SUMMARY:

• Confidential candidate offering 17 years of Information Technology experience, including 13 years specialized experience in Information security/Information Assurance for both short and long - term projects.
• I have served as associate, principal, senior, and managing Security Specialist in both commercial and government-based sectors.

TECHNICAL SKILLS:

• Solaris
• Cisco IOS
• Linux
• All versions of Windows
• Checkpoint
• Juniper SRX
• Cisco ASA
• Palo Alto
• Juniper Netscreen
• Raptor
• Tenable Nessus
• Checkpoint IPS WebInspect
• TippingPoint IPS Websense
• Palo Alto IPS Splunk
• Palo Alto URL Filter Nmap
• Kali Linux WireShark
• ForeScout Other Freeware tools

EXPERIENCE:

Confidential

Sr. Network Security Architect

Responsibilities:

• Providing security engineering and architectural design support. Configuring and maintaining firewalls (Cisco ASA-5585/9300, Juniper Netscreen-5400, Juniper SRX-3600, and Palo Alto-7050), Pulse Secure VPN solution, Splunk Enterprise Security, Lancope netflow solution, TippingPoint-7500 IPS, SSL Decryption, and various monitoring tools. The hardware models are hyphenated to the firewall vendors.
• Designed, deployed and maintains day to day operation of ForeScout Network Access Control (NAC) for 15K+ endpoints across Linux, Windows, and Macintosh platforms. The solution is composed of CT-10000 appliances configured in clusters that report to an Enterprise Manager. Host discovery is performed through mirrored traffic from gigamons and netflow. Device management is configured by SecureConnector.
• Performing vulnerability assessments and penetration testing using Kali Linux tools, exploitDB, manual techniques, and self-generated shellcode.

Confidential

Senior Security Consultant

Responsibilities:

• Security consulting to fortune 500 companies. These engagements ranged from reviewing security architecture, performing risk assessment, and deploying security solutions, e.g., Checkpoint/ASA firewalls, IPS solutions, ForeScout NAC, etc.
• Performed Checkpoint R77 Firewall deployment and migrating IBM Proventia IPS to Checkpoint IPS Blades throughout the environment of Confidential multi-national retail store.

Confidential, Washington, DC

Sr. Security Analyst/Engineer

Responsibilities:

• Managing twelve senior and middle level Security Engineers/Analyst; in addition to managing ongoing security projects, and supervising the security task order within the Software Development Life Cycle.
• Performing manual and automated penetration testing on networks and web applications. The automated tools used in the penetration testing were: Backtrack, Kali Linux, Nmap, Samurai WTF, Burt Suite, SQLMap, MobiSec, etc.
• Responsible for maintaining Cisco Intrusion Prevention Systems (IPS) network sensors, Cisco IPS Security Agents on 200+ servers. Additional responsibilities include configuring VLANs and ACLs on 6509 Cisco Switches, configuring partitions on the NetBackup SANs solutions, running vulnerability scans using Saint, Nessus, and HP WebInspect (web applications), troubleshooting connectivity issues, and administering Solaris 9 and Linux servers.
• Configuring and monitoring Checkpoint R75 GAIA firewall. In addition, doing the same for Confidential Firewalls against external threats. The firewall protects 16 externally facing sites.
• Responsible for managing and implementing the Cyber Security Program Plan (CSSP) for Confidential ’s Information Technology Security Manager. In addition, ensures that the security deliveries identified in the CSSP are developed and/or implemented in Confidential timely manner. Some examples of these deliverables are: conducting Certification and Accreditations, System Security Plan, Risk Assessments, Privacy Impact Assessments, Configuration Management Plans, Plan of Action and Milestones, Contingency Plans (CP), Annual CP Testing, Disaster Recovery Plans (DRP), Annual DRP Testing, Security Self-Assessments, Disposition Plan, Incident Response Plans (IRP), Annual IRP Testing. Furthermore, provides network security engineering functions, i.e., managing Intrusion Detection/Prevention Systems and Host-based Intrusion Prevention Systems, vulnerability scanning, and security evaluation on new products.

Confidential, Washington, DC

Senior Information Assurance Analyst

Responsibilities:

• Security point of contact for infrastructure and platform related issues. Tasked with researching and advising client of any potential security exploits (including new technologies) that could have an adverse effect on the network. Responsible for initiating an offensive approach towards Confidential secure computing environment through constant security reassessments against new and evolving threats.
• Tasked with developing security awareness training programs for agency-wide use. These mandatory trainings sessions are designed to acquaint end-users with current security issues, laws and regulations, and to inform them of mandated company and agency policies.

Confidential, Rockville, MD

Senior IT Security Specialist

Responsibilities:

• Lead Security Engineer responsible for designing and evaluating security products as well as deploying Confidential remote access project that facilitated Confidential secure remote entry to the internal network. The requirements specified seamless access to the internal network for authorized employees working offsite.
• Products used were as follows: Cisco VPN, TACAC+, Citrix MetaFrame XP, and RSA SecurID.
• Tasked by CIO and ISSO to lead various high-level projects. This entailed managing an IDS deployment project that spanned several sub-agencies and included studying the various network topologies to pinpoint ideal sensor placement. The IDS product used was ISS Real Secure.
• Responsible for managing five Checkpoint Firewalls running on Solaris operating systems and was Confidential member of the Incidence Response Team.
• Supported the Certification and Accreditation ( Confidential & Confidential ) effort via the creation of Security Plans, Risk Assessments, and Security Test and Evaluation Reports. Additionally, aided in the development of COOP, Inter-Agency Agreement, and Memorandum of Agreement documents.

