Objective

• Information Security professional with 8 years of experience in server and network intrusion detection and analysis, incident response, implementing and maintaining quality commercial and open - source security solutions for effective intrusion-based strategies.

Core Competencies

• Intrusion Detection
• Incident Response
• SIM Content Creation and Management
• SIM Events/Incidents Correlation and Management
• Custom Signature Creation and Management
• Vulnerability Assessment
• Penetration Testing
• Malware Reverse Engineering
• Threat Intelligance Analysis
• Security Policy Creation and Development
• Client Relations
• Configuration/Integration
• New Product Deployments
• Security Products Change Management

PROFESSIONAL EXPERIENCE

Lead Security Engineer

Confidential, Reston, Virginia

Responsibilities:

• On loan to The United States Department of Interior
• Perform administration of Incident Ticketing System, DOI Remedy
• Analyze network traffic by means of monitoring/detecting, research, and forensics to identify malicious activity
• Vet escalations from a Security Operations Center by means of research and forensics on tools that include: Snort, ACE Live, NetWitness, SRX, SQUERT, BRO, ELSA, MOLOCH, and TippingPoint to ensure accurate escalations
• Reverse-engineer found malware to create content for various detection tools including: Snort, TippingPoint, NetScreen, SRX, SQUERT, BRO, ELSA, MOLOCH, and BlueCoat to better facilitate future detection and prevention
• Escalate incidents to other groups including: US-CERT, internal security hardware administration teams, and other DOI bureaus to begin remediation
• Process external sources of threat intelligence to create content for detection of emerging threats and zero-days
• Train other teams with the introduction of new processes or policies
• Strong working knowledge of system administration, UNIX and Windows
• Perform backend tuning to intrusion detection and health monitoring platforms to ensure optimum analysis
• Produce monthly security brief for customer that highlights Intrusion Detection System performance reviews, observed trends in the wild and on customer tools, security intelligence from multiple outside sources, analysis, and recommendations for threat mitigation or eradication

Team Lead Intrusion Analyst

Confidential, Herndon, Virginia

Responsibilities:

• Analyze network traffic by means of monitoring/detecting, research, and forensics to identify malicious activity
• Reverse-engineer found malware to create content for various detection tools including: Sourcefire, ArcSight, BlueCoat, and Yara to better facilitate future detection
• Escalate incidents to other groups to begin remediation
• Process external sources of threat intelligence to create content for detection of emerging threats and zero-days
• Strong working knowledge of system administration, UNIX and Windows
• Perform backend tuning to intrusion detection and health monitoring platforms to ensure optimum analysis

Team Lead Incident Response Analyst

Confidential

Responsibilities:

• Perform forensic investigations on hosts suspected of infection
• Perform investigation of incidents escalated by Managed Security Provider
• Perform investigation of incidents as prompted by security appliances, including FireEye, WebSense Proxy, Bit9, ArcSight
• Analyze suspicious files and e-mail correspondence for malicious software
• Provide consultation to end-users regarding information security inquiries
• Investigate device health issues for security devices including: Checkpoint firewalls, IBM ISS sensors, Dell SecureWorks iSensors
• Monitor system security compliance by means of ForeScout CounterAct NAC
• Oversee remediation actions for security compliance
• Create training documentation for procedures, and general operations

Lead Intrusion Analyst

Confidential, Virginia

Responsibilities:

• Analyze network traffic by means of monitoring/detecting, research, and forensics to identify malicious activity
• Monitor Proventia ISS alerts from customer network
• Create Problem Management escalations
• Provide assistance in customer inquiries regarding administration of networks, device configuration recommendations, incidents, incident response recommendations, and general troubleshooting of devices
• Perform file system and memory forensics by use of enterprise tools including EnCase, HBGary, Forensic Toolkit, Volatility, RegRipper
• Monitor system security compliance by means of BigFix and McAfee ePO
• Strong working knowledge of system administration, UNIX and Windows
• Perform backend tuning to intrusion detection and health monitoring platforms to ensure optimum analysis
• Contribute to development of proprietary SIEM and log correlation technology
• Create and audit inventory of facility hardware inventory
• Oversee deployment of a new Secure Operations Center
• Create training documentation for device configuration, procedures, and general operations
• Contribute to development of Continuity of Operations Plan
• Create documentation for Continuity of Operations Plan
• Create and maintain running operational project plan to keep project managers and upper management up to date on projects being handled by operations center
• Create and maintain shift scheduling documents for operations center
• Research threat landscape and brief clients of emerging/ongoing threats, vulnerabilities, and exploits on a weekly basis

Lead Network and Info Security Specialist

Confidential, Virginia

Responsibilities:

• Analyze network traffic by means of monitoring/detecting, research, and forensics to identify malicious activity
• Create Problem Management escalations
• Provide assistance in customer inquiries regarding administration of networks, device configuration recommendations, incidents, incident response recommendations, and general troubleshooting of devices
• Administer configuration changes to network security devices that include: PIX firewalls, Checkpoint firewalls, Netscreen firewalls, Sonicwall firewalls, Cisco ASAs, Cisco IPSs, Cisco CSAs, Snort sensors, Dragon network-based and host-based intrusion sensors, Bluecoat Proxies, Sourcefire network-based intrusion sensors
• Monitor device health for devices that include: PIX firewalls, Checkpoint firewalls, Netscreen firewalls, Sonicwall firewalls, Cisco ASAs, Cisco IPSs, Cisco CSAs, Snort sensors, Dragon network-based and host-based intrusion sensors, Bluecoat Proxies, Sourcefire network-based intrusion sensors, mail servers
• Perform Signature and OS updates
• Strong working knowledge of system administration, UNIX and Windows
• Perform backend tuning to intrusion detection and health monitoring platforms to ensure optimum analysis
• Create training documentation for device configuration, procedures, and general operations
• Lead a shift of analysts in analysis, incident response, troubleshooting, and other tasks

Lead Network Security Analyst

Confidential, Reston, Virginia

Responsibilities:

• Analyze network traffic by means of monitoring/detecting, research, and forensics to identify malicious activity
• Provide assistance in customer inquiries regarding administration of networks, incidents, incident response recommendations, and general troubleshooting of devices
• Administer configuration changes to network security devices that include: PIX firewalls, Checkpoint firewalls, Netscreen firewalls, Sonicwall firewalls, Cisco ASAs, Cisco IPSs, Cisco CSAs, Snort sensors, Dragon network-based and host-based intrusion detection sensors
• Lead a team of four to six other analysts in day-to-day operations
• Draft the monthly working schedule for the team

Network Security Analyst

Confidential, Reston, Virginia

Responsibilities:

• Analyze network traffic by means of monitoring/detecting, research, and forensics to identify malicious activity
• Provide assistance in customer inquiries regarding administration of networks, incidents, incident response recommendations, and general troubleshooting of devices
• Administer configuration changes to network security devices that include: PIX firewalls, Checkpoint firewalls, Netscreen firewalls, Sonicwall firewalls, Cisco ASAs, Cisco IPSs, Cisco CSAs, Snort sensors, Dragon network-based and host-based intrusion detection sensors

Service Desk Technician

Confidential, Reston, Virginia

Responsibilities:

• Customer Service
• Create tickets and follow up on progress of customer requests or issues
• Respond to phone inquiries
• Monitor health and uptime of managed devices and escalate all outages