PROFESSIONAL EXPERIENCE

Confidential

Java EE/Security Engineer

Responsibilities:

• Responsible for the USDA application security enhancement of high level security source code review and ethical hacking/penetration testing/evaluate and recommend the acquisition of IT security tools within the USDA.
• Implementation of black box testing/OWAP pen testing procedures with Samurai - WTF, VeraCode, Nexpose/Rapid7, passive/con, and security frameworks for protecting information assets using SAN 25/NIST 800-53, WebInspect 9.0, Burp Suite Pro, AppDetective Pro, Nessus, Fortify SCA/SSC, IBM AppScan Enterprise, Nmap, W3Af, Zed Attack Proxy (ZAP) Metasploit.
• Application source code scanning/dynamic and runtime security vulnerabilities (CSRF, XSS, SQL injection, buffer/heap overflow.

Confidential

Cyber Security/Network Engineer

Responsibilities:

• Further IT security audit responsibilities included the following: Conduct vulnerability assessments of network systems, software and websites. Deployed, SAML 1.0/2.0, XML, XACML, WS-Security, SOA, ASP.Net, AngularJS, Java/J2EE, Node.js, Conduct vulnerability assessments of network systems, software and websites. Perform software security and system architecture reviews and risk assessments to identify network and system specific risks with in Windows 2008/IIS, SQL Server 2005, NetVCR, OWASP, HP Fortify 360/SCA, HP ArcSight, IA/C&A,Rapid 7, WebSphere Portal 8.0/IBM AppScan.
• Evaluate and recommend the acquisition of IT security tools, implementation of procedures, and practices for protecting information assets using NIST 800-53, HP WebInspect 9.0, Burp Suite, AppDetective Pro., IBM TIM/TAM.

Confidential

Java EE/Security Engineer

Responsibilities:

• Responsible for identity and access management with installation/configuration of products such as IBM
• Tivoli Federated Identity Manager and Tivoli Access Manager, WebSphere Portal, DataPower, JSR 168/286, IBM AppScan, Computer Associates SiteMinder and Identity Manager, Fortify 360. Deployed, PKI architecture, certificate tools (open SSL, SSO, Microsoft CA, Java Keystore), Security Patterns, JAAS, OWASP, JSF, JSP.
• Deployed, SAML 1.0/2.0, XML, XACML, WS-Security, VA PIM Smart Cards/Biometrics, SOA, Java/J2EE, AppDev,Chef/Puppet R&D and IBM TIM/TAM.

Confidential

J2EE/ASP.Net/Network Developer

Responsibilities:

• Responsible for rapid enhancement of high level security source code review and ethical hacking/penetration testing of Confidential /Wal-Mart Java, Java EE, JSP, ASP.NET, Informix/Shell script, PCI/web base applications using the following tools, IBM AppScan, WebSphere Portal, DataPower, IBM TIM/TAM, OWASP Top10.
• JSR 168/286, Ounce Labs, WebInspect AppDetective Pro, MetaSploit, ArcSight, and Fortify 360. Provide security solutions that require resolution of complex operational and integration issues associated with networks, data systems, and applications to successfully deploy secure technologies and to enhance existing technologies, SSO/SAML, SNORT and Nessus, WebSphere Portal, DataPower, JSR 168/286,

Confidential

J2EE/Network Security Engineer

Responsibilities:

• Enhanced existing enterprise application and developed custom stored procedures for a subcomponent of the enterprise application. Debug and maintain existing code base, static source code analysis and created unit test code. Responsible for PRPC 5.2/5.3 security programming/penetration testing using, Web security testing, J2EE, JavaBeans, ASP.NET, JSF, Web 2.0, JSR 168, JSF, EJB, WebSphere server V6, IA, IDS, IPS, Tomcat, JavaScript, BPM PRPC application design, Portlet Factory Designer V6.1, RAD 6.1, PRPC v5.4 system administration, UML 2.0 interfacing with SQL database, and applying standard core security design patterns where applicable. Performed web application vulnerability scans and Pen testing utilizing SNORT, Nessus, WS-Security, XSS, SAML, JAAS, OWASP Top Ten, IPSec, IDS, ArcSight systems analyst, IPS, BackTrack2, IBM TIM/TAM, AppScan, WebInSpect, research and development on database migration from SQL Server 2000-2005 of the Oracle 9i/10g.

Confidential

J2EE Architect/Security Engineer

Responsibilities:

• Enhanced existing enterprise application and developed custom stored procedures for a subcomponent of the enterprise application, IBM TIM/TAM.
• WebSphere Portal, DataPower, JSR 168/286. Responsible for programming using, TIBCO GI/BI, TIBCO Hawk, Oracle, J2EE, JavaBeans, JSF, Web 2.0, JSR 168, JSF, EJB, WebSphere Commerce suite 5.1, WebSphere Process server V6.1, Message Broker/Tool Kit V6, BPEL, ESB, Portlet Factory Designer V6.1, RAD 6.1, UML 2.0 interfacing with SQL database, and applying standard core security design patterns where applicable, CA SiteMinder. Performed web application vulnerability scans and Pen testing utilizing SNORT, Nessus, client/configuration.

