- Exceptionally qualified, innovative and hands on it professional, with 27+ years of demonstrated experience in planning, developing, creating, managing, supporting, and streamlining robust it architectures and infrastructures for companies.
- Tactical project manager, with successful record of meeting key deliverables and business objectives.
- Effectively manage complex and technologically advanced it systems to support internal and external users in the us and now focused on supporting acquisition in Asia, & European. Diverse it management experience encompasses financial services, merchant services and payment card industries.
- Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk
- Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program
- Advise senior management (e.g., Chief Information Officer CIO ) on risk levels and security posture
- Advise senior management (e.g., Chief Information Officer CIO ) on cost - benefit analysis of information security programs, policies, processes, systems, and elements
- Communicate the value of information technology (IT) security throughout all levels of the organization's stakeholders
- Collaborate with organizational managers to support organizational objectives
- Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance
- Ensure security improvement actions are evaluated, validated, and implemented as required
- Establish overall enterprise information security architecture (EISA) with the organization’s overall security strategy
- Evaluate cost-benefit, economic, and risk analysis in decision-making process
- Identify alternative information security strategies to address organizational security objective
- Identify information technology (IT) security program implications of new technologies or technology upgrades
- Interpret and/or approve security requirements relative to the capabilities of new information technologies
- Interpret patterns of non-compliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise’s information assurance (IA) program
- Lead and align information technology (IT) security priorities with the security strategy
- Lead and oversee information security budget, staffing, and contracting
- Manage the monitoring of information security data sources to maintain organizational situational awareness
- Manage the publishing of computer network defense (CND) guidance (e.g., Time Compliance Network Orders TCNOs, concept of operations, net analyst reports) for the organization
- Manage threat or target analysis of computer network defense (CND) information and production of threat information within the enterprise
- Monitor and evaluate the effectiveness of the enterprise's information assurance (IA) security safeguards to ensure they provide the intended level of protection
- Provide enterprise information assurance (IA) and supply chain risk guidance for development of the disaster recovery and continuity of operations plans
- Provide leadership and direction to information technology (IT) personnel by ensuring that information assurance (IA) security awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities
- Provide technical documents, incident reports, findings from computer examinations, summaries, and other situational awareness information to higher headquarters
- Recommend policy and coordinate review and approval
- Track audit findings and recommendations to ensure appropriate mitigation actions are taken
- Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals
- Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies
- Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk
- Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements
- Ensure all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals
- Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance
- Forecast ongoing service demands and ensure security assumptions are reviewed as necessary
- Define and/or implement policies and procedures to ensure protection of critical infrastructure (as appropriate)
Hardware / Operating System Platforms: IBM SYSTEM 370/390/MVS/VMS/CICS/VSAM/VTAM; AIX; IBM/38; AS/400 E&I Series, 8260 Ethernet 40-Port 10Base-T Module, TARGON UNIX C; Sun Ultra SPARC T5240 Servers, Philips PTS 6000, UNIX/Linux/Sun Solaris 10; Novell, Windows 9X/NT/XP/7/OS/370/390/400
Databases: Oracle, PeopleSoft, SAP, MS/Access, MS/SQL, IBM DB2, DBMS, IDMS, RDBMS, ODBC, JDBC
IT Security Consultant and IDM Senior Software Engineer
- Software Engineering Java development, full software development life cycle, and technical documentation.
- Lead the planning and implementation of project
- Facilitate the definition of project scope, goals and deliverables
- Define project tasks and resource requirements
- Develop project plans
- Manage project budget and effort utilization
- Manage project resource allocation
- Plan and schedule project timelines
- Track project deliverables
- Provide direction and support to project team
- Present reports defining project progress, problems and solutions
- Implement and manage project changes
- Ensure deliverables quality and meeting QA process
- Develop, manage and support for project and customer expectation
- Reports working progress and any potential problem to superiors.
- Develop activity plan, manage/assign activities to support team
- Monitor and track day to day project activities, effort utilization and deliverables schedule and quality
- Performs other works assigned by supervisor as necessary
- Manage/assign activities to project team
- Perform analysis, design, development, unit testing, peer review and documentation of JEE applications developed using JAVA/JEE, JSF, XML, XSLT and the IBM Tivoli; Portal/Websphere Application development software.
