SUMMARY

• Championed comprehensive security - oriented assessments for clients wif differing mission requirements, handling conflict resolution and collaborating wif team leads & clients, appropriately translating functional needs into security requirements
• Deployed Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry-Data Security Standard (PCI-DSS), General Data Protection Regulation (GDPR), National Institute of Standards and Technology (NIST), and Federal Risk and Authorization Management Program (FedRAMP) compliant infrastructure on-premise and in teh Cloud
• Architect for a Cloud Platform that supported twenty-five million end users
• Designed and executed eleven end-to-end cloud implementations
• Expertise in leading teh secure design of new cloud services and solutions in-line wif defined security strategies
• Led several high-profile successful security engagements for major commercial clients, resulting in high profit margin and customer satisfactions
• Leveraged expertise in teh system development life-cycle; designing, developing, configuring, deploying, and troubleshooting major software applications and databases to provide a variety of solutions
• Provided thought leadership and architectural expertise to a cross-functional team charged wif deploying a host of customer-related applications and data to teh Cloud
• Architected cyber security solutions for multiple corporations
• Oversaw cross-departmental engineering teams and halp them define, assemble and integrate cyber security components based on security standards and business requirements (examples: hardware, software, availability, scalability, disaster recovery and reliability)
• Oversaw cross-divisional security team using a multi-disciplinary focused approach to cyber and information security and compliance, operational risk management, client security management, workforce protection, and business resilience
• Expertise in planning, executing & spearheading IT projects, deploying, and streamlining systems wif skills to enhance IT infrastructure and security operational effectiveness
• Worked across multiple industries providing cloud security services
• Provided design-time review and guidance to teams building & deploying new technology and integrating wif services provided by public cloud platforms Google Cloud Platform, Amazon Web Service, and Microsoft Azure
• Developed technical and managerial level reports and risk assessments for Cloud based applications and infrastructure
• Background in securing and deploying multi-tenant system, and/or architecting security controls in Cloud systems
• Integrated systems between Public Cloud Providers
• Provided thought leadership to Network, Platform, Engineering, QA, and Development teams in architecture design and review sessions

TECHNICAL SKILLS

Operating Systems: Windows 10/8/7/Vista/XP, Linux, UNIX, Cisco IOS

Networking Hardware: 29XX, 19XX, 65XX, 76XX, 45XX, 37XX, 38XX, 35XXEnterprise Operating Windows 2012/2008/2003/2000 , Microsoft Server 2013/2010/2007/ 2003 , XML

Scripting Languages: Python, BASH, Ruby, Perl, PowerShell, IAC; TerraForm

Cloud Computing: Amazon Web Services, Google Cloud Platform, VMWare, Microsoft Azure

Networking Protocols: DHCP, HSRP, SNMP, OSPF, EIGRP, IGRP, BGP, VRRP, TLS/SSL VTP, STP

Business Application: Microsoft Office 2013/2010/2007/ XP, Microsoft Access 2013/20102007/2003/2002 Exchange 2013/2010/2007/ 2003 , SAP, SharePoint

Engineering Software: AutoCAD, Multisim, Rockwell, MES Security Automation & Ansible, Puppet, Jenkins

J2EE Platforms: JBoss, Tomcat, WebLogic, and WebSphere

PROFESSIONAL EXPERIENCE

Confidential, Hebron, KY

Senior Azure Cloud Security Architect

Responsibilities:

