SUMMARY:

• Thorough knowledge and experience in systems engineering and cyber security
• Vulnerability & Web Application Testing
• Static Code Analysis with MicroFocus Fortify
• Continuous Monitoring /Remediation
• Source Code Review
• Penetration Testing
• Risk Assessments & Compliance
• Security Auditing
• Incident Investigation Response
• Forensics Evidence Gathering (E - Discovery)
• Enterprise Systems Management and operations.
• An in-depth understanding of capabilities deployed network and security infrastructures.
• Strong Management Skills of 20 plus contractors on a Federal Contract/Program
• Experience in managing, monitoring, and troubleshooting Enterprise Networks
• Strong technical experience in Networks, Systems, and Security Engineering and Architecting
• Hands-on experience in developing complex networks and security solutions, to include requirements gathering, analyzing, designing, prototyping, testing, and implementation.
• Hands-on experience with various Network and Security hardware and software:
• Hands-on experience with Microsoft Windows Server
• Hands-on experience with Microsoft Virtual Machines - Hyper-V
• Knowledge of Virtual Box and VMWare Workstation
• Knowledge of basic routing and switching technologies
• Hands-on with various Firewall products and technologies
• Maintain excellent and productive relationships with other contractors and government personnel
• Knowledge and a strong background in Enterprise Infrastructure and Architecture.
• Maintain industry knowledge through professionally trained and tested.
• Have both written and verbal skills to document and present solutions.

SKILLS HIGHLIGHT:

Network and Systems: Security Architecture, Engineering, Implementation, and O & M

Cyber Security Testing Tools and Software: MicroFocus Fortify SSC & Workbench, Tenable Nessus, McAfee Foundstone, HP WebInspect, IBM AppScan, Cenzic Hailstorm, AppSec AppDetective, CoreImpact, Burp Pro, Paros Proxy, ZAP Proxy, Nipper, NMAP, Metasploit, Backtrack5 R3, Kali Linux.

Linux/UNIX: Kali Linux, Sun Solaris

RDBMS: Microsoft SQL Server 2000, 2005 & 2008, MySQL, Oracle Databases.

Firewall - Next Generation Firewall and Anti-DDOS Appliance Solutions: Palo Alto Network, Arbour Networks, Imperva Web Application Firewall (WAF)

Mobile Application Development and Mobile Security: Apple IOS and Android IOS

Microsoft Servers: Windows 2003, 2008, 2012.

Protocols and Networking Technologies: TCP/IP, DHCP, DNS.

Documentation Development: Vulnerability Testing Reports Penetration Testing & Vulnerability Assessment

Web Applications: Burp Suite Pro, NetSparker and Cenzic Hailstorm. Automation and Manual Web Application testing.

Vulnerability Testing: NMAP and Tenable Nessus on Operating Systems

Project Management: MS Project.

EMPLOYMENT HISTORY:

Confidential, Washington, DC

Security Engineering/Security Architect/Pentester

Responsibilities:

• Architect and design security solutions, technologies and processes
• Perform Source code with MicroFocus Fortify, Analyze and compile reports for Developers and Project teams.
• Administer, Maintain and provide support for MicroFocus Fortify Software Security Center, Linux Server, and MS SQL Servers.
• Define and architect security architecture that supports the business for risk and supports the overall’s agency/organization’s security posture and policy.
• Manage and maintain oversight for security projects for Enterprise.
• Develop and implement security strategies, standards and policies.
• Identify IT Security risks and identify and evaluate mitigation strategies
• Serve as the subject matter expert for security technologies and issues
• Ensure standards and procedures for network security are applied and implemented
• Stay current and update knowledge of industry threats, trends, and security technologies
• Ability to deal with partners and peers in the IT Security/Cyber Security Space.
• Perform reviews of new changes and updates to the enterprise network and systems for the change control review board.
• Perform penetration & vulnerability testing on Web Applications with Burp Suite Pro, NetSparker and Cenzic Hailstorm. Both Automated and Manual Web Application testing.
• Perform vulnerability testing with NMAP and Tenable Nessus on Operating systems.
• Analyze, Review, consolidate IIS Web logs for intrusions or Advance Persistent Threats (APT).
• Replay intrusions and attacks in test environment and report analysis of incident.
• Provide recommendations of to prevent future attacks with Web Application Firewall. Assist with Creating new firewall rule sets.
• Provide senior management with Web Application Security vulnerabilities and recommendations.
• Create consolidated reports of all scan results into one master report and remove false positives.
• Create custom scripts and tools for large data analysis and reporting.
• Provide guidance
• Setup and Implement Imperva Web Application Firewall in the test environment.
• Provide Supplemental Documents for Imperva Web Application Profiles to Change Request Forms (CRF’s).
• Provide Architecture and Engineering services, solutions and support for various government agencies.

