shell, SED and AWK scripting. Intermediate PHP
- and MYSQL scripting.
- RAID / Data Backup: Hardware and software raid configuration. Raid 0, 1, 5. UNIX OS
- dump and restore.
- Networking: Setup LAN for small business. Setup, configure and maintain network
- printers, scanners, AD, DHCP, WINS and DNS servers.
- Applications: Vintela Authentications Services VAS , PowerBroker, SQUID proxy
- and reverse proxy, JIVE, SAMBA,
- BIND, Apache, Smart Filter, and VERITAS VVM .
- System Virtualization: Solaris 10 Zones, VMware ESX / ESXI servers
- and VMware workstation.
PROFESSIONAL EXPERIENCE
Confidential
UNIX/Linux Security Audit Engineer
- VAS/AD Vintela Authentication Services: Install, configure Vintela Authentication agent on Linux and Solaris servers to bind with Active Directory for account authentication. Implement Group Policy Objects to allow and deny user access base on membership. Enable cross forest domain authentication to bind with all BOA'S Domains/Regions. Create Active Directory groups, add user to groups and ensure group replication across all Domains.
- NIS Remediation: Identify and remediate servers that utilize NIS accounts by creating matching Active Directory accounts with same UID and GID. Utilize Vintela override mechanism to ensure application have the same UID and GID as NIS for file permission inheritance.
- NIS self-enrolment: Work with vendor Quest on deploying NIS to Active Directory user conversion utilities. These utilities map NIS user attributes UID/GID/HOME/SHELL to Active Directory.
- SUDO/PowerBroker Migration: Install and configure PowerBroker for elevated privileges. Create PowerBroker profile based on current SUDO configuration. Grant elevated group access to OU base on application requirements.
- Scripting/PKG: Custom shell scripting for LDAP query, SCP, user account Data Mining and automated VAS/PB/SSH/GPO/syslog installation and validation. These scripts have been used by the Global Audit Remediation Team to reduce the remediation process by 80 of the normal duration.
- Self-Audit: Perform self-audits on over 30,000 UNIX servers for audit compliancy.
- Development: Integral in the design, and implementation of a web based data repository that captured and devised a rationale processing and automated remediation methodology for over 300,000 user/service accounts and amending the bank system of record. Audit site provided an affective Inventory consolidation of over 12,000 hosts, along with the mining of over 300,000 accounts with the subsequent automated remediation recommendations for all NIS/Active Directory GID/UID account conflicts.
- Function as liaison across business and support groups to ensure compliance with Security guidelines/documentation in order to actively identify and mitigate project risk.
Confidential
UNIX /Linux Infrastructure Engineer
- MC2 Facility / Enterprise projects: - MC2 Facility: Assist with architecting a new facility for GDLS that is utilized as a collaborative environment for multiple vendors to share new ideas and solutions for the department of defense.
- VMware: Build and configure a mixture of VMware ESX and ESXI server's versions 3.5, 4.0 and 4.1. Configure VMware cluster and introduce hosts to the cluster for central management utilizing vSphere 4. Install VMware appliances such as VMware Data recovery for backups and image restoration, VMware Update Manager for downloading and patching servers and clients, VMware High Availability and VMware DRS. Setup multiple VLANS using VMware's VLAN solution to create isolated labs and segregate the networks. Perform VMware infrastructure upgrade from ESX 4.0 to ESXI 4.1 and Sphere 4.1.
- NT Servers: Build and configure windows 2003, 2008 R1 and R2 template for physical and virtual servers. Configure DNS, DHCP, WINS, IIS and print servers. Setup multiple organizational units. Create user accounts, groups and more.
- Open Source Software: Compile and install open sources software and applications on Solaris 10 and Redhat servers such as GT Suite, Apache web server supporting PHP, WIKI and more.
- o NetBackup: Deploy Veritas NetBackup 6.5.4 on Win 2008. Configure Windows, LINUX and Solaris 10 servers for full and incremental backups to multiple SAN for disaster recovery.
- Oracle Sunray: Deploy Sunray servers for thin client solution with 3D acceleration utilizing GDC4 Tadpoles and Sunray devices. Configure thin client with multiple profiles for different network connection. Configure Sunray clients with multiple server connection for redundancy. Configure Sunray firmware server, maintain firmware level, configure Sunray cards in KIOSK mode for Windows RDP sessions
- General UNIX Servers: Setup NTP server and configure clients to bind with NTP. Setup a centralized server that is utilized for patching, running centralized scripts, global password changes, SSH login with no password to all servers and workstations utilizing SSH-Keygen. Utilize SUN'S technology with Zones.
- JIVE Social Network: Setup an enterprise-scale social business network solution that connects GDLS customers, partners and employees in a collaborative cloud. Setup a test, development and production environment for JIVE social network on RHEL5. Build cache and document conversion servers that are utilized by JIVE. Work close with JIVE vendor and Oracle DBA team for installation and performance tuning.
- SAN / Storage Area Network: Setup, configure and maintain SUN7310 disk array, EMC AX4-5 and NetApp. Utilize fiber and ISCSI channels. Create target and initiator groups, setup shares and LUNS based on projects. Measure and compare disk I/O performance and speed on multiple SANS vs. local disk to diagnose problems. Create zones on SAN brocade switches, run fiber cables, setup multipathing using native OS and Veritas Volume Manger.
- Enterprise projects:
Confidential
Onsite setup and support the Egyptian Tank plant DMZ infrastructure. Compile SQUID/ Proxy with Smart Filter for website monitoring and access control. Compile SAMBA to work with Active Directory for SQUID/ Proxy authentication. Setup internal and external DNS servers utilizing H2N for database creation.
Confidential
Deploy Redhat satellite server for Linux workstation and server patching. Configure client to sync and check with server for updates and patches. Setup multiple Linux channels to download the appropriate RPM'S for the different versions of Linux.
Confidential
Deploy Junipers Network Security Manager. NSM is an appliance utilized to centralize network firewall logs, VPN logs into a central application for management and log repository. Utilize this application to identify network routing issues, blocked ports, application protocols and much more.
Confidential
Sustain Sunray infrastructure on Redhat Enterprise Linux 4 and 5, and Solaris 10
Confidential
Configure Solaris 10 server with NIS, NFS, and SAMBA for local Linux users. Create local home accounts, auto mounts, netgroups, NFS server shares and Samba shares.
Confidential
Architect and deploy SUN Virtual Desktop infrastructure to connect with VMware ESX data center for thin client / Kiosk deployment.
Confidential
Work with UNIX architect and GDLS management to identify their future IT road map. Implement customized pilot projects to fit GDLS business needs.