SUMMARY:

• Exemplary, quality - driven leader with 10+ years of system architecture, system and security engineering and administration within multi-platform/mission-critical environments
• Highly skilled LINUX expert, infrastructure engineer, advance systems and applications architect within complex distributed network environments
• Adept at VMware and KVM virtualization, storage management, AWS cloud computing, security and server hardening
• Experienced in interpreting and analyzing architectural designs, plans and PKI specifications
• Extensively proficient at Proof of Concept and Analysis of Alternatives Implementation to meet Compliance requirements
• Expert storage architect - AWS S3,Glacier, SAN/NAS engineering and administration within Mission-Critical Environments
• Proficient at cloud, virtualization and DR implementation; database, network engineering & administration
• Adept at common compliance requirements ISO, FISMA, HIPAA, PCI, ARS and NIST RMF (i.e. 800-53, -60, -30, -37, -39, 171 and 128 series)

TECHNICAL SKILLS:

PLATFORM:: Linux (RHEL) Enterprise 6.x & 7.x, Windows 2000/2003/NT server, VMware ESX 6.0/Vsphere

VERSION CONTROL:: S3, CVS, MKS Toolkit

PHYSICAL & VIRTUAL:: KVM, VMware ESX Server & Virtual Infrastructure

SECURITY:: CA-eTrust eAC, CheckPoint, Firewalld, TCP Wrapper, Trip Wire, Policy Checker

MONITORING:: NAGIOS, SysEdge, HP OpenView, Big Brother, Remedy Ticket

PROFESSIONAL EXPERIENCE:

Confidential

cloud SYSTEMS and SEcurity ENGINEER/ AWS SOLUTIONS ARCHITECT

• Migrate the USFHP Web Portal to a cloud native implementation that fully leverages AWS managed services available in the AWS GovCloud region.
• Identify, document, apply and evaluate the system security controls and support multi-platform environments, with web, SaaS, and Cloud technologies.
• Use agile/DevOps methodologies for planning, development, and deployment to create the DHA US Family Health Plan (USFHP) Web Portal.
• Maintain the USFHP Web Portal and data reporting/analytical functionality in the Amazon Web Services (AWS) GovCloud 1 .
• Use the Scrum method for all development and a Kanban approach to visualize and manage work in progress for all sustainment activities.
• Performs in-depth trade studies, market research or systems assessments to identify COTs, GOTs, or Multi-INT systems that may be or other available systems for application or adaptation to mission and its component processes.
• Implement cloud computing (SaaS, PaaS, and IaaS) fundamentals, end-to-end security compliance and risk management principles, practices, and methods to attain a full Authority to Operate from.
• Collaborate with the Client Cybersecurity team in DFARs security compliance processes.
• Translate business rules into modifications to be applied to current BWE system, providing new solutions.
• Support development and programmatic efforts to include evaluation, review or assessments of new concepts of operation, engineering designs, operational CONOPS, systems architectural diagrams, project proposals, project plans, schedules/milestones, and other attendant acquisition documentation.

Confidential

SENIOR SYSTEMS and SEcurity ENGINEER/ LEAD SOLUTIONS ARCHITECT

• Currently provides subject matter expert engineering support for Solution Delivery Division Clinical Support.
• Tier II engineer for Electronic Surveillance System for Early Notification of Community based Epidemics (ESSENCE) and Executive Information/Decision Support Resource Interface elements (EI/DS/RIE) systems.
• Review and validate system categorization, select security controls, support the implementation of security controls and assess the security controls implementation.
• Continuous monitoring including annual reviews, vulnerability/configuration scanning.
• System hardening using vendor guides, system technical implementation guide (STIG) and CSI benchmarks.
• Translate functional and technical business requirements into secure technical implementations.
• Define and evaluate solutions for large, mission critical systems comprised of multi-tier web applications, enterprise messaging and web service-based applications and batch processing
• Facilitate the authority to operate (ATO)
• Support the Information System Security Officer in all phases of the RMF
• Coordinate within and across product teams to ensure a cohesive representation of the SDD-CS products from an engineering perspective.
• Serve as the technical point of contact for contracted developers, providing them with all technical guidance, insight, education, and documentation required to complete engineering tasks.
• Perform vulnerability and patch assessment reviews including vulnerability scoring systems (CVSS/CMSS)
• Document the system architecture and architectural documents such as the system view, operational views and other views as prescribed by DoD Architecture Framework (DoDAF).
• Perform research and recommendations, AoA, POC, vulnerability analysis and reports for management.
• Guide the vendors and implementers with regards to SDD-CS technical best practices, tools and document templates.
• Work with other engineers to coordinate technical solutions across products.
• Provide advisory services to government clients regarding technical concepts.
• Perform technical reviews such as SRR, PDR, CDR, TRR, RFP and RFI

