Cloud Engineer Resume

SUMMARY:

Cloud Architecture & Strategy / Cloud Security / Strategic & Tactical Planning / Information Assurance & Compliance DevOps / Virtualization / Technical Leadership / Data Center Management / Cloud Management /Accredited FedRAMP 3PAO / Program Management / Amazon Web Services Expert
High energy, entrepreneurial, creative/innovative and polished Technology Leader with over 15 years experience of successfully analyzing, designing, implementing, teaching and managing Technology and Security Solutions/Programs for the United States Federal Government and Private Enterprise environments.
My niche is providing a vision.

TECHNICAL SKILLS:

Platforms\Cloud: Amazon Web Services, VMware ESX/ESXi 5.x, Windows 2Kx, Redhat Linux, Suse Linux, Ubuntu Linux, Cisco IOS, RackSpace, GoogleApps, MS Azure

Technology/Tools: CloudAware, RightScale, JamCracker, CloudCheckr, VMware vSphere 4.x, vShield, vCloud Director, NetApp, EnCase Enterprise 6.x/7, EnCase CyberSecurity (ECC 4.x), EnCase eDiscovery (ECC 4.x),, Concordance, Summation, Clearwell, EnCase Portable, HBGary Pro, Flypaper, WebSense, McAfee EPO & TOPS Suite, TNT Identity, Fedelis DLP, Reconnix DLP, Bit9, Helix, Knoppix, Bindview, AppDetective, WebInspect, NMAP, Burp, Nessus, HPing2, Retina, IDS, TriGeo, Kiwi Log Server, RSA SecureID, McAfee SafeBoot, Backtrack, Checkpoint Firewall - 1 (CCSE, CCSA), ISS SafeSuite Scanner / RealSecure / Proventia, PGP, RSA Entrust PKI, Wireshark, BigFix, MSBA, SAINT, NMAP, Backtrack, CS MARS, Bindview, SurfControl, Cisco UCS, Cisco Nexus, F5, Palo Alto

Governance / Compliance Standards: FISMA, NIST 800 SP Series, FedRAMP, CSA GRC Stack, FIPS, PCI DSS, DIACAP, NERC CIPS, ISO 17799/20001 , SOX, HIPAA, DIACAP, DISA, ITIL, Six Sigma, OMB Mandates, CAG, Defense Industry Base (DIB)

CAREER HISTORY:

Confidential

Cloud Engineer

Responsibilities:

Structured Cloud Brokerage Architecture, CONOPS design, Designed Chargeback\Billing strategy, On-boarding Process, Operations Secure Migration Planning for over 1000 applications into AWS (Public cloud, VPC and GovCloud) DirectConnect, VPC, Patch Management, SIEM selection, planning and deployment, FedRAMP planning, Largest public cloud migration project in the federal sector.
Cloud Management Planning, Cloud Security Architecture, Automation and DevOps Planning.

Confidential

Lead Cloud Architect

Responsibilities:

Designed\Architected FedRAMP Compliant Infrastructure-as-a-Service Cloud, Created FedRAMP A&A documentation package, Identified required Hardware\Software inventory for BOM, Selected strategic products such as VMWare vCloud Enterprise (vCNS), NetApp, Cisco Nexus 7009, F5 BIG IP 11050, Palo Alto, AlienVault, Nessus, AppSec, DigiCert, Vormetrics. Identified FedRAMP artifacts for FedRAMP 3PAO preparation

Confidential

Cloud Security Architect

Responsibilities:

Designed infrastructure and security requirements for Business Process Management Platform-as-a-Service built on AWS EC2 (EC2, S3, VPC, IAM, RDS, EBS, Security Groups, Glacier).
Redesigned IDM, Access Control, Storage requirements and led a team of 4 to productionize system in AWS GovCloud.

Confidential

Cloud Subject Matter Expert

Responsibilities:

Designed Infrastructure and Security requirements for ArcGIS Geospatial Software-as-a-Service built on AWS in accordance with FedRAMP control requirements.
Identified solutions for Load Balancing, Disaster Recovery\COOP, Access Control, Identity Management, Encryption and Federal Compliance (FedRAMP)

Confidential

Systems Engineer

Responsibilities:

Designed architecture for private OpenStack (planning for VMware) cloud and public AWS cloud as well design for Hybrid cloud using AWS VPC.
Also created entire security architecture for the whole platform.

