PROFESSIONAL SUMMARY:

• I bring 14+ years of solid and proven experience in ESM /Security Engineering and ArcSight, Secure Data, Attala Consultant / Technical (ESM security SW and Storage), PC/Mac / Network / Help Desk support, LAN/WAN/SAN administration/ management
• Engineering, security, Wireless LAN, PC/Server Hardware/ Software/ Network troubleshooting / Email Disaster Recovery, Storage, Data center technologies, AWS (Amazon Web Services), KRI. KPI Reporting and Cyber security positions in public, very secure
• Defense Contractor environments, state of Texas MOSAIC and US Army, In local and international companies, customer service and team work to apply for the position of Cyber Security Engineer / ArcSight Consultant / Network Administrator.
• Please, refer to the enclosed data sheets for details of my and experience. I have 12 years of experience in Network (Windows 2016/2012/2008 ), Novell multi - servers and Exchange 2013/2010/2007, Outlook 2007/2010/2013/ GroupWise) administration of Engineering / Financial Corporations / Banks / city government(s) information systems, including Active Directory FDS, AZUR, MFA, using PowerShell 4.0, 5.0, HW/SW trouble shooting, maintaining computer network servers, E-mail and backup systems, Internet, remote computing/clients
• Firewalls, Cisco Routers/switches, Metasploit, Rapid7 IDR, Rapid7 Nexpose, SCSI / iSCSI, RAID, TCP/IP, DHCP, DNS, VPN, MYSQL, SAN, NAS, VMware (ESXi 5.1, vSphere, Vcenter), Linux/Win 7, Win 8, Win 10, MS office 2007/2010/Office 365 / Office 2016
• Telephone, telecommunication systems, T1 / T3 / OC-3 (Fiber), as a Net Admin. or supervisor some of my contributions to the IT/engineering teams included, engineering/managing projects, CADD management (incl. Utilities and mapping), network troubleshooting and supervising projects from schematics to finished product. Managing a $200,000 to $ 850,000 PC/Network budget, vulnerability assessment, progress reports, cost studies, MTBF studies, inventory reports and HW/SW purchasing.

PROFESSIONAL EXPERIENCE:

Confidential - Dallas / Austin, Texas

SIEM / SOC Threat Engineer

Responsibilities:

• Participate in a SOC team providing twenty-four (24) hours a day and seven (7) days a week services and ensure client SOC/Threat Hunting can be reached at all times during incidents
• Raising Incidents to be managed by the next level of support for risk remediation. Ongoing triage, diagnosis and resolution of Incidents
• Root Cause Analysis with identification of the root cause, and an action plan and estimated time to complete remediation
• Providing incident management
• Delivering an incident report with analysis and recommendations
• Support risk mitigation or issue resolution following an event or incident
• Maintain customer’s SIEM (Splunk / ArcSight) in accordance with customer policy and best practices, including patching and policy management, as well as service management processes and objectives.
• Deliver Threat Hunting, Incident Response, and SIEM related services in accordance with client’s contractual obligations, upholding contracted service levels, ensuring constant security monitoring, triage, analysis, alert, and incident response.
• Monitor the customer network, including monitoring and configuring site to site VPN tunnels, monitoring firewall infrastructure, and monitoring IPS infrastructure, including reporting of any incidents to Customer’s service desk
• Conduct relevant risk mitigation
• Resolve security-related incidents or breaches detected within enterprise IT environment by liaising with other Customer Contractors, hardware manufacturers, and other resolver support teams as required
• Participate in quarterly security tabletop, red team v. blue team exercises, and live drills of incident run books with Customer staff to facilitate brainstorming, improvement, and creativity in incident response

Confidential - Washington DC

Cyber Security Analyst Sr.

Responsibilities:

• Monitor various security tools (e.g., Splunk, Splunk Enterprise Security, Palo Alto Networks, SourceFire, Cisco ASA, Cisco Firepower) to identify potential incidents, network intrusions, and malware events, etc. to ensure confidentiality, integrity, and availability of VA architecture and information systems are protected
• UseSplunk ES SIEM to respond to incidents detected on the VA network
• Reviewing and analyzing log files to report any unusual or suspect activities
• Use incident response use-case workflows to follow established and repeatable processes for triaging and escalating
• Generate trouble tickets and performing initial validation and triage to determine whether incidents are security events.
• Complete investigations in to identified cyber events and hand over as appropriate
• Follow established incident response procedures to ensure proper escalation, analysis and resolution of security incidents
• Develop and maintain Incident Response procedures and Security SOPs.
• Analyze and correlate incident event data to develop preliminary root cause and corresponding remediation strategy
• Communicate effectively to all customers and stakeholders
• Work with other contract teams to effectively respond to cyber incidents
• Provide technical support for new detection capabilities, recommendations to improve upon existing tools/capabilities to protect the VA network, and assessments for High Value Assets

