Principal System Architect - Senior Consultant Resume
SUMMARY:
- Principal System Architect with Federal and Commercial information technology and information security experience.
- Excellent qualifications in information and cyber security, system integration and telecommunications, network and systems engineering, information and quality assurance, operations planning and management, team building and leadership, and communications proficiency.
- Knowledgeable of the certification and accreditation security evaluations process for federal and commercial organizations, including NIST Special Publication 800 Series, FIPS Publications, OMB - Circular A-130, Risk Management Framework (RMF), DIACAP, NIACAP, FISMA, and Sarbanes-Oxley standards.
- In addition, experience in providing the following technical and business management services:
- Executive and senior management briefings on projects, training, and security
- Risk and Vulnerability Management, Security Test and Evaluation (ST&E), and Certification and Accreditation
- Secure Software Development Life Cycle (SSDLC), solution design & interoperability, and system integration
- Managing, Writing, reviewing, publishing, and updating:
- Cost Benefit Analysis, Technical Risk Assessments, Business Process Improvement documents
- Business Resumption Plans, Disaster Recovery Plans, and Security Plans with site drawings
- Standard Operating Procedures (SOPs), Hardware and Software Test Plans, Site Installation Plans, Internal Security Mitigation plans, Transition and Quality Control Plans
- Plan of Action and Milestones (POA&M) to address system & organizational deficiencies
- External Partners and vendor management
- Coordination of purchases by evaluating suppliers for quality, pricing and delivery timeliness
- Initiate and handle relationships with 3rd Party vendors and security operational department(s)
- Incident Investigation and Root Cause Analysis
- Leveraging the seven steps of incident response, provide oversight of incident data flow and response, content, and remediation, and partner with other incident response centers in maintaining an understanding of threats, vulnerabilities, and exploits that could impact networks and assets
- Assisted in coordinating the development and implementation of a courses of action by communicating with key stakeholders
- Design, install, configure, and maintain Local Area Network (LAN) and Wide Area Network (WAN), and Wireless and Virtual Private Network (VPN) solution(s)
- Design, install, configure, and maintain telecommunications equipment and peripheral devices (i.e., Routers, Access Servers, Hubs, Concentrators, Switches, VPN Gateway Devices, Firewalls, Network Servers, Network Workstations, and cable plants (Installation/Maintenance)
- Establishing, analyzing, maintaining, and monitoring quality control on:
- Telecommunications links using various Satellite and alternative telecommunication frequency spectrums
- Analog and digital communications systems and circuits; these circuits consisted of Time Division Multiplexing (TDM), Frequency Shift Keying (FSK), and multiple sideband "USB, LSB, ISB, and SSB" topologies
- Exceptional communication skills and ability to establish and maintain strategic business relationships across a wide range of customers and stakeholders
- Extensive experience leading and working with a diverse range of IT teams - vendors, outsource partners, internal, client and functional matrix teams ranging from business representatives and architects to system administrators
- Extensive knowledge of IT Infrastructure hardware and software components
- IT Security and Enterprise Architectural Frameworks
- Problem Solving and Process improvement
- Communication and Presentation
TECHNICAL COMPETENCIES SUMMARY:
Hardware: Cisco 7500/7000 Series Routers, 4800/4500/3600/2500 Series Routers, Catalysts 6500/4500/2900 Series Switches, Cisco Wireless Access Point, Cisco ASA 5500 Series, Cisco AS 5400, Juniper Firewalls, F5 Load Balancers with ASM & APM, Citrix Netscaler Appliance, McAfee Advance Threat Detection (ATD), BlueCoat and McAfee Proxies, Brocade Vyatta Gateway, EMC DMX-4 Network SAN Storage, EMC Connectric Switch, Sourcefire DC1000/3D2100 Server Appliance, QRadar 3100/1801 Server Appliance, Avaya Wireless Access Point, ArrowPoint CS-800 Switch, Lucent Cajun P550/P220 Gigabit Switch, Lucent VPN Brick 80, XEDIA Access Point, Nokia IP440, Data Service Unit "DSU"/ Channel Service Unit "CSU", Data Exchange Extended "DXE" units, Shiva LandRover, Media Converters, Media Transceivers, LAN/WAN Diagnostic Equipment, SUN Enterprise Servers, EMC Storage Area Network (SAN) arrays, Voice Digitizer and Multiplexer, Spectrum Analyzers, AUTOSWITCH Network Management System, AN/WSC(x), AN-SSQ(xx), Fireberd Communication Analyzer, High and Low level Patch Boards, Distortion Analyzers, Signal Generators, Audio-Frequency Generators, RF-Signal Generators, Oscilloscopes, Audio Modems, Cryptographic devices, Transceivers, Transmitters, Receivers, Antennas and Couplers, and other peripheral devices
Operating Systems: Microsoft Windows 200x Enterprise/Business/Standard Server, Microsoft Windows 64 and 32 Bit OS, Macintosh OS, Solaris OS, HP UNIX OS, LINUX, Cisco IOS Version(s), Lucent IOS Version (x), and Nortel IOS Version (x), Centos Version (x), Ubuntu Version (x)
