We provide IT Staff Augmentation Services!

Senior Information Security Engineer Resume

Pocasset, MA

SUMMARY:

  • Versatile and highly motivated individual with 15+ years of experience in Information Security. IT professional with strong organizational, entrepreneurial, and customer relations skills. Communicate Information
  • Assurance concepts clearly and usefully to all types of audiences. Demonstrate reliability and high degree of accuracy. Work productively with internal management and outside companies to achieve objectives. Show keen insight in Information
  • Security, Infrastructure Issues, and Problem - Solving. Keep current on threats and vulnerabilities in order to formulate mitigating strategies.
  • Hold Top Secret clearance, CISSP, and MBA with Information Technology concentration.

TECHNICAL SKILLS:

Cyber Security Applications/Tools: Assured Compliance Assessment Solution (ACAS); Security Content Automation Protocol (SCAP); STIG Assist; Kali Linux; Metasploit; Nmap; SNORT Intrusion Detection System (IDS)/Intrusion Prevention System (IPS); AppDetective; Operating System/Application Hardening; Network Security Scanners; Nessus; Retina; Netcap; tcpdump; Wireshark; Flying Squirrel Wireless Discovery; RootkitRevealer; Nikto; NetStumber; GFI LANguard; Superscan; Access Data Forensic Toolkit

Operating Systems: Windows Server 2012/2008 R2; Windows 10/8/7; Red Hat, Ubuntu, Debian, VxWorks

Networking: Network Architectures; Cisco IOS; Juniper ScreenOS, Brocade IOS; SolarWinds Network Monitor; Firewalls; Switches; Routers; VLANs; GNS3; Wireless; Wireless Sensor Networks (ZigBee)

Programming Languages: Python; C#; C; C++; Java; PowerShell, Shell Scripting

Directory Services: LDAP; Active Directory

Virtualization: VMware; Microsoft Hyper-V; Xen, VirtualBox

Database Systems Design, Development, Administration: Microsoft SQL Server 2012/2008 R2; Oracle; MySQL; PostgreSQL

Internet Technology, Frameworks, Methodologies, Applications, & IDEs: ASP.NET; J2EE; Microsoft Internet Information Server (IIS); Microsoft Project; Microsoft Visual Studio; Eclipse IDE; UML 2.0; Web Services; Web/Database Integration; XML; Microsoft Project; Microsoft Visio; Microsoft Office

Software Architecture Design Standards: Microsoft .NET Application Architecture Design Guide; J2EE Architecture Design Guide; Software Engineering Best Practices; Application Security Best Practices

PROFESSIONAL EXPERIENCE:

Confidential - Pocasset, MA

Senior Information Security Engineer

Responsibilities:

  • Information Technology security related programs which include Risk Management, Policy Development and Compliance Monitoring, Procedure Development and Implementation, System Authorization, Security Awareness, Incident Management, Contingency Planning, Business Continuity Planning, Auditing,
  • Resource Management, and Physical Security. Verify compliance with information security requirements in related legislation, policies, directives, instructions, standards, and guidelines. Develop and implement policies to effectively manage risk and protect the core missions and business functions being carried out by the organization, Reduced security incidents significantly by implementing Policy Enforcement, Network Monitoring, User Awareness, Patch Management, Password Management, Email Security, Vulnerability Scanning, and System Hardening. Designed and implemented a DOD Cyber
  • Security Lab for testing patches and updates on Windows/Linux systems, and network devices in order to enforce configuration management best practices, and ensuring stable computing environment. Created custom IDS rules to protect against buffer overflow, TCP SYN attacks, and other emerging threats.
  • Developed custom security tools and exploitation scripts in Python to probe the security posture of Operating Systems and network devices.

Confidential, Huntsville, AL

Senior Information Assurance Analyst

Responsibilities:

  • Design and implement Layered Defense in order to protect Critical Information.
  • Provide extensive end-user security and evaluation
  • Formulate policies and procedures for information assurance
  • Harden all host systems and applications
  • Implement Virus Protection
  • Implement Intrusion Detection System (IDS), and Intrusion Prevention System(IPS)
  • Harden Firewalls, Routers and Switches and other network devices
  • Perform Test and Evaluation in order to ensure Information Availability, Confidentiality and Integrity.
  • Evaluate end user security
  • Evaluate end user policies and procedures knowledge
  • Perform Vulnerability Scanning on all host machines
  • Test Virus protection
  • Test Intrusion Detection System (IDS), and Intrusion Prevention System(IPS)
  • Perform Vulnerability Scanning on Firewalls, Routers, Switches and other network devices
  • Perform Penetration Testing
  • Analyze Syslog Auditing information on all systems and networks devices

Confidential, Huntsville, AL

Senior Information Security Analys t

Responsibilities:

  • Design, configure, test, implement and sustain trusted computing systems, networks and applications
  • Perform Information security consulting including penetration testing, application testing, web application security assessment, operating system assessment, social engineering, wireless assessment, and IDS/IPS system assessment
  • Secure operating systems by applying Group Policies, closing unnecessary ports and services, and removing unused accounts
  • Perform Test and Evaluation (T&E), and Ethical Hacking in order to assess vulnerabilities in Windows Server 2008, SQL Server 2008, Internet Information Services (IIS7), Linux, Cisco ASA 5510 firewalls, 3925 routers and 3750 switches
  • Review and author policies and procedures pertaining to Information Assurance and Incident response in accordance with NIST guidelines
  • Conduct forensic analysis of suspect computer media for evidence of misuse from internal and external sources using Access Data Forensic Toolkit
  • Lead Intrusion Detection System (IDS) Incident Response System efforts relating to incidents involving IT infrastructure, to include system compromise, unauthorized user, poor security practices, PII incidents, and classified spillage
  • Implement policies and procedures for secure enterprise information system infrastructure design, implementation and sustainment, redundancy, information assurance, application security best practices, OS and application hardening, network protection, security risk management, patch management, physical security, network security, authentication, vulnerability, and incident management and privacy
  • Create Risk Management plans in order to identify and quantify risks and their impact, and develop plans for mitigating high impact risks
  • Identify and analyze information systems security risks on an on-going basis in order to mitigate and minimize risk to ensure information integrity, confidentiality, and availability

Hire Now