Confidential

Security Architect/J2EE Developer

Responsibilities:

• Overall Responsibility for the implementation design patterns for multiple J2EE/EJB, WebSphere Portal applications and software deployment for the Confidential - Confidential project.
• Improved the security/ and system functionality of the TWIC Web/TWIC Portal applications utilizing Oracle, Java Smart Card, PKI, IBM Rational Application Developer v6.0, ClearCase/UCM, Portlet Factory Designer v6.0, PKI/SSO, LDAP, RUP, UML 2.0, JSP/Design Patterns, J2EE, JAAS, JSTL, Apache Struts, Tiles, JSF, JSR 168, AJAX/DWR, Dynamic Forms/Form Beans, SNORT, BackTrack2, validation framework, Oracle10g, Web Services, SOAP, WinServer 2003, WebSphere Server ND, WebSphere Portal Server v6.1, IBM TIM/TAM, ESB, IDS/IPS, WS-Security, SAML 2.0, MetaSploit, WS-Security, AppDetectivePro, JBoss Server.

Confidential

Security Analyst/Network Engineer

Responsibilities:

• Responsible for rapid enhancement, IA, IDS, development, and deployment the J2EE web-based label Enhanced Distribution Labeling system (EDL), static source code analysis and the Automated Tray Label Assignment System (Web ATLAS).). The new label format for all tray, sacks, tubs, will include a unique 24-digit barcode to replace current PASSPORT 10-digit system.
• Design/build and tested Portal/JSR168 Portlet API/J2EE/EJB prototypes with Hibernate, Core Security Patterns, WebATLAS/Oracle, ATLAS/Oracle application for backend integration with a variety of databases and servers, Eclipse IDE, Tomcat 5.5.15, WebSphere Commerce suite 5.1, TIM/TAM, PKI, SSO, Nessus, Fortify v4.0., SNORT.

Confidential, Reston, VA

WebLogic/WebSphere Portal/Oracle Architect

Responsibilities:

• Developed and implemented enterprise-class J2EE/EJB application based on SAP, WebSphere 5.1 Portal/WBI for Internal Information Services, Software/web application security assessment and pen-testing, CA SiteMinder.
• Implemented/migrated an end to end content management internal web portal sites form Livelink to IBM web content management/workflow for NGs, email, document searching, customers, partners, Sametime and WSPS collaboration components, static source code analysis, vulnerability/pen-testing Oracle identity security tools/management.

Confidential, Alexandria, VA

WebSphere Portal Developer/Security Architect

Responsibilities:

• Responsible for the conversion of a DISAs (Defense Information Systems Agency)/TPS portal development and the programming of DISAs TPS web portal components utilizing core J2EE design patterns, designing custom controls/database controls, implementing core J2EE security standards/methodologies, Orocle/SQL Server, SNORT, Intrusion Detection Systems (IDS/IPS) security engineering/security manager, vulnerability/pen-testing.

Confidential, Bethesda, MD

Network /Security Engineer

Responsibilities:

• Responsible for the conversion of a US Customs CBP OS/390 CICS mainframe application to Java 1.4/J2EE architecture. Analyzed existing Dyna/Comm mainframe scripts; Adapted conversion methodology/Oracle, SQL Server database.
• Developed a J2EE/EJB framework/OOAD, using JCA, WebSphere 5.0/5.1/WBI, Oracle 9i/PLSQL, Core J2EE business patterns, SAML/SSO, PKI, XML, JSF, JSP, EJB, Rational XDE/UML, WebLogic 7.0/8.1, JProbe, Jacada Integrator as the IDEs for all J2EE development/vulnerability/pen-testing, static source code analysis.

Confidential, Washington, DC

Senior Security Engineer /Network Administrator

Responsibilities:

• Responsible for the deployment of ACS/Chemistry.orgs portal application components and subsystems,J2EE APIs, including Struts, JNDI, JMS, JSP/Servlets, and EJB.
• Assisted ACS/SilverStream developer with Chemistry.org code/server migration from SilverStream 3.7.4 to 3.7.5, ePortal Framework 2.3, Security+, Intrusion Detection Systems (IDSs) security engineering, Pen-Testing/Oracle IAM frameworks.
• Implement and configured an robust security with SAML/WS-Security, SSL, static source code analysis, user authentication, authorization, Cyber Source/RSA security keys, Novell exteNd application server for Sun Solaris 7/8, Oracle 8i, W in 2000, XP.

Confidential, McLean, VA

Systems Programmer Analyst II/ Security Engineer

Responsibilities:

• Developed, implemented computer web applications/systems software, computer hardware and/or data communications systems development or modifications.
• Gathered information, analyze findings, Intrusion Detection Systems (IDSs) security engineering, security+/508 HTML documents conversion, prepared UML conceptual designs, .Net, Oracle 8, Linux, MVC/Struts Framework.

