SUMMARY:

• I am a enthusiastic diverse security engineer that blends 7 years of cyber security with a fusion of other expertise spanning over 22 years in various corporate, small business and private sector environments. Being an out of the box thinker, ingenuity, team collaboration and other resources at hand, I view each IT task as a chess match and enjoy creatively solving complex business requirements.
• Indepth understanding of vulnerability/exploit scanners including: Confidential, Tenable Nessus and Rapid 7 Nexpose
• Participation in 7 annual PCI ASV recertification’s
• Understanding of various security compliance standards including: FISMA, PCI, IAVA, SOX, NERC/CIP and HIPAA
• Competent in configuration assessments using NIST configuration benchmarks (USGCB/TIS, DISA/STIG)
• Familiarity with Confidential and Rapid 7/Metasploit pentesting app/tools verifying risk expose from vulnerabilities in a network
• Knowledgeable with Confidential Exploit Phishing tool - set in testing users to determine their awareness of security risks and security training needs
• Proficient using various security distributions including: Kali, BackTrack, Samurai, Web Dojo and OWASP BWA
• Literate in various network utilities in exposing security vulnerabilities, monitoring and to enhance performance including Nessus, NTOP, Wireshark, CA Solar Winds, NMAP, EtherApe, NETQOS, Application Advantage, Network Generals Sniffers, Kismet and Cisco NAM's
• Experienced with web application security testing tools such as Confidential, OWASP ZAP and Burp
• Comfortable with Cryptography to include Symmetric, Asymmetric encryption (PKI), Hashing, Ciphers and etc.
• Working knowledge of OWASP Top 10 web application security risks
• Competent understanding of OWASP Web App Testing Guide
• Proactive cutting edge vulnerability/exploit research
• Working knowledge of Imperva WAF’s, F5 Load Balancers, FireEye IPS, Carbon Black Endpoint Security, ForcePoint Url Filtering
• Literate using Thycotic Secret Server Premium Edition Password Management Suite
• Literate in various networking protocols including: DHCP, DNS, ARP, ICMP, TCP, UCP, HTTP, SHTTP, FTP, SSH, NTP, POP, SMTP, IMAP, TELNET, TFTP, SOCKS, L2TP, PPTP, QOS and etc.
• Literate using various wireless standards and technologies including: IEEE802.11A-G, Bridging, HTTP Redirection, Wireless Distribution Systems and etc
• Proficient in assorted wireless security authentication mechanism by way of IEEE802.1X which consist of RADIUS using WPA2, EAP-MD5, PEAPv1, EAP-MSCHAPv2, EAP-TLS and EAP-TTLS
• Proficient using various networking technologies including: VoIP, VPN, WLAN, Switching, Routing and Firewalls
• Proficient using GCC C compiler and build utilities (configure,make and etc.)
• Knowledgeable using Concurrent Versions System (CVS) code repository working in conjunction with our AGILE-like SDLC
• Literate using Redmine flexible project management web application
• Competent developing build scripts as needed using Eclipse IDE, IPython (Selenium WebDriver/IDE written in Python) and BASH
• Experienced in Debian/Ubuntu LXC container image administration in preparing testing environments
• Familiar with most aspects of the Agile SDLC model to include: planning, requirements analysis, design, coding, unit/regression testing and acceptance testing
• Comfortable setting up AWS EC2 environments creating instances using their pre-configured AMI's templates and instance types or Confidential 's
• Able to configure AWS EC2 security groups/Firewall inbound/outbound rules as needed for services, ports and IP source/destination
• Adept in creating AWS EC2 PKI key pairs for securely accessing Linux instance types
• Experienced in configuring AWS EC2 regions/zones for multiple physical locations for resources
• Proficient using Microsoft Azure Cloud in creating resource groups, IAM (access control), VM’s and etc
• Python coding and scripting, C, Bash/Korn and shell scripting, PHP, Yii, HTML, JavaScript
• Fully literate in Linux distributions to include CentOS, Mandriva, Redhat, Fedora, Suse, Ubuntu, Debian and Slackware
• Proficient using Solaris, FreeBSD and MAC Unix distributions
• Knowledgeable using Microsoft Windows Desktop/Server 3.11 - 2016
• Proficiency in MYSQL/ Maria DB and POSTGres databases