Confidential - Williamsburg, VA

Network Cyber Security Engineer

Responsibilities:

• Respond to computer security incidents according to the Computer Security Incident Response Policy (CSIRP)
• Deploy security related systems and security in business systems, including VMs, POS and TERMs
• Enforce policies and procedures to govern systems access, usage, data access and security of digital assets using GPO, SCCM, SCEP
• Monitor security tools (NEXPOSE, Rapid7 and Malwarebytes across the enterprise and respond to alerts accordingly
• Identify, analyze and communicate information security vulnerabilities using daily reports, JIRA
• Promote security awareness and compliance initiatives to ensure system integrity and security
• Responds to security service requests, troubleshoots system/user issues and supports change management procedures.
• Administer network security technologies (Cisco Firepower, Firewalls (Fireeye), IDS, IPS, log management, Endpoint Protection, patch management, etc.).
• Performs scans using Rapid7 NEXPOSE to assess vulnerability and take corrective action for data security risks, Preparing KRI, KPI Cyber Security metrics Reporting using MS SCCM, plus KRI, KPI Reporting
• Manage third-party encryption distribution (SSL, Code-signing, etc.)
• Plan and lead the tasks required to ensure regulatory compliance (PCI, HIPPA, etc.)
• Analyze current security practices and make enhancements to increase their effectiveness.
• Write and maintain security documentation and reports / JIRA.

Confidential - Austin, TX

Arcsight Content System Engineer

Responsibilities:

• Participate in the operation of a Global ArcSight Security Information and Event Management system, to include; ArcSight ESM, Oracle, Connector appliances, SmartConnectors, Logger appliances, Windows and Linux servers and a variety of network and security related devices
• Responsible for implementing part or all of the technical solution to the client, in accordance with an agreed technical design.
• Occasionally responsible for providing a detailed technical design for enterprise solutions.
• Collaborate with Confidential Engineers in order to provide part or all of a detailed technical design which meets customer requirements.
• Provides planning and design support for the development of solution architectures that will be implemented in a multiple system environment.
• Develop and deploy content for a complex and growing ArcSight infrastructure; including use cases that involve Dashboards, Active Channels, Reports, Rules, Filters, Trends, and Active Lists
• The ability to design, deploy and configure an ArcSight ESM Architecture for high-availability and failover.
• Tune ArcSight performance and event data quality to maximized ArcSight system efficiency.
• Perform routine equipment checks and preventative maintenance.
• Provide optimization of data flow using aggregation, filters, etc.
• Develop custom Flex Connectors as required to meet use case objectives
• Apply Configuration Management disciplines to maintain hardware/software revisions, ArcSight content, security patches, hardening, and documentation
• Supporting the establishment, enhancement, and continual improvement of an integrated set of correlation rules, alerts, searches, reports, and responses.
• Coordinating and conducting event collection, log management, event management, compliance automation, and identity monitoring activities, in addition to Preparing KRI, KPI Cyber Security metrics Reporting

Confidential - Austin, TX

Microsoft Dynamics 365 / CRM Consultant

Responsibilities:

• Provide technical Consulting including State of Texas / Louisiana / New Mexico MOSAIC for WIC application(s) during converting many applications from Legacy (DOS) to GUI working on Win 10 / Microsoft Servers. Collaborating with IT / Development engineers to troubleshoot multiple migration issues and adding new feature for smooth transition to GUI (Win 10) Operating system platform.
• Provide Technical to state employees and management staff during Pilot phase to final implementation phases.
• Conduct consultation / collaboration with Desktop support team for MOSAIC application to help clinic staff using the application serving customers during Migration to finished product. IDS/IPS + Forcepoint, Carbon Black (Cloud Based), Qradar, and application / Website security.
• Development and review of new consultation / materials by analyzingmany engineers and team member feedback to provide a better and lab material.
• Advise senior leadership / managers on clinics performances and State of Texas team members experiences and Recommend actions for improvement strategies during final phases of the project.

