SUMMARY

• Hands - on individual, not just management of personnel.
• Managed, Architected, Engineered, Maintained and Administered in global enterprise environments the following: SIEM, ArcSight, Splunk, Nitro, QRadar, Forensic Analysis, FRED, EnCase, FTK, CAINE, DEFT, NetWitness, IPS/IDS, Sourcefire, SNORT, Tipping Point, Palo Alto, Amazon Web Services (AWS), Azure, Big Data, Kafka, Vertica, Spark, Hadoop, IAM, CA technologies identity solution, IBM TIM/TAM, IBM WebSphere, Identity and Access Management (IdM/IAM), Microsoft Azure Active Directory, NetIQ, PingIdentity, RSA Identity Management and Governance and VIA, SailPoint IdentityIQ, Oracle IDM, Public Key Interchange (PKI), Symantec and McAfee DLP, Mcafee ePO, VMWare vSphere, ESX, ESXi.
• Highly accomplished global enterprise information security professional with over 22 years of progressive experience.
• Managed, architected, engineered, maintained and administered enterprise environment that had 2,600,000 global users.
• Designed and wrote the strategic roadmap for clients whose annual sales were over $15,000,000,000.
• Performed all levels of incident response and cyber intelligence.
• Subject matter expert cyber warfare.
• Established security policies, procedures, practice, and methodology.
• Clients include, but not limited to: Defense Industry (government and civilian), Intelligence Agencies, Banking, Finance, Retail, Communication, Mining, Energy (government and civilian), Medical, Hospitality, Entertainment, Insurance, Government (Federal and State), Airline.
• Extensive experience with ISO9000, ISO9001, ISO17799, ISO27001, ISO27002, ISO27002:2005, HIPAA, HITECH, SOX, PCI-DSS, FISMA, FIPS, NIST,PKI, SSLDC, DIACAP, COSO, COBIT, RA,VA, INFOSEC, OPSEC, C&A, FAM, FAH, DITSCAP, NIACAP, SAS70 ( I & II), SSAE16, DIACAP, POA&M, ERP, DCID 6/3, NISPOM, OMB A-130, SST&E, SSA, SSP, ITIL, DoD 8510.01 (RMF), DoDI 8500 series (Information Assurance/Cybersecurity), CNSSI 1253, and DAA/IATO ATO.
• Advised executive management on Information Technology and Information Security.
• Continuous learner with a passion for innovation in security risk management to drive bottom­line business contributions (optimize security investments, avoid losses from security incidents, improve customer retention, enhance business decision-making, and reduce corporate liability).
• Managed up to 174 personnel worldwide including directors, architects, engineers, developers, and analyst.
• Initiated and maintained responsibility for the development of project goals and objectives, working closely with clients, developing an implementation plan, documenting and testing new processes and tools, and creating quality assurance checklists and methods for collecting quality metrics.
• Detected and analyzed cyber threat activity for the identification of advanced persistent threats and malware in real-time.
• Applied expert understanding of hacker methodologies and tactics, system vulnerabilities and key indicators of attacks and exploits.

