SUMMARY

• 12+ years as a Information Systems Security Analyst/ Engineer I have been involved in all seven stages of Incidents Response.
• I have Responded to alerts generated from various systems; evaluating and remediating impact to enterprise systems resulting from the unauthorized access, violations, threats, protecting client data, documents, work products.
• I have been responsible for maintaining the information technology environment; and implementing and maintaining information security systems in the corporations global information technology environment.

TECHNICAL SKILLS

IPS/IDS Tools: McAfee ePO, Tripwire,DLP, HIPS, SEIM,CWS,VSE,ADM, TIE, DXL Wireshark, Symantec, Administration, Crowdstrike, Application Control, WebGateway, Change Control, ENS 10.5, EDR, MOVE, Site Advisor, Splunk Enterprise, Data Analysis, Websense, Firewall,Qualys

Network Protocols & Tools: TCP,UDP

Servers: Linux,Windows

Operating Systems: Windows Server 2003 - 2008, Linux, Windows 7,8,10 VM ware

Ticketing Systems: Remedy, Heat, Service Now

Directory Services: Active Directory, LDAP

DevOps Tools: Docker, Git, Jenkins,Ansible, Chef code can, Kubernetes

Server Operations Systems: Win9X thru 10, Win2K/Win2K3 Pro/Win2008/2012 Server, Microsoft Office 97,2000,20008, thru 2010, VMware vSphere Client

Security Standard: NIST sp 800-37 NIST sp 800-39 NIST sp 800-60 NIST sp 800-53 NIST sp 800-171

Vulnerability Management Tools: Nmap, Nessus, Tenable sc

Cloud Platforms: AWS, Microsoft Azure

Scripting Languages: Python, Linux, Powershell

PROFESSIONAL EXPERIENCE

Confidential

IT Security Operations

Responsibilities:

• ePO Administrator in a Multi-Security Enclave supporting 3,000+ worldwide customer base Windows & Mac Enterprise
• Implemented, deployed, managed and monitored McAfee DLP
• Configured rules for USB blocks in McAfee DLP
• Designed, implemented, configured, deploy, and tested McAfee products in various environments
• Implemented McAfee ENS 106.1 in the Confidential Environment
• Deployed drive encryption on endpoints and conducted training for McAfee Drive Encryption
• Performed management for multifactor authentication (RSA)
• Designed, implemented, configured, deployed, and tested McAfee products from scratch in various environments
• Performed Server administration and management
• Initiated built and maintained McAfee ePO servers as well as its associated infrastructure and the associated security policies in collaboration with the IT Security OperationsTeam
• Provided incident management support, including compliance management, threat protection, activity monitoring, shadow services, DLP violations oversight, etc.
• Created and analyze security policies and reports to ensure security
• Oversaw users’ security access and reviewed logs
• Managed ENS 10.6.1 migration from VSE
• Built and maintained McAfee ePO server as well as its associated infrastructure
• Provisioned and managed admin accounts for IDS/IPS
• Utilized the Endpoint Migration Tool for the ENS migration to migrate custom Policy settings
• Reviewed licensed McAfee products and made recommendations
• Monitored the EPO server and SQL database health
• Performed log analysis, traffic flow analysis and experience with associated infrastructure and systems to aid in the identification of malware or other malicious behavior
• Provisioned and managed admin accounts for IDS/IPS
• Authored policies and performed, client tasks
• Utilized Tripwire for vulnerability management
• Creation and tuning of new rule sets and policies
• Created tested strategies, developed documentation and policies, and maintained system documentation
• Performed repository updates with product versions planned for deployment
• Deployed and Implemented McAfee Endpoint protection for servers
• Implemented McAfee Endpoint and Network based solutions across the enterprise
• Maintained Security applications to include installing updates and modify configurations to monitor the system.
• Provided technical leadership for Endpoint Protection. This includes implementation of advanced features / capabilities within the endpoint protection software
• Performed implementation of new Endpoint Protection solutions, inclusive of solution research/comparison, planning, documentation, testing and deployment
• Engaged in hands-on testing prior to implementations and upgrades (e.g. testing detection efficacy, new feature evaluations)
• Acted as the single point of contract for Endpoint Protection incident and problem resolution
• Coordinated problem resolution as needed with customer IT staff
• Made suggestions of new policy upgrades
• Provided status reporting to management for projects and operational support matters
• Assisted other security analysts as needed as a part of incidence response.
• Kept documentation of incident and problem resolutions
• Utilized AWS Security best practices (SG, IAM, Resource Policies, etc)
• Built ECS computer platforms with integrations to various AWS database engines
• Implemented serverless application’s CI/CD pipeline using the AWS CI/CD stack
• Assisted in the splunk build and dashboard development also development of systems and architecture.
• Developed filters to identify specific events
• Administered and managed splunk apps to perform customized functionalities Data Platforms
• Maintained and managed splunk infrastructure also managed overall health of splunk
• Initiated the Setup and installed Splunk instances on multiple machines
• Performed content development to properly identify data feeding SEIMS and correlation of events
• Assisted in th proper operation and performance of splunk loggers and connectors
• Initiated data on-boarding and developing search queries in Spluink

