TECHNICAL SKILLS

Programming/Scripting Languages: Python, BASH Scripting, and PERL

Databases: MySQL and PostgreSQL

Operating Systems: Solaris 10/11, Windows Server 2008/2012, RHEL, SUSE, and CentOS

Additional Technical Skills: Penetration Testing, Firewall Administration, Incident Response, Intrusion Detection/Prevention Systems, SIEM Platforms, AWS Cloud Computing, and DLP

PROFESSIONAL EXPERIENCE

Confidential

Sr. Security Engineer and Researcher

Responsibilities:

Currently working as member of team charged with designing and developing information security solutions for clients. Developed documentation related to scoping and rules of engagement for penetration testing efforts in addition to documenting as well as testing proof of concepts related to exploits and vulnerabilities. Writing Python scripts for automated assessments in Linux and Unix environments.

Confidential

Security Engineer III

Responsibilities:

Identifying and selecting Penetration Testing platform in addition to integrating it into existing Vulnerability Assessment Program (VAP). Responsible for documenting and leading all incident response and escalation activities related to Charter Service Delivery Network (SDN). Developing security requirements for new projects and performing testing of said technologies before moving to production. Designing and implementing security controls to detect new as well as existing threats along with implementing, maintaining, and monitoring threat intelligence data. Assisting junior engineers with building new detection platforms in addition to serving as an escalation point for incident analysis. Designing and documenting digital forensics capabilities within AWS cloud environment for SDN components. Common technologies used include Splunk ES, Tipping Point IPS, and other platforms. Writing Python scripts to build custom tools related to digital forensics efforts and the collection of volatile data as well as utilizing RESTful APIs to integrate solutions and their associated data between various enterprise technologies.

Confidential

Security Analyst II/Manager

Responsibilities:

Worked as manager and senior member of team responsible for the design and implementation of a cyber security operations center. Primary responsibilities included writing responses to contract proposals, facilitating relationships between the Security Operations Center (SOC) and other internal teams, delegating project tasks, and developing formalized processes as well as procedures for SOC staff. Successes include the acceptance of a BAA proposal under the Technical Service Working Group (TSWG) arm of the DoD, creation of a Threat Intelligence program, and build out of a custom SIEM solution for small to midsize business customers. Additional responsibilities include the development of scripts (primarily Python and BASH) to assist with the automation and management of internal as well as customer assets. Also wrote scripts to collect information and Indicators of Compromise (IoC) data related to cyber criminal syndicates. Also helped to create and update marketing material in addition to pricing models for the SOC services. Working with customers to identify security technologies and solutions, which provide adequate level of protection for both PCI DSS and HIPAA EPHI requirements.

Confidential

Sr. Security Engineer

Responsibilities:

Member of team responsible for handling all aspects of security related operations for company. Performing some basic incident response triage work and primarily serving as resource for several project driven activities related to the MIS group. Additional duties included managing, monitoring, and utilizing several security/administration technologies such as confidential technologies. Additional duties included administration of Linux systems, assisting with the creation of confidential'S mitigation plans, collaborating with network engineers to help troubleshoot technical problems, and mentoring junior staff. Principle analyst responsible for performing IDS analysis and coordinating incident response (IR) efforts.

Confidential

Department Manager and Technical Lead

Worked as Team Lead for a team of four security engineers performing network forensics, digital host forensics, and security analysis work for the DHHS CSIRC. Responsible for documenting processes and procedures in the Deep Dive Analysis (DDA) SOP, reporting weekly status information, and utilizing firewall, ids, and network infrastructure tools to assist with incident investigations. Responsible for working with CSIRC teams at Centers for confidential and Centers for confidential to address network security incidents potentially related to targeted operations or APT activity. Primary tools used are ArcSight (EMS and Logger), RiskVision, Remedy, Tipping Point IPS, and NetWitness (Informer and Investigator). In addition, one of my primary duties involves building up DDA capabilities with the Department of confidential Sensor technology to help assist in the detection of malicious or anomalous activity throughout the confidential enterprise environment.