PROFESSIONAL EXPERIENCE:

Confidential

Security Engineer - Applications

Responsibilities:

• Engineering, implement ion and monitoring security measures for the protection of computer systems, networks and information throughout entire corporation nationwide
• Identifying and defining system security requirements
• Designing a system security architecture and developing a detailed security design
• Preparing and documenting standard operating procedures and protocols
• Configuring and troubleshooting security infrastructure devices and services
• Developing technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
• Assisting with management, configuration, and ongoing maintenance of Web Application Firewalls (WAF) and load balancers to include Imperva and F5
• Writing comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement
• Determining security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates
• Planning security systems by evaluating network and security technologies defining requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, load balancers, and related security and network devices; designs public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as hardware and software; adhering to industry standards
• Implement security systems by specifying intrusion detection methodologies and equipment; directing equipment and software installation and calibration; preparing preventive and reactive measures; creating, transmitting, and maintaining keys; providing technical support; completing documentation
• Verify security systems by developing and implementing test scripts
• Upgrade security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements
• Prepare system security reports by collecting, analyzing, and summarizing data and trends
• Update job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations

Confidential

Security Application Support /DevOps/QA Engineer

Responsibilities:

• Regular automated CVS continuous integration test builds using GCC C compiler and build utilities (configure,make and etc.) written in BASH
• Daily CVS builds from code repository testing client reported bugs (Redmine) performing root cause analysis
• Monthly MS Patch Tuesday checks CVS code commits to Confidential vulnerability/exploit branch for product updates
• Periodic C, Perl, Python and Yii/PHP debugging using GDB, PDB (module), (perldebug) and YII DEBUG
• Occasional researched vulnerability/exploit CVS code commit to weekly maintenance release branch increasing product overall vulnerability/exploit count
• Debian/Ubuntu LXC container image administration, creation and maintenance of build scripts for testing environment
• Daily/Weekly unconventional SCRUM/Sprint meetings discussing Confidential rapid release activities and objectives.
• Proactive research of different technology to assist development group in various inefficient aspects of the product
• Amazon AWS EC2/MS Azure continuous integration testing using Python modules (Boto3/Azure) for quick deployment as per management
• Manual/Automated instance creation using Amazon preconfigured AMI templates configuring the instance types to include CPU, memory, storage, and networking capacity specification per management
• Configure secure SSH login access using AWS key pairs (public/private keys) to Confidential AMI instances for testing
• Regular manipulation of security groups (Firewall) as needed to control inbound/outbound access to Confidential AMI instances
• Assist DevOPs team in annual recertification of Confidential as an ASV (PCI Approved Scanning Vendor) overseeing scanning operation using various tools
• Mentor management/junior/newly hired security engineers with companies DevOPs process
• Unconventional smoke exploratory testing in identification of bugs ensuring most crucial functions of our product work before software release
• Daily automated/manual pre-release/post-release application testing using Eclipse IDE, IPython (Selenium WebDriver/IDE written in Python) and BASH
• Daily REST API (HTTP, GET, POST, PUT & DELETE) functionality testing of Confidential security suite
• Acceptance (Alpha and Beta) testing working in collaboration with prospected customers in meeting delivery requirements
• Verification of functionality of entire product line and adding documentation in tracking system (Redmine), staying in conjunction with Confidential ’s quality assurance process
• Unit and regression testing of various aspects of Confidential unconventional Agile development/release cycle performing root cause analysis and documenting defects as needed in Redmine tracking system
• Development of assorted testing/build scripts as needed using Selenium WebDriver/IDE written in Python
• Continuous testing software on various supported Linux distributions (Ubuntu, Debian, CentOS, Redhat, Fedora, Mac) and virtual environments (VMWare Suite, Oracle VirtualBox) to ensure compatibility
• Integration testing IBM Qradar SIEM, Cisco ISE (Asset Quarantine) and Cisco Firesight (risk data correlation) and Splunk
• Pre-release/Post-release continuous testing of our Amazon approved AMI ensuring a quality product minimizing any defects
• Oversee backup function of entire companies mission-critical Linux infrastructure including websites and various development servers using Linux bash shell scripts
• Maintenance of extensive patched/unpatched Linux/Windows/Mac ESXI vSphere testing environment
• Provide consistent multi-faceted global support of customer deployments in a variety of vulnerability assessments and compliance audits including SCAP (FDCC,USGCB and DISA), DOD IAVA, FISMA,PCI, HIPPA, SOX, and NERC.
• Responsible with assistance of configuration, installation and implementation of various Confidential products and hardware appliances
• Research and integration of Microsoft Tuesday, prioritized list of vulnerability checks, tutorial content in software development and release activities for target development platforms using CVS version control repository
• Assist QSA in Confidential ’s ASV service work performing disputed results analysis of customer quarterly PCI scan data submitted via WebSAINT(SaaS) customer portal managing the client through the ASV attestation process
• Comprehensive investigation of client vulnerability scanning internal/external assessments dissecting various scenarios using reports, log files, network traces, configuration files, network diagrams or duplication of the condition managing cases until resolved.
• In-depth analysis of client penetration testing scan outcome, post-exploitation and social engineer tools facilitating a better understanding of vulnerability existence, risk quantification and security posture against informational assets.
• Guidance in the configuration and usage of a diverse set of vulnerability/penetration/compliance/configuration policies, exploit tools and vulnerability-specific exploits.
• Assist QSA in Confidential ’s ASV service work performing disputed results analysis of customer quarterly PCI scan data submitted via WebSAINT(SaaS) customer portal managing the client through the ASV attestation process
• Assist clients in remediation efforts providing guidance towards a resolution.
• Support Confidential ’s ASV AOC service performing disputed results analysis of customer quarterly PCI scan data submitted via WebSAINT(SaaS) customer portal managing the client through the ASV attestation process.
• Responsible for assistance in configuration, installation and implementation of Confidential 's security suite, SAINTCloud(SaaS) and turn-key appliances.
• Configuration assistance of product with IBM Qradar SIEM, Cisco ISE (Asset Quarantine) and Cisco Firesight (risk data correlation).
• Mentoring and training of newly hired engineers acclimating them with the entire Confidential product line and support procedures.

