SUMMARY:

• Configuration and administration of the multi - vendor network environment. This includes design, operations, administering, maintaining, and implementing multi-vendor network architecture.
• Serve as the primary technical resource for Network and security technologies, reviewing configurations, alerts and critical security changes
• Develops and executes plan for network security best practices and security vulnerability remediation’s based on accepted network controls
• Responsible for design, configure, testing, commissioning, securing and supporting distributed networks related to Supervisory Control and Data Acquisition (SCADA) Systems also responsible for review and design control system architecture from a cyber-security.
• Supporting WAN MPLS infrastructure.
• Evaluates and recommends network security applications (i.e. IPS/IDS, Malware protection, next generation application firewalls, etc.
• Configuration and support Datacenter and branch office firewalls such as Juniper SRX and SSG, NS platforms with a working knowledge of security best practices and concepts. This includes experience working with IPS/IDS.
• Conduct and schedule regular vulnerability assessment scans, reports and remediation plans.
• Overall responsibility for being the subject matter expert on SIEM.
• Coordinating and conducting security event collection, using a log management tool, initiating event management, enhancing compliance automation, and leveraging identity monitoring
• Work with Security Operations Center analysts to help improve analytical products they produce
• Advises leadership on monitoring and reporting best practices and develops use cases on how to use SIEM to achieve end state requirements.
• Continuously enhance customizations, security tools and API integrations, extending heuristic detection and remediation activities
• Integrate and deploy enterprise-wide system management and endpoint security tools
• Handling service support requests for two factor authentication, SSL VPN, and web proxies
• Customizes security content including filter/rule/report creation, signature categorization, vulnerability mapping
• Leading the ongoing development of the Intrusion Detection infrastructure expand its scope and increase its functionality
• Developing, assessing and managing deployment of intrusion detection signatures in a large scale production IDS environment
• Managing both vendor provided and custom built signatures.
• Maintaining and supporting defensive security infrastructure in direct support for our Security Operations Center (SOC) and Cyber Threat Operations organization
• Analyzing output from various security devices, incidents, and malware reports to devise new and creative ways of detecting and stopping future incidents
• Provide primary support for Websense Web Security. Support the firm's Internet URL content filtering security policy, respond to incidents, and assess business requirements and resolution.
• Responsible for upgrades & patches for all components of security tools(ArcSight, Splunk, Sourcefire, Juniper Firewall, Cisco Switches, IDS/Websense/RSA SecureID, etc)
• Developing content for a complex and growing SIEM infrastructure. This includes use cases for Dashboards, Active Channels, Reports, Rules, Filters, Trends, and Active Lists
• Develop and maintain security documentation and standard documents, and make sure all documentation is available for command audits, command reviews and inspections
• Strong experience and understanding NERC-CIP compliance.
• Providing solutions to recommendations for security issues and vulnerabilities identified during assessments. Performing remote vulnerability scanning

TECHNICAL SKILLS:

Networking & Security: Routers & switches (Cisco iOS and Nexus),Arcsight 5.2-6.5,Splunk 6.2.5,Firewalls (Juniper - SRX,SSG, Sonicwall, F5),Cisco wireless access points,FireEye,SourceFire, 4.9-5.3,WebSense Web Security & DLP, Triton 7.0-8.0,Symantec Endpoint Protection 11.0-14.0,RSA SecureID 7.1-8.1 Two-Factor Authentication,VPN Concentrator Juniper SA 2500,4500 SSL VPN Administration,Nessus, nmap, Rapid7 (Nexpose, Metasploit),Wireshark, Netwitness, Regshot, Malzila

Operating Systems and Hypervisors: Windows Server (2003, 2008, 2012; Exchange, IIS, SCCM, Active Directory, Group Policy),Windows XP, Vista, 7, 8, 10,VMware (ESXi 5.2 - 6.0); VCenter, VSphere, VSphere Replication, Site Recovery Manager,Microsoft Hyper-V

Servers and Storage: NetApp Storage Area Networks (SANTricity),Stratus servers,HP & Dell server hardware (iLO, DRAC)

PROFESSIONAL EXPERIENCE:

Sr.Network and Security Engineer

Confidential Springfield Virginia

Responsibilities:

• Responsible: Design, configure, testing, commissioning, securing and supporting distributed networks related to Supervisory Control and Data Acquisition (SCADA) Systems
• Responsible for review and design control system architecture from a cyber-security.
• Implements and configuring routers and switches, VMWare ESX 5.5 Network security, firewall configurations, and active directory.
• Participate in SCADA RFP process for new application as Network and security evaluator.
• Design, build, support and maintain Splunk infrastructure in a highly available configuration Perform installation, configuration management, license management, data integration, data transformation, field extraction, event parsing, data preview, and Apps management of Splunk platform integrate data feeds to a centralized Splunk platform and deploy Splunk apps, manage data retention policies and perform index administration, maintenance and optimization. Develop and maintain production quality dashboards, custom views,

Sr.IT security and Compliance Specialist

Confidential, Springfield Virginia

Responsibilities:

• Served as a focal point for analysis of enterprise monitoring data, collect and report on Enterprise Monitoring KPIs while serving as system administrator for all security monitoring systems. Work with other IT department and vendors to plan and implement new features, enhancements, and Symantec SOC. Participate as an Enterprise Monitoring resource on Business and IT projects Perform other security related task and duties as assigned.
• Leading the ongoing development of the Intrusion Detection infrastructure expand its scope and increase its functionality. Developing, assessing and managing deployment of intrusion detection signatures in a large scale production IDS environment. Managing both vendor provided and custom built signatures. Maintaining systems and performing analysis .Analyzing output from various security devices. Monitor real time logs and packet analysis using SourceFire Defense Center.
• As Security Operations Team member for the Washington Gas project has the responsibility of ensuring that the policies defined by Security are implemented on the infrastructure components involved to achieve the intended effect of the policy and technologies remain healthy and in force, and that any issues (suspected or real) related to these technologies are escalated appropriately.
• Web access managemen t, Deployed & Migrate WebSenses Web Secure Gateway appliances
• Migrate from WebSense 7.3 to the Web Secure Gateway 7.7.x & WebSense Data Leakage Protection.
• Provide primary support for Websense Web Security and Internet URL content filtering security policy and incident response.
• Endpoint Security administer Install and configure Symantec Endpoint Protection new or in-flight engineering of intrusion prevention, firewall, application whitelisting and other security applications on a variety of operating systems and platforms. Identify areas of need and drive successful development and deployment of these security policies for network of workstations and servers.Management client components, Virus and Spyware Protection policies. Manage Application and Device Control policies. Describing SEPM and client communications, Configuring the Live Update Settings and Content, Configuring multiple group update providers (GUPs), SEPM and database sizing policies.
• Coordinating and conducting security event collection, using a FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time.
• Full policy administrator for multi layered infrastructure for two factor authentication and SSL VPN,
• Coordinating and conducting security event collection, using a log management tool, initiating event management, enhancing compliance automation, and leveraging identity monitoring activities using the SIEM platform., Developing content for a complex and growing ArcSight infrastructure. This includes use cases for Dashboards, Active Channels, Reports, Rules, Filters, Trends, and Active Lists
• Provide optimization of data flow using aggregation, filters, and Develop custom Flex Connector as required to meet use case objectives. Support the life-cycle management of the ArcSight for the planning of upgrades, new deployments, and maintaining current operational data flows

Lead Security Analyst

Confidential, Germantown, Maryland

Responsibilities:

• Resolving issues reported to the SOC (Anti-phishing/anti-fraud operation) from multiple sources including trouble tickets, phone calls and automated alerts. Experience in using IT Security tools like IDS(Intrushield from McAfee, Open source Sonart), Anti Virus (McAfee) DDOS Protection (Arbor and VeriSign) ArcSight Enterprise Security Manager and ArcSight Event Logger . Analysis of client's IT security challenges (incident analysis).Phishing and Malware attacks.Communicate with registrar and ISPs (Internet Service Providers) and shutdown fraud attacks.Malware and viruses analysis (Root-kit extraction from exe’s files and analyze behavior of the C&C.Bots) and shutdown in timely manners.
• Start technical shutdown process and dilute the phish site not to harm client systems or their customers. Analysis and collect all forensic data of phishing sites and malwares.
• Provides technical support and guidance on network design issues.
• Provides problem resolution of complex problems to less experienced personnel.
• Applies established priority procedures to routine customer request for service.Coordination between various functional groups within the organization.
• Working closely with managers ensures the success of daily operations. Track, resolve, and report on Network Incidents.

Support Engineer

Confidential Arlington, Virginia

Responsibilities:

• Network analyst, Team member of routing operation (7500,5000,2500 series routers)Worked as a migration specialist for 4000 user roll out of lotus CC mail to Microsoft Exchange for Dept of education.
• Installation configuration and troubleshooting HP network printers.
• Trouble shooting outlook problems Trouble shooting NT workstation 4.0 operating system. Activating LAN drops. Updating SMS on client. Configuration outlook on client.