Confidential - Austin, TX

ESM / Arcsight Engineering / Security Content Development

Responsibilities:

• Provide technical Consulting / including HPE ArcSight, Atalla and Voltage (Secure Data) (as ESM /SIEM solutions) to HPE customers (gov./ Internal / Global - in US and International), in person and virtually. Including Python scripting, ArcSight Logger, ArcMC, and ArcSight Activate.
• Ensure effective delivery of big data analytics solutions to support the highest competence level for better security against current security threats.
• Conduct consultation to adjust HPE SW to serve as Cybersecurity shield for customers, mostly Microsoft Networks containing Active Directory (AD), DNS/DHCP, using PowerShell and Linux, Exchange, Hyper-V, SQL and Linux. IDS/IPS, IBM Qradar, Forcepoint threat intelligent monitoring.
• Development and review of new consultation / materials by analyzingteam member feedback to provide a better return on their investment.
• Advise senior leadership / managers on classroom performance and HPE team member experiences and Recommend actions for improvement strategies as SME for Microsoft / Financial / ESM / SIEM products portfolios.
• Collaborate with Cyber Security Experts, Technical Writers, and Services to insure accurate
• Contents are delivered to meet government / local / military / global customer needs.

Confidential - Round Rock, TX

Technical Senior Advisor

Responsibilities:

• Deliver technical Consulting / including Dell Equallogic, Compellent / Microsoft Networking Storage, SIEM / Cyber Security to Dell customers (Field Engineers/ Administrators), Team members through A combination of blended Cyber Security solutions. IDS / IPS, Qradar, Forcepoint.
• Execute and share best practices for ensuring excellence in consulting / and performance.
• Ensure effective delivery of Security solutions to support the highest competence given the level of Knowledge and skills for mostly Microsoft Networks containing Active Directory (AD), DNS/DHCP, Exchange, PowerShell 3.0, Hyper-V, SQL ..
• Provide consulting and adjust materials to better serve as security shield for customers for mostly Microsoft Networks, Linux, AWS and Virtual Servers.
• Development and review of new materials by analyzingteam member feedback and providing feedback for recommended revisions to course curriculum.
• Advise senior leadership / managers on classroom performance and Dell team member experiences and recommend actions for improvement strategies
• Provide subject matter expertise (SME), advice and program delivery.
• Sought after for contributions to the development of new techniques and strategic planning expertise

Confidential, Austin, TX

Technical Instructor

Responsibilities:

• Deliver Microsoft/CompTIA (A+, Net+, MCSA) classes including: Windows 2003/2008/2012 server configurations, setting up small to large network infrastructures
• XP/Vista, Win 7, 8, AD, DNS, DHCP, TCP/IP, configuring routers, switches, Wireless /CWNA technology, Firewalls, Network software and hardware troubleshooting.

Confidential - Austin, TX

Network Administrator

Responsibilities:

• Administered the day-to-day operations of a network (Three 300 nodes) including 40 Microsoft Windows (2003/2008/2012 ), Linux, and Virtual servers (VMware) including hardware/software troubleshooting, design and implement data connectivity for LAN/WAN/VLAN/WLAN systems.
• Managed wireless communication between 3 large campuses (Three 300 nodes). provided network and remote connectivity, Hardware and Software support
• Maintain LAN/WAN network diagrams, installed, designed, configured, and maintained CISCO routers, switches.
• Track Security issues & analyze - using IDS/IPS, Firepower tools
• Support and maintain both physical and virtual network servers and appliances
• Maintain and troubleshoots the Storage Area Network (SAN)(HP storage works)
• Administered AD, DNS, DHCP, VOIP,VPN, MS SQL 2008, Exchange server 2010
• Perform daily server tape backups
• Administered Lansweeper, McAfee e-policy orchestrator centralized tools to manage all issues, manage firewalls and network security
• Provided services and support to consultants/web developers/software engineers providing internet and intranet user support.

Confidential, Fort Hood, TX

Lead Microsoft Instructor /Advisor

Responsibilities:

• Provide consulting / of Microsoft Windows 2003/2008/CompTIA classes, including server configurations, setting up small to large network infrastructures customized for the military/DoD regulations, Vista, Win 7 configuration/Win 7 Enterprise desktop support, AD, DNS, DHCP, TCP/IP, configuring military class routers/switches, Network Security, Firewalls, Network software and hardware troubleshooting.
• Designed and built Networking lab environments on which Soldiers could learn and practice.
• Manage CISCO routers, switches