- Perform a penetration test and report vulnerabilities to senior management. Having a second set of eyes check out a critical computer system is a good security practice. Testing a new system before it goes on-line is also a good idea. Another reason for a penetration test is to give the IT department at the target company a chance to respond to an attack.
Confidential, Rockville, MD
Senior Software Engineer
- Responsible for Java-based identity and access management suites, including products from IBM Tivoli, Oracle, and Forge Rock. Augment and tailor the identity and access solutions using commercial, open source, and custom-developed software, as required.
- Conduct services and product design, implementation, and integration.
- Applying Restful Services, SOAP, and Message Driven Beans
- Engineer components; allocate requirements to product or service components.
- Engineer internal and external interfaces.
- Develop and/or provide technical input for build directives.
- Develop and verify product and services components.
- Analyze proposed changes to engineering products and services.
- Add appropriate work products to the technical data package.
- Support internal testing activities and correct software discrepancies, as identified.
- Support external testing activities and correct software discrepancies, as identified.
- Solid understanding and practical experience of software development lifecycle/Agile.
- Strong analytical, problem solving and debugging skills.
- Deploy and maintain all other software, hosting, data, and configuration elements of the ICAM environment.
- Early and continual user involvement.
- Frequent releases of end-to-end capabilities no less than quarterly.
- Multiple, rapidly executed iterations that produce functionality to users for feedback no later than every four weeks.
- Early, successive delivery of functional product, or prototyping where functional product cannot be delivered, to support an evolutionary acquisition.
- Automated implementation of build, deploy, test and release process (AKA: Deployment Pipeline).
- Modular, open systems approach (MOSA).
- Organization of requirements into user stories that are Independent, Negotiable, Valuable, Estimable, Small and Testable (INVEST).
- Analyzing, designing, developing, integrating, and testing ICAM hardware and software components and configurations to create releases of the ICAM environment.
- Assessing the completeness, traceability, and consistency of all interface requirements.
- Identifying and defining external operational and technical interface requirements.
- Documenting and delivering analyses, designs, integration plans, iteration and release delivery schedules, and test plans.
- Developing custom software required by the ICAM environment design
- Developing automated testing scripts.
- Configuring and integrating GFE commercial, open-source, and contractor-developed custom software and hardware components required to support the ICAM environment.
- Configuring and integrating GFE commercial, open-source, and contractor-developed custom software required to populate the ICAM environment with new and migrated identity data.
- Conducting operational and performance tests to confirm that the ICAM environment meets functional requirements, user expectations, and performance specifications.
- Reporting test results to the contractor’s design engineers and risk managers, and to the government Program Manager.
- Identifying potential interface and interoperability issues and risks.
- Evaluating and presenting candidate solutions to performance and capability risks and issues to contractor risk managers and to the USCIS Program Manager.
- Proposing engineering changes to address new and changed and government requirements and to improve system usability, performance, and reliability.
- Assisting with the development and maintenance of Interface Requirements Documents and ensuring interface documentation is comprehensive and accurate.
- Participate in customer interactions during the requirements analysis, design, development, testing, training, and support phases of Software Development Life Cycle (SDLC)
- Provide technical leadership to Java technology related development activities
- Estimates work effort
- Participate in software release and deployment activities
- Support internal and external testing teams to complete functional testing of the scheduled releases
- Mentors other Java developers
Confidential, College Park, MD
Senior Software Testing & Validation Engineer
- Operating system configuration, shell programming, file system modification, performance analysis, glance, sar.
- 12 years Java/J2EE experience with knowledge of current web design principles and web application architecture
- Maintain secured Network on managed UNIX hosts; provide subject matter expertise for security related threats and vulnerabilities.
- Coordinate Network tasks including firewall rule changes and Network troubleshooting with Network and Telecommunication Department.
- Must be proactive in maintaining the UNIX Servers.
- Provides high level expertise in developing complex software applications involving new and established technologies, methods, concepts, or approaches.
