SUMMARY:

• Superior breadth of experience in network administration and information security.
• Excellent proficiency with encryption firewalls authorization methodologies and Web filtering authentication.
• Profound facility with security policy development implementation and enforcement.
• Sound grasp of a variety of Internet protocols.
• High skills in data analysis and network security threat identification.
• Strong expertise in detecting intrusions via network scans.
• Exceptional skills in critical issue identification and resolution.
• Outstanding skills in conveying complex technical information clearly and accessibly.
• Extensive knowledge of compliance protocols such as PCI, PII, GLBA, GDPR, HIPPA,SAS and FFIEC.
• Vendor and program management.

PROFESSIONAL EXPERIENCE:

Confidential, Coppell,TX

Sr. Security Engineer

Responsibilities:

• Monitor and analyze network traffic with QRADAR, SolarWinds Orion, tcpdump, Firemon, Wireshark for Packet capturing.
• Utilize QRadar, Syslog - ng and Splunk for logging and analyzing. Create rules, log sources, assets and policies
• Maintain, update and implement policies for Cisco Sourcefire IDS and FireEye Endpoint Threat protection.
• GPO maintenance and implementation.
• Lead Engineer for all F5 design and configuration projects. Work with, LTM, APM,ASM and AFM. Use and write IRules for specific projects. Responsible fo all HFT’s and OS upgrades.
• Provide guidance and leadership to junior Engineers. Train Engineers on Technology.
• Write scrips needed in Python or PowerShell.
• Well experienced in document creation with technical configurations, security standards design and network documentation using MS Visio & office along with IT Security Assessments, Risk Assessments.
• Configure, update and do daily Scans for Vulnerabilities using Rapid7. Create sites and configure devices scanned. Pull daily reports and inform affected remediation teams of vulnerabilities found.
• Monitor security advisories such as SANS ISC, NIST, CIS, US-CERT, Qualys.
• Symantec DLP Administrator, responsible for all updates and configurations of Server and workstation Agents. Work with SCCM team to deploy updates and new agents.
• In charge of all aspects of McAfee EPO server and configurations. Update policies and signature files.
• Scan corporate sites with Qualys site scanner for any Certificate issues. Remediate issues if found.
• Rapid 7 Metasploit penetration and exploit testing. Report findings, close and or instruct on remediating findings.
• Responsible to maintain updated documentation on all technology used and create technical drawings.
• Partner with different Domains to support Security Services (Network, Risk and Compliance, etc.)
• Vendor Management for Operations including NDA’s, POC’s and contract overview.

Confidential, Fort Worth, TX

Lead Sr. Security Engineer

Responsibilities:

• Serve as information security subject matter expert and actively assist internal teams in the development of secure business solutions for medium to highly complex problems.
• Monitor, analyze, and interpret security/system logs for events and incidents reflective of unauthorized access or operational irregularities.
• Work on multiple projects as the team member who leads the security design of the project.
• Lead information security incident response as required.
• Monitor security advisories and ensure security updates, patches, and preventive measures are in place throughout the relevant security control environments.
• Perform technical IT security risk assessments and lead remediation efforts.
• Analyze audit findings and make recommendations to lower security risks to acceptable levels.
• Drive information security awareness efforts throughout company.
• Consult, advice, and approve secure network design.
• Ensure that security changes comply with company change management policies and procedures.
• Author security policies, procedures, standards, and guidelines for corporate infrastructure.
• Establish and enforce operating system and application hardening standards.
• Establish, maintain, and monitor mechanisms to ensure protection against malware on company computing systems.
• Designed and implemented DUO 2FA Security to replace RSA for 600 users.
• Use o various tools to ensure security. I.E Forcepoint DLP, Cylance, Palo Alto, Whitehat, Masergy IDS, Firemon, F5, Solarwinds, Nexpose, GFI, Splunk and Alienvault
• Forcepoint Certified DLP Administrator.
• Verify SaaS, PaaS, IaaS security regulation.
• SME for multiple tools such as Firemon, Forcepoint, F5, Alienvault, Cylance, Trend
• Expose and remediate vulnerabilities utilizing Rapid7
• Research and respond to Masergy IDS alerts. Includes blocking traffic on Palo Alto and ASA.
• Palo Alto Firewall, create and monitor rules and objects.
• Administer Splunk Servers and heads, configure Apps and write collection Scripts.
• SME for ERPM Password management System.
• Designed and implemented Encase Enterprise Forensics Server. Pull forensic images from Workstations and lead investigations.
• Architected and implemented CimTrak FIM tool for EI3PA compliance
• Lead Security Engineer for all GDPR, NIST and SANS Top 20 (CIS) compliance.
• Architected, designed and implemented Request Tracker RTIR Incident Response system.
• Create Chef Cookbooks and write CIS compliance policies.
• Responsible for Brand protect resolution via third party vendor.
• Azure Cloud Security and connectivity.
• Check and enforce for all compliance such as PCI DSS, FFIEC, GLBA, SAS, PII, SOX, and GDPR.
• Create Cypher strings for F5 WAF and Palo Alto Firewall
• Responsible for yearly Budget management.

