SUMMARY:

Seeking positions in Splunk Administration, Computer Confidential, Intrusion Detection, Firewall Administration, Information Security, System Administration, and Network Support.

KEY SKILLS:

• Wireshark/BRO/SPLUNK
• Nessus Vulnerability Scan
• WebSense/FootPrints/Remedy
• McAfee Network Security Man
• Imperva DAM/WAF
• FireEye Malware Protection
• Arc Sight Logger
• McAfee ESM
• NIKSUN/NetVCR
• Router Config
• Switch Config
• TACLANE Config
• Splunk/ES
• Blue Coat Proxy
• Communications Security(COMSEC)
• Trend Micro Deep Security Manager
• CounterACT Forescout
• Intrusion Prevention System
• Juniper DDOS Secure
• Demilitarized Whitelist/Blacklist Administration
• Source Fire Administration

WORK HISTORY:

Present Cybersecurity Tier II Analyst

Confidential, Las Vegas, NV

Responsibilities:

• Perform the monitoring, analysis, correlation and reporting of cybersecurity issues
• Provide guidance and recommendations for new tools based on changes in threats, architecture, technological advances, or organization mission
• Implementation of new tools and modifications to architecture; updates, maintenance, and monitoring of cyber security tools
• Analyze changes, events, and other potential incidents for risk to the environment; event analysis, incident determination, and incident management.
• Network traffic analysis, firewall functionality, log analysis
• Experience with Security Incident and Event Management tools, Log Management and Correlation tools, and Antivirus/anti - malware tools

Security Engineer

Confidential, Bossier City, LA

Responsibilities:

• Security Engineer for Transportation Security Administration
• Troubleshoot and remedy various technical issues dealing with McAfee Sidewinders and Cisco ASA firewalls
• Administers Norton Secure Endpoint Protection antivirus while protecting/recovering critical data
• Coordinates/creates RFC request to update changes on Cisco ASA and McAfee Sidewinder firewalls
• Utilize BMC Remedy IT Service management tool for tracking, monitoring, updating customer IT issues
• Provides network content filtering using McAfee Web washers and Microsoft ISA
• Utilize Arcsight/SourceFire to monitor and troubleshoot network security related issues
• Monitors Solarwinds and provides technical expertise on various security subjects for TSA network
• Administers Site Protector, monitors for Security Events
• Utilize Microsoft Antigen and Forefront to update and block malicious emails
• Establish and manage Logger user/group controls, specify global login, password, resource authorization and authentication settings, alerts and notification policies
• Configure event source devices/device groups, event Receivers, Forwarders, Destinations, supporting security authentication settings, and optional connector management facilities.
• Provide day-to-day management/maintenance of ArcSight devices
• Performed Nessus Vulnerability scanning/reported findings

Senior Cloud Security Engineer

Confidential, Washington, DC

Responsibilities:

• Responsible for providing technical guidance for the security of general support systems and major applications.
• Provides guidance to partners and customers in helping them understand AWS cloud services and how security compliance is achieved while operating in a public cloud environment.
• Ensure complete security measures for business practices within the design, network integration/implementation, and system and application level security.
• Manage and maintain applications and systems security posture deployed to AWS.
• Experience using and configuring the Distributed Management Console (DMC).
• Develop reliable, efficient queries that will feed custom alert, dashboards and reports in Splunk
• Maintain a close partnership with Splunk on feature requests, upgrade planning, and product roadmap alignment
• Optimizes system operation and resource utilization, and performs system capacity planning/analysis while maintaining the security posture.
• Leveraged the full utility of Splunk technology in order to monitor cyber security, protect IT infrastructure, and enable rapid containment and resolution of IT security incidents.
• Troubleshoot Splunk server problems and issues, set-up log indexing utilizing universal forwarders
• Monitor Splunk infrastructure for capacity planning and optimization
• Developed incident management processes, playbooks and stakeholder communication mechanisms for the HQ Confidential .
• Detected security incidents via network and host monitoring utilizing Splunk Enterprise/Trend Micro Deep Security Agent. Determined their severity and impact, conducted threat analysis as required with various logs network and system forensic investigation techniques.
• Architected Imperva Web Application Firewalls for AWS hosted on the internet supporting mission critical operations. Tasks include SecureSphere configuration, AWS ELB deployments, AWS CloudFormation creation and updates, and AWS Route 53 changes

Security Analyst

Confidential, Las Vegas, NV

Responsibilities:

• Utilizes McAfee SIEM/ESM to analyze/locate and mitigate malicious activities across network
• Effectively coordinates Computer Security Incident Handling process
• Monitors McAfee NSM/IPS, and FireEye for malicious inbound traffic.
• Utilizes CounterACT Forescout Network Access Control for swift network host access removal
• Administers CA ticketing system to create/track and close all security related incidents
• Monitor Imperva DAM/WAF for database intrusions
• Participate in root cause analysis of critical events for improving preventative and reactive processes
• Responsible for reporting, escalating, and remediating anomalous events based on the established protocol
• Performs day - to-day security log review and analysis in adherence with MICS, SOX, and PCI requirements

Security Engineer

Confidential, Crystal City VA

Responsibilities:

• Security Engineer for Transportation Security Administration
• Troubleshoot and remedy various technical issues dealing with McAfee Sidewinders and Cisco ASA firewalls
• Administers Norton Secure Endpoint Protection antivirus while protecting/recovering critical data
• Coordinates/creates RFC request to update changes on Cisco ASA and McAfee Sidewinder firewalls
• Utilize BMC Remedy IT Service management tool for tracking, monitoring, updating customer IT issues
• Provides network content filtering using McAfee Web washers and Microsoft ISA
• Utilize Arcsight/SourceFire to monitor and troubleshoot network security related issues
• Monitors Solarwinds and provides technical expertise on various security subjects for TSA network
• Administers Site Protector, monitors for Security Events
• Utilize Microsoft Antigen and Forefront to update and block malicious emails
• Establish and manage Logger user/group controls, specify global login, password, resource authorization and authentication settings, alerts and notification policies
• Configure event source devices/device groups, event Receivers, Forwarders, Destinations, supporting security authentication settings, and optional connector management facilities.
• Provide day-to-day management/maintenance of ArcSight devices
• Performed Nessus Vulnerability scanning/reported findings

Firewall Administration

Confidential, Washington, DC

Responsibilities:

• Monitor and manage MacAfee Control Center and NAGIOS for device alerts (Stonegate and Sidewinder Firewalls) and clusters to include active connections, performance, logging activity, disk space, suspicious log activity, anomalies, and cluster load balance
• Monitor Blue Coat Proxy preventing illegal web surfing
• Perform daily back up of Sidewinder/Stonegate firewalls
• Monitoring Confidential /State Aid firewalls for over 30 foreign connectivity sites
• Performs onsite Tier 2 technical support and troubleshooting of firewall and content filtering systems to include firewall rule sets, ports, any database modification requests and reports of objectionable content availability
• Modify and configure rule bases as requested by and approved by the Firewall Advisory
• Process and implement IP blocks requested by the CIRT team and make the appropriate changes on all applicable firewalls
• Monitor, track, and update Remedy tickets as necessary in order to maintain current status for all incidents/problems; escalate incidents/problems to Tier 3 Exchange engineers; assist FW engineers in root cause analysis.