Confidential

Cloud Computing Specialist \ Advisor

Responsibilities:

Designed Three tiered cloud architecture for Tacking SaaS based on Amazon Web Service
Design and Implemented AWS SaaS architecture with following components: VPC, EC2, S3, EBS, ELB, IAM, Route 53, AutoScaling, RDS, CloudFormation and CloudWatch
Designed & Implemented Cloud Security Architecture for government clients: DoD, Intelligence and Law Enforcement
Designed & Implemented Security and Authentication for Mobile application component of SaaS
Designed & Implemented VLAN Segmentation Strategy and Deployment of AWS Virtual Private Cloud
Hardened EC2 instances (Windows 2k8 & RedHat Linux) and provided vulnerability scans
Performed Security Assessment, Compliance Analysis and Documentation for FISMA (Moderate) and FedRAMP.
Prepared FedRAMP Security Authorization Package for Third Party Review
Provided Leadership and Strategic relationship with AWS Federal
Provided Security and Architectural Roadmap based on AWS features.

Confidential

Cloud Specialist \ Advisor

Responsibilities:

Provided Architectural and Compliance service for AWS based Platform-as-a-Service offering
Provided Cloud Security services for Drupal Based Websites migrating over into AWS PaaS cloud
Completed a FedRAMP \ FISMA A&A Package based on NIST 800-53R3 and Confidential issued FedRAMP controls
Trained Acquia staff on FedRAMP and FISMA requirements
Performed Security\Penetration Testing and Evaluation

Confidential

Security and Cloud Computing Advisor

Responsibilities:

Project Manager for Cloud Assessment and Migration Project at Confidential .
Created a Decision Tree Process Model for Cloud services and FedRAMP vendor selection
Authored Cloud Assessment of Salesforce.com, Oracle and Microsoft offerings
Presented overview of Cloud Security requirements, FISMA and FedRAMP
Created Cloud Migration Requirements Guide
Designed Security Architecture for Confidential USCIS
Designed Technical Approach based on FSAM and FISMA guidelines
Upgraded vSphere ESXi 5.1 hosts to ESXi 5.5
Deployed and migrated existing VMware vCenter Server Appliance to version 5.5
Deployed and Configured vCenter Operations Manager (vCOPs) 5.7.2
Customized vCOPs Manager for Horizon View 5.2
Upgraded View 5.1 server components (Security, Connection/Replica and Composer) to Horizon View 5.2
Created new baseline for virtual desk image Windows 7 with Horizon View 5.2 agent

Confidential

Chief Cloud Security Architect

Responsibilities:

Architected Multi-Tenant SIEM solution for Cloud Infrastructure
Designed Virtualization Security Architecture and control requirements
Project Manager for Security Team addressing Security & Compliance requirements at Federal Cloud Service Provider.
Completed all SSP documentation in accordance with NIST 800-53rev3
ATO Package: SSP, ST&E, SAR, PIA, BIA, IT Security Program Policy, Security Policies\Procedures, Data Sensitivity Assessment, Asset Categorization (FIPS 199), Control Assessment Matrix (800-53r3), POAM
Addressed all FedRAMP controls and created matrix for control delta
Reviewed Architecture for Storage, Virtualization and Hosting lots for consistency with SSP and control discriptions.
Made Virtualization Security Recommendations to ensure FedRAMP compliance before submitting
Designed Continuous Monitoring Program to ensure Phase 4 compliance
Designed Security Operations Center and Log Management Framework for CM and SSP submission (AU & IR)

Platforms: EMC Atmos, vCloud Director, CloudStack, ESXi, Windows 2008, Redhat Linux, NetApp FAS

Cloud Security Technologies: Hytrust, vShield, F5, Fortinet, CheckPoint

Confidential

Guidance Software eDiscovery Manager Senior and Cyber Security Strategist

Responsibilities:

SME and Advisory role to Federal and Commercial clients on Incident Response Program development
Advisory role to Federal clients on Compliance (FISMA) and Security Program development
Project Lead for Design, Architecture and Implementation of Guidance Software Incident Responses, Forensics & eDiscovery products at Federal and commercial environments.
Advised on Key technologies that work with EnCase product line i.e. Bit9, Netwitness, HBGary, Fireeye, ePO and Arcsight.
Created opportunities Guidance Advisory Program (GAP) Services - Proposals focused on Incident Response Program development, step by step incident handling and NIST compliance.
Project Lead for Incident Response and Forensic investigations on Federal and commercial security breaches and discovered incidents.
Project Lead for Litigation Support and eDiscovery cases for Federal and commercial organizations.
Architected a Centrally managed and virtualized (Using vSphere 4.0, ESXi, vCenter Server, vShield, HA, DRS) eDiscovery Architecture that would position a Federal Agency to provide Cloud-based eDiscovery services.
Developed Incident Handling and Forensics Policy and Procedures for Federal Agencies based on NIST guidelines and best practice.

Confidential

BAE Systems - Consultant \ Security Strategist

Responsibilities:

Contracted to provide strategy for Network Security Architecture, Security Tool Maturity for DIB Governance initiative.
Drafted Defense Industrial Base Compliance Requirements needed to renew SSA, FOCI, ECP, TCP
Created a Compliance Framework based on NIST 800-53, CAG and Defense Industry Base Survey (ECP).
Incorporated enterprise Certification and Accreditation program based on NIST 800-37/53 revision 3
Create System Boundary Policy (Based Service Towers)
Led effort to coordinate DoD IG Site Visit
Initiated Plan and Strategy for Secure Server Consolidation using VMWare vSphere 4.0 (Converter)
Created Security 3 year Infrastructure and Tool Roadmap, Maturity and Integration Plan
Initiated Vulnerability Management Plan (Scan frequency, BIA, Metrics)
Threat Management and Engineering Team Role Planning, Services Catalogue and Roadmap
Evaluated TrendMicro DeepSecurity and Core Protection for Data Center Security
Integrated Archer for compliance initiatives
Reviewed Public Cloud offerings (Infrastructure as a Service) of RackSpace and Amazon EC2
Reviewed Symplified Identity Management Federated Identity Services and Single Sign-On
Technical POC for Department of Labor Proposal

Confidential

Security Advisor \ Architect

Responsibilities:

Contracted by CIO to review enterprise security architecture for Headquarter network, Main Data Center and 50+ branch sites.
Managed Team of 8 Department Managers
Planned Network Segmentation of HQ Network (Layer 2-3 and Higher Layer Network and Data Separation strategy using a combination of Cisco ASA Firewalls / VRFs, Virtualization, VMware vShield, Symantec SEP11, and RBAC)
Architected VMware environment to virtualize production and development servers: P2V and V2V to maximize hardware asset value, configured fault tolerance, HA and DRS modules. Upgraded VMware environment to vSphere 4.
Designed Access Control Architecture using VShield Edge VApps Zoning, VM to VM security, Endpoint Security, Critical Servers and Role Based Access.
Review of Layer 3 VLAN Segmentation versus Cisco FWSM modules to protect sensitive networks
Business Process review for Network Security Architecture for all branch sites (61)
Mapped Entire Security Roadmap to Business Requirements, FISMA and DIACAP compliance requirements
Recommended Data Leak Protection Architecture using WebSense and EnCase Enterprise.
Capital Management for projects, project schedules, resource management, estimation of LOE and BOMs, Deliverable requirements and timelines.

Confidential

Enterprise Security Consultant \ Project Manager

Responsibilities:

Contracted to provide Penetration Testing services and Security Testing and Evaluation for 7 General Support Systems of Confidential Networks.
Managed Team of 22 Engineers and Analysts
Provided Recommendations for ST&E and Risk Assessment Process
Integrated CIS Benchmarks for VMware ESXi 3.5 security hardening
Reviewed 7 C&A Packages and provided recommendations in line with NIST 800-37
Provided Control and Process Recommendations in accordance with NIST 800-53A & Revision3
Utilized NMAP, Burp, Nessus and Metaspoit for security testing internal and public applications.

