OBJECTIVE:

• To obtain a position in Security Architecture, Compliance, Security EngineeringCommutable from Royersford PA.

PROFESSIONAL EXPERIENCE

Confidential

Cybersecurity Engineer

Responsibilities:

• Currently working on Splunk setup, Procedures, and Rapid7 Nexpose troubleshooting.
• Fine - tuning of log source management, Reports, and Alerts.
• Policy review and Windows 10 Desktop Pilot Project, testing.
• Experience with Windows, Linux, vulnerability assessment tools, firewalls, IDS/IPS, HIPS/HIDS, Nessus, NMAP, SIEM, Splunk, Rapid7 Nexpose and InsightVM, WAF, routers, switches, VMware, Endpoint Security, Cloud Security, Symantec Endpoint Protection.
• Knowledge of information security principals, including cybersecurity defenses, threat and vulnerability management, incident response, and identity and access management.
• Incident Response - Petya/Wannacry, Phishing investigations.
• Vulnerability response - Spectre and Meltdown response formulation.
• Phishing email and processes - Proofpoint Protection and TAP, Symantec SEP.
• Determination of websites to be blacklisted

Confidential

Cybersecurity Analyst/Engineer

Responsibilities:

• Point of contact for Sage managed service implementation, and all log source engineering.
• Worked with current and potential vendors to test and select the next SIEM for supplemental capability and local log retention/archival.
• Incident Response - Petra example: Notified and updated management of status, updated patching reservoir with latest MS patches, monitored multiple sources - NH-ISAC bulletins and vendor notifications. Worked with Web department, Citrix, and Windows management to assure latest patches were available and process updated.
• Managed analysis of suspected phishing emails using Sandboxie, LinkChecker, and KALI Linux tools, updated all proxies and communicated findings as needed.
• Performed investigations into alleged misuse of IT and Web resources, and possible account thefts. Most investigations done with SIEM correlation, but many other tools were used as well:
• ADAudit, Checkpoint Smart Dashboard, Checkpoint SmartLog, Bluecoat Reporter, ClearPass, nDiscovery, Cygwin, WinSCP, Powershell, dsget, dsquery, wget, cURL, psexec, WMI, etc.
• Worked with Windows and Unix/Linux departments to create test hosts for Splunk and ELK/Elasticsearch and special-case log sources - OPSEC LEA etc. Ubuntu, RHEL7, apt-get, dpkg, make, yum, rpm, to create and modify hosts for various proof of concept evaluations.
• Worked with vendors from Sage, Splunk, QRadar, and LogRhythm, and vendors of various associated products and services.
• Installed and configured Splunk 7-node implementation including inputs for Windows, AD, Files, MSSQL, EPIC, Citrix, Netscaler, OPSEC LEA, Apache clusters, Bluecoat Proxies, Bluecoat Reporter, Palo Alto, Checkpoint, SmartCenter, RHEL6, Kiwi Logger, Peoplesoft, Oracle, vCenter, Snare, Syslog, VPNs, Aruba Wireless controllers, AirWave, and scripted the sharing of these resources among SIEM candidates.
• Approximately 24% of my day was dedicated to meeting with and evaluating potential vendors/products on TUH’s next generation network, to achieve a level of separation from Temple University due to conflicting requirements. Our team of 3 represented CISO in meetings with potential vendors, regarding security architecture.
• At various times me captured Drive and Memeory images for analysis and proposed methods of implementing capture by front-line desktop support.
• Evaluate Network Security products and architecture.
• Installed first ELK/Elasticsearch instanceto offset OPSEC LEA collection from Checkpoint
• Modifications of design and architecture covering three core data centers and 4 acquisitions with different contractual and socialization issues, including considerations for future data center consolidation.
• Eventual migration of existing logging solution over to Dell SecureWorks Log Retention Service
• Log path and firewall options between sites with various bandwidth limitations.
• Worked with client vendors to resolve log path and compatibility issues such as combining logs from Change Auditor, InTrust, Snare, Universal Collector, Networking issues.
• Security monitoring and Log Retention with regard to disparate regulatory requirements.
• Advised on Implications regarding standards - ISO 2700X, HIPAA, PHI, PII, SOC2, HITRUST CSF, SOX, PCI-DSS, GLBA, CFR 11, regarding site security integration security issues and portability implications.
• Log Logic SIEM migration to LogVault2 (basically the same product by two vendors)
• SecureWorks port connectivity requirements for monitoring/managing interfaces to iSecure, and other IDS/IPSs.