TECHNICAL SKILLS

• 3Com/TippingPoint IPS, CentOS, Entrust, Active Directory, Certificates, ePO, Acunentix WVS, Check point, ESX, AdAware, Check Point Software, Etherape, Aelita, Technologies UTM-1, Ettercap, AirCrack, Check Point UTM-1, Exchange, AirDefense Enterprise, Cheops, F5, AirKismet, Cheops-ng, FAH, AirSnort, Chef, FAM, AIX, Cisco, FDDI, Alien Vault, Cisco ASA, Fedora, Angry IP Scanner, Cisco NAC Appliance,
• Fiber Optic, Ansible, Cisco Systems VPN, Fierce Domain Scanner, Apache, Cisco Wireless Security Suite, Findevil, Apithief, Cisco Works, FIPS, AppDetectivePro, Citrix, FireEye, AppScan, Citrix Access Gateway, Firewalk, ArcSight, Citrix Password Manager, Firewall, ArcSight ADP, Client Server, FireWall-1, ArcSight ESM, Clusters, FISMA, ArcSight, Logger, COBIT, Foundstone, ArcSight Network, COGNOS, Fping,
• Configuration Manager (NCM), CORE Impact, Fport, Argus, COSO, Fragroute, ARPWatch, CouchBase, Gauntlet, Arudius, Crackert 11g, GFI LanGuard, AS/400, Crystal Reports, GIS, Audit, CyberArk, GLBA, AWS, Dameware, GroupWise, Azure, Data Loss Prevention, GuardianEdge Data Protection, BAAN, DB2, Platform, Backtrack, Dcfldd, Hadoop Distributed File, Barracuda, DCID 6/3, System (HDFS), BASE, Debian
• HBase, BCP, De-Ice, HBase, BeEF, DHCP, Helix, BIG-IP, DIACAP, HIDS, Breaking Point, Digital Forensics Tool Testing, HIPAA, BrightMail, Disaster Recovery, HIPS, Brutus, DITSCAP, HITECH, BSD, DLP, HP Openview, Budgeting, DNS, Hping2, Burpsuite, DR, HP-UX, Business Continuity, DSniff, Identity Protection, C&A, Dumb terminals, Authentication Service, Cain and Able, Dynamix AX, IdentityGuard, Canvas, Dynamix GP, IDS, Cassandra, EDI, IIS, Cat 6/5/4/3, E-Discovery

PROFESSIONAL EXPERIENCE

Confidential

Chief Consultant

Responsibilities:

• ArcSight Global Capability Leader for Hewlett Packard Enterprise and the development of versions 6.9.1 and 7.0.0 of ArcSight.
• Coordinated and conducted security event collection, using a log management tool, in initiated event management, enhanced compliance automation, and leveraged identity monitoring activities using the ArcSight platform.
• Subject matter expert on ArcSight.
• Used ArcSight in daily operational work and managed the workflow of events.
• Developed content for a complex and growing ArcSight infrastructure, including use cases for Dashboards, Active Channels, Reports, Rules, Filters, Trends, and Active Lists.
• Tuned ArcSight performance and event data quality to maximize ArcSight system efficiency.
• Advised executive and senior leadership on monitoring and reporting best practices and then developed use cases on how to use ArcSight to achieve end state requirements.
• Provided technical architectural services for ArcSight ESM, Logger, and Connectors.
• Provided custom development of Connectors (Agents) using the ArcSight FlexConnector.
• Architect, engineered, administered HP ArcSight User Behavior Analytics v1.0, v1.1, and v5.0
• Provided optimization of data flow using aggregation, filters, etc. Develop custom Flex Connector as required to meet use case objectives.
• Architected the operation of ArcSight Security Information and Event Management systems to include ArcSight ESM, Oracle, Connector Appliances, SmartConnectors, Logger appliances, Windows and Linux servers, network devices and backups.
• Life-cycle management of the ArcSight platforms to including coordination and planning of upgrades, new deployments, and maintaining current operational data flows.
• Applied Configuration Management disciplines to maintain hardware/software revisions, ArcSight content, security patches, hardening, and documentation.
• Managed the establishment, enhancement, and continual improvement of an integrated set of correlation rules, alerts, searches, reports, and responses.
• Developed custom Flex Connector as required to meet use case objectives.
• Life-cycle management of the ArcSight platforms to including coordination and planning of upgrades, new deployments, and maintaining current operational data flows.
• Applied Configuration Management disciplines to maintain hardware/software revisions, ArcSight content, security patches, hardening, and documentation.
• Architected all aspects of Security Information and Event Management initiative.
• Engineered the establishment, enhancement, and continual improvement of an integrated set of correlation rules, alerts, searches, reports, and responses.
• Coordinating and conducting event collection, log management, event management, compliance automation, and identity monitoring activities.
• Tuned ArcSight performance and event data quality to maximized ArcSight system efficiency.
• Developed filters, rules and customized reports for ArcSight Loggers.
• Lead analyst using ArcSight and other tools to detect and respond to IT security incidents.
• Installed, upgraded, and backed-up Connector Appliances, Logger Appliances, and Smart Connectors.
• Architected the establishment, enhancement, and continual improvement of an integrated set of correlation rules, alerts, searches, reports, and responses.
