TECHNICAL SKILLS:

Security Tools: Nessus, ArcSight, Metasploit, BackTrack, SourceFire, Wireshark, Palo Alto, Juniper Netscreen/SRX, Cisco ASA, Tripwire Enterprise, RSA Netwitness, Solera, Oakley SureView

McAfee Suite: Firewall, Email Gateway, Web Gateway, ePolicy Orchestrator, HBSS

Database Tools: Oracle 10g/11g, MySQL, PL/SQL

Programming: PHP, Perl, C++, HTML5

Operating Systems: Windows 7/XP, Red Hat Linux, Ubuntu

PROFESSIONAL EXPERIENCE:

Confidential, Arlington, VA

Security Architect Lead / Manager

Responsibilities:

• Security Architect Lead responsible for consolidating IRS public user (PUP) and Registered User Portal (RUP) into an Integrated Enterprise Portal (IEP) environment to support back end tax return filing applications for the IRS.
• Managed a team of technical engineers maintaining existing infrastructure security using McAfee HBSS, Tripwire Enterprise, Tenable Security Center, and SIEM tools for the IRS.
• Created and executed a security roadmap for IEP for optimizing security efforts and lead deployment of new security projects using security engineering best - practices.
• Deployments included expansion of RSA EnVision SIEM solution in order to monitor and detect threats to the IEP environment and Tenable Security Center for analysis and centralized reporting as part of the vulnerability management lifecycle.
• Leading deployment of a Web Application Firewall (WAF) at customer’s edge in conjunction with Akamai Kona Web Security solutions.
• Leading deployment of InfoSphere Guardium to scan and detect vulnerabilities and misconfigurations in MS SQL, Oracle, and MySQL servers.
• Supported various internal and external audit requests from Treasury Inspector General for Tax Administration (TIGTA).
• Documented Security Impact Assessments (SIAs) for Firewall changes and evaluate changes to the architecture in order to improve the overall IEP security posture.
• Created a presentation on Advanced Persistent Threats to drive a requirements gap analysis on developing mitigating strategies to combat APTs, and presented findings to IRS PPMO.
• Created a Policy Statement (CPS) and led deployment of designing an internal Authority (CA) using Active Directory Services (AD CS) to deploy internal s.
• Current active participant in developing a Security Operations Center (SOC) from the ground-up from planning core security services that will be offered and leading efforts to build out a new SIEM tool central to incident response processes and procedures.

Confidential, Fairfax, VA

Principal Cyber Security Engineer

Responsibilities:

• Project Lead for deploying RSA Netwitness Suite and Solera DeepSee to include all phases of the Project Life cycle from creation of the Project Plan to implementation and integration with FireEye Malware detection software for DIA networks.
• Integral member of CND Security Engineering team responsible for configuring, testing, and deploying security devices including Palo Alto firewalls, BlueCoat SG proxy, EnCase, Lancope, and Cisco ISE.
• Worked with SOC Personnel to implement forensic capabilities and train administrators in incident handling procedures as well as lead and Accreditation (C&A) activities for deployment.
• Created necessary documentation pertaining to approval of testing and operation of security tools including ICD 503 (NIST SP ), Network Diagrams, Critical Design Review, and Production Readiness Review documents concluding with STIG review and analysis for hardening network devices.
• Installed and configured Insider Threat detection tool (SureView) in a production environment and managed back-end Oracle database. Performed server hardening on a Red Hat / Oracle server in order to secure the environment defined by DoD STIGs for Oracle 11gR2.

Confidential, Ft. Belvoir, VA

Principal Systems Engineer

Responsibilities:

• Supported NGA Enterprise Cyber Security infrastructure by configuring and troubleshooting Web/Email Gateways, creating and maintaining firewall rule sets, and reporting on campus-wide health metrics.
• Served as Technical Lead of Email Security overseeing all email traffic for the enterprise utilizing McAfee Email Gateway appliances to block malicious emails and spam, investigating spear-phishing incidents, as well as supporting routing issues from external entities.
• Responsible for configuration, deployment, and maintenance of Tripwire Enterprise asset baseline monitoring tool to determine changes in infrastructure, aid in incidence response procedures, and briefed security compliancy against DISA standards and guidelines to upper management.
• Served as HBSS Administrator providing compliancy reports to management using VSE, HIPS, and DLP, as well as troubleshooting issues with agent to server communication in a virtualized Windows and Linux environment.
• Configured and maintained a collection of ePO servers from the ground up supporting an HBSS infrastructure of over 5000 nodes, including tuning HIPS policies and trusted applications, and responsible for overseeing patch upgrades.
• Built out and configured a SourceFire IDS box to include setting up IDS alerts, writing custom rules and policies, and monitoring for suspicious traffic per incidence response procedures.
• Deployed and configured multiple security contexts (zones) for virtual routes using Cisco ASAs to support NGA missions to segregate entities based on policy.
• Interfaced with Perimeter Defense and NGA CERT teams while participating in Cybersecurity Integrated Product Team (IPT) and Controlled Interface Policy Board (CIPB) Meetings to resolve time-sensitive issues in support of the mission.

Confidential, Arlington, VA

Senior Security Engineer

Responsibilities:

• Served a dual-role as Lead Database Engineer and Insider Threat Analyst for the Department of State. The project involved all aspects of the life cycle from procuring hardware/software, setting up the environment and deploying an Insider Threat Detection tool, as well as administration of the back-end Oracle database.
• Major DBA responsibilities included performing backup and recovery procedures, performing database tuning and performance monitoring, and implementing and maintaining database security through patching and user/role administration.
• Conducted analysis of captured end-user, computer, communications, and security event data to determine security vulnerabilities, policy violations, and malicious behavior. These violations were then reported to special agents and counter-intelligence officers through the appropriate channels.
• Participated in a Red Team penetration test involving exploiting vulnerabilities in Oracle, MySQL, and Microsoft SQL Server database servers, Cisco switches/routers, and Blackberry Enterprise servers using various tools in Backtrack and the Metasploit framework.
• Performed server hardening on a Red Hat / Oracle server in order to secure the environment defined by the security baseline of the organization and DoD STIGs for Oracle 10g.
• Designed and implemented an internal Threat database detailing Spear Phishing attacks. This included creating a user-interface for analysts to enter in data more easily, creating queries and reports based on statistical analysis and presenting results to DoS and FBI counter-intelligence officers.