Confidential, Arlington, VA

Security Analyst

Responsibilities:

• Performed vulnerability testing with NMAP and Tenable Nessus on Operating systems.
• Performed vulnerability scanning with AppSec AppDetective on all Databases within the infrastructure to include MS SQL Server databases.
• Analyzed, reviewed, consolidated IIS Web logs for intrusions or Advance Persistent Threats (APT).
• Demonstrated intrusions and attacks in test environment and reported analysis of incident.
• Provided recommendations of to prevent future attacks with Web Application Firewall. Assisted with creating new firewall rule sets.
• Provided senior management with Web Application Security vulnerabilities and recommendations.
• Created various consolidated reports of all scan results into one master report and removed false positives.
• Created custom scripts and tools for large data analysis and reporting.

Confidential, Chantilly, VA

Principal Security Engineer

Responsibilities:

• Performed vulnerability testing on Web Applications with HP WebInspect, IBM AppScan and Burp Suite Pro.
• Performed vulnerability testing with Tenable Nessus, Nipper on IT Infrastructure Operating systems, network devices.
• Performed vulnerability scanning with AppSec AppDetective on all Databases within the infrastructure to include MS SQL Server, Oracle, and MySQL databases.
• Created consolidated reports of all scan results into one master report and remove false positives.
• Performed vulnerability and Security Product testing on Mobile Device, software, hardware, Wireless technologies and other security devices such as SSL VPN Appliances.
• Performed Manual vulnerability testing Security Test with Open Source Tools as needed.
• Provided training to new engineers to Security Engineering and Security Auditor on new tools.
• Provided Guidance and Advisory Support for Microsoft Infrastructure projects such as Active Directory 2000 and 2003, SharePoint, SMS, PKI, ISA 2004 and 2006, Exchange 2000, 2003, and 2007.
• Provided Guidance and Advisory Support to all System Owners (S.O) and Information Security System Officers (ISSO) in all things related to IT Security, System Architecture, Design, Vulnerability Assessments, Vulnerabilities and Remediation steps to over 60 ISSO at agency and up to 90 accredited systems.
• Designed, tested, and Implement Enterprise Security Tools to meet the customer’s requirements and help the customer save Millions of dollars to bring the solution in houses such as data stored on Tape Media.
• Responsible for all transition and migration for TASC customer supporting enterprise-wide network with more than 50 sites throughout the U.S.
• Collaborated with client engagement strategy to drive entry into risk-driven project methodology, improving the accuracy of project definition and requirements. Improved client relationship and project predictability through shared technical perspectives.
• Lead the entire network team in supporting the migration effort.
• Established the basic structure of the system; define the essential core design features and elements that provide a framework for the systems and solutions.
• Designed, Developed Detailed Solutions Document; Deployed, and provided continuous support of Wide Area Network and Data Center Network Infrastructure, to include Wireless Solution, VoIP Infrastructure.
• Implemented and relocated Data Center network infrastructure for American Red Cross to Confidential .

Confidential, Ashburn, VA

Data Center Technician

Responsibilities:

• Performed hardware replacement on all Servers and Network Devices such as F5 load balancers, Cisco core switches, routers and Juniper Switches at all Datacenters locations.
• Performed ticket maintenance on all tickets related to Amazon Cloud Services at all Datacenters locations.
• Reinstalled new OS for all servers as needed.