Confidential

Wi-MAX Field Engineer

Responsibilities:

• Replacement/upgrade of Motorola WiMAX4 equipment to second generation Motorola WiMAX4 technology, provisioning/troubleshooting equipment using SSH or serially
• Re-cabling of fiber optic/cat 5 cabling and connections as needed
• Firmware maintenance on various field equipment including WWP 311 Packet Switches, Asentria SiteBoss, Valere and Tyco power rectifiers, Dragonwave, Orthogon & E-Band microwave equipment
• Performance monitoring of equipment and clearing any alarms
• Acceptance Drive Testing of site antennae (post installation) checking for hand-off quality, signal strength and user availability

Confidential

Managing Partner/Hands-on Engineer/Architect

Responsibilities:

• Implementation of multiple Linux based Trixbox/Asterisk CE VOIP systems using Grandstream, Cisco and Polycom IP phones throughout metropolitan area
• Application of numerous Linux based Zoneminder, BluecherryDVR, and Netrome DVR security surveillance systems including assorted CCTV IP/Analog cameras and cabling all throughout region
• Execution of Smith Barney/Legg Mason small branch conversion project consisting of installation of Adtran's DSU/CSU's, Cisco 3700 routers, Cisco 3560 switches, KVM monitors, HP XR 1500 UPS, HP ML 570 Proliant servers, Electronic Cooling Modules in coordination with tier 3 engineering.
• Infrastructure site survey for HP/Merrill Lynch VOIP Advanced Telephony Project which included identifying existing Avaya/Lucent Definity PBX's, data and long distance PRI T1 circuits, Avaya/Lucent paging systems, remote fiber to cat 5 canaries, drawings, fax, courtesy phones and electric receptacles for placement of UPS.
• Participation in HP/Merrill network cut-over project consisting of port verifications, installation of APC SU2200 UPS, swapping of Cisco 3600 routers, Cisco VG224 VoIP gateway's or ATA's, WAN testing, Swing Testing (T-1 PRI to routers), PBX call tests, Cisco 2940 phones and erasing old routers in conjunction with HP/Merril Lynch tier 3 support
• Installation of various Cisco 1721 and 831/837 series routers using Frame Relay and ADSL circuits for TCML/Dunkin Dough-nuts project throughout region supported by tier 3 engineering
• Installation of new PC's installation for HP/ Confidential which additionally included DOD level disk wipes throughout area
• Audio/Visual technical support for various Department of Energy scientific conferences which include daily configuration of projectors, screens and cabling within metropolitan area
• Implementation of various POS systems throughout region including: Plexus, Profit Maker and PC America
• Remote/On-site technical support of various client using open source solutions for remediation throughout metropolitan vicinity

