- Dynamic, highly skilled IT specialist with 12+ years of diverse, progressive experience in Information Technology, Information Security, and Corporate Governance.
- Proven expertise with infrastructure security concepts; expert working knowledge of modern technical vulnerabilities, rapid troubleshooting, and disaster recovery concepts.
- Demonstrated ability to quickly grasp and master new technology; decidedly proficient in a variety of computer systems, languages, tools, and testing and analysis methodologies.
- Collaborative leader and team player that thrives in both self - directed and team based environments; innate ability to engage with both technical and non-technical audiences.
- Consistently operates in an integrity-driven manner to ensure business goals and initiatives are obtained and exceeded while upholding the highest standards of positivity, service, and professionalism.
- Leading a team of security analysts and engineers responsible for the Incident Response, Intrusion Prevention Systems (IPS) and Analysis
- Collaboratively operating with teams within the datacenter to implement security controls specified by Confidential 800-53 rev.4
- Translating security controls into technical specifications and communicating requirements to technical and non-technical staff
- Functioning closely with technical staff to ensure that logs from a variety of data sources are reporting appropriately to the SIEM
- Actively working to migrate systems from the current SIEM tool (McAfee ESM) to Splunk
- Architecting and deploying Splunk on both physical servers and in the cloud (Microsoft Azure) to provide a centralized log management and SIEM solution for internal and external customers of the datacenter
- SIEM Tools: McAfee ESM, Splunk, Nxlog
- Leading team in modifying efforts to deploy IPS signatures in an effort to block ongoing attacks, minimize vulnerabilities, and ensure that changes applied to the environment do not impact customers and critical applications by following Confidential change process established by ITIL standards
- Researching and integrating threat intelligence from open source and vendor provided feeds
- Integrating security intelligence feeds into IP, Domain, and URL blacklists into the Cisco Firepower Next Generation Firewall (NGFW) to increase the datacenter’s security posture
- Using correlation rules in the NGFW platform to identify actors performing reconnaissance scans and subsequently adding them to a blacklist to prevent any further attacks or attempted exploits
- IPS Tools: Cisco Firepower (Sourcefire) NGFW
- Continuously researching new tools and platforms to maintain up-to-date working knowledge of potential threats therefore ensuring the security of the datacenter and improving on Incident Response and forensic capabilities
Network Security Engineer
- Providing efficient and highly knowledgeable Incident Response for all internal and external customers of the Confidential
- Administering, modifying, and monitoring of the Intrusion Detection (IDS/IPS)(Sourcefire)
- Providing ongoing support for the administration and implementation of the Security Information and Event Management (SIEM) tool (ArcSight and McAfee/Nitro Security ESM)
Network Security Officer
- Assisting organization in transitioning from DITSCAP to DIACAP by analyzing current business processes, procedures, security posture, and subsequently developing key documentation in the DIACAP and C&A process
- Developing documentation using Confidential 800 Special Publications and other industry standards and best practices
- Participating in the creation of the organizational Contingency of Operations (COOP) utilizing Confidential documents and Federal Continuity Directive 1 (FCD 1)
- Developing the Information Systems Contingency Plan and System Security Plan templates for the AISs within the organization to utilize
Confidential - Kansas City, MO
- Assisting 2nd tier technicians with troubleshooting issues such as, system crashes, slow-downs and data recoveries within an enterprise datacenter
- Engaging and tracking of Priority 1 issues, with responsibility for the timely documentation, escalation (if appropriate), resolution and closure of trouble tickets using ITIL v2 methodology
- Providing physical security and assisting in disaster recovery exercises