Confidential

GS 13 Step 7, IT Security Specialist

Responsibilities:

Responsible for managing team tasked with performing advanced analytics work related to agency wide Incident Response efforts. Assisted with the overall management, monitoring, and analysis of enterprise security tools and team that reviewed over 2TB of data daily. Worked as Threat Intelligence Lead for USDA enterprise environment and coordinated with third party trusted sources to monitor, assess, and mitigate threats to agency information systems. Briefed USDA CIO and ACIO staff regarding current and pending threats in addition to writing Corrective Action Plans and After Action Reports related to incidents involving known intrusion sets. Shift Lead for Monitoring and Analysis Division performing tier III support duties for the Security Command Center. Incident Commander for high visibility incidents and liaised with multiple agencies to coordinate the overall incident handling efforts. Worked directly with multiple SEIM, IDS, DLP, and malware detection technologies including Trustwave, SourceFire, Fidelis, and FireEye. Created agency wide cyber intelligence products such as Security Awareness Reports (SAR) and Software Update Notices (SUN) that were issued to all sub agency ISSPM and CIO staff as well as OCIO CIO officials.

Confidential

Senior Network Security Engineer

Responsibilities:

Member of the Infrastructure and Engineering Department. Served as a Sr. Network Security Engineer to recommend and deliver and emerging security technology solutions that provided the maximum added value to a government client. Provided configuration, deployment, monitoring, and device management support for the confidential networks. Provided monthly scorecard reports regarding the status of ongoing security threats and trends based on the analysis of logging data using custom correlation scripts of archived database information with stored SQL procedures. Performing reviews and assessments of network and security design architectures and evaluated their security postures against confidential. Daily review and analysis of intrusion detection events for signs of malicious or anomalous activity that potentially represent risk to electronic assets of the confidential. Writing, testing, and deploying Intrusion Detection Sensor (IDS) signatures used to interrogate traffic from passive deployment configurations on network infrastructure equipment. Responsible for the day to day management and health keeping of Linux/UNIX based Operating Systems being deployed for the confidential. Devising IP Addressing schemes that are used for the logical management of confidential security appliances. Building and maintaining a custom integrated framework for the analysis of Cisco NetFlow data.

Confidential

Security Consultant

Responsibilities:

Responsible for writing a new Incident Response Policy for the IT Security Staff. Responsible for building Intrusion Detection Systems and performing audits on Cisco PIX/ASA firewall devices and their associated configurations. Performed firewall rule modifications and documented network security procedures. Made recommendations for technical process improvements and evaluated enterprise logging solutions such as Qradar. Rebuilt Linux kernels for fiber and port bonding features on IDS sensors. Supported the deployment of custom intrusion detection sensors deployed on a fiber backbone.

Confidential

Sr. Unix/Linux Administrator

Responsibilities:

Responsible for the management of Cisco PIX firewalls and 3600 series routers in addition to managing various OpenBSD and Linux servers. Performed daily monitoring and analysis of all UNIX and LINUX based operating systems. Wrote scripts for process automation in a BASH Shell environment and served as a member of the IT Change Control Board (CCB) Team. Managed SNORT Intrusion Detection Systems and performed daily monitoring and analysis for suspicious or malicious network activity.