Confidential

Security Project Manager, Lead Architect

Responsibilities:

Contracted to provide security vision and leadership as well as technical expertise.
Planned, Designed and Implemented Agency’s Security Operations Center from scratch
Formalized various Ad-hoc security tasks into official “programs” based on approved policies.*
Established Vulnerability Management Program (VMP)
Established Information Management Program (IMP)
Established and Provided Hands-On Expertise for Agency Digital Forensics Program
Established Proactive Incident Response Program (PIRP)
Established Refreshed Certification and Accreditation Program (CAP)
Architected and Implemented Log Management Framework (LMF)
Developed Strategic Roles for IA\Security Team (“FedSec Team” consisting of 16 Engineers)
NIST 800-100 / 800-55 / ISO / ITIL Program/Performance Assessment Methodology
Presented 2007-9 Situational Awareness Briefing
Development Metrics-based Performance Review process
Deployed Live Forensics Architecture (EnCase Enterprise, Information Assurance Suite*)
Designed & Architected Security Server Segment into Secure Virtualized Enclave (Using vSphere, ESXi 3.5, vShield Zoning)
Virtualized Security Tools as part of migration into SOC (VMWare Converter)
Designed and Deployed Log Management Framework using TriGeo L2 SIEM, Kiwi and CS MARS
Integrated Cisco MARS SIEM, Kiwi and TriGeo SIEM with the LMF
Utilized a Phased approached in feed security and network devices (IDS, Servers, AV, Websense, Firewalls etc.)
Created SIEM Filters, Rules, Alerts for various network and security devices
Designed Redundant DNSSEC Solution using HA DNS\Signer Appliances (Secure64)
Configured Context Firewalls for Critical Segments
Provided recommendations on NAC Policy and Architecture Design
Network Refresh Security Design (Cisco Security Design: Core Upgrades, CSM, ASA5520 / FWSM (context), NAC, CS MARS +, IDSM + Snort IDS/ACID)
Initial Data Identification & Data Classification
McAfee DLP (Data at Rest, Evaluate Reconnix for Data in Transit)
Fedelis (Data in Transit)
TriGeo USB Defender (Data in Use)
McAfee SafeBoot Endpoint encryption (Total Protection for Data)
Implementation of OMB M 07-19& M 06-16
Designed Proactive Incident Response Program (PIRP)
Integrated Log Management Framework, Whitelisting and Forensics Technology
Integrated Live Forensics Architecture using EnCase Enterprise v12.2
Integrated E-Discovery tools into DLP and Forensics framework
Live Forensics Technology: EnCase Snapshots & Memory analysis, AppDescriptor, PII Sweeps, Enscripts
Performed Media Acquisition, Preservation and Analysis using EnCase Enterprise (Local & Live)
Developed Privacy Program, Incident Handling of PII Breach and Notification
Implemented EnCase IA Suite for Baselines, E-Discovery and Data Leakage Protection
Evaluated Bit9 for Whitelisting Hosts to protect against Zero day attacks and unauthorized applications
Performed Local and Remote Drive Acquisitions and performed analysis for: Malware Infections, Data Leakage
Established Procedures for Preservation of Evidence and Chain of Custody
Created Compliance strategy for FDCC \ Vista roll-out (ThreatGuard/Nessus SCAP & Policy)
McAfee Spyware & VirusScan 8.5i, Policy, Planning
Deployment McAfee ePolicy Orchestrator
Local Administrator Auditing and policy
Evaluated, planned and deployed SafeBoot Full Disk Encryption
Developed Map of policies and SOPs to Legal and Regulatory Requirements
Developed Blueprint of required policies and SOPs
Lead Certification and Accreditation for Major Applications and GSS
Managed United States Inspector General Audit preparation and clean up
Mitigated Password Finding to 0% for IG Audit
Architect for complete OMB-06-16 solution for 2 Factor Authentication and Full Disk Encryption
Mapping NIST Requirements to Agency Security Program
Developed plan for Penetration Testing of Perimeter Network

Confidential

Lead Security Consultant

Responsibilities:

Contracted to high visibility clients to provide Security Vision and Leadership.
Designed Security Program to meet Federal Requirements, Responsibilities included managing FISMA compliance for minimum security configuration for all desktop and server systems.
Created security portfolio for all critical and security documentation, created incident handling policy & procedures, created Patch Management Program (Patchlink)
Reviewed Client’s SSP and Minimum Security Baseline to ensure compliance with NIST Guidelines and Standards
Provided Major Applications Risk Assessment Security Testing and Evaluation and Contingency Plans

Confidential, New York, NY

Senior Security Consultant

Responsibilities:

Established Sarbanes Oxley Compliant Incident Handling and Patch Management Program
Researched, Evaluated and Selected Best of Breed Patch Management Solution (PatchLink, BigFix, LANDesk, WSUS).
Designed and Implemented ISS Proventia G / SiteProtector on critical network segment
Wrote Event Records (Syslog) Procedure and drafted Daily Log Review Process and Form for SOX compliance.
Created custom Scripts for syslog daily parsing
Configured and Deployed Netscreen Firewall at remote locations.
Daily Firewall Administration e.g. Established Netscreen firewall Log review
Upgraded ScreenOS for Firewall firmware standardization (5XT, 5GT, NS25, NS50, NS200)
Established Site to Site VPN tunnels between Netscreen Firewalls.
Established Web Security Plan: EFS, HIDS, RADIUS, Audits, Tripwire and SDMZ
Reviewed Processes and Procedures for SOX - Created Pre-Audit Tests for SOX Compliance
Held Monthly Security Presentations for Executive Directors’ Committee
Fully planned and deployed MCAfee Desktop Firewall from a Centralized Server (ePolicy Orchestrator)
Surf Control, Voltage SecureMail, Audited DNS and Mail Servers

Confidential, New York, NY

Managing Partner, Chief Security Consultant

Responsibilities:

Established a small security team to provide end to end Security Services
Managed Deployment of Checkpoint Firewalls, Real Secure IDS, Netscreen Firewalls, Symantec Web Security, Titan Unix OS Hardening, Linux-Bastille and others.
Implemented HIPAA Compliance Program addressing data privacy
Advised branch managers MasterCard on how to implement PCI DSS regulatory compliance programs.
Partnered with Exalt System Integrators to deploy Enterprise CheckPoint Firewalls and Perform Penetration Testing

Confidential, New York, NY

IT Security Consultant / Project Manager

Responsibilities:

Managed Security team (6 consultants) for Internet Security Project at Local Government Agency
Deployed ISS RealSecure on Windows NT (management) and Solaris 8 / Windows 2000 (Sensors) Deployed Sensors
Drafted Information Security Policy for Local Government Agency
Led Data Security Policy Initiative for various government agencies Vulnerability Assessment using SAINT and Confidential Documented results.
Deployed Client VPN with SecuRemote and Firewall to Firewall VPN to various satellite sites & for remote users
Set up Information Systems Audit for DOI Compliance (Tools used: SAINT & Nessus, L0pht crack, logmon)
Configured SAMP for ISS RealSecure IDS probes
Deployment of Nokia IP 530 Checkpoint Firewall-1 in HA mode using VRRP.
Set up VPN connections b/w satellite sites and main core site for various branch sites
Network \ Firewall Planning and Deployment
Firewall Management: Design, Deploy, Implementation of Checkpoint Firewall-1
Designed and Configured Firewall High Availability using Stonebeat for CheckPoint
Led System Audits for HR Applications and CheckPoint Firewalls
Designed Remote Access Architecture: SecuRemote VPN, RSA SecureID, Windows NT TerminalServer for Remote Server
Acted as a Liaison between Data Security Group and Network Development Group on Security issues: Security Policy and Audit
Established Firewall to Firewall VPN using Checkpoint Firewall-1 Tunnels
Merged two rules sets from 2 Checkpoint Firewalls (V4.0 and V4.1 on NT and Solaris)
Upgraded to Nokia IP 650s and provided HA via VRRP.

We provide IT Staff Augmentation Services!

We'd love your feedback!

Resume Categories

Client Services

Job Seekers

Visa Sponsorship