SUMMARY

• Over 25 years of IT related experience entailing: 25 years’ experience as System Engineer/Administrator for SMB and large enterprise organizations running heterogeneous environments running UNIX (AIX, Sun, SCO), Linux ( RedHat, SuSe, CentOS, Fedora, Kali Linux,Open Client, Ubuntu), and Windows.
• Almost 22years of UNIX administration for Confidential AIX/Linux/Solaris/SCO enterprise environment running 9,000 servers (clustered and non-clustered) for multi hardware platforms including Sun, Confidential and Compaq/ Confidential .
• More than 10 years of handling Database security ( Imperva SecureSphere 11.x, 10.x ) to secure sensitive data stored in databases against compromises of their confidentiality, integrity, availability and providing real-time protection against cyber security threats, data loss/failure to meet audit requirements.
• More than 15years of Unix/Linux security experience related to identification & authentication, Authorization & access control, auditing & accountability.
• Using F.I.B.E.R2 (Find, Intercept, Block, Eliminate, Rescue & Recovery) latest advanced methods to hunt down and neutralize all kinds of threats and malware which currently being used at other top US Federal agencies such as FBI IT-Counter-Terrorism, NSA TAO with high successful rate of 90% or more.
• Exposed and went through three actual lived Disaster Recovery scenarios with two accidental and one intentional events.
• US HAM Radio Operator issued with General Class License.
• US CERT (Community Emergency Response Teams) Program, Certified by the Ventura County Fire Department. California.

TECHNICAL SKILLS

• Hardware/Software: Confidential AIX 5.3 ML 4/ 5.2 ML 05, Confidential NIM - Network Installation Management, Linux Fedora, Linux CentOS7 SuSe Linux, Sun Solaris, Linux RedHat7/6, Linux Ubuntu, Kali Linux, Parrot Security, SCO Open Server, Imperva, Rapid7, Nessus, Qualys, Windows server and workstations, MySQL-Mariadb, Nagios, Cactus, MyownCloud, MS Exchange, Checkpoint, DHCP, WINS, DNS, MS SQL server, Confidential compatible, Intel, Macintosh, Confidential servers/blade servers, Confidential, Compaq, Cisco 2500 router, MS Office, Timbuktu Pro, TCP/IP, DOS, CyberArk, Centrify, CA Control-Minder, Postman, Powershell,Git, Security Onion.

PROFESSIONAL EXPERIENCE

Confidential, Monterey Park, California

Responsibilities:

• + Provide a wide range of Identity & Access Management services that include user access provisioning for systems. Actively managing PAM using CyberArk in order to comply with the bank’s security policies.
• Day to day operation using CyberArk on Password Vault, Central Policy Manager, PSM and OPM.
• + Using Security Onion to monitor, analyze, detect and investigate servers. Also setup honeypot to log all attackers’ activities to study their behavior, logging/tracking ips and incoming locations. Also creating Keylogger (win/linux) (with authorizied permission) to authorized servers to be monitored.
• Using pen test to checking for weak security/vulnerability areas for clients’ requests and provide security remediation.
• + Using Qualys/Nessus to perform network scanning/discovery/mapping and be able to response for remediation. Responsible for deploying these tools to perform services,protocols,users,contents.
• Create procedures and processes on Window machines to prevent WannaCry Ransome malware.
• Currently working on a critical task to hunt/remove the foreign supermicro spy chip embedded in the servers (80% completed and still counting).
• + Review/recommend/implement additional security permissions reporting tools focusing on critical/confidential data for the business units’ areas as well as identifying high-risk security concerns and report them to upper management. Setup Kill switch to protect company network infrastructure.
• + Support the efforts of the Privileged Access Management project. Design, build and implement next generation Privileged Access security controls. Design and engineering security level in numerous areas of Identity & Access Management, Privileged Access Management methodologies and solutions.
• Testing and implementation life-cycles for identity access technologies including root cause analysis.
• Developing technical strategies, architectures, and road-maps.

