OBJECTIVE:

• Senior Security Engineer with 20 years security experience. Seeking a Senior Security manager or Senior Engineer/Architect position in a company that will allow me to grow and develop professionally with some travel involved. I provide consulting in several areas of security including Architecture Design and Implementation, Desktop and Mobile Encryption, Endpoint Security, Penetration Testing and Vulnerability Assessments.

TECHNICAL SKILLS

Operating systems: Microsoft Windows Nt/2000/XP/2003/Vista/Windows 7/Windows 2008. Linux (Centos, Ubuntu, OpenSUSE, OpenSolaris, Fedora, RedHat, Solaris), Unix (OpenBSD), Mac OS X.

Security Products: McAfee Virus scan Enterprise\E - policy, Symantec Antivirus/Endpoint Protection9/10/11/12, Sonic Wall Firewall, Cisco Pix Firewall, Websense Security Manager, MessageScreen Email filter, Pointsec\Checkpoint Encryption, PGP Encryption Disk Encryption, RSA SecuID, Nessus, Nmap, Gold Disk, Retina Scan, Languard, Snort, Wireshark, Backtrack, NetForensics, LogLogic, Enterasys, Site Protector, BlueCoat, SolarWinds, NetIQ Security Manager, App Detective, Core Impact Professional, Backtrack, Metasploit, Netwitness.

Forensics Products: HBGARY, ECAT, FireEye Forensics MAS/MPS, Encase, WebHistorian, Process Hacker, Process Monitor, Quick Unpack, RegShot, What’s Running, OlyDB, IDA Pro, File Insight, RegScanner. DDrescue, Hiren LiveCD, Helix Live CD, Ultimate Boot CD.

PROFESSIONAL EXPERIENCE

Confidential, VA

Sr. Security Engineer/Project Manager

Responsibilities:

• Develop and implement vulnerability management program
• Preform Vulnerability Assessments and ethical hacking utilizing automated tools and manual techniques
• Perform regular network and application security assessments
• Perform FISMA site assessments (CONUS/OCONUS)
• Conduct penetration test and launch exploits using Nessus, Metaspoilt, Backtrack penetration testing distribution tools sets
• Evaluate new security products and services offered by vendors
• Research and maintain proficiency in computer network exploitation, tools and Techniques
• Analyze scanned reports and suggest remediation / mitigation plan
• Provide customized and tailored technical and management reports
• Monitor and report security events, incidents, and vulnerabilities

Confidential, Fairfax, VA

Information Assurance Engineer\ Penetration Tester

Responsibilities:

• Designing and implementing network monitoring systems
• Systems Architect for government security projects
• Evaluated new security products and services offered by vendors
• Hands-on security systems operation for IDS/IPS, SIEM, Security Auditing and Analysis
• Patch management policy development and deployment
• Perform regular Network and Application Security Assessments
• Vulnerability Assessments utilizing commercial and open source vulnerability tools
• Ethical Hacking of internal system
• Snort IDS/IPS deployment and management, event analysis, and rule writing
• Daily monitoring of security alerts and events
• Develops and implements an ongoing risk assessment program
• Develops and implements incident reporting and incident response processes
• Lead the development and implementation of SharePoint Security practice.

Confidential

Lead Network Security Engineer

Responsibilities:

• Lead Security Architects and engineers for Compliance projects
• Evaluated new security products and services offered by vendors
• Responsible for the creation and implementation of new security policies and procedures as well as supporting and improving on the existing policies
• Used NIST and FISMA compliance standards for security audits
• Recommend preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy
• Performed system security audits, and vulnerability assessments using automated tools and technique
• Researched, studied and assessed new and emerging threats, risks, and vulnerabilities
• Maintained the security infrastructure, including encryption solutions, Web Security Solution, Intrusion prevention and security risk management.

Confidential

Security Engineer\Penetration Tester\Ethical Hacker

Responsibilities:

• Lead Security Architects and engineers for Compliance projects
• Trained employees regarding system basics, security, and practices
• Installed and maintained security infrastructure, including encryption solutions, IPS, IDS, log management, and security assessment systems
• Snort IDS/IPS installation and management, rule writing.
• Perform system security audits, penetration-tests, and vulnerability assessments using automated tools and technique
• Researched and analyzed the existing system and policies as well as studied and assessed new and emerging threats, risks, and vulnerabilities
• Performed maintenance and upgrades of firewall devices
• Responsible for maintaining the security posture and improvement utilizing new security technologies
• Documented the existing and in development procedure, policies and systems.
• Perform onsite and remote security consulting Including penetration testing, application testing, web application security assessment, onsite internet security assessment, social engineering, wireless assessment, and IDS/IPS hardware deployment
• Perform internal penetration testing and vulnerability assessments to assess the vulnerabilities of the existing networking to include the company’s Website, Firewalls, IDS/IPS, Windows/ Linux systems, as well as home grown and COTS applications.
• Preformed external client assessments that included vulnerability Assessments and Penetration testing
• Preformed Social Engineering attacks by utilizing both automated tools and manual techniques.
• Generate and present reports on security vulnerabilities identified and well as recommendations for mitigation and remediation.