• Architected a distributed Multi-Manager architecture and deployment.
• Provided optimization of data flow using aggregation, filters, etc.
• Life-cycle management of the ArcSight platforms to including coordination and planning of upgrades, new deployments, and maintaining current operational data flows
• Applied Configuration Management disciplines to maintain hardware/software revisions, ArcSight content, security patches, hardening, and documentation.
• Engineered the establishment, enhancement, and continual improvement of an integrated set of correlation rules, alerts, searches, reports, and responses.
• Various source of data log analysis.
• Over 15 years of WebSphere Application Server System Installation, Configuration, Deployment, Administration and Production Support on heterogeneous systems like AIX, Linux and Windows environment with different versions of WebSphere Application Server.
• Involved in creating and configuring profiles, clusters, nodes, node agents for WebSphere Application Server.
• Experience in Installation, Configuration of WebSphere Commerce Server.
• Implemented the Work Load Management using clustering.
• Involved in tuning, security, backup, recovery and upgrades of WAS on IBM AIX, Linux (RedHat&SuSE) and windows.
• Created Clusters and instances in WebSphere Network Deployment to support high availability, fail over and implemented horizontal clustering.
• Configured WebSphere Recourses like JDBC Providers, JMS providers.
• Worked with Global Security, SSL and LDAP.
• Worked with Portal GUI for deploying portlet applications, creating pages, adding portlets to page and access control list.
• Involved in customizing portal applications and administering users, pages, and portlets.
• Experience in troubleshooting, applying patches and plug-in for WAS 5.0/6.0/7.0/8.0/9.0
• Experience in Installation, Configuration of Sessions and Global Security in WAS.
• Involved in migrating WebSphere 6.0 to 7.0, 7.0 to 8.0 on AIX, Linux and Windows.
• Setting up Virtual Hosts on the Web server, configuring aliases and re-write rules.
• Performance monitoring using tools like Tivoli Performance viewer
• Experience in integrating WebSphere Application Server and Deployment manager with IBM Http server, IBM Directory Server, Sun ONE Web Server, Oracle, DB2 and SQL servers.
• Highly proficient in automating environment builds, administration and deployment operations using standard scripting utilities like Shell scripting.
• Involved in Installing Upgrade Fix Packs and Migrating to latest versions.
• Experienced in applying Refresh packs, Fix packs, Cumulative Fix packs for all versions of WebSphere application server and different flavors of Web Servers
• Writing Splunk Queries.
• Creating Applications on Splunk to analyze the Big Data.
• Development of SPLUNK Queries to generate the Report.
• Dashboard Creation in SPLUNK, running SPL Queries.
• Various Metrics Creation in SPLUNK.
• Automation/Simplification of Digital Guarding Process through SPLUNK.
• Importing the data in Splunk through inputs.conf, props.conf and transforms.conf.
• Automation/Simplification of Digital Guarding Process through SPLUNK.
• Creating DLP(Data Leakage Prevention) Reports through SPLUNK.
• Developing SPLUNK Application.
• Designing and Setting-Up the Splunk Architecture in the organization.
• Configuring Indexers, Forwarders ( Universal and Heavy ),Search Heads, Deployment/Management Servers.
• Creating Dashboards according to the business needs using Advance XML.
• Architected, implemented, engineered, and administered Log Management, Event Management and Security monitoring.
• Identity Management subject matter expert to organizations during IdM / IAM tool vendor selection process, leveraging knowledge capital, lessons learned, insights, and best practices around Identity and Access Management.
• Reviewed and identified gaps in current state IdM / IAM environment, including IdM / IAM business processes/workflows, application inventory, technical architecture, and functional/technical requirements document.
• Created technical content for request for proposal and vendor scorecard and assisted in managing of IdM / IAM proof of concept.
• Created the identity management roles/rules processes, use cases, workflow and data flow documentation.
• Identity Management vendor and services selection.
• Training of existing staff on Identity Management methodology and toolsets.
• Wrote Business Requirements, System Requirements, and supporting IdM / IAM documentation.