Confidential, Fort Worth, TX

Sr. Security Engineer\Acting CISO

Responsibilities:

• SME for all Security related projects in Colonial Infrastructure.
• Setup and Maintain DUO 2Factor Security on Servers and VPN’s
• Configuration of Checkpoint R77 Firewall Rules. Set up IPSEC Tunnels and VPN. Upgrade when needed.(R77.20)
• Designed and Implemented Confidential DDPE Encryption and deploy to all Computers in Company.
• Setup and Configuration of Alienvault USM SIEM appliance. Configure and Maintain. Monitor all Logs and close findings.
• Responsible for Security New Hire and end-user Training.
• Run quarterly Phishing Attacks to determine where training needs to be focused on.
• Follow NIST, CIS, OTX and OWASP recommendations.
• In charge of upkeep of all Servers and appliances using PKI. Create CSR’s and implement Certs
• Check and enforce for all compliance such as PCI DSS, FFIEC, GLBA, SAS and PII.
• Define and implement Cypher strings for F5 WAF and Check Point Firewall.
• Scan all Colonial sites for Application security using, Rapid 7 Metasploit.
• In-depth technical knowledge of identity management and security technologies including Active Directory, Group Policy, ADFS, and Authentication protocols including Kerberos
• Strong knowledge of the TCP/ IP suite of protocols including but not limited to ICMP, DHCP, DNS, HTTP(S), and FTP.
• POC for any VPN issues on F5 and Checkpoint.
• Implemented Manage Engine Products, Lansweeper, DDPE, DUO, Intune, Malwarebytes Server.
• Remediate all OCC and Conetrix Pentest and Audit Findings.
• Incident Response and analysis for Security breaches.
• Run Pen tests and Breach Tests using tools such as Metasploit, Wireshark, Nessus,Acunetix,Kali,
• Use SANS and KALI Forensics Workstation for Forensics Scaling and Timeline Analysis.
• Build and Implement Virtual server services through F5 Load Balancers (LTM).
• Investigate F5 SSO Access Policy Manager (APM) Logs to determine problems during login through F5.
• Mitigated software security vulnerabilites on F5 Load Balancers by applying latest hotfix/patch releases.
• Create and Edit F5 Load Balancer Access Policy Management (APM) workflow using visual policy editor (VPE), providing authentication through Role-Based Access Control via LDAP.
• Build Inbound and Outbound Security Assertion Markup Language (SAML) Services on F5 Local Traffic Manager (LTM).
• Provide Confidentality, and Integrity of F5 services through implementation of Cyptographic Asymmetric PKI keys in Local Traffic Management (LTM) SAML services.
• Mitigated network security vulnerabilites by employing defense in depth strategy by blocking geographical IP ranges or updating block lists (ACL's).
• Yearly Security Budget allocation.
• Tools used for Position, Shavlic, Checkpoint, Whitehat, Masergy IDS, Firemon, F5, Solarwinds, Nexpose, GFI, Splunk and Alienvault, Confidential DDP, Confidential Secureworks IDS