Confidential

Security Operations Administrator

Responsibilities:

• Designed, implemented, configured, deployed, and tested McAfee products from scratch in various environments
• Implemented, deployed, managed and monitored McAfee DLP
• Designed, implemented, configured, deployed, and tested McAfee products in various environments
• Initiated built and maintained McAfee ePO servers as well as its associated infrastructure and the associated security
• Receives daily Anti-Virus (VSE) and periodic Host Based Intrusion Prevention System (HIPS) (Block High, Medium, and Low) signature updates
• Built and maintained McAfee ePO server as well as its associated infrastructure
• Prepare, develop and maintain Access Protection Policy for the Administration to include:
• Active Directory; Application Control
• Host Intrusion Prevention System (IPS); Firewall and Trusted Networks; AV/Antispyware protection
• Asset Baseline Monitor
• Data Loss Prevention implementation, deployment, management, expansion, policies, rules, configuration & architecture
• Network Data Loss Prevention and data classification
• Endpoint Security (ENS) integration, setup and configuration
• ATD Installed and configured and Implemented
• Carbon Black endpoint sever protection
• McAfee ESM to perform investigation of potential threats
• Deployed drive encryption on endpoints and conducted training for McAfee Drive Encryption
• Performed management for multifactor authentication (RSA)
• Performed Server administration and management
• Provided incident management support, including compliance management, threat protection, activity monitoring, shadow services, DLP violations oversight, etc.
• Created and analyze security policies and reports to ensure security
• Oversaw users’ security access and reviewed logs
• Creation and tuning of new rule sets and policies
• Reviewed and documented the current ePO Deployment, Configurations and Policies.
• Documented the migration procedures and technical steps.
• Provided written and verbal reports and updates to customers/business units
• Supported major projects, including new initiatives, capacity, life-cycle management, upgrades, new products and/or features, and integration
• Developed process and architecture diagrams
• Managed ENS 10.5.4 migration from VSE
• .Created and Configured Policies for ENS 10.5.4 Threat Prevention, Firewall and Web control
• Utilized the Endpoint Migration Tool for the ENS migration to migrate custom Policy settings
• Reviewed licensed McAfee products and made recommendations
• Monitored the EPO server and SQLdatabase health
• Authored policies and performed, client tasks
• Performed repository updates with product versions planned for deployment
• Deployed and Implemented McAfee Endpoint protection for servers version
• Implemented McAfee Endpoint and Network based solutions across the enterprise
• Developed and maintain security processes and controls that ensure security posture meets and/or exceeds FISMA and other Federal security standards as required
• Created documentation in support of the efforts to include Security Control Assessment Reports, System Security Planed and Security Standard Operating Procedures
• I initiated the provisioning and managing of administration accounts for IDS/IPS
• Maintained Security applications to include installing updates and modify configurations to monitor the system.
• Fostered an innovative and inclusive team-oriented work environment
• Supported and maintain security tools to include Splunk, McAfee EPO, Forcepoint, IBM Siteprotector, Symantec Endpoint Management, Tenable Security Center, etc.
• Created scans and Reports using Tenable Security Center
• Created Splunk dashboards and custom search queries
• Created and maintain PowerShell scripts
• Prepared project ask details, presentations and reports on department performance metrics and assigned projects
• Managed security related projects which included projects driven by regulatory or internal requirements
• Created a threat events query and reviewed threat event log data and investigated anomalies
• Developed and maintained SOPs and IT security processes; configured Application Control policies
• Assisted in the splunk build and dashboard development also development of systems and architecture.
• Developed filters to identify specific events
• Administered and managed splunk apps to perform customized functionalities Data Platforms
• Maintained and managed splunk infrastructure also managed overall health of splunk
• Initiated the Setup and installed Splunk instances on multiple machines
• Performed content development to properly identify data feeding SEIMS and correlation of events
• Assisted in th proper operation and performance of splunk loggers and connectors
• Initiated data on-boarding and developing search queries in Spluink
• Utilized AWS Security best practices (SG, IAM, Resource Policies, etc)
• Built ECS computer platforms with integrations to various AWS database engines
• Implemented serverless application’s CI/CD pipeline using the AWS CI/CD stack

