1 5 years of professional IT experience and 11 years of experience as a Cyber Security Engineer. Lead Cyber Security controls and process that includes Unified Threat Management, SEIM, Data Loss Prevention, and Malware. Lead risk and vulnerability assessments, testing efforts, incident investigations, security audits and security reporting.
APPLICATIONS and TECHNOLOGIES:
FirePower, CheckPoint, TrendMicro, LogRhythm, ArcSight, Splunk, MailGate, TrustWave DLP, Active Directory and Services, Nessus, Metasploit, Kali, Kismet, MobileIron, Air - Watch MDM, DFS Management and Shares, EnCase Forensics, Symantec Endpoint Manager, Varonis / DatAdvantage, Cisco AnyConnect VPN, SAP, NetSuite, IDM Manager, LDAP, WinSPC, SiteMinder, Retina, Solarwinds, SharePoint 2007, MS Office, Secure Shell, Remote Desktop, Ghost Cast, C2PC, CPOF, Fortinet UTM, Palo Alto , HIPAA, PCI, SOC, SOX, ISO 27001/27002 , ITIL
Cyber Security Engineer
- Performs vulnerability scanning for network devices, applications and databases in order to determine if these assets have any vulnerabilities to potential internal or external threats. 20%
- Analyzes and assesses security incidents that occur to Confidential assets and escalates incidents by following incident plans.
- Creates, develops, and maintains standard practices and procedures to respond appropriately to internal and external threats.
- Assesses potential risks and vulnerabilities in the network by establishing status quo for the networks and recognizing any deviations in order to provide actionable recommendations in the event of malicious activity.
- Performs risk and security assessments of applications, databases, and servers and supports networking technologies, such as routers, switches, access points, in order to determine if these assets have any vulnerabilities to potential internal or external threats.
- Works with IBM and internal Infrastructure team and vendor partners to solve information security system problems and issues in a timely and accurate manner to prevent malware from coming into the environment.
- Follows Information Security process, policies and procedures congruent with standards and industry best practices.
- Monitors activities and events in Confidential s Technology environment to ensure that anomalous behavior is detected, identified, classified and acted upon where appropriate.
- Performs application scanning to ensure that code releases are secure.
- Executes penetration testing on network and applications using ethical hacking techniques in order to determine network and application vulnerability.
- Develops and executes corrective action plans and remediation plans when issues are identified in order to mitigate the risk of exploitation.
- Performs reviews and assessments of security controls before hardware/software is migrated to production and performs application scanning to ensure that code releases are secure.
- Advises Security Leadership on emerging cyber threats and trends, provides recommendations for enhancements
Cyber Security Engineer
- Lead team in testing and implementing business continuity and network disaster recovery by creating plans of business critical assets in priority of recovery.
- Ownership of security controls and processes in support of caber-resilience . This includes: Unified Threat Management, SEIM, malware, data loss prevention, anti-phishing, and malware.
- Educate and communicate to key stakeholders of new threats, industry trends and applicable laws related to security risk and trends.
- Train IT Staff on network and information security policy and procedures.
- Plan, coordinate and lead team budget plans to be submitted to the CIO. Create, review, and submit Policy and SOP documentation to CIO for approval.
- Lead/Assist Incident Response Team and IT Personnel in proper tagging and handling of equipment according to chain of custody and procedure documentation.
- Lead and coordinate Blue/Red Team pentesting through third party auditing firms.
- Manage and mentor interns from Gwinnett Technical College.
- Lead the documentation of environment; isp, routers, switches, servers, desktops, security.
- Lead the documentation of security systems: Firepower, Palo Alto, Juniper, NetScaler, WebGateway, CheckPoint DLP, McAfee and TrendMicro antivirus technologies.
- Ensure authorized access by investigating improper access; revoking access; reporting violations; monitoring information requests by new programming; recommend improvements .
- Configuration and management of security devices adhering to policies and templates to include Firewalls, VPNs, IPS, Web Proxy, SIEM, Anti-Malware, DLP.
- Development and maintenance of Security Policies and Procedures.
- Risk Analysis and Management concerning computer security.
- Meet regularly with the Security Team, Director of Network Services, CIO and Governance committee to discuss projects, incidents and state of security environment.
- Ensure all changes are made in accordance with change control, security and risk assessments.
- Adhere to HIPAA, PCI, SOC, SOX, ISO 27001/27002 , ITIL, and National Institute of Standards and Technology (NIST) Compliance's .