Confidential, Fort Worth, TX

IT Manager

Responsibilities:

• IT Manager for GSA Fort Worth Finance. Responsibilities include, Yearly CFO IT Budget, All Hire and termination needs. Liaison to Government Officials.
• In charge of all aspects of Systems Management and Design .
• Work with GSA ISSO office to remediate all audit findings and scan for vulnerabilities.
• Developed GSA CFO Region 6&7 Security end-user awareness Training.
• Manager for 8 Fort Worth Team Members and 7 Kansas City Team Members.
• Responsible for Backups using Commvault and Spectralink Hardware.
• EMC 700 and Xiotech Magnitude 3000 and Xiotech Emprise 7000\9000 SAN Administration
• Create new LUN's and Drive allocation
• AD Administration and Domain Migrations
• Redesigned and Build Region 6 and 7 Citrix Environment. Region 7 Citrix Admin and point of Contact.
• Sharepoint Admin for GSA CFO Office. Build and Configure a New MOSS Server. Migrate Sites to new Server
• Server Migration from Server 2003 to 2008
• Upgrade Server 2003 AD to Server 2008 AD in 3 Domains within GSA
• Exchange 2003 and 2007 and Lotus Notes Administration
• Web Server admin IIS 6.0 and 7.0
• In charge of Building and configuring Citrix Xen Servers and Xen APP. Build and configure XenDesktops
• Server Patch Management using Shavlic
• Implementing New GSA Virtual Environment. Using VMWare ESX and ESXI 4 and 5 Virtualizing 290 Physical Servers down to 70 Physical and 220 Virtual Servers
• Administration of Catalyst Switches Cisco PIX and Cisco ASA. Setting up all Brocade Fiber Switches. In process of deploying Cisco 2248 and 7000 Series Nexxus Fiber Switches
• Checkpoint and F5 Firewall and VPN SME
• Check and enforce for all compliance such as PCI DSS v.2, FFIEC, GLBA, SAS, PII, ISO 800.53
• Create Cypher strings for F5 WAF and Check Point Firewall.
• This Position requires a Security Clearance. Passed Homeland Security Background Check have active NCIC and MBI Clearance.

Confidential, Fort Worth, TX

IT Manager

Responsibilities:

• IT Manager of a 300 user Network running 90+ Confidential Servers. Create all Budgets for USHG IT needs. Hire and Terminate IT and Helpdesk personal. Meeting with Vendors.
• Implementing and configuring all Cisco Routers and Cisco Switches for 2 Locations
• Responsible for company Security and Internet access using Checkpoint NGX and Cymphonix.
• Infrastructure is based on a multi platform Network running Windows, AS400 and Linux
• Responsible for Company backup using Comvault Library
• Designed and Build US Health Group Metaframe Citrix Farm
• Daily scans with GFI Languard and multiple other Network Security Products
• Server Builds Windows 2003 and Testing 2008 Servers.
• AD Administration and Domain Migrations. Eliminate 3 unneeded Domains from USHG AD Structure
• Check and enforce for all compliance such as PCI DSS v.2, FFIEC, GLBA, SAS and PII.
• Exchange 2003 Server Administration, Backup and Restores of Mail. Archive Mail and Investigate failures. Responsible for OWA and all EDB Files on Servers
• Sharepoint 2003 and MOSS Server Admin. Upgraded SP2003 top MOSS 2007. Migrated all Sites
• Run Forensic Scopes on Workstations and Remote user Workstations
• Penetration Testing to protect USHG Network

Confidential, Fort Worth, TX

Director of IT and Infrastructure

Responsibilities:

• Managed Team of 6 Network Engineers, 7 Helpdesk Techs and 23 Field Installers for Wireless Radios
• In charge of Network Infrastructure design and implementation
• Maintaining and designing all Cisco Routers and Switches. Designed and implemented Cisco VOIP system using 4500 Series Catalyst Switch and Cisco Phones.
• Set up all Microtek Radios and Configured Firmware.
• Set up Towers and Configured Omnis on Towers
• Wrote and designed all SIP’s for Cisco Phones.
• In charge of Radius and PPP Concentrators
• Sharepoint 2003 Admin. Created and Modified Sites.
• Backup using Commvault Backup
• Implemented Zimbra Mail System and maintaining Linux and Windows Servers.
• Designed and Created Company SharePoint Site.
• Mentor and Train Helpdesk Team.
• This is a Multi OS Shop with Linux, Microsoft and Apple.
• Responsible for all Vendor and Network Inventory.
• Check and enforce for all compliance such as PCI DSS v.2, FFIEC, GLBA, SAS and PII.
• Worked with Cisco Switches & Routers, OSPF, QoS, RSA Two-Factor authentication, Cisco ACS, Cisco 802.11 Wireless, 802.1X, Radius, Syslog, DNS, DHCP, Web Filtering, VOIP.
• More Info Available upon request

Confidential, Corona, CA

Sr. Systems Engineer

Responsibilities:

• Senior Engineer on DISCO Support Team
• In charge of Citrix Server Farm @ Corona Datacenter. Support for 2500 Windows Servers and 900 Regata and AIX Servers
• Support included, Troubleshooting Equipment, Security, Maintenance and Repair. Set up and installation of new Servers. 1st level Support for Kaiser Network Infrastructure consisting of Cisco Equipment. Also top level support for Kaiser Citrix environment

Citrix Support Engineer

Responsibilities:

• Duties include Citrix design and Implementation
• Working closely with Citrix Engineers on Design of Kaiser National Citrix Farm running Metaframe XP. This is a 1200 Citrix Server Environment with Citrix Metaframe Servers located.
• Responsible for all Testing and Application Testing for Citrix Environment. Also Part of a Citrix Implemented Triage Team to act as the Point of Contact for Kaiser Internal and Citrix

Incident Management Manager

Responsibilities:

• In Charge of 21 Incident Managers.
• Responsible for all Hire and Termination Decisions

Confidential, Carlsbad, CA

SR. Network Administrator

Responsibilities:

• Responsible for a multi level Network running Active Directory and UNIX
• In charge of all Security and Management of Domain Structure. This is an 800 user Network with managed Workstations and 200 Windows and Linux Servers
• Duties include Catalyst 4000 Series Switches and 2800 and 2900 Router Router Configuration. Firewall Security running Cisco PIX and Websense.
• Sharepoint Administrator. Created and Modified all Sites
• Administration of Samsung E-Mail System based on UNIX platform.
• In Charge of all Junior Level Engineers and Helpdesk Technicians

Confidential, Laguna Hills, CA

Sr.Systems Engineer

Responsibilities:

• Design, install, manage & troubleshoot Local & Wide Area Networks
• Install & optimize operating systems such as Novell Netware, Win 2000 Advanced Server, Server and Pro, Windows XP, Windows NT 4.0 Workstation & Server, Win Me, Win98 & DOS
• Setup Terminal Servers and Citrix Metaframe Servers
• Design and implement Active Directory domains
• Configure Clients for Remote E-Mail
• Set up Firewall equipment such as SonicWalls, Cisco Pix and Netscreen Firewall Install and configure VPN Solutions
• Set up and Troubleshoot Exchange Servers. Restore and Troubleshoot EDB Files. Run Fixes
• Create IKE Security Associations between Firewalls. Set up routers. FRAME-RELAY
• Install & configure PC hardware such as modems, SCSI- & IDE-devices
• Provide Technical Support over the phone to clients
• Also in charge of new Client Sales calls and design