- Based on functional and conceptual design specifications, develops diagrammatic plans and design logic required to implement computer programs, IT systems and procedures.
- Applying Confidential project, is an identity administration and provisioning solution focused on managing relationships across users, devices and things, and is designed in response to the pain organizations suffer deploying legacy enterprise provisioning solutions.
- Provide identity administration and provisioning that is customized to fit organization’s needs and requirements including role-based provisioning, high availability “out of the box,” workflow synchronization.
- Verifies accuracy and validity of programs by preparing sample test data and test plans; corrects program errors by revising instructions; modifies programs when required by changes in procedures and reports desired
- Demonstrate ability, experience and performance in understanding and creating requirements based on client needs.
- Facilitate and manage schedules through product delivery by using Thunderhead NOW/HP ALM/IBM RAD/Others.
Environment: IBM Mainframes/IBM AS400/Thunderhead NOW/MS SharePoint/MS Office 2010 & Communication/IBM RAD/HP ALM/TOAD/CISCO/IBM Ethernet/Routers/Switches/Others
IT Security Consultant
- Demonstrate lead experience in providing guidance and advice to various groups on Java/J2EE architecture and experience on ensuring project on target.
- Understanding the technical business requirements and defining architecture-based solutions that align to the organization’s overarching architectural strategy and the business unit’s needs.
- Planning, designing, and leading enterprise security applications with the J2EE Platform, Java servlets, Java Server Pages, and Enterprise JavaBeans component models, as well as the JDBC API, Java Message Service API, and J2EE Connector Architecture.
- Responsible for security, deployment, transaction management, internationalization, and other important issues for today's applications and IBM Tivoli; IBM DB2/CICS Transaction Server for z/OS Version 3 provides an efficient and effective environment for applications that are written in COBOL, C/ C++, and Java.
- Proactively protect the integrity, confidentiality and availability of information by ensuring appropriate security controls are in existence and enforced.
- Assist in formalizing security policies and resource classification schemes; maintain and publish all information security standards, procedures, and guidelines, including monitoring and reviewing compliance procedures.
- Coordinates with IT team members, vendors, contractors and consultants to build and sustain a coordinated, meaningful security program in compliance to industries security standards.
- Conduct investigations and remediation of suspected information security incidents.
- Promote information security awareness programs, and recommending tools and improvement essential to IT security.
- Ensuring that the business unit’s technology-driven needs are met.
- Evaluate and propose architecture, design and technology alternatives.
- Propose recommendations to infuse new technology and serve as a resource for the Strategic Technology team in evaluating and proposing technical alternatives for resolving project issues.
- Work within the team to research, analyze, and perform writing a customized script to automate the tasks, configure the job manager, verify the results on WebSphere Application Server, and document recommended solutions.
- Produce and obtain agreement on design specifications; clearly articulate to the client the pros/cons of evaluated solutions and be able to support recommendations.
- Architect and design new solutions in conjunction with the EA team & process, as well as the development team.
- Engineer new code, work with and enhance existing code base.
- Ensure architected solution is tightly integrated (technology stack, workflow, and data) with the existing solutions.
- Design technology enhancements & improvements.
- Collaborate with the IT Architecture and Integration team to review recommended solutions to ensure compatibility with IT’s architecture strategy.
- Responsible helping create and document a Discovery proposal for the development of an enterprise integration platform for the processing of credit card, debit card and ACH payments.
Environment: IBM z/OS V1R9.0 UNIX/MVS/AS400/CICS; SDK for z/OS, Java 2
Confidential, Silver Spring, MD
Senior Security Administrator
- Primary responsible for implementing the security architecture for the Document Management Architecture (DMA) UNIX environment.
- Advising on security related issues.
- Responding within established timeliness to all Division of Telecommunication and Security Standards (DTSS) inquiries and reports.
- Maintaining all security related applications (i.e. eTrust, ePC, tripwire, etc.).
- Create, administer, and maintain all DMA user accounts in accordance with DMA and DTSS guidelines.
- Ensure that the DMA servers are in compliance with all DTSS regulations when feasible.