Cyber Security Operations Lead
- Lead risk and vulnerability assessments and testing of physical and network systems.
- Lead team to investigate network events and incidents, assist in evidence collection, report findings to the CISO and support remediation efforts.
- Plan, coordinate and lead team budget plans to be submitted to the CISO.
- Create, review, and submit Policy and SOP documentation.
- Lead team in testing and implementing business continuity and network disaster recovery plans.
- Train staff and employees on network and information security procedures.
- Provide network monitoring and log analysis from a variety of network sensors to investigate suspect network activity.
- Collaborate with developers, project managers, and network engineers to ensure technical and functional requirements are implemented securely.
- Research, evaluate and recommend network improvements and information security controls.
- Work with the IT teams, business units and senior leadership teams to resolve or mitigate network vulnerabilities adheres to network and information security policies.
- Maintain system controls by ensuring access control frameworks and levels of access are maintained and recommending improvements if necessary.
- Ensure authorized access by investigating improper access; revoking access; reporting violations; monitoring information requests by new programming; recommending improvements.
- Remain informed on trends and issues in the security industry, including current and emerging technologies.
- Adhere to SOX, ISO 27001/27002 , ITIL, and National Institute of Standards and Technology (NIST).
Technical Security Analyst
- Manage Active Directory Security for multiple domains in a Windows networked environment, including user account, file/folder, and server access controls.
- Maintain access control systems for multiple applications including, but not limited to CA SiteMinder, Secure FTP, Virtual Private Networks (VPN), and NetSuite.
- Manage critical security systems for antivirus (Symantec Endpoint Protection), spam (Symantec.cloud), security auditing (Varonis DatAdvantage), and mobile device management (AirWatch MDM).
- Conduct vulnerability assessments and execute remediation activities based upon assigned risk. Liaison for annual and quarterly 3 rd party conducted assessments.
- Primary technical resource for patch management of systems using WSUS and Tivoli BigFix.
- Participate in computer security incident investigations.
- Provide audit support of security controls as needed for internal and external audit.
- Provide technical guidance regarding Information Security issues to cross-function business groups.
- Follow established System Development Life Cycle (SDLC) processes in conduct of formal IT projects.
- Provide reporting of security measures based upon management needs.
- Participate in internal and external training programs and attend security user group meetings to stay current with information security topics.
- Assist in the development and documentation of information security procedures.
- Familiar with basic SAP security controls.
System / Security Administrator
- Incident investigation, scanning, and reporting to management to keep defensive threat posture.
- Administer security for all server and network systems.
- VmWare vSphere, vCenter (4.1) ESXI Systems Administrator- maintain and conduct preventive maintenance on virtual server environment.
- Server Administration. Install, operate, and maintain all servers; physical and virtual.
- Lotus Notes / Domino Server Administrator- Create and manage user email.
- Backup and Restore Administrator -using Backup Exec 2010 R3.
- SMS and WSUS update manager-push out companywide updates.
- Use of Numara's Trackit Help desk software to keep track of trouble tickets and corrections for future use.
- Maintain Cisco Phone system and Unity voice message systems.
- SharePoint 2007 Development using SharePoint 2007 Developer. Implementing a contact shared web parts to SharePoint.
Security Administrator / IA Assurance
- Install, operate, and maintain ASA Firewall and Taclane encryption devices.
- Conduct Penetration testing on workstations, servers, and firewalls through the use of Retina Network Security Scanner.
- SharePoint Admin- create and maintain user accounts, servers and workflow.
- Active Directory Admin- creating, managing, and troubleshooting new and existing accounts. Create and maintain group policies in forest domain.
- Connectivity of WAN, LAN, and provide all troubleshooting and repair for user workstations, servers, and computer peripherals.
- Setup Network Print Server and Printers.
- Upgrade network from layer 2 switches to layer 3 switches.
- Spec and Purchase new hardware to accommodate growth in the unit and migrate existing data over to new hardware to maintain operational effectiveness.
- Spec and Purchase new user workstations to accommodate growth.
- Exchange Admin- creating, managing, troubleshooting and migration.
- Create backups and ready to Ghost Cast clients and servers.
- Cryptology, filling tac lane with cyz10 encryption for point to point encryption and security.
- Deploy network and communication capabilities for unit leadership to conduct operations.
- Work closely with senior leadership and provide daily security brief.