Software: Citrix Netscaler, Tenable SecurityCenter, McAfee Security Manager, Stealthwatch Management Console, Sourcefire Defense Center/Sensor, QRadar Log Manager, SolarWinds Network Performance Monitor, SolarWinds Application Performance Monitor, SolarWinds Netflow Traffic Analyzer, NetBrain, LanGuard, HP-OpenView, Cisco Security Manager, Cisco Works, Cisco Resource Manager Essentials, NetXRay, Sniffer Pro, PowerTerm, HyperTerminal, Chameleon HostLink, Silk, Hummingbird Exceed, vSphere Management, VMware Player and Workstation, Microsoft SQL Server, Microsoft Office Suit, Microsoft Presentation, Seagate Crystal Info, VISIO Professional, Lucent Security Management Server, Lucent IPSEC, Cajun View Manager, NOKIA Voyager, CheckPoint VPN1/Firewall 1, Cisco VPN, CISCO Adaptive Security Device Manager, EMC Control Center, EMC Symmetrix Manager, Veritas Netbackup, Veritas Cluster, Veritas Volume Manager, Back Track 2, Nessus, eEYE RETINA CS Management, McAfee Vulnerability Manager, Application Security AppDective DB-PProtect, HP WebInspect, GoldDisk, Internet Scanner, TenableNeWT, WildPackets OmniPeek, WildPackets NetDoppler, IBM RealSecure Host Base Intrusion Detection, and Altiris Software Virtualization Solution Professional
PROFESSIONAL EXPERIENCE:
Principal System Architect - Senior Consultant
Confidential
Responsibilities:
- Primary technical liaison between manage service security and network infrastructure support teams and internal security and network support management and staff personnel
- Provide project status reports to security and M&E project directors and first line managers
- Brief business owner directors, managers, and staff on incidents and network security anomalies and mitigation strategies
- Coordinate and execution of security change management process and procedures for network security appliances and devices
- Coordinate meeting with external business partners and vendors in implementing technical solutions as enterprise services, utilizing Cloud Solutions, SaaS, PaaS, and IaaS principles and infrastructure capabilities
- Reviewed external vendors and 3 rd party partners technical specification documentations and integration plans for new security and network infrastructure systems:
- High Availability Citrix Netscaler Infrastructure
- McAfee Advance Threat Detection (ATD)
- Symantec VIP multi-factor authentication
- Cisco Unified Communication VoIP Infrastructure (Modernization Effort)
- Cisco ASA Remote Access and Firewall (Modernization and Migration Effort)
- Cisco Firepower IPS Blades (Modernization Effort)
- Cisco/Lancope Stealthwatch
- F5 Viprion Migration (Modernization Effort)
- 3 rd Party MPLS and VPN Services
- F5 Architect/Subject Matter Expert
- Support Layer7 Application Security Module (ASM) configuration monitoring and changes
- Establishing plan of action to address configuration changes throughout implementation life cycle
- Conducting Cyber Risk and Strategic Analysis
- Participated in security Enterprise Configuration Control Board (ECCB) change management meetings
- Provided Tier 2 and Tier 3 escalation support services to include problem resolution and root cause analysis
- Provided quarterly security audits and reports for security appliances
- Collaborate with other team members toward shared security and integration goals
- Continuous Monitoring of security infrastructure and review of monthly security reports
- Monitor and validate management service team SLAs and provide internal and external stakeholders status on security request and changes
Confidential
Principal information systems architect
Responsibilities:
- Analyzed information protection-related issues and provide engineering, technical and management solutions
- Supporting the integration of information protection solutions into computer/network systems and applications with particular attention to protocols, interfaces and system designs
- Evaluate, implement, and configure hardware and software to ensure Air Force Information Protections (AFIP) policies are enforced
- Conducted Cyber Risk and Strategic Analysis
- Gathered Intelligence and performed analysis of network traffic anomalies utilizing NetFlow Traffic Data
- Researched and Identified Autonomous Systems for suspicious and/or malicious traffic
- Design and deployment of Sourcefire Defense Center High Availability and 3D Sensors
- Design and deployment of QRadar Log Manager High Availability
- Supported the deployment of STIG compliant network devices and analyzed network infrastructure design and implementation plan
Confidential
Senior Technical Consultant
Responsibilities:
- Leveraged the seven steps of incident response, provides oversight of incident data flow and response, content, and remediation, and partners with other incident response centers in maintaining an understanding of threats, vulnerabilities, and exploits that could impact networks domains
- Assisted in coordinating the development and implementation of courses of action by communicating with key stakeholders
- Reviewed incidents and proactively identified patterns of activity and trends
- Researched, organized, wrote, and produced technical documentation Conducting Cyber Risk and Strategic Analysis
- Gathered Intelligence and performed analysis of network traffic anomalies
- Analyzed and reviewed NetFlow Traffic Data