• Architected, designed, engineered, and administered on multiple IdM / IAM work streams, Access Management (SSO, Application Security and Entitlements via Entrust’s Get Access and BMC’s Control-SA), Password Management, Provisioning (Sun/Waveset Identity Manager), Delegated Administration, Third Party Data Management (Federation) and Directory (LDAP) Management - Novell’s eDirectory, MS Active Dir and MIIS).
• Architected, designed, engineered, and administered of Identity Management software including Business Layers eProvisioning, (now known as Netegrity IdentityMinder w/ Provisioning, also known as BMC Control-SA/eProvision and SchlumbergerSema Secure Provisioning Director), Netegrity SiteMinder, Netegrity IdentityMinder with Web and Provisioning modules and associated support software including LDAP directories (Active Directory, Novell Directory Services, Netscape iPlanet, IBM SecureWay), multi-NOS platforms, Database (SQL), ILOG J- Rules (Java based) and VB Script.
• Implemented Ping Identity’s Ping Federate using SAML protocol to provide authentication, attribute and authorization portability across autonomous security domains ( used PingFederate to enable standards based single sign-on and attribute exchange across domains).
• Architected, designed, engineered, and administered implementation of Sun Java System Identity Manager as replacement for home grown provisioning system into AD, UNIX, RACF, Peoplesoft as well as hundreds of applications and databases.
• Creation of identity management process, strategy, best practices and architecture documentation including access management, password management, LDAP management, provisioning, delegated administration, and sponsor lifecycle management utilizing the rational unified process (RUP).
• Performed full forensic recovery and analysis.
• Performing forensic examinations across various digital devices and storage media utilizing forensic software such as EnCase, FRED, FTK, CAINE, and DEFT.
• Oversaw evidence management/chain of custody (case management, acquisition/preservation, analysis, reporting).
• Install and maintain security infrastructure, including IPS, IDS, log management, and security assessment systems.
• Customized security content including filter/rule/report creation, signature categorization, and vulnerability mapping.
• Build, implement and deploy data security solutions including IDS/IPS sensors and management consoles.
• Install, configure, manage, and troubleshoot Cisco Sourcefire IPS appliances and Defense Center.
• Delivered and cultivated rapid threat detection and mitigation using Cisco Sourcefire IPS with AMP.
• Designed, Implemented and maintained SOURCEfire 3D System and provided visibility & security to network using tools such as 3D sensors — RNA, RUA, & Defense Center with Snort engine based Intrusion Prevention System(IPS).
• Worked with Microsoft Azure cloud computing platform and services for 4 years with various clients in multiple verticals.
• Worked with Amazon Web Services (AWS) for 6 years.
• Created, configured and implemented Virtual Private Cloud (VPC), Security Groups, Network Access Control List (NACL), Elastic Compute Cloud (EC2 instances), Elastic Block Store (EBS), Simple Storage Service (S3), Elastic Load Balancer (ELB), RDS MySQL, Subnets, Snapshots, Auto-Scaling groups, Route 53 DNS, Glacier, Elastic File System (EFS), Cloud Front, Cloud Watch, Cloud Trail.
• Experienced in designing AWS cloud models for Infrastructure-as-a-Service, Platform-as-a- Service, and Software-as-a-Service.
• Created migration roadmaps to AWS public Cloud regions, designed architecture models compliant with security policies and Federal Information Processing Standards.
• Architected and configured hosting infrastructure in AWS, this includes configuration of Hybrid cloud environment, connecting on Premise data center to AWS VPC's using Redundant AWS direct connect, configured Secure VPN connection with subsidiary companies.
• Developed a product using Big Data Analytics, Hadoop for mapreduce and Amazon Cloud Computing platform and Microsoft Azure, Asp.Net with Jquery & Ajax, Bing maps, Json files to speed up data display, Windows Server platform, SQL Server, SQL scripts, and Python for data manipulation.
• Improved data processing and storage throughput by using Hadoop framework for distributed computing across clusters.
• Technical Architect of the personalization platform serving millions of customers; The platform consumes billions of user based events/logs and builds the datasets required for personalization.
• Designed and implemented the key components of the platform to perform real time ingestion of the events from over 10000 data sources both in structured and unstructured form.
• Implemented the HBase client modules which do fine grained analytical reports for the team of data analysts and business.