- Ensure frequent and open communication with the DMA system administrators so that both parties are up to date on the security of the DMA servers.
- Attend regularly scheduled DTSS and Solaris group meetings as well as audits and reviews.
- Prepare any necessary documents required/requested by DTSS.
DMA Environment: Sun Fire 880; Sun Ultra Sparc T5240; Sun Ray; IBM AIX, AS/400,Websphere; Windows XP Professional; UNIX C; 27 servers; CA eTrust Access Control; ePC; Tripwire; Unix and Windows Image Servers; Kodak, Fujitsu or equivalent USB2 Scanners; Windows Fax Servers; Backup Server /Robotic Tape Backup Units; Cache-DASD Arrays with SAN and/or SCSI interfaces to multiple servers; Patch Panels and cables; Switches; Routers; Ethernet backbones; Accelerated Video Cards; ERP, SCM, BPM, CRM, and COTS; Workstations; Content Manager Workflow Management and Imaging Software; Argent monitoring software; Customer standard suites of software development, testing and production operations tools; Veritas Netbackup; Veritas Volume Manager; Control-M Job Scheduling; EMC & Hitachi Mainframe Disk Subsystems; EMC Timefinder; Hitachi Shadow image; SQL for Sequel Server; VBScript and Windows Management Instrumentation (WMI)
Senior IT Enterprise Architect/Consultant
- Extensive project experience in Government, Financial Institutions, Retail, Manufacturing, Insurance, Commodity Trading and Consumer finance.
- Provided solution with J2EE using advanced features of Java including EJB, Java Beans, Java Server Pages (JSP), Servlets, Struts, JSP Tag Library (JSTL), JSF, and JDBC. Work within the team to research, analyze, and perform writing a customized script to automate the tasks, configure the job manager, verify the results on WebSphere Application Server, and document recommended solutions.
- Oversee a network of security directors and vendors who safeguard the organization's assets, intellectual property and computer systems, as well as the physical safety of the organization.
- Install, implement, configure, and monitor all servers with daily activity report and computer incident report.
- Identify protection goals, objectives and metrics consistent with organization strategic plan.
- Manage the development and implementation of global security policy, standards, guidelines and procedures to ensure ongoing maintenance of security. Physical protection responsibilities will include asset protection, workplace violence prevention, access control systems, video surveillance, and more. Information protection responsibilities will include network security architecture, network access and monitoring policies, employee education and awareness.
- Maintain relationships with local, state and federal law enforcement and other related government agencies.
- Oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary.
- Work with outside consultants as appropriate for independent security audits.
- Design, install, maintain and upgrade the enterprise’s production databases.
- Provide technical expertise in the use of database technology. Accountable for the overall performance of the enterprise’s database environment: Microsoft Access, Oracle Database, and IBM DB2.
- Work closely with clients, business analysts, systems programmers, and application developers to define and resolve information flow and content issues---helping to transform business requirements into environment specific databases.
- Monitor and analyze performance metrics and allocate database resources to achieve optimum database performance.
- Solid knowledge of database administration, database monitoring and tuning, logical data modeling, and physical database development.
- Understand the principles, theories, practices and techniques of project management. Basic understanding of how the technology influences business strategic direction, enabling definition and integration of technical plans supporting the enterprise business functions and processes.
- Work on one or more projects as a project team member. Support one or more databases of low to medium complexity (complexity defined by database size, technology used, and system feeds and interfaces) with multiple concurrent users, ensuring control, integrity and accessibility of the data.
- Plan and design for the Disaster Recovery Planning (DRP).
- Ensuring alignment with the organization’s overarching IT architecture and integration strategy, the Senior Technical Architect will work closely with that team but will report into the Chief IT Enterprise Architect and Vendor team responsible for the service and support of a specific business unit - (Technical Support and Customer Services Departments).
Environment: IBM OS/390; Windows XP Professional; C++; EJB, J2EE; Oracle, JDBC with IBM Ethernet, 510 servers: IBM Client, Windows, Unix, Linux, and Solaris servers; Citrix Meta Frame Presentation Server, eTrust; ERP, SCM, BPM, CRM, and COTS