• Responsible for guiding teh development teams on secure software & hardware configuration management and secure testing automation strategies associated wif Cloud-based solutions.
• Responsible for guiding engineering teams in teh development and deployment of dashboard(s) which display security metric solutions to provide a single-pane-of-glass of operational status for senior leadership and/or operational teams.
• Interfaced wif technical and senior leadership to turn business directives into functional implementations.
• Assisted in defining Azure Cloud services portfolio of offerings.
• Provided security architecture evaluation and established a process for assessing and auditing security exceptions.
• Responsible for guiding engineering teams in deployment of industry-standard frameworks for authorization, like OAuth 2.0, OpenID Connect (OIDC), User-Managed Access (UMA).
• Defined cloud architecture, design, and implementation plans for hosting complex application workloads in Azure.
• Provided Azure technical expertise including strategic design and architectural mentorship, assessments, POCs, etc., in support of teh overall lifecycle or consulting engagement process.
• Responsible for guiding engineering teams in deploying Azure API Management, Security, Cloud-to-Cloud Integration (Public, Private).
• Educated customers of all sizes on teh value proposition of managed services on Azure, and participated in architectural discussions to ensure solutions are designed for successful deployment in teh Cloud.
• Responsible for guiding Network teams in deploying cloud network architecture utilizing Azure virtual networks, VPN, and express route to establish connectivity between on-premise and Cloud.
• Assisted leadership wif teh ongoing development and deployment of policies & procedures for teh purpose of consistent solutions delivery.
• Responsible for guiding engineering teams in deploying PowerShell scripts, JSON and ARM templates to automate teh provisioning and deployment process of Azure PaaS and IaaS services.
• Participated in internal, external, and customer meetings assisting wif teh ongoing evolution of technology offerings.
• Provided technical guidance on building solutions using Azure PaaS, SaaS, IaaS, and other services.
• Deployed, created, and maintained project related documentation (Statement of Work, technical design document, bills of materials, etc.).
• Led teh design, architecture and deployment of solutions in Azure.
• Assisted customers in simplifying teh Architecture by utilizing Azure Kubernetes Service automation.
• Architected and designed n-tier applications from teh ground-up using Azure IaaS, PaaS, and SaaS services.
• Responsible for guiding engineering teams in deploying Azure Active Directory B2C and B2B setup and management.
• Deployed Cyber Security Standards for Security Level Deployed Cloud controls, Cloud Governance and Azure Security.
• Deployed Azure architecture blueprints and developer documentation.
• Responsible for guiding engineering teams in migrated applications from on premise or other clouds to Azure.
• Responsible for guiding engineering teams in deploying Azure Service Fabric Azure PaaS in Big data, IoT, Machine Learning spaces to end client(s).
• Published articles on technology trending topics to teh company Wiki.
• Agiled/Scrummed wif multiple cross-functional teams.
• Prepared capacity and architecture plans to create teh Azure Cloud environment to host migrated IaaS VMs, PaaS and SaaS role instances for refactored applications and databases.
• Responsible for guiding engineering teams in deploying a subset of on-premise machines to teh Azure IAAS offering which will be used for disaster recovery.
• Worked as a senior architect to design automation solutions for Azure environment.
• Responsible for guiding engineering teams in identifying prospective issues in teh Azure migration and suggesting feasible solutions to clients.
• Transitioned new technical projects and ensured smooth go-live for Azure operations.
• Executed technical feasibility assessments solution estimations for datacenter migration wif public and hybrid Cloud migration and deployment.
• Created, validated, and reviewed solutions and effort estimate for data center migration to Azure Cloud environment cloud-based service.
• Conducted current state assessment of Infrastructure framework to identify gaps and recommend solutions.
• Leveraged assessment results to enhance existing framework and designed strategic solutions for owners and users.
• Point of contact between offshore implementation team(s) and functional experts to convert business needs into reporting solutions.
• Deployed key deliverables, Process definition, best practices, user acceptance criteria, system integration and system test plan.
• Responsible for guiding engineering teams in deploying technical feasibility solutions for new. infrastructure designs and suggested options for performance improvement of technical objects.
• Responsible for guiding engineering teams in deploying LinkerD and Sysdig.
• Responsible for guiding engineering teams in deploying Cosmos and SQL databases.
• Responsible for guiding engineering teams in deploying, planning, design, and implementation of enterprise-wide container vulnerability management scanning services utilizing Twistlock.
• Responsible for guiding teh engineering team in deploying maintaining, and updating teh Azure Security Center policies.

Confidential, Menomonee Falls, WI

Cloud Security Architect

Responsibilities:

• Architected IaaS, PaaS, and SaaS utilizing Google Cloud Platform (GCP).
• Delivered seventy-six million dollars in reoccurring savings wif new technologies and tool consolidation.
• Developed cyber security plans projects and performed cyber security risk assessments using NIST standards.
• Responsible for guiding teh design and implementation of SIEM solutions utilizing Splunk & QRadar across business and IT areas using architecture standards, best practices and processes.
• Worked wif project teams to determine security requirements for applications and SIEM solutions and determine how best to implement them.
• Drove teh IAM strategy for all types of identities for teh digital business by designing an identity architecture that strategically combines responsibilities/access for employee, contractor, vendor, business partner, and customer/consumer types of identities.
• Technology architect for infrastructure components such as: Tanium, Darktrace, FIM/HIDS, CASB, Cloud Configuration Management and Cloud Security Posture Management.
• Responsible for guiding engineering teams in teh development of teh technical design and documentation.
• Provided vendor evaluation for new technologies, changes to existing technology.
• Established application ecosystem assessment protocol and toolset.
• Identified combinations of risk not clearly indicated by existing monitoring capabilities.
• Prioritize findings and make recommendations to relevant LOB for action.
• Prepared, documented, and updated assessment playbooks.
• Wrote ad-hoc TerraForm modules to deploy Infrastructure-as-Code.
• Worked wif 14 Engineers and up to 44 remote contractors.
• Mentored Security Engineers on new technologies.
• Architected User Life Cycle Management Processes.
• Managed Vendors/Partners relations and worked closely wif teh Engineers from all types of technologies.
• Partnered wif internal teams to protect employer and client information by teh delivery of security analysis, recommendations, projects and compliance methods & practice.
• Designed an e-Fraud strategy and partnered wif vendors to create a custom automated methodology for identifying potential electronic payment fraud providing increased early detection capabilities.
• Redesigned and implemented security standards for teh entire organization practices and industry standards that enforce SOX controls.
• Responsible for guiding teh engineering teams in deploying identity access management tools such as; BeyondTrust, SailPoint, and iSIM.
• Developed an information-based security management program and strategy, associated security policies, procedures and SDLC integration activities.
• Created an IT security technical reference architecture and documented current state security capabilities, current state gaps and future state roadmap aligned wif IT and business strategies.
• Responsible for guiding engineering teams in teh planning, design, and implementation of enterprise-wide Data Loss Prevention (DLP).
• Responsible for guiding engineering teams in teh planning, design, and implementation of enterprise-wide container vulnerability management scanning services utilizing AquaSec.
• Responsible for guiding engineering teams in deploying Istio for service mesh security.

Confidential, Richmond, VA

Senior System Engineer

Responsibilities:

• Configured and maintained PLC & HMI and establish protocol and communication parameters between electrical power SCADA systems, and Remote Terminal Unit (RTU) using MODBUS and DNP3.
• Supported and administered Active Directory apps and servers.
• Designed and developed security architecture for Windows products.
• Created supporting architecture systems for Active Directory applications.
• Committed PowerShell scripts and projects to Team Foundation Server.
• Worked closely wif offshore analysts, development team and QA team to define MES solution architectures and develops detailed design specifications.
• Created prototypes to develop and demonstrate special project features.
• Provided teh Lead Engineer wif all necessary support and information to ensure that they are fully informed of progress.
• Deployed, DNS, IP networks and virtualization.
• Experienced in deploying Shopfloor Processes and MES Implementation.
• Experienced in deploying Process Factory Automation Application development using different technologies such as Siemens S7 300/400 PLC, Delta v.
• Knowledge of PLC Programming, implementation and troubleshooting.
• Identified KPI (Key Performance Indicators) for teh processes and ensuring teh KPI data visualization through shop floor integration wif ERP systems wif MES.
• Proficient wif interfacing MES systems wif plant automation systems and data collection historian systems.
• MES System interface wif LIMS and other quality systems wif real time problem identification and resolving.
• Defined functional requirements for MES solutions through documentation analysis and implementing teh test Syncade MES Solutions that met client requirements.
• Supported teh implementation of teh MES application and subsequent development of electronic batch records (eBRs) for manufacturing operations deployment of teh bidirectional interface between MES and SAP.

Confidential, Ann Arbor, MI & New Brunswick, NJ

Technical Operation Security

Responsibilities:

• Performed real-time log analysis to provide network and data security both internally and external while evaluating teh type and severity of security events by making use of packet analyses, and an in-depth understanding of exploits and vulnerabilities.
• Architected IaaS, PaaS, and SaaS utilizing Amazon Web Services (AWS).
• Developed and prepared Monthly Information Security Metrics reports.
• Provided thought leadership in pre-releasing products in teh area(s) of support responsibility in order to support them when released.
• Responsible for guiding engineering teams in teh deployment of security architecture and guiding principals at macro & micro level across all cloud initiatives AWS, GCP, Azure.
• Software systems development life cycle (SDLC); principals of computer data processing; business system applications; principals and techniques of software and systems quality assurance and control; principals and practices of technical problem solving; design, installation and maintenance of enterprise.
• Evaluated and deployed firewall change requests and assess organizational risk.
• Managed security events using ITIL incident management.
• Created Pentesting and Vulnerabilities assessment framework.
• Deployed virtual machines, servers, Dockers, Kubernetes, and other containers using Puppet.
• Responsible for guiding engineering teams in teh deployment of new code and patches though Foreman and Jenkins.
• Utilized Rundeck & Cisco Tidal Enterprise Scheduler to gather data from UNIX/Linux variants
• Responsible for guiding engineering teams in teh deployment of Security Incidents Event Management (SIEM) utilizing Splunk and ELK.
• Responsible for guiding engineering teams in teh deployment of security information analysis tools: Qualys, SecureWorks, AlertLogic, Nexpose, HostMonitor.
• Architected User Life Cycle Management Processes.
• Actively looked for security vulnerabilities in our application and network, documenting issues and describing possible solutions.
• Developed a Plan of Action and Milestones (POA&M) of all team's control deficiencies and vulnerability remediation.
• Asset management as needed as related to team's infrastructure systems portfolio.
• Monitored and reported on system patching status, including operating systems, and third-party applications reporting access and potential inappropriate network or information access.
• Led, a team to in corporate security while developing highly scalable, distributed applications involving DevOps teams.
• Ensured secure migration methods are defined and followed to move workloads from On-Premises to defined cloud providers.
• Responsible for guiding engineering teams in teh deployment of infrastructure employing SOX, PCI-DSS, and HIPAA Security Rule.
• Deployed cloud access security brokers (CASB), including single-sign-on (SSO), authorization, encryption, two-factor authentication, Multi-Factor, etc.
• Developed and deployed innovative and concise technical security solutions as senior enterprise security architect.
• Vendor evaluation for new technologies, changes to existing technology.

Confidential, Louisville KY

System Engineer

Responsibilities:

• Led a six-person QLS deployment team.
• Provided a level 3 point of contact for all level 2 and 1technicians.
• Performed periodic performance reporting to support capacity planning.
• Maintained data center environment and monitoring equipment.
• Coordinated and communicated wif impacted constituencies.
• Performed daily backup operations, ensuring all required file systems and system data were successfully backed up to teh appropriate media and sent off site as necessary.
• Performed daily system monitoring, verifying teh integrity and availability of all hardware, server resources, systems and key processes, reviewing system and application logs, and verifying completion of scheduled jobs such as backups.
• Deployed new servers, hardware, peripherals, services, settings, directories, storage, etc. in accordance wif Confidential Motor Company’s global requirements.
• Liaised wif vendors and other IT personnel for problem resolution.
• Wrote and maintained custom scripts to increase system efficiency and lower teh human intervention time on any tasks.
• Used SCCM to deploy OS, packages, updates, and software updates.
• Participated in teh design of information and operational support systems.
• Proactively ensured teh highest levels of systems and infrastructure availability.
• Managed and monitored all installed systems and infrastructure.
• Deployed multiple DNS servers.
• Deployed upgraded supervisors in Cisco switches.
• Certified in Sarbanes-Oxley SOX corporate financial responsibility.
• Deployed NetApp Enterprise SAN.
• Monitored teh network and infrastructure using Watsup Glod.
• Managed active directory for over 5000 users.

Confidential, Chicago, IL

System Engineer

Responsibilities:

• Deployed Domain Controllers, servers and certificate servers that allowed onsite and/or remote administrators to manage user accounts and teh digital certificates that allows them to access certain services and systems.
• Deployed systems meeting teh clients’ specific computer needs.
• On-site system Engineer for teh following clients; Home Depot, CarMax, Sunrise of Louisville, YumBrand PCM/SARCOM, AT&T, Wells Fargo Bank, Hilton Hotel, Sam’s Club, Red Wing Shoes, and Huntington Bank.
• Deployed server configuration per designated security requirements (experience administrating central management through RHEL Satellite, Puppet, & etc.
• Deployed Windows 2003/2008/2008 R2 Server and/or RHEL support and troubleshooting or administrative and troubleshooting.
• Designed and deployed resiliency testing.
• Actively liaised wif teh development team to ensure thorough automated testing of all source code (e.g., via Test-Driven Development) and a secure architecture.
• Developing technical and security specifications for teh targeted applications/workloads in teh Cloud Services service catalog.
• Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation.
• Deployed host-based intrusion detection system (HIDS) and network intrusion detection system (NIDS).
• Developed & built Security (both tools & processes) into teh Cloud Services delivery standards.
• Deployed FreeIPA for access management wif open source solutions.
• Deployed security, backup, and redundancy solutions.
• Deployed Tomcat, Apache, and NGINX servers.
• Deployed Zabbix enterprise monitoring solution.
• Deployed JBoss and HornetQ middleware.
• Deployed resilient, scalable and secure IaaS and PaaS application platforms.
• Deployed public key infrastructure (PKI) hierarchies.
• Utilized available design data to develop ecosystem transaction and data flow diagrams.
• Conducted systems design, feasibility and cost studies and recommend cost-effective cloud solutions.
• Designed and lead teh deployment team that created end state services which are self-sustaining and scalable aligning wif business needs and cloud best practices.
• Designed, and implemented a project to provide network security stack providing visibility, redundancy, and consistency for all applications hosted in teh cloud.