Confidential, Alexandria, VA

Enterprise System Administrator

Responsibilities:

• Installed, configured, and upgrade Microsoft Servers in the Enterprise environment.
• Performed HW maintenance, Patch Management, Anti-Virus Management, Remediation on all Enterprise servers
• Performed installation of Microsoft Applications, and third-party applications into Enterprise Servers.
• Performed Microsoft Exchange 2003 environment Enterprise Environment with 30,000 Plus users.
• Performed account maintenance on 30,000 users within the Microsoft Active Directory and Exchange 2003 Enterprise
• Provide support to Enterprise Good Servers for mobile devices.
• Provide phone support to remote users on access issues into the enterprise.

Confidential

System Engineer

Responsibilities:

• Developed and built a stronger Customer relationship with current based and new customers.
• Advised, assisted and resolved on Design, Implementation and Technical issues related to Confidential Hardware and Software into a Microsoft and Linux Infrastructure.
• Provided Training and Knowledge transfer of Confidential PowerEdge Servers, Products, Software and Systems Management tool and integration into Third party vendors such as Altiris, Microsoft MOM, and NetIQ AppManager etc.
• Provide Best Practice for Images Creation, Image Deployment and Image Management with variety of tools such as Ghost, Altiris Deployment Server, and Microsoft Software.
• Help resolve customer integrations of Unsupported Configuration of SAN Storage with Confidential ’s PowerEdge Servers and OEM Products.

Confidential, Reston, VA

Lead Systems Management Center Engineer & Network Design Engineer

Responsibilities:

• Lead in Areas of Network and Systems Engineering, Security, Patch Management, Anti-Virus Management, Remediation and Supporting 50,000 User environment.
• Integrated Microsoft Applications, Servers and third-party applications into Microsoft Active Directory and Microsoft Exchange 5.5, 2000 and 2003 environment Enterprise Environment with 50,000 Plus users.
• Tested and analyzed security Vulnerabilities with Nessus Security Scanner.
• Performed Security Assessment of Microsoft and Linux Operating Systems, Microsoft Applications, Third Party Applications, Network Devices and Servers Hardware.
• As a Security Administrator for Systems Management Center with Symantec Anti-Virus Management Server, managed and remediated production issues on Servers, Desktops and Laptops of Virus, Trojans, Ad-hijackers Trojans, and other attack types. Provided proactive approach to reduce and/or eliminate Virus and Trojans from all Servers and PC connected to the Network.
• Verified, deployed, and performed inventory Hot Fixes applied to Servers, Desktops, and Laptops through Microsoft Software Update Services.
• Created Windows 2000 Advance and Standard Server for airports and Head Quarters for Confidential Enterprise servers for Enterprise deployment.
• Designed, engineered, integrated and implemented Confidential Remote Access Controller (DRAC) Card to remotely manage Enterprise Servers to reboot, power on and off, and to troubleshoot server failures remotely through centralized console.

Confidential, Arlington, VA

QA Engineer

Responsibilities:

• Installed and Configured Bug Track Software to track Software Bugs. Generate Report of Bugs to immediately be fixed.
• Installed and configured Software to monitor networks including Web Servers, Mail Servers, and Telephony Servers. Setup test Environment of an external product such as Exchange 2000 Server.
• Created White Box, Black Box, and Web Test Plans.
• Conducted White Box, Black Box, and Web Box Testing of Confidential ’s Unified Messaging Product.
• Performed Performance Testing of Confidential ’s Unified Messaging Service in Lab with limited Automated and Performance Testing Tools.
• Compiled Test Standards for New VOIP Product.
• Installed and configured VOIP Testing Environment with Software based Media Servers and Applications.

Confidential, McLean, VA

Systems Integrator/ QA Tester

Responsibilities:

• Conducted functional system and regression testing of software applications.
• Provided production Support and Internal Support for proprietary application in a Client Server Environment. IIS4 and Forte Web Server Support.
• Performed database administration (table creation, version upgrades, performance tuning, security, backup and recovery) for Microsoft SQL Server 6.5/7.0 in support of Systems Integration and Development Group.
• Performed systems administration on test machines.
• Installed and upgraded of software and Service Packs etc.
• Responsible for maintaining the test lab to include installation and configuration of Compaq 1850 Clustered SQL Database Servers.
• Provided Tier-2 technical support.
• Researched, analyzed, and resolved technical issues with developers.
• Performed backup role as Configuration Manager for developers.