Senior Security Engineer Resume
SUMMARY:
To attain long - term employment within an organization that exhibits growth, sustainability and a commitment to its customers and employees and in turn provide excellent value by increasing effectiveness of security infrastructure while minimizing costs.
PROFESSIONAL EXPERIENCE:
Confidential
Senior Security Engineer
Responsibilities:
- Provide global senior security engineer level support to Confidential global operations.
- Responsibilities include, but are not limited to, direct assistance to Confidential to facilitate internal auditing of security infrastructure for risk assurance assessment.
- Engineered FireEye deployment and additionally provide subject matter expertise on McAfee IPS and Checkpoint R77.20 using URL and IPS blades.
- Oversee the rebuilding of Splunk SIEM environment to the latest recommended standards.
- Upgrade Symantec Endpoint Protection Manager and 10,000 clients to SEP 12.1. Assist with vulnerability remediation and patch lifecycle management.
- Created and or modified existed documentation to communicate security related procedures, policies, guidelines and processes effectively.
- Support deployment of F5 APM 11.41 provide subject matter expertise on McAfee IPS, Checkpoint IPS and FireEye ATP solutions.
- Cross train regional security team members and staff outside of security.
- Evaluate and recommend the addition of security solutions that add value and benefit to the organization while minimizing costs.
Confidential
Senior Security Engineer / Consultant
Environment: Checkpoint Provider1 75.40 NGX R70, 70.20, 70.30, Cisco ASA 5500 8.0(4), 8.1(2), Fortigate 3950-b, 100D, 80C, 600C
Responsibilities:
- Provide security device configuration and assessment with concentration on Checkpoint and Cisco ASA firewalls.
- Established and resolved complex network security connectivity matters for various business support divisions not limited to business partners and government entities.
- Maintain, administer and utilize Tufin Securetrack to review enterprise-level globally dispersed firewalls and advised steps for remediation; solely responsible for rulebase cleanup and direct communication with internal and external compliance teams of remediation status.
- Additionally, provide guidance on the integration of IBM-ISS Site Protector Intrusion Protection System into the Pearson global environment and URL filtering using Websense URL filtering.
Confidential
Senior Security Engineer
Environment: Checkpoint Provider1 75.40, NGX R65, 65 01, 65 02, R71, 71 30, 71 34, Provider1 75.40, Juniper Netscreen SSG 5 & 1000, Tripwire Enterprise 8.1
Responsibilities:
- Provide senior security engineering support functions for Confidential as it corresponds to the Payment Card Industry DSS 2.0 and internal corporate security policy set forth by the Confidential Information Security Privacy Office. Administer Tripwire Enterprise file-monitoring system and make recommendations on capability expansion.
- Configured approximately 200 Juniper Netscreen SSG series firewalls for VPN site-to-site connectivity for frontline employee work-from-home project.
Confidential
Information Security Assurance Engineer (Consultant)
Environment: Juniper SSL VPN 6500 (IVE), Juniper ScreenOS and JUNOS, Cisco PIX 3.2 / Cisco ASA, Websense TRITON, Splunk, Tufin Securetrack 12.0, RSA Envision, Vormetric Encryption
Responsibilities:
- Translated Federal Information Security Management Act of 2002 mandate, ISO/ IEC 27000 Series, Federal Information Processing Standards, Payment Card Industry Data Security Standards 2.0 and Confidential guidelines into workable internal processes, baselines, policies and standards.
- Created documentation including: Global Payments Enterprise Firewall Policy, Global Payments Firewall Baseline Configuration Standard, Global Payments Firewall Process and Procedures, Global Payments SSL VPN Connect Guide and Global Payment SSL VPN Run-Book.
- Performed internal audits of all firewall configurations and physical and logical network topology; also provided guidance on remediation and correction.
- Trained users and assisted with development of operational procedures for the newly built security operations center.
- Fourth-level engineering responsibilities included Juniper SSL VPN deployment using AD for two-factor authentication and acting as overall subject matter expert and lead-engineer overseeing encryption of “data-at-rest” using the Vormetric Encryption solution.
- Assisted in any capacity necessary to enhance the overall security posture of Global Payments.
Confidential
Security Engineer
Environment: Checkpoint R55, R60, R65, Provider-1 NGX / Cisco Endpoint Security (Cisco Security Agent) / Juniper Netscreen 5GT and SSG appliances / Entrust PKI / Retina Network Security Scanner / Forescout Counteract IPS / Nortel Contivity 100 and 1010 / Trendmicro AV / Finjan Web Security / Symantec Enterprise Edition / IBM- ISS Site Protector / Symantec Brightmail / F5 Firepass / F5 BIG-IP / Netmotion Mobility XE / Blue Coat SG with Websense URL Filtering / Tufin Securetrack / IBM - ISS Intrusion Detection System
Responsibilities:
- Responsibilities included, but were not limited to, evaluating, testing, engineering, deploying, and monitoring of various network security appliances and applications.
- Regularly conducted vulnerability scanning, threat analyses, penetration testing, wireless auditing, HIDS and NIDS log review and network and security appliance troubleshooting.
- Produced daily, weekly and monthly reports for various network security systems based on mitigation effectiveness and overall performance metrics. In addition, frequent use of tools and utilities such as TCP Dump, Wireshark Network Protocol Analyzer, Cisco Netflow, Fluke Networks OPVS3-GIG/W OptiView Analyzer and Remote Exploit’s Backtrack 2, 3 and 4 were often required.
- Additional duties included reviewing and recommending vendor security solutions by evaluating cost-benefit.
- Retrieved, converted and uploaded the TSA No-Fly and Selectee lists into Delta Computer Assisted Passenger Prescreening System.
- An initial member of the Network Security Operations, Computer Security Incident Response and the Threat Analysis Center teams.
Confidential
Network Technician
Environment: Cisco 1700 Routers / Catalyst 1900 Switches / Cisco Catalyst 2950 Switches / Cisco 350 Aironet WAPs / Win 2000 Advanced Server / Win XP Professional / Microsoft Active Directory
Responsibilities:
- Assisted with the construction of the LAN and WAN.
- Responsibilities included, but were not limited to, configuring various Cisco routers utilizing frame relay technologies, creating VLANs and VLAN trunking between layer 2 switches, creating access control lists, base security setups, IP address spacing and overall network troubleshooting.
- Overall, assisted with the network setup of 400 + network nodes for the NFL and affiliates throughout the City of Houston, Texas.
Confidential
Network Technician
Environment: Cisco 1700 Routers / Cisco Catalyst 1900 Switches / Cisco Catalyst 2950 Switches / Windows 2000 Advanced Server / Windows XP Professional / Exchange Server 2000 / Microsoft Active Directory
Responsibilities:
- Assisted with the construction of the LAN and WAN for Confidential in New Orleans, LA.
- Responsibilities included, but were not limited to, configuring various Cisco routers utilizing frame relay technologies, creating VLANs and VLAN tunneling between layer 2 switches, creating access control lists, base security setups, IP address spacing and overall network troubleshooting.
- Overall, assisted with the network setup of 400 + network nodes for the NFL and affiliates throughout the city of New Orleans, Louisiana.
Confidential
NT Administrator
Environment: Win2k Advanced Server / IIS 5.0 / Raptor Firewall / Exchange Server 5.5 / Front Page 98 / Veritas Backup Exec. 8.5
Responsibilities:
- Resolved TCP / IP connectivity issues, provided data-redundancy by maintaining RAID 5 and guaranteeing successful execution of backups and recovery.
- Additionally created user mailboxes, distribution lists, and custom recipient lists through MS Exchange Server.
- Installed Raptor Firewall and monitored network performance.