• Designed the real-time analytics and ingestion platform using Storm and kafka.
• Hands on experience with multiple NOSQL databases including Riak, Couchbase, HBase and Cassandra
• Implemented the backend platform to do large scale ingest, state machine based intelligent sessionization and sequencing of user actions.
• Applying machine learning algorithms in order to identify the most significant features across different datasets.
• Used Big Data, design and build portfolio of event-driven and long-short trading algorithms to exploit various cycle and seasonal trading opportunities using TradeStation.
• Architected, implemented, engineered, and administered full Identity and Access Management products.
• Architect a Solution for federation between existing NetIQ Access Manager and Oracle Access Manager.
• Architected Oracle Identity Governance products, OIM, OPAM, OAM, OAAM.
• Implementation, Design and Installation of IBM Security Products.
• Implementation Tivoli Identity Manager and Tivoli Access Manager Solution.
• Migration from ISAM 8 (Software Version) to ISAM 9 (Appliance Firmware 2.0.1.0).
• Configuration of WebSphere, DB2 and HTTP Applications in conjunction with TIM and TAM implementations.
• Global PKI Implementation, rolled out 10,000+ client certificates and 2000+ server certificates.
• Owned Secure Email project, enhanced PKI vendor responsiveness, brought about radical improvements in Key Management (KMS) reliability, set up operations support group, metrics, and implementation plans.
• Wrote Infrastructure Control Review.
• Responsible for product management, consultation, strategy, and standards.
• Established Certificate Practice Statement and Certificate Policy.
• Owned SSL Server OnSite certificate strategy and contract renewal.
• Worked with Office of the General Counsel to develop and publish corporate encryption policies.
• Integration Test Lab product owner for encrypted/signed email, Adobe digital signatures, etc.
• PKI product owner through four annual audits with no comments.
• Led team which delivered technical solution and documentation secure email for a high visibility project with severe time constraints.
• Managed vendor relationships with VeriSign and RSA.
• Architecture, Design and Deployment of Symantec DLP infrastructure including building and configuring servers as needed and supporting local administrator resources.
• Operational support and maintenance of Symantec DLP infrastructure, including deployment, analysis, tuning, configuration, security administration and upgrading.
• DLP policy development, authoring, maintenance, and refinement.
• Creation and modification of DLP detection policies and policy elements (response rules, directory groups, etc.)
• Rollout and Deployment.
• DLP Access control administration.
• Monitor DLP infrastructure for health checks, connectivity and availability.
• System administration of multiple DLP environments as assigned (test, pilot, production).
• Auditing/assurance, including development, implementation, and maintenance of plan to regularly review policies and verify on-going DLP coverage at all monitoring points; preparing relevant coverage info for internal customers and external clients.
• Architected, installed, configured, and maintained, the following McAfee products: Enterprise Policy Orchestrator (EPO), Virus Scan Enterprise, Data Loss Prevention (DLP), McAfee Agent, and Host Intrusion Protection (HIPS).
• Administer system policies, repairs, and deployments and maintain agents on EPO to support applications/tools not limited:
• Developed solutions for desktop support, server support teams, and supported business groups in the installation and maintenance of applications and servers with regards to ePO.
• Architected, installed, engineered, tuned, maintained Identity and Access Management products:
• Established a Risk Management Framework (RMF) program that implements the role of Authorizing Official and Security Control Assessor in a de-centralized construct.
• Defined and developed the processes required for Command RMF Security Authorization Package processing.
• Developed Ports, Protocol, and Service Management outline for application, network, and database connections; assed requirements and drafted PPSM Registration data for DISA.
• Conducted RMF assessments of threats and vulnerabilities, determine deviations from acceptable configurations or enterprise or local policy, assess the level of risk and managed appropriate mitigation countermeasures.
• Managed IT security compliance, risk and control assessments, access rights, and remediation efforts as they relate to audit findings for internal controls and Federal Risk Management strategies.
• Cross-trained various technical teams on DISA STIG requirements, system hardening, and performing tasks associated with certification and accreditation based on NIST RMF 800-37 guidelines and 800-30 Risk Assessment procedures.