- Researched and Identified Autonomous Systems for suspicious and/or malicious traffic
- Execution of assigned task order and insuring that the technical solutions are implemented in a timely manner in accordance with the schedule and project plan
- Utilized the results of tools such as firewalls, anti-spam, internet content filtering, IDS & IPS, and other similar systems to identify the onset of suspicious or malicious activity
- Performed incident response/handler’s duties
- Created and monitored incident reporting tickets
- Vetted reported anomalies by utilizing authorized computer security tools
- Compiled summary reports
Senior Technical Consultant
Confidential
Responsibilities:
- Integrated and configured Tenable Security-Center, Nessus Scanner, and Passive Vulnerability Server (PVS)
- Performed Vulnerability scan of the COB Cloud network
- Performed CBO Enterprise Discovery Scans (Windows Credentialed only) to determine network inventory of IP enabled devices
- Performed CBO IT interviews to establish an understanding of the: Network Layout, Connectivity points, Firewalls, Routers, Backup location.
- Developed Vulnerability Management Plan
Senior Technical Consultant (Information Assurance and Systems Engineer)
Confidential
Responsibilities:
- Reviewing Rules of Engagement Documentation and Internal agency governance policies
- Reviewing Systems and Infrastructure design documentation and drawings
- Conducting systems and network information assurance analysis, vulnerability assessments, and penetration testing
- Analyzing and reviewing Technical system and network infrastructure drawings and prior year and/or periodic vulnerabilities assessments scans and reports
- Developing and reviewing technical work papers and/or reports documenting vulnerabilities and recommendation
- Developing Logical and Physical Technical Site Design documents
- Conducted an Independent Verification and Validation (IV&V) of MWAA Computerized Maintenance Management System (CMMS) and Facilities Management (FM1J) System
- Validated system requirements against internal contracts to ensure that the primary software developer meets or exceeded MWAA’s business requirements and needs
- Prepared traceability matrix to make sure all the requirements are mapped to test cases
- Validated the operational stability of Enterprise Management Systems, by processing, tracking, and auditing data records entered through business case
- Coordinated and presided over internal meetings with MWAA’s FM1j business owners to obtain real-time end user and administrator feedback on system performance, operational requirements, and internal training
- Worked with program managers and business stakeholder, to understand the agency's business problem, need, or opportunity and to design a solution that completely and correctly addresses the problem, need, or opportunity
- Documented and validated security architectures and infrastructure design
- Provided expert technical analysis of business and resource requirements to internal and external business partners on integrating new systems and applications in R&D and production environment
- Designed and enhancing DOL’s R&D test and development network environments
- Designed and coordinated production implementation and integration into managed service provider data center
- Managed all core and internal Cisco Routers, Switches, Firewalls, F5 Load Balancers, and Gateway device by
- Upgrading and maintaining IOS and appliance versions
- Updating and maintaining Firewall and Intrusion Detection System Access Control List and rules
- Updating and maintaining VPN client access
- Establishing and Monitoring Site-to-Site and Remote VPN Tunnel
Confidential
Daily Operational Support
Responsibilities:
- Formulated and enforced IRS Enterprise Architecture (EA) standards and governance policies, reviewed work quality, communicated policies, purposes, and goals of the organization
- Coordinated meetings between client end users and functional experts and business analysts on functional requirements analysis.
- Provided expert technical analysis of business and resource requirements to internal and external business partners for integrating new systems and applications in test environment
- Developed, reviewed, and provided technical input to:
- Business Resumption Plans and Business Case Studies
- Cost Benefit Analysts and Business Process Improvement (BPI)
- Hardware and Software Build of Materials (BOMs)
- Security Plans of Action and Milestones (POAMs) and Internal Recovery Procedures
- Feasibility study to determining whether a project is economically, socially, technologically, and organizationally feasible
- Developed internal security processes, security mitigation plans, Standard Operating Procedures (SOPs), and provide technical guidance to junior engineers as it pertains to FISMA and ISR Security Policies
- Managed and assisted with the migration of multi-tier applications and data across IRS Data Centers and Domain
- Coordinated and validated the designs and installation of systems, circuits, power supplies, and cable plants within Computer Rooms and other assigned facilities
- Primary technical liaison between internal production security and network operations and external vendors
- Executed Wintel and UNIX Server security compliancy by running approved security tools