SECURITY ENGINEER AND PENETRATIO TESTER

Confidential is a experienced, articulate, self-motivated, results-oriented IT professional with over twelve years of experience. He has a demonstrated track record of problem solving, decisio making with a excellent work ethic.

OBJECTIVE

He has a particular interest i network penetratio testing as well as web applications, assessment work for a firm specializing i security and has a real passio for the work.

QUALIFICATIO SUMMARY

• -Excellent technical analytical skills capacity to accurately identify problems and provide solutions.
• -Strong technical aptitude i Internet technologies and system administration.
• -Outstanding oral and writte communicatio skills.
• -Outstanding consulting skills customer relationship management
• -Experience at writing a variety of penetratio testing and assessment reports.
• -Outstanding problem solving skills
• -Detail oriented
• -Prove leadership skills ability to effectively multitask.
• -Credited with retaining customers with excellent customer service.

CLEARANCE

• Cleared for Top Secret informatio by OPM, based o a single scope background investigatio initially completed i Dec. 2005, renewed
• SCI DHS-Read i March 17, 2010 and read out April-10th 2010.

EXPERIENCE

Confidential

Senior Penetratio Tester FDIC red team Web Applicatio Assessment Analyst

Specialty Technical Work

1. Network Penetratio testing/Metasploit/nmap including auxiliary, post exploitatio modules, automatio of Metasploit, use of backend database for penetratio test informatio management, credential theft/reuse tactics Voice over Confidential

2. VLA hopping, phone call interception, extensio and phone enumeration.

3. UNIX and Microsoft Windows penetratio and post exploitation

4. AV and IDS evasio techniques.

5. VMware ESX/ESXi assessment, client escape, etc.

6. Web applicatio penetratio testing Burp Pro for OWASP top 10 and other vulnerabilities.

7. Applicatio security evaluation: Windows C applicatio evaluatio for network communications security as well as host-based evaluation.

8. Limited preliminary exposure to Android security evaluation. Recommended and evaluated various static source code auditing tools. Settled o HP Fortify. Considered a range of ope source and commercial solutions and built business case document to support recommended solution.

Leadership Duties

1. Mentored beginning engineers o exploit methodologies and post exploitatio tactics.

2. Internal training brow bag sessions o evasio techniques, APT threats .

Senior Principal Security Engineer

Technical Lead GDAIS Network Operations Security Center

1. Web applicatio assessment of GDAIS Internet facing websites as well as internal web applications Burp Pro, Nikto, Zed Attack Proxy, Ratproxy etc.

2. Mentorship of Junior Engineers Snort IDS deployment, APT Threat actor detectio traffic analysis etc.

3. Malware Analysis mostly relating to APT actor phishing attacks analysis and reverse engineering of, malicious Adobe PDF, Microsoft Office Documents, some binary analysis .

4. Forensic experience drive imaging, memory analysis with Volatility .

5. Tools Used: ArcSight, NetWitness, LANDesk, Volatility, Ollydbg, Ida Pro.

6. Supervised APT threat mitigatio and response establishing requirements for ArcSight rules and Snort signatures.

7. Liaiso with GD corporate SOC regarding incidence response, reporting and APT actor intrusio sets.

8. Involved i technical requirements of change management process

9. Incidence response primarily malware related .

10. Conducted security reviews of new technologies, proposed solutions.

Confidential

Senior Cyber Security Engineer

Securico commercial practice

1. Vulnerability assessments and network penetratio testing for a variety of Federal and clients, including electric power industry clients including compliance assessments o SCADA networks .

2. Web Applicatio Penetrating Testing and assessment for a variety of Federal agency clients and electric power industry clients.

3. Security assessment and security device configuratio review firewalls, switches, routers, IDS systems .

4. NERC Critical Infrastructure Protectio CIP assessments for U.S. electric generatio and distributio companies Control Systems/SCADA .

5. Network architecture assessment and review.

Confidential

Senior Cyber Security Analyst doing traffic analysis and control system event correlation, analysis and documentatio for critical infrastructure of the United States. Additionally, Confidential currently supported the DHS Control Systems Security Program CSSP with responsibilities that include coordinating efforts among federal, state, and local governments, as well as control system owners, operators, and vendors to improve control system security withi and across all critical infrastructure sectors by reducing control systems cyber security vulnerabilities and risk. ICS-CERT works i conjunctio with US-CERT to reduce risks to the critical infrastructure to the United States

Additional Duties:

1. Ope Source Intelligence OSINT regarding matters relating to critical infrastructure risk and protection.

2. Researching and writing Cyber Security Analysis Reports o risk associated with control systems and critical infrastructure protection.

3. Network traffic analysis.

Confidential

Senior Informatio Assurance Engineer IV. Operations Lead at OPM CERT.

Operations Lead for Network Management Group CERT team. Host discovery, vulnerability assessment, automated and scripted scanning, Windows vulnerability remediation. Supervises 4 Engineers and incident handlers. Developed OPM CERT incident response plan. Implemented network scanning server using Nessus and scheduled host scanning cro . Performed incidence response, log analysis including development of log analysis scripts . Evaluated OPM web sites using WebInspect. Performed wireless scans for unauthorized wireless access points war walking .