Confidential

Network Performance Engineer

Responsibilities:

• Using CiscoWorks Campus Manager routinely made adjustments as needed to Cisco Catalyst switches to accommodate performance and or issues
• Daily security audits of remote accounts using Cisco ACS/W2K/RADIUS for VPN Access and modem pool
• Providing daily statistical reporting of Unix based Meditech Medical System and hospital departments
• Performingdaily tape rotation using Backup Exec 9.1 and Bridgehead Hyper Tape for server farm using Dell Tape Library.
• Implementation of mixed PC/Wyse Term thin client environment using Citrix Management Console (Metaframe 3.0) and Active Directory throughout the facility.
• Direct-end user support for entire hospital and and off-site facilities logging tickets using REMEDY.
• Oversee Westcom Nursing paging system.

Confidential

LAN Administrator

Responsibilities:

• 2 relocation and network migration of the old GW Hospital IT Department server farm to the newly built GWU hospital
• Daily support of hospital enterprise applications including: Siemens Medical Systems, Radiology Medical Systems(Radiology), Digitec Paper Vision/IIS Enterprise (Medical Records), Hummingbird 7.19.0 (terminal emulator), MS SNA, CA Uni-Center SDO, AMO and RCO
• Daily maintenance of server farm including patching of Windows and Novell Suse Linux servers
• Daily administration of hospital HL7 interface
• Daily backups for entire server farm using Seagate ARCServe 2000 and Tape Carousel
• Configuration of Cisco 1200 Aironet AP throughout hospital
• Audits of VPN accounts using Cisco ACS/W2k(RADIUS) via Cisco 3000 VPN concentrator
• Implementation of Avaya VOIP phone system at two off-site hospital locations
• Implementation of Symantec ghosting server for IT Department to use for imaging of workstations and servers
• Creation of desktop images for help desk
• Daily end user support for hospital and 4 off-site facilities
• Monitoring network performance using CA Sniffer and Solar Winds
• Relocation of various GWU 4.11 Netware servers to GWUH Hybrid Novell/Windows NT environment.
• Working with multiple software vendors for preparation of Y2K and to assist with various medical applications in separation from university to the hospital including Siemens Medical System, Radiology Medical System, PREMIS and etc
• Assisting in the implementation of Lotus Notes clients throughout from an existing GroupWise environment
• Oversee Rauland Nurse Call System V

Confidential

LAN Administrator

Responsibilities:

• Implementation of a differential backup strategy for properly storage of the mission critical data
• Recovering company data from crashed data server that had been problematic for a period of time
• Performed daily backups using Seagate Backup Exec and Cheyenne ArcServe
• Added additional NT 4.0 files servers to accommodate their growing facility
• Routine administration of their Exchange 5.2 server
• Added multiple Cat 5 network drops in offices to provide connectivity to existing infrastructure
• Built and configured various Win95 and NT 4.0 workstation to conform to company standards
• Responsible for supporting 250+ Confidential employees and maintenance of ticketing system

Confidential

System Specialist

Responsibilities:

• Installation and configuration of multiple server/workstations for use into the existing UNIX, NT and Novell networks.
• Installation and configuration of multiple network printers into existing environment.
• Providing direct-end user support for 750+ Confidential employees.
• Activation of network drops for clients at each department as needed.