Confidential

LogRhythm SIEM Systems Engineer

Responsibilities:

• Daily administration, break-fix, and upgrade duties.
• Researching unparsed/unidentified logs, creating and implementing new log-source types.
• Devising and implementing architectural modifications to LogRhythm’s largest single deployment.
• Researched data collection issues involving ASA and Brocade firewalls, and F5 LTM routing.
• Worked with two peer engineers, SOC, Security application groups, Vendor Engineering Services.
• Devised simple/TEMPeffective Powershell and T-SQL processes to accelerate diagnostic response.
• Implemented modifications to VIP and IP to accommodate and isolate load balanced traffic for analysis.
• AGILE shop: me documented all processes, developed and distributed my scripts to all peers.
• Worked to identify and remediate issues and provide reports concerning compliance with ISO 2700x, general PII and HIPAA issues, SOX, SOC2, PCI-DSS, and others in a strictly compliance-sensitive industry.
• Hands-on hardware, firmware, OS, Cluster, Network, F5, NetApp, install and prep of all hardware.
• Remote installation and configuration of (8) McAfee satellite sites running on ESXi and Windows guests.
• Assisted with Installs of MS SQL Server for failover-clustered ePO Database Server and teamed NICs
• Clustered VMs, Clustered MS SQL Server, Clustered Windows Server 2008 R2
• Worked with iSCSI, BIOS, and Firmware upgrades to all hardware, performed hardware driver installation locally and remotely, and configured the iqn assignment between servers and NetApp SAN Clusters.
• Documented routine tasks on NetApp SAN, F5 LTM and GTM Load Balancers, VIP, Switch replacement.
• Remediated VA findings on F5, Nexus switches, certificates, Maintenance LAN, for compliance.
• Participation in FISMA discussions and implementation with particular focus on PII, and PHI
• Wrote procedures for routine maintenance tasks for SE and SA functions to be assumed by VA personnel.
• Performed or oversaw install and replacement tasks on all datacenter hardware.
• Cisco TAC POC on diagnostic calls and RMAs for all Cisco hardware in non-networked “Lights-Out” datacenter, later managed remotely once networked.
• Enabled vendor access as authorized, to include using Cell Hot-spot to connect pre-live equipment.
• Created AWS EC2 cloud linux instance, installed LAMP components, to transfer an ILIAS training server to.
• Stood up the new servers and configured accounts/security to customer specs.
• Installed and tuned apps, worked with developers in tuning.
• Documented build and SA processes for handoff to Global Net contractors.

Confidential

XBO Production Support Engineer

Responsibilities:

• Splunk monitoring and analysis of data transfer issues, system status during batch deployments.
• Persistent bus monitoring, restarting and clearing queues, tier four support of customer issues.
• Analysis of process flow interruptions. software upgrades. Scripted Splunk reports.
• DevOps SOA. RESTful ActiveMQ messaging to AWS SMS/SQS message handling.
• Agile Continuous Production - represented Production at coding scrums and validations.
• Performed manual transfer of sessions and accounts synchronizing Oracle and Cassandra records manually.
• Confluence, Jira, Campfire, cURL, SOAP, JSON, Ruby, Bash, ksh, SQL, NoSQL, Python, XML.
• Cygwin, Postman, VisualVM, Op5, Hector, Cygwin, IntelliJIDEA, NetBeans, Eclipse.
• Provisioning, STB’s, Some DOCSIS troubleshooting to STB, Account DB, Billing DB.
• 24/7 remote support of Network Monitoring appliances Certify and QA tickets for bug-fixes.
• SNMP Device Certification.
• Wireshark, nmap, NetSNMP OpenSQL, php. ESX support, Cisco NetFlow.
• BlackBuntu, BacTrack 5r2, Linux Mint, Gentoo Linux, Ubuntu, xubuntu.
• Open Source environment - OpenOffice documentation, Mozilla Firefox, etc.
• Corporate web domain, and VCenter, (ESX) running on Google Cloud infrastructure.