Confidential, Louisville, KY

IT Specialist

Responsibilities:

• Assisted wif increasing production from instrument panels a shift increasing teh company’s profit $525,000.
• Managed teh Active Directory for more than 200 users.
• Led contact during 2nd/3rd shift for all service providers, customers, and third-party vendors.
• Interfaced wif corporate decision makers in North America to implement network designs.
• Coordinated presentations to introduce new technologies and topologies.
• Presented new designs to teh business unit and conducted network planning meetings.
• Collaborated wif Quality and production Engineers to develop and update engineering processes based in a 24/7 environment.
• Tier one supplier to Confidential Motor Company.
• Electronics troubleshooting AC (Allen Bradley and Siemens) and DC Drives; PLC.
• Led continuous improvement efforts using lean manufacturing principals.
• Deployed, managed, and updated multiple Microsoft Windows 2008 and 2012 servers using VMWare.
• Worked wif vendors to source parts, designing, updating older electronics and equipment that are no longer supported by manufacturing to improve equipment functionality.
• Managed capital projects including identifying scope, cost, milestones, etc.
• Experience using strong business knowledge and perspective, synthesize complex information and develop theories to arrive at logical recommendations.
• Adept at viewing situations from teh stakeholder’s perspective to better address their needs and expectations.
• Fulfilled service level agreements and ensure solutions remains current wif industry best practices.
• Maintained and managed LAN and WAN infrastructure systems such as routers and firewalls.

Confidential, Chicago, IL

System Engineer

Responsibilities:

• Deployed computer networks such as local area networks (LANs), wide area networks (WANs), wireless, load balancers, VPN, QOS, etc.
• Supervised halp desk technicians.
• Administered servers and server clusters.
• Configured hosted IP voice services remote support of on-site engineers and end users/customers during installation.
• Remote troubleshooting and fault finding if issues occurred upon initial installation.
• Liaised wif project management team including speaking wif customers via email and phone for initial requirement capture.
• Developed monthly reports, and recommendations for Managed Services Clients.
• Deployed systems for improving resilience of teh current environment, scheduled upgrades, network optimization, securing networks by establishing and enforcing policies, and defining and monitoring access.
• Create and maintain teh strategic plan and roadmap for Access Management as part of Identity and Access Management (IAM) overall.
• Created and maintained Identity and Access Management (IAM) authentication and authorization procedures.
• Deployed performance monitors and evaluating logs to determine performance problems or recommending steps to remedy a situation.
• Deployed, maintained, and managed teh collection of customizable puppet manifests designed to automation teh hardening of Red Hat servers.
• Managed and monitored all installed systems and infrastructure for potential bottlenecks identifying potential solutions.
• Identify departmental needs and made suggestions regarding technical direction.
• Deployed system security and data assurance in accordance wif company policy.
• Deployed scripts to increase system efficiency and lower teh need for human intervention.
• Tested software applications and systems.
• Developed different types of software, network control systems, and middleware.
• Deployed, configured, tested, and maintained operating systems, and application software.
• Provided level 3 support.
• Deployed performance monitors and evaluating logs to determine performance problems or recommending steps to remedy a situation.
• Scripting as necessary to support automation wif Bash/Perl/PHP.
• Conducted security audits and resolved technical issues for remediation.
• Participated in understanding of cyber security programs and technical solutions.
• Conducted assessments of security operations, risks and software assurance.
• Knowledge of network and security tools (Snort, Nmap, Nessus/OpenVAS and Wireshark) wif kali Linux.