Experience

Confidential

Java EE/Security Engineer

• Responsible for identity and access management with installation/configuration of products such as IBM Tivoli Federated Identity Manager and Tivoli Access Manager, WebSphere Portal, DataPower, JSR 168/286, IBM AppScan, Computer Associates SiteMinder and Identity Manager, Fortify 360. Deployed, PKI architecture, certificate tools open SSL, SSO, Microsoft CA, Java Keystore , Security Patterns, JAAS, OWASP, JSF, JSP.
• Deployed, SAML 1.0/2.0, XML, XACML, WS-Security, VA PIM Smart Cards/Biometrics, SOA, Java/J2EE

Confidential

J2EE/ASP.Net Cyber/Information Security Developer

• Responsible for rapid enhancement of high level security source code review and ethical hacking/penetration testing of Verizon/Wal-Mart Java, Java EE, JSP, ASP.NET, Informix/Shell script, PCI/web base applications using the following tools, IBM AppScan, WebSphere Portal, DataPower, JSR 168/286, Ounce Labs, WebInSpect AppDetective Pro, MetaSploit, ArcSight, and Fortify 360. Provide security solutions that require resolution of complex operational and integration issues associated with networks, data systems, and applications to successfully deploy secure technologies and to enhance existing technologies, SSO/SAML, SNORT and Nessus, WebSphere Portal, DataPower, JSR 168/286,

Confidential

J2EE Security Engineer

• Enhanced existing enterprise application and developed custom stored procedures for a subcomponent of the enterprise application. Debug and maintain existing code base, static source code analysis and created unit test code. Responsible for PRPC 5.2/5.3 security programming/penetration testing using, Web security testing, J2EE, JavaBeans, ASP.NET, JSF, Web 2.0, JSR 168, JSF, EJB, WebSphere server V6, IA, IDS, IPS, Tomcat, JavaScript, BPM PRPC application design, Portlet Factory Designer V6.1, RAD 6.1, PRPC v5.4 system administration, UML 2.0 interfacing with SQL database, and applying standard core security design patterns where applicable. Performed web application vulnerability scans and Pen testing utilizing SNORT, Nessus, WS-Security, XSS, SAML, JAAS, OWASP Top Ten, IPSec, IDS, ArcSight systems analyst, IPS, BackTrack2, IBM Watchfire AppScan, WebInSpect, research and development on database migration from SQLServer 2000-2005 of the Oracle 9i/10g

Confidential

J2EE Architect/Security Engineer

• Enhanced existing enterprise application and developed custom stored procedures for a subcomponent of the enterprise application, , WebSphere Portal, DataPower, JSR 168/286.
• Responsible for programming using , TIBCO GI/BI, TIBCO Hawk, J2EE, JavaBeans, JSF, Web 2.0, JSR 168, JSF, EJB, WebSphere Commerce suite 5.1, WebSphere Process server V6.1, Message Broker/Tool Kit V6, BPEL, ESB, Portlet Factory Designer V6.1, RAD 6.1, UML 2.0 interfacing with SQL database, and applying standard core security design patterns where applicable.

Confidential

Security Architect/J2EE Developer

• Overall Responsibility for the implementation design patterns for multiple J2EE/EJB, WebSphere Portal applications and software deployment for the Lockheed Martin-TSA TWIC project. I improved the security/ and system functionality of the TWICWeb/TWIC Portal applications utilizing Java Smart Card, PKI, IBM Rational Application Developer v6.0, ClearCase/UCM, Portlet Factory Designer v6.0, PKI/SSO, LDAP, RUP, UML 2.0, JSP/Design Patterns, J2EE, JAAS, JSTL, Apache Struts, Tiles, JSF, JSR 168, AJAX/DWR, Dynamic Forms/Form Beans, SNORT, BackTrack2, validation framework, Oracle10g, Web Services, SOAP, WinServer 2003, WebSphere Server ND, WebSphere Portal Server v6.1,WebLogic, AquaLogic ESB, IDS/IPS, WS-Security, SAML 2.0, MetaSploit, WS-Security, AppDetectivePro, JBoss Server.