Confidential

Security Engineer Leader

Responsibilities:

• Solaris 8, 9, 10-Zoned, Red Hat Linux, SuSE, VMware virtuals, Oracle Enterprise Linux.
• SRR and Retina scans to monitor DISA STIG, FISMA and PII compliance.
• Worked with Army/DoD Auditors and Unix Group to resolve findings and mitigate vulnerabilities.
• Army Audit Compliance issues to include NIST 800 series, PII, PHI, all mil IT standards.
• Responsible for Unix/Linux representation during DIACAP periodic reaccreditation process.
• Mitigation Strategy reports, determination of False Positives and their cause.
• Provided technical justification for findings dat could be excepted based on unique architecture.
• Created a custom bash-scripted environment to push out updates, run scripts remotely, and retrieve results.
• Provided all unix-specific ArcSight and McAfee support.
• Automated (cron) a system to allow custom pulls of most recent run and add results to repository servers.
• Performed initial SRR, Nessus, and Retina scan certification of all new Unix/Linux hosts.
• Account Security: Enterprise Security Manager, Trusted Agent CAC PIN Reset
• Primary responsibility for site account requests based upon investigation and adjudication data provided.
• Performed and automated installation and testing of McAfee Security products on al *nix variants.
• Solaris, Oracle Enterprise Linux, SuSE Linux, and Red Hat Linux.
• Installation and update processes scripted and turned over to the Unix Team to run.
• Moving all Unix/Linux scanning to McAfee HIPS, HBSS 4.5 and EPO per DISA requirements.

Confidential

Software Engineer Leader

Responsibilities:

• Provided onsite engineering support for Aegis, BMD, and CR-2 support as needed.
• Provided lab and testbed support involving “Anything dat touches Aegis”
• documented and operated various simulators for Anti-Submarine Warfare, Air to Air Combat Control.
• Attended (test) missile engagement, resolved IRIG time, NTDS, RS442, OS, and Data recording issues.
• Support included acting as a stand-in for all types of console and simulator positions for Lockheed Marin.
• Diagnostic kernel trace, debug of C, C++, ADA code, Network Analyzer (NAM)
• UYK-43 boot and operation, layer 1-3 network troubleshooting of backplane, VMEbus, and cabling.
• Worked with the NightStar suite Ntrace, Ktrace, Nview, and later the RedHawk RT linux.
• Participated on Lockheed Martin CIIT Team to track and resolve problems which transcend baselines.
• Wireshark, Cisco NAM, TFTP, SNMP, SMTP, Java, Custom Clustering and HA
• Devised means for distributed use of X-based applications, connecting multiple labs for lab use.
• All Documentation and operations performed within FMS releasability restrictions.
• Timing studies, logfile access, Korean Font capability, Tactical display issues.
• Participated in test shots including LINKEX, JAMEX, and reserved lab time for my own test shots.
• Worked on Mission Planner video (X) issues. Worked with Engineers, Managers, Programmers.

Confidential (Continued)

JCALS Computer Scientist/Systems Enginer

Responsibilities:

• Various phases: 586 people when me started, me was one of 10 when it was handed to Army.
• 2nd level Unix Admin serving 64 military bases remotely, with some onsite (travel) support.
• Administration of Internal Citrix farm running civilian version of JCALS (ACES).
• Supported Citrix farms fielded as part of NEXTGEN, and JCALS Thin Client Web Servers.
• Documented process for remote login via Terminal Services for remote management of DoD web servers.
• Responsible for Security scans and Maintenance drops run on CITRIX farms.
• Prepping and shipping Checkpoint and Cisco firewalls under direction of Networking dept.
• Maintenanace of DoD FTP Interfaces - AFTOX, SATODS, ATOMS, links.
• HP-UX 11, Solaris 8, Solaris 2.6, Dec Tru-64 5.1, Citrix Metaframe XP farms.
• Major deployments done off-hours over long nights and weekends routinely.
• Ran all routine Oracle tasks as directed by DBA staff.
• me took the initiative to conduct “Unix classes for Subject Matter Experts” as an extra-curricular.
• Tape libraries, Backup software, RAID arrays, Sun installs, Veritas and DiskSuite support.
• Demo Showroom support: installed and configured Brocade SAN, SunRay and Qlogic SAN.
• Citrix Windows back end deployed on SunRay thin-client – portable sessions.