Confidential, Glendale, California

Sr.Unix/Linux/Imperva Dbase/PAM CyberArk Security Analyst - Consultant

Responsibilities:

• Plan, implement, upgrade and monitor security controls for the protection of computer networks and information systems. Perform assessment phase of Vulnerability & Threat Management process. Also, assist with maintaining compliance for industry such as SOX,PCI, and HIPAA as well as create and maintain reports for both compliance and internal system audit data.
• Responsible for administrating/troubleshooting/maintaining/implementing Walt-Disney PAM (CyberArk).
• Upgrading Disney current Imperva version from 10.5 to 11.0 and 11.5 in all of its MXs and SOM. Very familiar using ticketing system such as ServiceNow and Remedy
• Successfully upgrade all of Imperva Security issues to pass both Disney Internal Security and external Audit Security to be able to comply with current PCI and SOX audit .
• Ensure appropriate security policies and controls are in place that will safeguard digital files and vital electronic systems. Perform assessment as well as troubleshooting and help isolate issues while working on for completing other projects on various security issues when needed.
• Respond to computer security breaches and viruses. Provide operational oversight of users and privileged users by reviewing and enforcing security and other standards. Participate in variety of OS patch management and coordination. Cooperate/develop and test Linux security patch packages with other teams and vendors as well as troubleshoot Linux OS and application security patch installations.
• Promoting effective work practices, always showing respective for other colleagues.
• Review proposed change control request to ensure proper alignment with TWDC policies standards and guidelines. Follow pre-defined actions to handle issues based on severity including escalating to other support IT groups. Familiar with Chef,Puppet, GiT.

Confidential, Monterey Park, California

Sr.Unix/Linux/Security/PAM Engineer - Consultant

Responsibilities:

• Project: Working with Confidential vendor(CA) to integrate and setting up IDM/LDAP to centralize all Unix/Linux user and group accounts. Evaluate current operating systems and system support software packages. Analyze various methods of how to control information security problems, determine the strengths and weaknesses of each method and implement the best cost justified solution. Identify weak links in IDM project if existed, and determine how to mitigate the control deficiencies.
• Handling and working with multidisciplinary cross functional IT including Security teams to gather and analyze product requirements and propose infrastructure solutions and specifications.
• Perform all maintenance for IT security duties to support and protected environments. Ability to program using scripts and programming language such as Perl, Python, Java script and others to detect/solve problems and to automate repetitive tasks. Also using security vulnerability assessment and management tools (SIEM/McAfee ESM, Qualys, Nessus, Confidential Security Appscan and Rapid7) to handle all security events and incidents.

Data Center Security Engineer - UNIX/Linux platforms

Confidential, Torrance, California

Responsibilities:

• Supported for implementation, troubleshooting, and updates of applications on servers (approx 4,000 Unix/Linux and Window servers).
• Managed system infrastructure and all related processes.
• Provided support for day-to-day operations in the Development, Test, Stage, QA, and Production environments included the following:
• Account Management and Security:
• Software / OS updates and patching.
• Evaluating new operating systems and system support software packages to ensure they are appropriately integrated into the security frameworks.
• Analyze various methods of controlling information security problems, determine the strengths, weaknesses of each method and implement the best cost justified solution.

Confidential

Data Center Unix/Linux Engineer - Risk and Security Compliance

Responsibilities:

• Systems Administrator for approximately 8,000 UNIX servers in the data center including all hardware support and all the operation of all the servers.
• Responsible for designing, developing, testing, documenting, monitoring and implementing information and network security solutions using Qualys, Nessus and Rapid7 and Confidential Security AppScan .
• Set up and configuring hardware and system components for local systems; installed and configured software (e.g., operating systems); optimized system performance; and providing various troubleshooting, maintenance (e.g., updates, patches, back-ups, etc.) and technical support.
• Researched new information systems, modules, and/or components.
• Responsible for users’ management security audit on both internally and as well as SOX state and federal audit.

Systems Engineer

Responsibilities:

• Provided day-to-day Windows and NetWare LAN maintenance for 1000 users between 2 locations for County government clients Los Angeles Sheriff and DMH.
• Projects included: + Implemented Linux based Netscape Web server as development platform for Web
• Development Team. + Set up Cisco 2500 router for Internet firewall using Checkpoint 1.0.
• + Setup and configured MS IIS for LA County Department of Mental Health(DMH) and interface using Dreamweaver.
• + Setup MS IIS Intranet to track new laws being implemented around the country through the State of California.
• + Upgrades the jail system from manual to software control for the LA Sheriff Dept.