SUMMARY

• Experienced, knowledgeable Senior Security Engineer directing a broad range of corporate IT Security initiatives while participating in Evaluating Test/Certifying, Designing, planning, analysis, troubleshooting, training & implementing solutions in support of business objectives.
• Dedicated team leader; able to coordinate and direct all phases of project - based efforts while motivating, and guiding teams. Highly conversant and experienced in a variety of security architectures, concepts and techniques, including: access control, Cloud Services & Security, Information Security Governance & Risk Management, Security Architecture & Design, Physical & Environmental Security, Telecommunications & Network Security, Cryptography, Business Continuity & Disaster Recovery, Legal/Regulations/Compliance/Investigations, Software Development Security & Security Operations.

PROFESSIONAL EXPERIENCE

Confidential

Senior Cyber Security Engineer

Responsibilities:

• Member of the Threat Intelligence & Engineering teams within the Global Security group responsible for the strategy, architecture, design, support, availability & reliability of all Confidential Enterprise networks and Properties.
• Lead Emergency Incident Response (EIR) engagements and guide clients through a variety of incidents (i.e., breaches, malware/virus outbreaks, security incidents, and forensics investigations). Provide guidance on tactical and strategic response and remediation recommendations
• Senior Member of the Incident Response Team (SymCERT) & Security Investigations Team handling incidents/investigations and driving them to resolution, working with Government Agencies on certain matters.
• Ensuring the stability and integrity of access control and evaluating, engineering, implementing, managing, monitoring and troubleshooting systems which include but not limited to; Firewalls, IPS/IDS (IBM Proventia/ Confidential TippingPoint IPS SMS), Endpoint Security (SEP, DLP, PGP full-disk encryption), Firemon Security Manager for policy/change management used in the monitoring of critical cyber assets associated with the operation of multiple departments collaborating with teams within GSO and organizations across the company.
• Install, support and maintain firewall and other security hardware and software infrastructure according to industry best practices, including firewalls, intrusion detection and prevention devices.
• Recommend, Plan and manage Network & Endpoint Security Infrastructure Deployments using Change Management.
• Manage & Monitor Endpoint & Network Security Products like DLP/Encryption/FW/IPS/IDS/AV & Malware security systems by establishing and enforcing policies; defining and monitoring access.
• Perform DDOS Mitigation with Network layer Detection and mitigation devices including Verisign DDOS & Akamai Kona Security Solutions like Kona Site Defender.
• Take lead in troubleshooting call represent group effectively and get to root cause of issues quickly.
• Analyze Perimeter & Endpoint Security solutions and forensic data to identify anomalous/suspicious/malicious activity and determine if it qualifies as a legitimate security incident.
• Monitor trends and recommend future architecture strategies and roadmaps
• Operational Intelligence using Splunk, Verisign DDOS and Akamai Luna Portal for threat detection for all Confidential & Norton Properties and recommend waf rule configurations, waf rate control, waf ip block and best practices.
• Analyzes network infrastructure rule sets manually and use software tools to ensure proper security posture for compliance. Writes reports and briefings related to specific information security issues.
• Work/Interface with external vendor support (Checkpoint Diamond Support, Juniper JTAC, Cisco TAC etc…) to resolve non-standard client issues such as bugs and other OS or hardware issues in a timely manner.

Confidential

Senior Perimeter Security Engineer

Responsibilities:

• Member of Confidential ES Perimeter Security Architecture & Engineering Team performing tasks such as evaluating, Designing, Implementing, managing, monitoring and troubleshooting Enterprise Network Firewalls - Checkpoint R75, Juniper SRX, Palo Alto NGFW, Enterprise IPS/IDS - Confidential Arcsight, Juniper IDP, IBM (ISS Proventia) IPS & Confidential TippingPoint IPS SMS, Proxy Solutions - Bluecoat Proxy SG, Database Access Monitoring - IBM InfoSphere Guardium Data Security, Radware AppXcel & CID, Fireeye CMS & Web MPS, Confidential Fortify, Confidential WebInspect, Confidential SEP, Confidential (Vontu) DLP, Firemon Firewall monitoring/management, Endpoint Encryption (Checkpoint Pointsec)
• Mission-critical protections and granular forensic analysis of attacks utilizing ArcSight, IDS/IPS content & Malware Analysis.
• Respond to escalations from incident response team to provide technical expertise by coordination with appropriate external vendor support & Perform Period Access Reviews as needed.
• Provide support in identifying malicious network activity, threats impacting or potentially impacting Global Enterprise networks and developing appropriate countermeasures eliminating network threats and vulnerabilities.
• Participating with information technology professionals in engineering design and hands-on implementation, successfully collaborating with staff in the IT line of business areas to develop and implement efficient, appropriate IT projects and programs.
• Configuring and monitoring Intrusion Detection Systems and read, interpret and analyze network traffic and related log files
• Maintain the Firewall solution and provide guidance on code upgrades, etc.
• Administration of security related logs and events via console activity to determine cause of security related events or to identify potential security related risks.
• Perform policy modification and rule changes on firewalls, IDS/IPS/DLP including SSL VPN, VLAN, and NAT changes on cluster networks. Monitor and review security logs and alerts from SIEMs, and drive response efforts.
• Perform Firewall rule modification & rule changes on cluster networks, review network traffic flows to filter required firewall rules to lock down application, and troubleshoot firewall problems over the enterprise environment globally.
• Translate threat intelligence into actionable use cases to identify security incidents in a timely manner.
• Review of escalated incident tickets and co-ordinate with resolver group for the implementation of solution.
• Monitor and research current industry security threat metrics, technology best practices, security posture, tools, threat detection and counter measures, and formulate process improvement.
• Involved in the continual improvement of the network infrastructure and implementation of new security-based technologies & actively participate on our security operations incident response team for all Security devices.
• Understand business requirements & risks for information security and help the business succeed with both current and proposed projects. Coordinate activities across multiple departments and business units.
• Keep the leading edge with respect to knowledge of security threats, vulnerabilities and controls, and assess their applicability to the business initiatives and business strategies.

