SUMMARY

• I am a highly motivated, technically oriented security professional with more than 20 years of in - depth security experience in the operational (including IR and threat hunting), engineering, and architectural arenas. I am well versed in qualifying risk to business leaders and partners while maintaining solution centricity.

PROFESSIONAL EXPERIENCE

Confidential

Sr. Systems Engineer, Cyber Security

Responsibilities:

• Performed both engineering and architectural roles in the multiphase identity management solution replacing paper-based processes with online digital processes and automation.
• Implementation and support of information security policies and practices for company-wide computing and networking systems.
• Primary point of contact for security incidents including system intrusions and abuse.
• Implement, manage, and maintain the Enterprise PKI infrastructure, encryption solutions, Network IDS/IPS, Antivirus, Security Incident Event Manager, Web Application Firewall, DLP, and Proxy Solutions.
• Design and evangelize the solution roadmaps (HLD) and detailed technical designs for all areas of responsibility listed above.

Confidential

Technical Manager

Responsibilities:

• Led, managed, coached, developed and semi-annually reviewed a team of advanced (+) engineers with a mix of proxy, load balancing, database access & monitoring and DLP lines of expertise, all remote team members participating in a global FTS virtual team for a large scale managed network/security service contract with one of the top three multinational banking organizations.
• Planned and established formal PMO engagement model for billable projects and a formalized client engagement process. This resulted in additional organic revenue growth of $2.3 M in 2014 and $3.5 M in 2015 with projections for 2016 exceeding both prior years combined.
• Successfully transitioned platform portfolio to Confidential support within two months of start.
• Worked extensively with client SLT regarding operations and project escalations, technical diagnostics efforts during major incidents, strategic and tactical coordination efforts for service improvement and enhancement.
• Established a baseline for performance analytics from multiple, non-contiguous data sources.

Confidential

Senior Network Security Engineer

Responsibilities:

• Act as the single point of contact for all organizational security issues and architecture.
• Provide mentoring for junior security associates.
• Provide Tier 3 and escalation support to both in-house personnel and customers on the full spectrum of the security landscape.
• Created backend management architectures for multitenant hosted security solutions.
• Perform turnkey firewall, IDS/IPS and DLP management, engineering and implementation focusing on the SMB market utilizing best of breed solutions.
• Responsible for internal penetration testing and compliance based firewall configuration audit.
• Provide engineering support for the sales team on customer engagements.

Confidential, Tampa, FL

Enterprise Security Architect

Responsibilities:

• Performed pre-implementation planning, architecting, implementation and go-live operations for Vontu (Symantec) DLP 10.5, including Network Discover, Data Insight (CAVA integrated), Network Discover, Network Prevent (Web integrated via ICAP with McAfee Web Gateway / Email integrated via Exchange SMTP services), Network Monitor (Multiple systems running RHEL 5 passive ports fed by multiple Gigamon rack mount tap appliances in different physical locations).
• Implemented LogRythm logging and monitoring platform.
• Developed the plan for, purchased and implemented full disk encryption for all laptops.
• Monitored and audited information security systems to identify security anomalies/exposures.
• Performed real time and post event analysis of security occurrences using forensic investigative techniques to determine validity and appropriate responsive actions.
• Developed and implemented SOX baselines and Nessus audit checks for all in-scope systems.
• Developed and implemented all security baseline scan profiles in Nessus to check systems for production readiness (both internal and externally exposed systems).
• Implemented ISA (migrated to Forefront TMG) reverse proxy with SSL offload and URL rewrites using both ISA and NetScaler for Time Entry application.
• Advised Senior and Executive Management on reduction of security deficiencies and exposures.
• Oversaw the evaluation and testing of all technology solutions to ensure proper security posturing and alignment to baseline configuration standards.
• Key player in all technology projects representing the enterprise security function.
• Managed the configuration of technical security controls and security systems.
• Designed and implemented multiple SIEM tools, OSSIM, Splunk and MARS.
• Designed, implemented and maintained multiple Cisco ASA HA paired firewalls employing a novel design of multiple security zones tied to specific switch based VLANs in order to segregate traffic and enforce specific security rulesets on system to system DMZ based communications.
• Designed and implemented an LDAP based authentication system for Time Entry. Using an LDAP proxy to virtually aggregate multiple directories (ADLDS & AD) based on user group membership.
• Designed and implemented user password self-service interface for Time Entry (using a custom PHP application riding on LAMP).
• Consulted with business leaders and performed analysis, evaluated requirements, recommended designs, provided cost analysis, planned projects, and coordinated tasks for deployment of security controls.
• Managed and directed activities related to security problems and emergencies; Led the troubleshooting and resolution of information security problems.
• Acted as a key participant for all production outages and troubleshooting (Cisco switches and routers, Windows and Linux servers, application logs and packet trace analysis).
• Performed exhaustive OSI stack analysis for root cause analysis.
• Updated and maintained all security diagrams and documentation.
• Created the Enterprise Security Department and the Enterprise Security Program.