PROFESSIONAL SUMMARY:

• 11 years of experience in IT Security/Information Assurance/Network Operations Security Center.
• 9+ years of experience in Application/OS/Network Vulnerabilities Scanner, Penetration Testing.
• 9+ years of experience in Incident Response.
• 9+ years of proven and verifiable record for securing and managing Information Systems, Project Management and Programs.

TECHNICAL SKILLS:

Security Info Management: ArcSight, Symantec SSIM, RSA enVision/Security Analytics, Nitro, Splunk

Risk Management: DIACAP, PCI

Application Testing: Appscan Enterprise, Standard and Source

Intrusion Detection Systems: Securify, Snort, CSIDS, SourceFire, McAfee

Vulnerability Scanner: Retina, Nessus, Qualys, McAfee, Nexpose

Proxies: Bluecoat, Websense, McAfee

Penetration Testing: Core Impact, BackTrack, Metasploit

Platforms: Windows, UNIX

Forensics: EnCase

E: Mail SecurityProofpoint, Symantec

Network Node Managers: HP Open View, Orion

AntiVirus: McAfee HBSS, Symantec, Trend

Additional Applications: SSH, SSL, Dameware, Active Directory, DNS, Apache, PHP, Pear, Active Directory, Windows 2000/2003/2008/2012 Servers, Microsoft Office, Exchange 2003 Messaging Servers, Windows XP/7, Office 2003/2007, VERITAS Backup Server, Remedy Action Request System, Windows Software Update Services (WSUS), SQL, Sidewinder firewall, Cisco routers and switches, wireless controllers. Wireless Security and Implementation. Vulnerability Management System (VMS).

PROFESSIONAL EXPERIENCE:

Confidential, Tampa, FL

Senior Information Security Engineer

Responsibilities:

• Successfully integrated application penetration testing to SDLC program.
• Application Penetration Tester - Led the implementation of Appscan Enterprise, Standard, and Source.
• Installed, configured and managed Appscan to a smooth transition and current operational status.
• Conducted several application penetrations testing for production and testing applications, and provided a framework for the future utilization of the product.
• Authored Information Security Standard Operating Procedures for the client to provide a streamlined approach to operations for Application Security Program.
• Assessed several applications, pen tested
• Co authored the security policy of Confidential .
• Conducted Risk Assessments and Vulnerability Scanning

Confidential, Tampa, FL

Information Security Engineer

Responsibilities:

• Installed, configured and managed the appliances to a smooth transition and current operational status.
• Provided Incident Response capabilities to the team, by analyzing enVision, McAfee and Security Analytics alerts, syslogs, pcap and advanced persistent threats advisories.
• Authored Information Security Standard Operating Procedures for the client to provide a streamlined approach to operations.
• Assessed thousand of systems in order to get a real picture of the risks of the client, via, vulnerability scans and penetration testing.
• Revamped the security policy by including and updating best security practices and use cases.
• Collaborated with the Server and Network Teams projects, assisting as the Security “liaison” providing the security perspective and best practices for current and future projects.
• Conducted Vulnerability Scans with Rapid7 Nexpose, prepared reports and mitigated vulnerabilities

Confidential, Tampa, FL

Corporate IT Security Engineer

Responsibilities:

• Initiated, Planned, Executed and Completed the Confidential Wireless Implementation Project.
• Performed Penetration Testing for the wireless security and some of the perimeter devices
• Completed more than 300 installation and configuration of Symantec SSIM agents and Collectors for the corporation.
• Troubleshoot an additional 400+ servers that were not sending logs or were misconfigured.
• Revamped the security policy by including and updating best security practices and use cases.
• Spearheaded a Vulnerability Management Program/System to ensure security posture improved in the company.
• Provided Incident Response capabilities to the team, by analyzing SSIM alerts, syslogs, pcap and other information provided.
• Assisted in the implementation of Palo Alto firewall to segment networks and also provide IPS capabilities

Confidential, Tampa, FL

Information Systems Security Engineer

Responsibilities:

• Provided Information Assurance (IA) support for the Confidential Theater Network Center, providing metrics, reports and on-demand deliverables.
• Provides IA support to customers addressing IAVAs, CTOs, Patch Remediation and Compliance.
• Monitors the day-to-day operation of the sensors throughout the AOR, for current and up to date information of possible intrusions on the NIPRNet and SIPRNet computer systems.
• Reviews the collected data and analyzes the logs consisting of thousands of files and Internet Protocol addresses (IP), captured daily by the Confidential TNCs sensors.
• Provides briefings to the Commander Confidential (as necessary) on all probes, attempted intrusions and incidents of a significant or serious nature.

Confidential, Tampa, FL

Computer Security Administrator/Information Assurance Manager

Responsibilities:

• Secured and managed Information Systems and developed and managed projects and programs.
• Led an Information Security Team that proactively defends the Confidential Enterprise assets by providing incident response, testing, documentation, integration, operations and maintenance of Confidential Platforms/Applications in a 24/7 environment.
• Conducted Network Operations (Net Ops) by assuring that information protection and systems are secure and network availability is maintained.
• Developed the first 24/7 Incident Response Team for Confidential from planning, organizing, securing and managing equipment and resources.
• Developed, implemented and maintained security policies and directives by employing hardware and software tools to enhance the security of the networks; install, monitor, and direct proactive and reactive network information protection defensive measures to ensure the availability, integrity, and reliability of base networked information resources.
• Served as a Subject Matter Expert (SME) and make recommendations to the Confidential, utilizing my technical and managerial expertise, creating and maintaining security policies for the command that in turn was used by our customers.
• Developed and implemented Information Security system and programs, and produced products and services at the executive level (briefings, fact sheets, point papers, decision papers, meeting minutes, staff meetings).
• Conducted daily Information Assurance (IA) Situational Awareness (SA) briefings and meetings, providing status reports and network health and policies changes.
• Conducted several and Accreditation (C&A) reviews and analysis of applications, systems, utilizing the DIACAP process at the Enterprise level, providing Risk Management assessments utilizing DIACAP model and PCI security standards.
• Motivated and maximized productivity and employee morale without financial incentives.
• Trained and qualified 26 personnel improving the work centers readiness from 72% to 97.6%, saving more than $348,000.00 in cost with no charge to the employees. More than 70% of these employees now possess Industry s

Confidential, GA

Network Security Analyst/Administrator

Responsibilities:

• Led the incident response team by providing security to all platforms in forms of patches, scans, monitoring of Intrusion Detection Systems (IDS) and firewalls blocks.
• Produced reports of network health, to include, vulnerabilities, patching and compliance of the network and all assets.
• Led team that administrated all core services provided by the Network Control Center.
• Engineered, designed and overseen the installation and configuration of hardware and software that supported used to support file, print, messaging, and user applications; performing system and applications tuning to ensure optimum performance; performing daily and weekly system/database backups.
• Enforced, operated and maintained Active Directory, Windows 2003 Servers, and Exchange 2003 Messaging Servers, Windows XP, Office 2003, HP Open View Network Node Manager Server, VERITAS Backup Server, Remedy Action Request System, Windows Software Update Services, SQL and many more applications/software.