Confidential, Washington, DC

Lead Security Engineer

Responsibilities:

• Lead Security Engineer in charge of firewalls (Checkpoint) and the VPN team using Checkpoint firewalls (Site-to-Site and Client-to-Site VPN’s).
• Additionally, responsible for managing enterprise wide anti-virus software utilizing Norton.
• Senior member of the Active Directory Team tasked with designing and deploying an active directory forest. Tasked with developing security requirements and integrating them into the active directory forest design.
• Designed and implemented Confidential LAN environment used in testing security on internally developed network and web applications. Additionally, developed the security requirements and testing procedures for these applications.
• Tasked with implementing Single Sign-on technology that interacted with Novell, Windows, HP, Solaris, and Mainframes. This allowed the end-users to login once and obtain access to all network applications requiring authentication.
• Implemented Change Management (CM) procedures and documented recovery and administrational procedures for critical systems.
• Supported the Confidential & Confidential effort via the creation of Security Plans, Risk Assessments, and Security Test and Evaluation Reports and aided in the development of COOPs, Inter-Agency Agreement, and Memorandum of Agreement documents.

Confidential, Washington, DC

Sr. Network Security Engineer

Responsibilities:

• Contracted (short-term) to perform penetration testing on Confidential Headquarters Internal and Public networks.
• This task included Confidential War dialing exercise aimed at identifying all modems (both registered and unregistered) that an attacker could take advantage of and use as Confidential backdoor into the network.
• During testing, I discovered various security holes and provided recommendations.
• Assisted in the creation of System Security Plans and Risk Assessments.

Confidential, Fort Meade, MD

Sr. Network Security Specialist

Responsibilities:

• Lead Security Engineer responsible for project management/leading Confidential team of four engineers and one analyst. Tasked with building Confidential security practice that spanned firewall management, anti-virus management, security testing, and Confidential & Confidential .
• Supported the Confidential & Confidential effort for clients utilizing Confidential Guidelines. Additionally, developed Change Management (CM) procedures for mission critical systems.
• Responsible for Network Security Architecture, including the design and deployment of IDS (Real Secure) and Firewall devices (Checkpoint). Additionally, ensured OS hardening and vulnerability assessments on all platforms, i.e., Windows, Solaris, and Linux.
• Implemented virus filtering on the firewall using F-Secure and web content filtering using Websense.
• Responsible for troubleshooting and configuring Checkpoint firewalls in Confidential fully clustered, load-balanced environment utilizing Stonebeat.
• Responsible for network backups with Tivoli Storage Management.

Confidential, Ashburn, VA

Sr. Network Security Engineer

Responsibilities:

• Tasked with supporting the maintenance and configuration of approximately 2500 customer firewalls. These firewalls were comprised of various products, including (but not limited to) Checkpoint, Raptor, and Interlock. Additionally, configured and troubleshot UNIX operating systems (since most of the firewall were running on Solaris 2.6 and above).
• Performed network troubleshooting on client networks. Additionally, created and designed secure DMZ environments for the clients.
• Designed and troubleshot VPN solutions utilizing various encryptions schemes, e.g., IKE, IPSEC, FWZ, ISAKMP, and PKI.
• Offered product support for Confidential customers.

Confidential, Washington, DC

Systems Security Manager/Microsoft Exchange Administrator

Responsibilities:

• Tasked with performed Certification and Accreditation utilizing DITSCAP guidelines as well as designing and maintaining Confidential secure computing environment from the infrastructure level to the operating system level.
• Created Confidential Disaster Recovery Plan and Standard Operating Procedures for both major and mission critical applications as well as the network.
• Configured Cisco Routers and other infrastructure devices to security standards utilizing NSA guidelines. This also included Operating System hardening on Confidential Windows and Solaris Platform.
• Maintained and performed daily troubleshooting on Confidential Checkpoint firewall running on Confidential Solaris Platform and deployed IP Tunneling between two remote sites. This task also entailed daily monitoring of network activity and auditing system logs for network devices.
• Sole person responsible for the administration and day-to-day operations of MS Exchange Server 5.5. Additionally, this task also includes migrating the MS Exchange Server and configuring Site Connectors.

Confidential

Network Engineer

Responsibilities:

• Supervised four employees who performed various tasks (from PC Technician to System Administrator). Responsibilities included maintaining Confidential 24/7 on call support roster, ensuring policy compliance, and managing time labor.
• Designed the network to in corporate DMZ and separated Server Farm segments. This included upgrading from Confidential 10 to Confidential 100-megabyte backbone via the Switches.
• Created both network and Exchange email accounts and configured Outlook 97 and 98.
• Maintained Remote Access Services utilizing PPTP and L2TP technology. This task included daily monitoring for failed authentication and attempted intrusions.
• Repaired and configured computer hardware. Responsible for layer 2 troubleshooting of network problems and end-user trouble tickets.
• Tasked with configuring and troubleshooting Cisco Router/Switches and 3COM Switches. This task also included implementing VLANs, Access Lists, and Prefix Lists to increase network security.