• Provided support by conducting RMF assessments of threats and vulnerabilities, determine deviations from acceptable configurations or enterprise or local policy, assess the level of risk and managed appropriate mitigation countermeasures.
• Served as the principle RMF SME for application security and accreditation of major applications; drafted documentation and procedures to assess each control family.
• Analyzed compliance and technical control validation data to determine and report baseline variance for all applicable application technology environment for DISA Vulnerability Management requirements and transition from DIACAP to RMF.
• Evaluate threats, vulnerabilities and risk while supporting real-time security monitoring operations.
• Install, configure, maintain, audit, upgrade, update security products (non-inclusive): proxy servers (BluecoatSG 300-9000), Infoblox, Vulnerability scanners, Application Scanners.
• Strong experience configuring and deploying Web Application Firewalls (Imperva).
• Architecture, design, install, configure VMware ESX, ESXi, within VI3, vSphere 4 and vSphere 5 environments with VirtualCenter management, LabManager, vCloud Director, Consolidated Backup, DRS, HA, DPM, vMotion, VMware Data Recovery, VMware Site Recovery Manager (SRM), vCenter Operations Manager, Horizon Workspace, Horizon Mirage, ThinApp and VMware View desktop virtualization infrastructure (VDI).
• Build, configure and deploy VMs and templates. Completed Physical-to-Virtual (P2V), Virtual-to- Virtual (V2V) and Virtual-to-Physical (V2P) migration of Windows NT, 2000, 2003, 2008, and 2012 as well as Linux servers from VMware, Hyper-V, Xen and legacy hardware.
• Maintained security of voice and data networks and equipment. Monitored and maintained physical and logical security and access to systems. Responsible for support of existing security policies and procedures, as well as creation and implementation of new security procedures. Risk assessment of partners. Presented options to management for the enhancement of DNS, firewall, modernization of firewalls, and inbound e-mail security and robustness. Assisted with the upkeep of network infrastructure including switches and load balancers. Assisted in migration of VPN concentrators to new project. Achievements include completing TruSecure enterprise certification, and development of incident handling procedures.
• International enterprise expertise in auditing, information security, and business continuity & disaster recovery management and planning.
• Performed economic analysis, planned, programmed, and budgeted for information systems resource requirements (equipment, people, and facilities).
• Developed strategic plans, policies and operating procedures.
• Assured that operations were maintained at targeted service levels.
• Streamlined departmental operations on a continual basis to improve business processes and reduce redundant personnel.
• Developed integration capabilities with 3rd party systems including network management and trouble ticketing applications.
• Oversaw incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary.
• Provide technical leadership to the enterprise for the information security program.
• Mentor and train others in information security in addition to training for other technical groups.
• Assess threats, risks, and vulnerabilities from emerging security issues.
• Publish Security Updates newsletter for technical groups.
• Managed process and acted in the lead role for computer security incident response team.
• Perform and create procedures for system security audits, penetration-tests, and vulnerability assessments.
• Develop scripts to maintain and backup key security systems.
• Ability to translate business requirements into solutions delivered by development teams.
• Worked closely with Certification & Accreditation, Counter Intelligence, and Information Assurance Team.
• Identification of cyber threats associated with systems and technology vulnerabilities and risks via analysis of the information and data.
• Collaborated with IT resources on troubleshooting and configuring networking devices, various platforms, and databases.
• Applied Configuration Management disciplines to maintain hardware/software revisions, content, security patches, hardening, and documentation.
• Coordinated and conducted event collection, log management, event management, compliance automation, and identity monitoring activities.
• Proactively researched emerging cyber threats.
• Directly communicated to team members and executive leadership both quantifiable and qualifiable cyber risk to the enterprise and vendor partners though operational briefings and threat intelligence reports.
• Investigated and analyzed events related to cyber incidents.
• Planned, directed and facilitated response and recovery activities, based on a mature understanding of data sources, in response to a cyber-threat incident.
• Expert in NIST Risk Management Framework (RMF) and the system and application Certification & Accreditation (C&A) process including development of the System Testing and Evaluation (ST&E) plan, System Security Plan (SSP), Configuration management (CM), System Security Authorization Agreement (SSAA), Disaster Recovery Plan (DRP), Business Continuity Plan (BCP). This includes all aspects of the Risk Assessment (RA), from identification of the Major Application Metric under the General support systems, and the mitigation procedures using the Plans of Action and Milestones (POA&M).
