SUMMARY

• Over 10 years of Information Security Engineering Implementation/Architecture, Analysis and Enforcement Cloud and on - premise environments .
• 10 years of cross-platform experience in systems administration, including analyzing, designing, installing and supporting.
• Performed manager role on security-related projects.
• Develop exceptional relationships with clients, co-workers, upper management and end users.
• Maintained/Created Information Security programs.
• Recommended, implemented and monitored policies and procedures for appropriate network security and Incident Response.
• Performed and/or coordinated regular security assessments of existing or new infrastructures.
• Reviewed, tested and deployed tools for the monitoring and protection of the networks, cloud and on-premise environments.
• Supporting TCP/IP, Routers, Switches, VPN, and VLAN’s technologies to include Firewall and Router Protocol implementation.
• Establishing practices and system configurations to ensure the safety of information systems assets and to protect information systems from intentional or inadvertent access or destruction.
• In-depth knowledge on Routing Policies, Network Architecture, IP Subnetting, VLSM, TCP/IP, NAT, DHCP, DNS.
• Identified, developed, and implemented systems and processes to detect security incidents in order to enhance compliance and support of security standards and procedures.
• Identified, Designed and implemented IDAM systems and processes.
• Performed duties as an Information Security Engineer by assisting client with Computer Network Defense (CND), Security Engineering and Incident Response & Analysis.
• Vulnerability assessment and penetration testing methodology; knowledge of and experience with applying Common Weakness Enumeration (CWE) and Common Vulnerability Scoring System (CVSS).

TECHNICAL SKILLS

Scripts/Programming: PowerShell, VBScript, Batch Script, Shell Scripting, Python, Java, Ruby, Perl

Software: Symantec SEP, Kaspersky End Point Security, RSA Envision, RSA Analytics, Qradar, ArcSight, Splunk, Cloud Trail, Palo Alto Firewalls, Palo Alto Traps, Palo Alto CASB, Check Point, Sourcefire IDS/IPS, Fire Eye, Aruba ClearPass, AlgoSec, Metasploit Exploitation Framework, OpenVAS, Nessus, Rapid7, Symantec SCCS, Wireshark, Backtrack Framework, Kali, sinkhole, BurpSuite, OSSEC, Big Fix Tivoli End Point Manager, Sophos End Point Encryption, Manager, AppRiver, Tanium, Meraki, Qualys, Symantec DLP, CyberArk, Cylance, Carbon Black, Splunk Enterprise, SolarWinds, RSA Witness, AlienVault, OKTA, Proofpoint, Agari, Archer, Anomaly Threat Stream, AWS, Azure, Active Directory, Azure AD.

PROFESSIONAL EXPERIENCE

Confidential

Sr. Security Engineer

Responsibilities:

• Evaluated implemented and managed security products and technologies Firewalls, IDS, SIEM, Security Auditing / Vulnerability Management, Anti-virus, End-Point Security, DLP, NAC, Privileged Account Security, Forensics and others.
• Engineered Solutions to cover security controls i.e. IDAM, and incident mitigation conforming to defense in depth practices for cloud and on-premise environments.
• Perform log management and threat analysis set up and fine-tuning
• Responsible for implementation, automation, management, and architecture of security services (SIEM, DDOS/WAF, IPS/IDS, PKI, PAM)
• Evaluated new and emerging security products and technologies; making recommendations to senior IT leadership concerning adoption of new technologies to the enterprise environment.
• Coordinated and lead the migration of log management and analysis into Splunk.
• Evaluated and worked with MSSP to build 24/7 security monitoring and incident response Capabilities for the organization.
• Coordinated facilitation of internal and external audits for the organization and provided management direction as to how to remediate action items related to information security.
• Effectively managed internal and external auditor requests for applicable PBC/testing evidence in a timely fashion, assist in driving efficient and effective PCI/NYDFS/HIPAA audits.
• Lead migration server base into new security tools for integration purpose.
• Managed VM (vulnerability management) program to ensure corporate information system infrastructure was protected from external and internal threats.
• Addressed and mitigated all high and medium risks which were identified through scheduled vulnerability scans and penetration testing.
• Participated in DevSecOps operations/engineering.
• Lead for several engineering projects as part of the CSS (Cyber Security Services) train for cloud and on-premise environments.

Environment: Qualys, Tanium, Sep, AlgoSec, Palo Alto Firewall, Palo Alto CASB, Palo Alto Traps, Splunk, Aruba, Symantec DLP, Meraki, Aruba ClearPass, Archer, Sans Sift, CrowdStricke, Encase, BurpSuite, Cisco Snort, Gartner, Anomaly Threat Stream, Proofpoint, Okta, Agari, Cloud Trail, OSEC, Alien Vault, AWS, Azure, Azure AD, Dell Secure Works, Veracode

Confidential

Sr. Security Engineer

Responsibilities:

• Implemented Managed and supported Firewalls, IDS, SIEM, Security Auditing / Vulnerability Management, Anti-virus, End-Point Security, NAC, Privileged Account Security and others. (SME for assigned solutions for cloud and on-premise environments).
• Design, planning, leading and developing cyber security environment (Advance Threat Detection and IPS/IDS)
• Coordinated remedial measures for security events, incident and vulnerabilities.
• Supported / coordinated vulnerability management services for the organization.
• Proposed and implemented Network Access Control.
• Assessed and implemented Privileged Account Security (CyberArk).
• Architected and Implemented SIEM (Qradar).
• Managed, configured and tuned Qradar to functional productive levels.
• Participated in migration and implementation of Check points Firewall.

