SUMMARY OF QUALIFICATIONS
- Senior Software Security Architect with 19 years of software development experience in designing, developing, deploying and verifying complex software systems of varying scales.
- Expert in software and hardware security, agile design, secure coding, reviews, verification and design, cryptography, identity management, vulnerability assessment, threat modeling and analysis.
- Proven experience in architecting enterprise business applications in CRM/ERP, developing software, deployment plan, package dependency strategies; Management of multidisciplinary development teams.
- Proven record of successfully developing secure software applications, tools, and components (Swift, Objective - C, Android, J2EE, Java, EJB, JMS, XML, REST, JSON, Jython, SQL, Linux/Unix, SDLC and Security SDLC) on highly scalable architectures
- Expert level in I.T. Security, Access and Identity Management, Neural Networks, Artificial Intelligence, NLP, OCR, PCI DSS, Sarbanes Oxley, ISO 27001, NIST, OWASP, OpenSAMM
Confidential, Fremont, CA
- Digital Authentication and Facial Assertion (DAFA) is a Biometric Access Management system being researched and designed together with its infrastructure to meet compliance requirements and industry regulations.
- Analyzed and designed JEE enterprise applications developed using various JEE technologies on virtualized system using Web Services (JAX-WS, JAX-RS), JASON, EJB 3.1 on VirtualBox
- Implemented Security controls for Application Servers and applications, Authentication, Authorization, Access Control and Data Encryption at rest and in transient, including Firewall configuration
- Utilized Cryptographic APIs to integrate teh system with teh reporting infrastructure
- Setup private cloud based VirtualBox, Wildfly, Postgresql, Postfix mailing system using OpenLDAP for Virtualized Multi-home mailing systems and clients. Hardened security on CentOs Linux.
- Wrote Objective-C Webbie4th (on teh Apple Store) iOS application that utilizes "Teh Onion Router" TOR to provide privacy and security to users that need to surf teh web anonymously. Teh app provides modern web browser experience, including multiple tabs, history, etc
- Wrote Swift Umah (on teh Apple Store) iOS apps to provide Islamic prayer time schedule, calculate direction to Makkah and provide timely notifications, based on astronomical and location calculations.
Sr. Software/Security Architect
Confidential, Palo Alto, CA
- Reviewed teh security posture of Confidential projects, including iSEC, HPConnected Drive, Home Hub with different flavors on iOS, Android and Windows 10.
- Involved in teh life-cycle of design and build of Confidential applications on different platforms, including JEE, iOS and Android with specific concentration on Architecture Security.
- Designed data security and encryption methods for iSEC and Confidential connected solutions.
- Developed a cryptographic E2E system security policy in accordance with business requirements.
- Architect technical controls to facilitate customizable security configuration management for iSEC.
- Identified security issues and risks; developed mitigation plans (holistic, and point solutions).
- Led external penetration tests in collaboration with IR teams; created a vulnerability scanning plan for Confidential products.
Sr. Software Engineer
Confidential, Fremont, CA
- Designed and built standalone and enterprise applications in JEE as well as iOS and Android; developed various JEE applications and systems using Web Services (JAX-WS, JAX-RS), JASON EJB 3.x, XML, Java (JEE 5, 6 and 7) and other web technologies.
- Projects include: Confidential web site, iOS Secure Webbie4th Web Browser mobile App., that is available via teh Apple store that uses encryption and TOR for privacy and anonymity.
- Planned and implemented Security Architecture and Design of Software and infrastructure.
- Developed Web Services (JAX-WS/ JAX-RS) - Business Data Interfaces
- Developed Data Layer Access - XML (JAXP / JAXB)
- Implemented Security features for Application Servers and applications.
- Developed code using eclipse (Kepler and Luna) on Wildfly 8.x
- Setup private cloud based on OpenShift and VirtualBox that included security hardening.
Senior Software Architect
Confidential, Seaside, CA
- Member of teh DEERS team. dis team develops Health-care and entitlement software for teh DOD at its Defense Manpower Data Center (DMDC).
- Engaged to architect various JEE applications and systems using Web Services (JAX-RPC, JAX-WS, JAX-RS), EJB, XML, JASON, Java (JEE 1.4, 5 and 6) and other web technologies.
- Involved in designing teh business logic layer and Data Access Layer to maintain in-house extensive Oracle database.
- Implemented Security features for App Server (Oracle WebLogic 11g) and applications, Authentication, Authorization, access control and Data Encryption.
- JMS applications development, setup and configuration of high-performance and fail-tolerant servers. High through put JMS applications.
- Analyzed and developed projects include DomainsEJB, VLER, DVIRS, WII-LOD, ACTUR, DCTA.
- Designed Secure CVS and DOHA, Trusted Computing Base (TCB) enabling applications to manage their individual keystores, certificates and security configurations through a unified API
- Helped in assessing teh adoption of DBUnit, Eclipse IDE with Oracle Extension and other technologies.
- Led VLER Project: Converted DD-214 and DD-215 service forms to automate teh collection and maintenance of data for service personnel at teh time of separation from active military service. OCR and other electronic data formats are used to collect personnel data. Implemented Tesseract (OCR-Engine) modules to support dis effort. Data shared via RESTFUL web services and other JMS based modules.
- NFC PIVManager Pilot. Implemented an android application to utilizes teh near Field Communications (NFC) abilities of mobile phone to acquire personnel verification data(PIV) from teh DoD’s Common Access Card (CAC).
Sr. J2EE Architect
- Implemented user input validation and verification, including encryption technical controls.
- Setup hosting infrastructure, including Access and Identity management solution for user registration.
- Setup and maintained secure email servers and mailing list.
- Coordinated teh selection and teh implementation of suitable technologies and infrastructure for teh new applications including Identity Management and Single Sign-On.
- Designed teh J2EE back-end infrastructure that collects, stores and distributes clients’ information amongst teh different regions that teh organization services.
- Created detailed architecture and design documents for teh Soft-Launch.
- Participated in teh implementation of teh Extranet portal, teh Soft-Launch with other developers, infrastructure and implementation personnel.
- Engaged in teh Sprint 4G Access and Identity Federation aspect of teh 4G Portal & WiMAX mobile initiative, leading eight technical architects.
- Delivered a Commercial-Launch architectural and design documents which were teh bases for teh final implementation of teh 4G SSO and Identity Federation between Sprint Network, ClearWire and Google.
- Putting together a complete Infrastructure Security Analysis document, that analyzed and hardened teh development and hosting environments in Tel-Aviv, Israel and Champaign MI.
- Developed authentication algorithm for Digital Locker thin and thick clients that were deployed within teh Portal environment.
- Participated in teh implementation process, including: Installing and configuring SiteMinder Policy Servers, LDAP stores; Setting up various environments, both in teh US and Israel; putting a test-plan and Strategy for Single Sign-On and Identity Federation with both Google and Sprint Network system.
- Mentored Security Admins and developers on aspects of teh Java and security implementation.