Confidential

Security Architect

Responsibilities:

• Responsible for Design, Evaluation, Implementation, Deployment, Monitoring & Maintaining all network security devices, switches, routers, Firewalls, DLPs, Anti-Virus server & Web Content Filtering devices.
• Design, Implement and Support cost-effective technology infrastructure to support the growing needs of company objectives and ensure future scalability.
• Responsible for the development, design, testing, implementation, and support of corporate Firewall Infrastructure & Remote Access SSL VPN.
• Proactively implement, update, maintain, manage, monitor, and support enterprise network and systems security operations infrastructure.
• Monitor and review security logs and alerts from SIEM, and drive response efforts.
• Maintain Firewall HW, Rule sets, and perform system upgrades and patches on Firewall equipment & SSL VPN appliances.
• Provide support in identifying malicious network activity, threats impacting or potentially impacting our network and developing appropriate countermeasures eliminating network threats and vulnerabilities.
• Perform complex network defense methodologies such as network analysis, threat detection, log analysis, trend analysis, metric development, and incident handling as appropriate.
• Perform Real-time traffic analysis, network IDS, packet dissection, log and packet capturing, with decoding of various attack signatures.
• Responsibilities include, but are not limited to: initial configuration, code upgrades, VPN setup, adding/deleting rules, performance analysis, and rule analysis for customer submissions, design validation, and architectural recommendations.
• Guide management and delivery of a corporate security awareness program, delivering presentations on security issues to senior management and security training to employees.
• Conduct investigations of security violations and breaches, provide reports and analysis, provide recommended solutions and participate in incident handling. Maintain strict security standards across AD & the Entire Network.

Confidential

Lead Security Operations Engineer/Analyst

Responsibilities:

• Lead Security Analyst providing technical expertise; Evaluate, Implement, Manage, Monitor, identify, analyze, troubleshoot, isolate and resolve a vast array of issues on Firewalls, Intrusion Detection & Prevention (IDS & IPS), vulnerability assessment, Security Information Event Management (SIEM), Data Loss Prevention (DLP), Incident response, Patch management, Confidential Endpoint Protection Manager (SEPM) server, Malware & Virus Analysis, Data encryption, Disaster Recovery, Information security cost sizing & System Hardening.
• Research, recommend, evaluate and implement enterprise infrastructure security solutions that identify and/or protect from potential threats and respond to security violations.
• Develop training procedures to support information security standards and procedures related to specific business objectives, security product implementations and best practices. Collaborate with Information Security members to ensure consistency and share best practices across the lab.
• Participate in idea sharing and problem resolution & provide support outside of regular duties as needed.
• FISMA, FIPS, the NIST 800 series, OMB A-130, and other information security-related federal guidelines.
• Participate in research, analysis, and documentation of physical and cyber security vulnerabilities.

Confidential

Team Lead Technical Analyst

Responsibilities:

• Manage, Coordinate & Monitor technicians and acting as their point of technical and supervisory escalation.
• Develop, lead and participate in team and departmental security projects and deployments.
• Recognize and identify potential areas where existing IT security policies and procedures require change, or where new ones need to be developed.
• Perform incident triage to include: handling new events, tracking current events, and correlating events across multiple incidents.
• Provide technical research and analysis in development of adversarial Tactics, Techniques, and Procedures (TTPs) in order to respond and deter attacks against our information networks.
• Administer and manage the SIEM solution and provide front line engineering support across multiple domains in a multi-tenant virtualized data center across multiple geographic locations.
• Provide advanced technical support on network firewall management projects and related security infrastructure.
• Provide daily monitoring, full analysis reports, and analyze network and security platforms.
• Provide special technical guidance to the Information Technology Department staff about threats, risks and control measures associated with new and emerging information systems technologies.