Confidential

Sr. Security Engineer

Responsibilities:

Configured and managed RSA dual factor authentication on multiple Linux servers. Managed multiple servers running Linux, Apache, MySQL, and PHP (LAMP) on RHEL 4 Platform. Managed Intrusion Detection System Infrastructure on Red Hat Enterprise Linux 4 (RHEL 4) Platform. Managed Linux package management with Yum, Pirut, and RPM on RHEL 4 Platform. Delivered Linux system hardening and baseline documentation for productions servers. Performed disk management on Linux servers (user quotas, disk partitioning, permissions, and access control lists). Managed and troubleshot boot loaders on Linux platform (GRUB and LILO). DNS, SSH, SQUID, DCHP, and NFS administration on multiple flavors of Linux. Managed Linux IP Tables Firewalls and Pluggable Authentication Modules. Strong scripting experience in Bourne Again Shell (BASH) environment for job automation on multiple Linux platforms. Technical lead during internal/external penetration testing against NASA HQ network. Technical documentation (baseline documents as well as SOP documentation). Risk assessments according to NIST 800 - 60 and 800-53 recommendations. Performed Vulnerability Scans using McAfee Found Scan Monitoring all security audit logs on MS Windows and Unix-based servers/systems. Coordinated and assisted with C&A POAM efforts. Development of Risk Assessments, System Security Plans, Contingency Plans, Incident Response Plan, Security Test and Evaluation Plans/Reports. Training Jr. Analysts on various technical matters. Delivered process documentation. Recommended and managed IT Security solutions for contract.

Confidential

Network Engineer III

Responsibilities:

Configured Cisco PIX failover configurations. Created new signatures on IDS platforms to reduce frequency of false positives. Analyzed and monitored Cisco PIX firewall logs for indications of anomalous activity and routing errors. Reviewed and analyzed intrusion detection events on a daily basis for signs of worm activity and unauthorized access. Identified network scans of internal and public facing devices on customer DMZ. Remotely configured Cisco PIX firewalls for deployment on customer networks for NSOC management. Reviewed and tightened Cisco Router configurations. Created site-to-site IPSEC VPN connections between Cisco routers and Cisco PIX firewalls. Established new network security topology for Point of Presence stack. Installed, configured, and maintained Sidewinder firewall for customer POP stack. Development of ISO 9001 Security Quality Management Procedures. Document procedures, processes, and technical specifications for equipment upgrades and new device integrations. Created monthly scorecard report for senior management regarding status of ongoing security threats and issues related to customer networks. Responsible for all UNIX based systems for MCI Team. Configured Netscreen firewalls for customer networks via Web UI and Command line. Implemented traffic shaping for customer needs on Netscreen ISG appliances. Responsible for all security devices managed on site by MCI. Provided configuration, deployment, support, and monitoring of network-based intrusion detection systems for National Parks Services (NPS) and Bureau of Indian Affairs (BIA) using Dragon IDS, Network Flight Recorder (NFR), and Tipping Point IPS.

Confidential

Network Security Analyst

Responsibilities:

Monitoring various intrusion detection system platforms for customers. Managed Firewall configurations for client networks . Worked customer tickets in NeuSecure. Performed new device integration. Documented Standard Operating Procedures; Useful for initiating customer billing cycle. Interacted with vendor engineers to obtain software upgrades and combat problematic issues. Configured and troubleshot Checkpoint Secure Remote VPNs for clients. Escalation point for SOC trouble tickets. Deployed Dragon IDS and Secure IDS devices on customer networks. Deployed ISS Real Secure confidentialS. Set up and configured VPNs from SOC to customer networks. Remotely troubleshot device connectivity issues. Handled Checkpoint firewall deployments on confidential platform. Configured customer licensing on Nokia IPSO images. Configured Virtual Routing Redundancy Protocol (VRRP) between Checkpoint NG firewalls.

Confidential

Network Security Analyst

Responsibilities:

Member of the Security Operations Center (SOC) in a 24x7 Environment. Responsible for checkpoint firewall configuration changes, creating VPN tunnels between Cisco routers, IDS analysis for Cisco Secure Intrusion Detection System, configuring customer licensing on Nokia IPSO images and configuring Virtual Routing Redundancy Protocol (VRRP) between Checkpoint firewalls, managing Checkpoint Firewalls through Nokia Voyager interface, Linux and Solaris 8 system administration. Checking status of internal devices via What’s Up Gold and MRTG. Configured SSH VPN tunnels to remote network devices for VNC connections.