PROFESSIONAL EXPERIENCE

Lead Security Engineer

Confidential

Responsibilities:

• Led vulnerability and compliance scanning effort for the entire enterprise environment.
• Managed the Qualys Enterprise system to provide remediation reports for teams in the field to prepare to pass SOC2 and PCI audits.
• Performed design review of new offerings to meet security standards, and practices.
• Led the re - architecture of the scanning infrastructure across 22 data centers which dramatically increased the scanning performance, and accuracy.
• Managed, on-boarded, and trained new customers, users, and engineering lab teams, to perform vulnerability and compliance monthly scans.
• Wrote, and published host scripts for delivery teams to prepare and remediate systems in the field.
• Developed Qualys API targeted automation of reports and operation support.
• Managed the vulnerability and compliance scans of 60k+ hosts of both the management infrastructure, and the HPE managed customer compute environment.
• Successfully led the scanning effort, resulting in HPE obtaining a PCI-DSS certification in the virtual private cloud (VPC) environment.
• Provided engineering support, including proof of concept for several other security feature projects that enhanced the virtual cloud-based offerings. Those included PIM, WAF, SIEM, BUR, MFA, SSO, other security initiatives.
• Published reports and documentation to Jira and Confluence.

Senior Linux Engineer

Confidential

Responsibilities:

• Java Message Service (JMS) Topic development.
• Developed Perl scripts to publish and subscribe to ActiveMQ message brokers in an enterprise environment, for the purpose of automating the selection of most recent ZML (zoomed xml) inventory signature files for Linux (primarily Red Hat Enterprise Linux).
• Published project details to a message topic for production.
• Developed subscriber-side Linux Perl scripts to subscribe to the topic via local message brokers to retrieve signature files on a scheduled basis for the purpose of obtaining software, and hardware inventory of the Unix/Linux fleet.
• Published the Topic development project details to the department media-wiki page for use by other members of the team.
• Provided Red Hat Linux engineering support during POC (proof of concept) initiatives in development, while providing detailed migration steps to transition to production.

Senior Security Consultant

Confidential

Responsibilities:

• Engineered a very complex migration of a 9-zone DMZ from a PIX/ASA 8.0(3) firewall pair, to Check Point R71.40 firewall appliances, running SPLAT Pro in HA mode in ClusterXL configuration, in a Provider-1 environment.
• Engineered multiple zone-to-zone traffic flows, with extensive one-to-one, and one-to-many static NATs. Strategically placed Hide NATs to support a variety of global NAT scenarios.
• Built objects, converted policy rules, implemented proxy ARPs to facilitate a number of many-to-one static translations. Managed customer expectations.
• Worked with the test team to resolve a number of state-related traffic issues with F5 load balancers, and B2B connectivity during the testing phase.
• Successfully guided the live cut-over during a global maintenance window. Very visible, very critical, successfully deployed.

Senior Network Security Engineer

Confidential

Responsibilities:

• Analyzed Check Point Firewall running R75.x to determine Active Directory connectivity issues., and recommended viable solution to resolve mobile access and remote VPN authentication.
• Provided consultation in the area of traffic analysis, bandwidth management, traffic shaping, authentication, and related wireless account management issues.
• Assessed, the clients DMVPN network. Recommended Cisco-based embedded solutions to support their 2900/3900 Cisco routers with Waas service modules.
• Explored, and presented alternate solutions as well.

Senior Network Security Engineer

Confidential, Northboro, MA

Responsibilities:

• Designed complex Check Point firewall architectures (127 firewall devices), including configurations, policy implementation, image and package upgrades, as well as multiple new builds to support secure application flows for EMS, DMS, and OMS.
• Upgraded existing Check Point appliances, and Nokia firewalls, from R65 to R70. Upgraded Nokia platforms from IPSO 4.2 to 6.2.
• Planned and engineered new network infrastructure of Cisco Routers, and switches, including hundreds of VLANs across multiple geographically dispersed data-centers to support extensive application architecture.
• Analyzed application flows to determine firewall policy. Built IPSEC VPNs between primary and DR sites to support development and testing. Interacted with IS and business groups to develop network security related solutions to solve situation specific problems.
• Corrected other complex technical issues that surfaced during project planning, and implementation.
• Utilized industry best practices for network security, and common data encryption standards, as well as advanced knowledge in the application and administration of DMZ environments, principles, and practices.

Principal Network Security Engineer

Confidential, Cambridge, MA

Responsibilities:

• Technically lead, Designed, and implemented infrastructure projects, and transitioned each to production. Designed a distributed network and firewall architecture across multiple data centers to provide redundancy and disaster recovery.
• Engineered end-to-end complex design and implementations to support new IT applications, capabilities, sites, and business requirements.
• Evaluated Intrusion Prevention (IPS) solutions from SourceFire, Juniper, Tipping Point, StoneSoft, Force10, and some other open source options as well. Performed security scans using Nessus, Nmap, MetaSploit, and other tools.
• Performed in-house testing using live data streams across 10GB connections. Generated detailed report of findings, and presented final recommendations to management.
• Designed and lead the implementation of the Tipping Point IPS infrastructure that included strategic placement of in-line (active mode) devices at locations across the enterprise, and centrally managed with clustered management systems. Redesigned the front-side network using co-location clustering to fortify the firewall functionality within the enterprise, using StoneSoft Firewalls and multi-site VPN implementation.
• Installed Blue Coat IDS/IPS network appliance with content filtering on public-facing networks. Migrated the FDA regulated network into the primary network to form a more robust and unified solution.
• Lead engineering staff and vendors to formulate new design of critical network infrastructure, primarily of Foundry and Cisco routers and switches. Surveyed existing network infrastructure at remote sites, and published unified design plans, and Visio diagrams to standardize the security function across the enterprise.
• Integrated routing of EIGRP, OSPF, and static networks to improve the dynamic routing flows, and fail-over mechanisms. Designed enterprise dashboard solution using Orion, by SolarWinds, to monitor performance, connectivity, and trending of the global network. Orion was also used to provide reporting to upper-level management, and engineering, and to enhance the third party monitoring function.