Confidential

LINUX SYSTEMS ENGINEER/Administrator

• Worked effectively with the SECURITY engineering & operation team to certify all existing and new RHEL servers according to infrastructural security policies.
• Worked extensively on remediating security deviations and fixing any security alerts to harden the Linux RHEL servers.
• Performed extensive UNIX servers & network setup, configuration, tuning and maintenance.
• Performed infrastructural & environmental design, implement OS platform engineering and interface with different project managers to maintain existing systems & build out new Linux systems.
• Engineered and performed POC for testing new next-generation hardware and software to be certified as Operational STANDARD within Centos Linux and Red hat Linux environment.
• Performed build, installation, configuration and maintenance of Amazon Cloud EC2.
• Evaluated, designed, tested and implemented AWS IAM polices, KMS policies, bucket policies, roles, access requirements
• Performed datacenter migration/consolidation, which comprises of Unix and Linux RHEL servers.
• Performed hardware refresh Linux Servers into new ones and build, install, configure and roll them into Enterprise production (critical-mission) environment with virtual servers.
• Responsible for automation & maintenance RHEL environment and lead the effort to upgrade using Bash and Puppet configuration manager.
• Developed engineering drawings to show infrastructural layout of the environment for all servers.
• Implement DR exercise & configuration by replicating data from (PROD & Non-Prod environment) to a remote data center and maintaining consistence data across the data centers.
• Configure, maintain and secure enterprise-class servers by hardening (per NIST and CIS recommendations) and implementing checkers-rules for system auditing against environment intrusion & system monitoring.
• Coordinate and apply OS Patches and Kernel updates on RHEL servers.

Confidential

systems engineer/ Administrator

• Set up and administer user and groups’ accounts with MAC and DAC ACLs. Installed and configured WebSphere servers, file servers, firewalls, and directory services on Rhel platforms; diagnosed and resolved document access restriction problems.
• Performed system Kernel and memory ana lysis and prepared reports for preparation of the clients’ production systems.
• Perform ed architectural studies and analysis to en sure that servers and workstations on facilities were properly sized, properly construc ted, c orrectly ope rated and adequately maintaine d.
• Diagnosed and resolved problems associated with DNS, DHCP and network connectivity for Linux systems.
• Assisted with planned execution of remote client rpm and Yum patches and package management and updates to ensure continuous accessibility to production systems.
• Assisted with developing and implementing infrastructure and d ata sec urity requirements; prepar ed and m ainta ined emerge ncy preparedness and response plans; reported issues r elated to the security and emergency posture of the utility.
• Provided SME support on AWS Cloud Formation, PaaS, IaaS and other services for Linux Red Hat Enterprise systems.
• Performed system and application installation and configuration; troubleshooting system problems and other related issues. Utilized TCP/IP in maintaining network functionality and security.
• Monitored network traffics and network connections using various management tools such as ping, uptime, vmstat, iostat, snoop and nslookup.
• Provided technical support to clients, helping with solving user’s problems which included updating database, logging into their systems, establishing remote connection to the network using (SSH), resetting passwords and unlocking user’s accounts.

Confidential

UNIX / LINUX SYSTEMS ADMINISTRATOR

• Built, Installed and Configured Solaris/Linux Infrastructure at cold site to support Disaster Recovery/Business Continuity plan as well as documented a procedure to perform disaster recovery exercise.
• Led effort to consolidate hardware across board by implementing virtualization, upgrade OS, and implemented best practices for corporate data backup solutions, operation procedures and managing backup operations.
• In-depth knowledge managing mission-critical 24x7 infrastructure production environment running critical applications.
• Exceptional expertise of computer performance hierarchy principles, OS performance analysis, system kernel tunings, latency, throughput, TCP/IP networking and advance trouble-shooting across multiple OS platforms
• Responsible to evaluate, recommend, design and implement solutions and best practice to ensure successful data center migration, optimal availability, performance, and resource utilization of UNIX/Linux infrastructure supporting core business applications.
• Architected and built new Highly Available Concurrent Multi-Processing (HACMP) UNIX computing environment to migrate business critical application running on Solaris to Linux.
• Designed naming conventions, developed security & access management frameworks and documented system administrator’s procedures.
• Collaborated in migrating systems, developing tools to optimize server resources, and evaluate emerging technologies to consolidate environment and reduce costs while improving performance
• Supported data management through on-site & off-site storage and retrieval service.
• Installed and configured puppet master and slave for automated configuration management, and Nagios monitoring tool troubleshoot and resolved software and hardware problems, interfaced with vendor technical support to resolve problems and work with other technical staff on supporting their needs.
• Responded to security alerts with risk evaluation and monitoring; reported on unauthorized access attempts.
• Monitored security logs to determine security problems.
• Optimized system performance by tracking daily system utilization, to determine if problems were imminent.
• Monitored and provided daily reports on system performance to pinpoint performance bottlenecks and on an as needed basis, selected various system options and parameters.
• Added users, groups and performing end day transactions and backup on customer accounts.