Confidential

Senior IA Engineer

1. Vulnerability assessments, advising o FDCC deployments, developing test plans and test cases for security test and evaluations. Internet reconnaissance and basic web applicatio assessment.

2. Security assessment of Oracle databases using Nessus and AppDetective.

3. Wrote operating procedures and checklists for secure configuratio of Windows, UNIX operating systems, antivirus solutions, routers and switches. Performed zero-knowledge footprint of SEC network using Internet sources.

4. Analysis of STIG reports for Windows 2000, Solaris, HP/UX, and Cisco Pix for compliance with DOD STIG security configuratio requirements.

5. Enterprise E-mail System ST E. Responsible for writing the security test and evaluatio procedures and performing hands-o testing for Su Solaris, Cisco Routers, Cisco Pix firewalls, Checkpoint FW1 firewalls, Microsoft Outlook Web Access IIS6 and BlackBerry servers. Also responsible for performing technical vulnerability assessment with network scanning tools nmap and Nessus. Evaluated system configurations against relevant NSA, NIST and Center for Internet Security guidelines. Adapted existing secure configuratio assessment tools and wrote new tools using Perl, Bourne Shell and Windows batch programming skills. Performed data analysis of Nessus scans results using MySQL database including the automatio of report generatio and data analysis.

Confidential

1. As backup team lead, insured all customer concerns were addressed and resolved i a timely manner, managed the relationship with the customer and resolved more complex firewall and network troubleshooting issues not resolved by junior engineers.

2. Responsible for administering more tha 300 firewalls for more tha 200 customers, including Fortune 50 corporations. This involved management of system resources o UNIX based firewalls, including process management, ip address space management, and configuring DMZ networks and virtual private network connections with other firewalls.

3. Trained junior security engineers i firewall administratio and network security processes and procedures. Trained junior engineers i UNIX administration, network troubleshooting and firewall rule set analysis.

4. Diagnosed Virtual Private Network problems betwee firewalls as well as for secure remote user access. Diagnosed complex cryptographic problems involved i VP failure and remote VP client access.

5. Developed departmental firewall response to Internet worm attacks, customer strategies for infected host identification, and containment/patching/mitigatiostrategies Blaster, Slammer, and Sasser . Performed network traffic analysis to identify worm attacks and developed mitigatio strategies.

6. Checkpoint, Interlock and Watchguard firewall administration, system alerts, system process analysis, hardware failure analysis and post mortem analysis.

7. Performed peer review of firewall rule configuratio and advised junior engineers and customers i matters related to both rule set optimizations for both increased security as well as firewall system performance.

8. Advised customers o best-practice security processes and procedures. Assisted customers i integrating content control servers such as Websense and McAfee Virus scanning servers with Checkpoint firewalls.

Confidential

1. Investigated violations of Acceptable Use Policies, mass-mail abuse, hacking instances involving log analysis and rudimentary forensics. Skills included the analysis of e-mail headers and server logs.

2. Traced the source of Internet attacks o customers and identified violators of company acceptable use policy.

3. Mitigated denial-of-service attacks including backbone router access lists as well

HARDWARE AND SOFTWARE SKILLS

Confidential

• Windows XP/2000, Windows 7, 2003, 2008 Server, Su Solaris 2.6-9.0, FreeBSD/OpenBSD, Linux Red Hat, Backtrack5, Debian, Ubuntu, RHE v.4 5 , Nokia IPSO, Mac OS X, Cisco IOS, OpenVMS, HP Tru64 UNIX
• Scanning and vulnerability assessment:
• AlgoSec, Nessus, eEye Retina, AppDetective, NeXpose, WebInspect, Nmap, Snort, WireShark, tshark, tcpdump, snoop, Nikto/Wikto, various Metasploit scanner modules.
• Penetratio tools:
• Immunitysec Canvas, Metasploit, Burp Suite Pro.
• Scripting and Programming:
• Perl, Python, Bourne shell, Bash, NASL, TCSH, Korn, various Microsoft Windows scripting technologies.
• Traffic analysis:

Reverse Engineering:

• Volatility
• Ollydbg
• ImmunitySec Debugger
• Ida Pro

Misc:

• HP Ope View, Microsoft Office, Provider One, Remedy ARS
• Various live Linux CD distributions: Auditor, Backtrack4
• Various Linux distributions: Red Hat, Ubuntu, and Slackware.
• Network routing, DNS, email MTA/MUA troubleshooting
• LanSurveyor, Net Sonar
• MySQL
• LANDesk, Hyena, Bind View. WebInspect, AppDetective

Firewalls:

• Cisco PIX and ASA firewalls
• Checkpoint Firewall-1, Raptor, Interlock, Watchguard, various proxy servers.
• Secure Computing Sidewinder
• RSA SecurID/ACE

Hardware:

• x86, Su Ultra5, Tadpole, Nokia, Apple Macintosh, Android tablets Nexus 7 , IOS tablets iPad

Technical Writing:

• Writte technical vulnerability reports
• Writte numerous MCI internal knowledgebase articles as well as articles o security issues for Washingto Apple Pi Macintosh user group journal.