Environment: Check Points, Rapid7, Fire Eye, CyberArk, Symantec DLP, Bradford NAC, Qradar, Sophos Safeguard 7.0, Imperva Secure Sphere, MacAfee EPO 5.3, Tivoli, Goverlan, SolarWind, IBM VMS, Cylance

Confidential

Security Architect

Responsibilities:

• Focused in cutting edge architecture and deployment of Splunk enterprise security.
• Took part in threat modeling designing for security.
• Lead the Implementation of initial use cases within Splunk for a wide arrange of security tools and company wide applications.
• Reviewed global NIDS, Firewall, NAC, DLP and other tools.
• Created and collaborated security incident response activities for tear 1,2 and 3 support.
• Researched and identified key indicators of malicious activities on the network.
• Worked and collaborated with the security operations center (SOC) environment on vulnerability and threat assessment/management.

Confidential, FL

Sr. Information Security Engineer

Responsibilities:

• Achieved SOX/PCI compliance, with (0) material findings.
• Ensured Identity Management procedures were appropriately ran to remove access from terminated employees and maintained (0) deviation of active user accounts on managed applications/databases against active employees in HR Management System.
• Maintained Coverage of devices by security tools in the range of 94 percent to 99 percent (goal was set to 100%).
• Installing and administered firewalls and IDS/IPS systems in enterprise networks cloud and on-prem.
• Effectuated Network scans in regular intervals to see if coverage was slipping or holding steady.
• Configured enterprise anti-virus/anti-spam/anti-malware solutions (Symantec SEP and managed migration to Kaspersky).
• Coordinated with IT Operations to ensure effective patch management practices were being performed on the organizations information systems and provided IT Management with patch management compliant report with patch release levels on enterprise server infrastructure.
• Evaluated new and emerging security products and technologies; making recommendations to senior IT leadership concerning adoption of new technologies to the enterprise environment.
• Managed VM (vulnerability management) program to ensure corporate information system infrastructure was protected from external and internal threats.
• Addressed and mitigated all high and medium risks which were identified through scheduled vulnerability scans and penetration testing.
• Coordinated facilitation of internal and external audits for the organization and provided management direction as to how to remediate action items related to information security.
• Effectively managed internal and external auditor requests for applicable PBC/testing evidence in a timely fashion, assist in driving efficient and effective SOX-ITGC/PCI audits.

Environment: Symantec Endpoint Protection, RSA SecureID, Wireshark, BackTrack Framework, OSSEC, IBM Security Qradar SIEM, Big Fix Tivoli End point Manager, Fire Eye End Point, Sophos End Point Encryption Manager, AppRiver, Kaspersky End Point Security, AWS, AZURE, More .

Confidential, FL

Information Security Engineer

Responsibilities:

• Achieved SOX/PCI and GLBA compliance, with (0) material findings.
• Maintained and coordinated IDAM process within the organization.
• Coordinated facilitation of internal and external audits for the organization and provided management direction as to how to remediate action items related to information security.
• Effectively managed internal and external auditor requests for applicable PBC/testing evidence in a timely fashion, assist in driving efficient and effective SOX-ITGC/PCI audits.
• Monitored security logs of windows/Unix environment, network infrastructure and security devices including firewalls, Intrusion Detection Devices and routers/switches performed in a consistent manner for regulatory requirements (RSA Envision Log Management Platform).
• Performed information security risk analysis, vulnerability assessment on internal environments and external facing apps(web) and perimeter.
• Performed penetration testing, forensic analysis, and regulatory compliance assessment.
• Supported products including Sourcefire IPS/IDS, RSA Envision, Palo Alto Application Firewall, Symantec Endpoint, Symantec SCCS and Rapid7.
• Monitored network perimeter for suspicious traffic or events; compiled and validated statistical data from logging tools, fused threat and vulnerability information with data collected across the enterprise.
• Correlated, analyzed, and escalated events using security event management tools and following best practices.
• Assisted in assessing, piloting, testing and deploying new security tools and applications.
• Continuously Assessed and reconfigured tools in place to meet with the best practices and to adjust to the new security trends.
• Prepared and delivered incident and root cause analysis reports and summaries with a high level of technical accuracy; explained technical concepts to non-technical audience.

Environment: Active Directory, Batch Scripts, VB Scripts, Metasploit Exploitation Framework, Backtrack (Linux), Kali(Linux), Core Impact, Encase, Autopsy Forensics Suite, Source Fire IDS/IPS, RSA Envision SIEM, RSA Analytics, Symantec SCCS, Rapid 7, Palo Alto Application Firewall, Symantec End Point, More …