Confidential

Information Security Analyst/J2EE Engineer

• Responsible for rapid enhancement, IA, IDS, development, and deployment the J2EE web-based label Enhanced Distribution Labeling system EDL , static source code analysis and the Automated Tray Label Assignment System Web ATLAS . . The new label format for all tray, sacks, tubs, will include a unique 24-digit barcode to replace current PASSPORT 10-digit system.
• Design, build and tested Portal/JSR168 Portlet API/J2EE/EJB prototypes with Hibernate, Core Security Patterns, WebATLAS/Oracle ATLAS/Oracle application for backend integration with a variety of databases and servers, Eclipse IDE, Tomcat 5.5.15, WebSphere Commerce suite 5.1, TIM/TAM, PKI, SSO, Nessus, Fortify v4.0., SNORT.

Confidential

WebLogic/WebSphere Portal Architect

• I developed and implemented enterprise-class J2EE/EJB application based on SAP, WebSphere 5.1 Portal/WBI for Internal Information Services, Software/web application security assessment and pen-testing.
• Implemented/migrated an end to end content management internal web portal sites form Livelink to IBM web content management/workflow for NG's, email, document searching, customers, partners, Sametime and WSPS collaboration components, static source code analysis, vulnerability/pen-testing Oracle identity security tools/management.

Confidential

WebSphere Portal Developer/Security Architect

• Responsible for the conversion of a DISA's Defense Information Systems Agency /TPS portal development and the programming of DISA's TPS web portal components utilizing core J2EE design patterns, designing custom controls/database controls, implementing core J2EE security standards/methodologies, SNORT, Intrusion Detection Systems IDS/IPS security engineering/security manager, vulnerability/pen-testing,

Confidential

Technical Lead/Sr. WebSphere Portal Developer/Security Engineer

• Responsible for the conversion of a US Customs CBP OS/390 CICS mainframe application to Java 1.4/J2EE architecture. Analyzed existing DynaComm mainframe scripts Adapted conversion methodology Developed a J2EE/EJB framework/OOAD, using JCA, WebSphere 5.0/5.1/WBI, Oracle 9i/PLSQL, Core J2EE business patterns, SAML/SSO, PKI, XML, JSF, JSP, EJB, Rational XDE/UML, WebLogic 7.0/8.1, JProbe, Jacada Integrator as the IDE's for all J2EE development/vulnerability/pen-testing, static source code analysis.

Confidential

Senior Security Engineer /WebSphere System Administrator

• Responsible for the deployment of ACS/Chemistry.org's portal application components and subsystems,
• J2EE API's, including Struts, JNDI, JMS, JSP/Servlets, and EJB.
• Assisted ACS/SilverStream developer with Chemistry.org code/server migration from SilverStream 3.7.4 to 3.7.5, ePortal Framework 2.3, Security , Intrusion Detection Systems IDSs security engineering, Pen-Testing
• Implement and configured an robust security with SAML/WS-Security, SSL, static source code analysis, user authentication, authorization, Cyber Source/RSA security keys, Novell exteNd application server for Sun Solaris 7/8, Oracle 8i, W in 2000, XP.

Confidential

Systems Programmer Analyst II/ Security Engineer

• Developed, implemented computer web applications/systems software, computer hardware and/or data communications systems development or modifications.
• Gather information, analyze findings, Intrusion Detection Systems IDSs security engineering, security .
• 508 HTML documents conversion, prepared UML conceptual designs, .Net, MVC/Struts Framework.

Confidential

WebSphere Portal/J2EE Developer

• Developed, implemented, and operated web content-delivered applications.
• Lead role in Domino Notes R5 server management web, replication, security, SQL, JDBC/ODBC .
• Re-engineered the migration of Oracle 8i, Domino web-based Predictive Cost Modeling application to J2EE 1.3.1 based E-Commerce solution using static source code analysis.