Confidential, Reston, VA

WebSphere Portal/J2EE Developer

Responsibilities:

• Developed, implemented, and operated web content-delivered applications. Lead role in Domino Notes R5 server management (web, replication, security, SQL, JDBC/ODBC).
• Re-engineered the migration of Oracle 8i, Domino web-based Predictive Cost Modeling application to J2EE 1.3.1 based E-Commerce solution using static source code analysis.

Confidential, Chantilly, VA

Network Engineer/Java Architect

Responsibilities:

• Developed a client/server/OS/390, database tracking system, network configuration, TCP/IP, Internet protocols, firewalls, Virtual Private Networks (VPNs), Intrusion Detection Systems (IDSs) security engineering, and software lifecycle development. Web-based business application for corporate intranets using Java 1.3, JSP/Servlets, Cold Fusion, EJB, XML, XSLT, ODBC/JDBC, Oracle 8/Oracle Scripts, SQL/PLSQL, WebLogic.

Confidential,Bethesda, MD

Web Master/Network Engineer

Responsibilities:

• Integrated Documentum DocPage Server WinNT, Sun Solaris, WorkSpace and Netscape Enterprise Server. Developed and coordinated RightSite, DocBase for GSA Intranet and Internet documents, Oracle8, Oracle Scripts/SQL, IAM.

Confidential, Bethesda, MD

Java Smart Card Programmer/ Security Engineer

Responsibilities:

• Researched and developed a smart card, biometric authentication Web application. Stored X.509 Digital Certificate on a smart card to authenticate against an LDAP membership directory, MSCrypto API, RSA, SSL 3.0.
• Integrated embedded Java OS SmartCard cardlet data storage system, S/MIME, ISO card readers. Integrated PKI digital signatures, biometric, Oracle8, Oracle Scripts, SQL/PLSQL, Cardlets/Java cryptography, ADSI 2.0 JCard 2.0/MTS, 1.2 JDK, JBuilder.

Confidential, Reston, VA

Software Engineer/Internet Specialist

Responsibilities:

• Developed and coordinated Titans internet/SEG Request Tracking/SAP and Personnel equipment System with ASP, JBuilder 2.0/GUI development, servlets lifecycle, VB
• Scripting, Crystal Reporting. Assisted Titans programmers with the migration of four FAA Visual Basic Apps. /16/32 bit, Y2K testing,Oracle8, Oracle Scripts, SQL/PLSQL.

Confidential

Senior Web/Smalltalk Programmer

Responsibilities:

• Designed and developed Web based applications for trouble-ticket reporting/SQL/Oracle for the Local Systems Help Desk, monitored and maintained LAN networks. Corporate Intranets utilizing Java/VBScript, OOP, Smalltalk/Visual Wave 2.0, Visual InterDev ASP, DHML and IIS 4.0.

Confidential

Webmaster/System Administrator

Responsibilities:

• Coordinated the development of Internet/Intranet, and security/IIS 3/4. JavaScript/Java 1.1 (AWT) WEB applets /FrontPage 2.0, NetObject Fusion 2.0. Oracle8, Oracle Scripts, SQL/PLSQL.

Confidential

Webmaster/Network Engineer

Responsibilities:

• Developed and implemented Intranet security applet for ID&D Dept. Duties included HTML conversions, Oracle8, Oracle Scripts, SQL/PLSQL, JavaScript/Java 1.1 (AWT) WEB applets /FrontPage 2.0, NetObject Fusion 2.0. Assisted Sr. Network Engineer/System Developers with Netscape Enterprise Server 3/SuiteSpot Components Web Dev. LAN.

Confidential

Java/Smalltalk Programmer

Responsibilities:

• Programmed the on-line Consolidated Handbook. Duties included HTML conversions and JavaScript 1.1 programming, client/server. Tested software of the accounting/billing applications/Smalltalk, VisualWave, and WEB/documentation for end user.

Confidential

Publishing Technology Coordinator

Responsibilities:

• Art directed magazine covers, periodicals, and book covers. WEB pages/HTML 2.0, 3.0, VRML 3D, PDF files, Java 1.0/applets/JavaScript 1.0 and FTP file transfer/internet.

Confidential

Junior Art Director/System Specialist

Responsibilities:

• Designed and managed production of corporate logos, real estate brochures, flyers, business cards, corp./logos, postcards, etc.
• Assisted Art Director and Network Administrator, monitoring maintaining LAN/Dev. servers Ethernet Token Ring, software/upgrades, hardware, HTML programming, network/Mac trouble-shooting systems, and technical support.

Confidential

Graphic Designer/GUI Programmer

Responsibilities:

• Coordinated, organized electronic maps, charts, logos, and text files for the profile and editorial section, and full/half page ads, 4/C, 2/C, B/W fills full/half, and Multimedia presentations.

Confidential

Composition Supervisor

Responsibilities:

• Supervised the composition and advertising, departments. Coordinated the weekly publications and classified sections, graphic design. Assisted system administrator with software/upgrades, hardware, networking Mac/PC, and trouble-shooting network/Mac systems.