Confidential

Security Operations

Responsibilities:

• ePO Administrator in a Multi-Security Enclave supporting a 32,000+ worldwide customer base Windows and Mac Enterprise
• Implemented, deployed, managed and monitored McAfee DLP
• Configured, deployed, monitored, operated, secured, and maintained two (2) central ePolicy Orchestrator (ePO) servers, and numerous Enterprise Agent Handlers and Super-Agent Distributed Repositories
• Received daily Anti-Virus (VSE) and periodic Host Based Intrusion Prevention System (HIPS) (Block High, Medium, and Low) signature updates
• Built and maintained McAfee ePO servers as well as it infrastructure
• Deployed drive encryption on endpoints and conducted training for McAfee Drive Encryption
• Backup and migrate existing policies and client tasks
• Developed and maintain security processes and controls that ensure security posture meets and/or exceeds FISMA and other Federal security standards as required
• Utilized Tripwire for vulnerability management
• Plan and Security Standard Operating Procedures
• Maintained Security applications to include installing updates and modify configurations to monitor the system.
• Supported and maintain security tools to include Splunk, McAfee EPO, Forcepoint, IBM Siteprotector, Symantec Endpoint Management, Tenable Security Center, etc.
• Authored policies for ENS components Threat Prevention,Web control, Firewall
• Deployed ENS to Test machines before introducing it into the production environment
• Performed Server administration and management
• Deployed and Implemented McAfee ENS on endpoints which included servers
• Performed and managed the migration from McAfee virus scan enterprise to McAfee ENS
• Transferred and Configured Policies from McAfee Virus Scan Enterprise to McAfee ENS for desktops and Servers
• Audited Policies in Virus Scan Enterprise before transferring them to ENS
• Reviewed and documented the current ePO Deployment, Configurations and Policies.
• Documented the migration procedures and technical steps and made them available for future admins.
• Provided written, verbal and EPO generated reports and updates to customers and or business units
• Supported major projects, including new initiatives, capacity, lifecycle management, upgrades, new products and/or features, and integration
• Developed process and architecture diagrams
• Used Policy comparison tool to make sure the transfer policy to ENS matched the original in VSE during the ENS migration
• Used a ENS Test Environment to test Policies before transferring to the Production environment
• Utilized endpoint migration tool for the VSE to ENS migration
• Assisted in the splunk build and dashboard development also development of systems and architecture
• Utilized AWS best practices (SG, IAM, Resource Policies, etc)
• Administered and managed splunk apps to perform customized functionalities Data Platforms
• Initiated data on-boarding and developing search queries in Spluink