• Expert knowledge in RMF, NIST, FISMA, FIPS, FAM, FAH, DITSCAP, NIACAP, DIACAP, DCID 6/3, NISPOM, OMB A-130, PCI-DSS, SOX.
• Performed extensive research and analysis of the existing DIACAP-based Command processes and leveraged a thorough comprehension of DoD Cybersecurity policy drivers and chains of command as it relates to performing C&A.
• Initiate RMF processes and oversaw DODI 8510.01 (RMF) activities for assigned information systems to transition from DIACAP to RMF.
• Information Assurance (IA) Engineering and Architecture, Security Testing, and Certification & Accreditation (C&A) for an unaccredited enclave environment to go live with Authority to Operate (ATO) accreditation. Provided architecture and all levels of support during all phases of systems engineering, software development, testing, deployment, and maintenance. This support included IA requirements definition/analysis, security engineering, security architecture development, security design, integration support, DIACAP documentation development, security testing, data base management systems, security infrastructure applications/tools/services, Multi-Level Security (MLS) systems, Cross Domain Solutions (CDS), Service Oriented Architecture (SOA) security, Intelligence Community security configuration guides (e.g., DISA STIGs/checklists, CIS benchmarks, etc.), automated security testing utilities/tools (e.g., DISA GoldDisk and SRR scripts, NESSUS, Retina etc.), DoDI 8500.2 IA controls, NIST Special Publications (800- series), and network devices. Responsible for areas such as identifying INFOSEC requirements, defining security aspects of system architectures, determining testing requirements and methodologies, and conducting analytical risk management activities related to the development of information systems. Performed engineering services that included but were not limited to the following: engineering studies and analyses; technology planning; systems architecture development; requirements development; concept development; systems design; system development and integration; test and evaluation; systems operation; control of systems and components; integrated logistics support; modeling and simulation; configuration management; Demilitarized Zones (DMZs); operating systems (Microsoft, Linux, Unix);security test and evaluation; security certification testing; independent verification and validation; penetration testing; auditing; ethical hacking; information assurance control testing and validation; information system security policy; information protection needs elicitation; technologies and applications relating to web services, service oriented architecture, intrusion detection/prevention, anti-virus, and firewalls; and systems acquisition and life-cycle management in compliance with current industry and government practices.
• Analytical support included research and development of defensive information warfare concepts and strategies, particularly within the national security framework. Coordinate related intelligence community and DOD DISA Federal Department and Agency IA planning activities and identification of policy, technical, and programmatic issues crossing organizational, functional, and program boundaries. Manage and participate in software, systems, and security engineering activities, such as: small and large scale systems and security engineering and development efforts; technology lab development for system and security application prototyping; architecture and infrastructure analysis; INFOSEC requirements definitions; technology evaluation and assessment; e-commerce, public key infrastructure (PKI) design and deployment; multi-level security technologies; intrusion detection and analysis; simulation and modeling; development of IA concepts and strategic implementation planning for Intel community CIO Office and DOD DISA organizations; web site and content design and development and integration of DIAP IA policy and guidance system to serve as centralized and authoritative source of IA policy, legislation, directive; perform and conduct system-level designs, reviews, and risk management assessments; develop certification and test and evaluation, technical reports, and project plans; perform systems integration and monitoring of the implementation of processes, hardware and software solutions, and technical writing.
• Ensured credit card systems were built and operated in compliance with Information Security Policies and Payment Card Industry (PCI) regulations.
• Outlined the information security controls, testing, and evaluation requirements for the Systems Security Development Life Cycle. (SSLDC).
• Provided Information Assurance activities in accordance with current DOD policies, National Institute of Standards and Technology (NIST), industry best practices and Defense Information Systems Agency (DISA) guidance.
• Ensure all pertinent information is obtained to allow the identification, categorization, incident handling and triage actions to occur in a time sensitive environment.
• Analyze network traffic and various log data and open source information to determine the threat against the network, recommend appropriate countermeasures, and assess damage.