SUMMARY:

• Proven Security Engineer with 26 years’ progressive experience in Cyber Security, Infrastructure, and Cloud. Instrumental in developing, architecting, and securing enterprise infrastructures including offensive security, automation, and machine learning. Outstanding leadership, communication, documentation, analytical, and problem - solving skills.

PROFESSIONAL EXPERIENCE:

Confidential

Security Architect

Responsibilities:

• Developed Phantom playbooks for Splunk Enterprise Cloud to automate threat hunting and incident response capabilities.
• Developed Python Script for API integration between Splunk and Corelight security solutions.
• Performed gap analysis on log normalization for Splunk User Behavior Analytics implementation.
• Researched, Designed, Implemented - Corporate Microsoft Teams Solution
• Performed System Administration on network F5 Load Balancers
• Developed Playbooks for Crowdstrike for incident response framework

Confidential

Application Security Engineer III

Responsibilities:

• Secured authentication systems such as LDAP, Active Directory, digital s, and SAML.
• Developed secure code for QA and Dev sprint cycles in Agile environment.
• Performed static source code analysis and application auditing for security vulnerabilities.
• Managed Linux security builds, developed security scripts, and developed new automation workflows for IAAS and Network APIs.

Confidential

Lead - Security Engineering

Responsibilities:

• Lead security engineer for the Cyber Security team reporting to the Head of Security responsible for all technical security engineering with 1 direct report. Firewall request approver for A+E Networks Cyber Security team.
• Lead contributor to AWS Security Cloud Security Standard governing global AWS Architecture, using AWS Native Security Controls, Third Party Tooling. Resulting, in a secure cloud linear solution for media content deployment through Direct-to-Consumer applications.
• Performed Secure Code Reviews for CI/CD Pipelines, ensuring secure coding practices for application infrastructure in development and production environments. Used orchestration platforms such as Docker, Terraform, Kubernetes.
• Lead facilitator amongst various IT teams, bridging multiple skill sets to complete critical projects, secure workflows, and communicate to C-Level individuals on TCO and ROI.

Confidential, New York, NY

Lead Security Solutions Architect

Responsibilities:

• Lead Security Engineer for Information Security & Compliance team. Firewall request approver for Confidential Information Security team.
• Conduct Security Auditing & Reviews of all Information Security projects, including, Security Engineering, Cloud, Application Security, Communication & Network Security, Threat & Vulnerability Management, Encryption, Security Risk Management, Asset Security, Identity and Access Management, Security Assessment and Testing, Security Operations, Software Development Security.
• Lead contributor to AWS Security Cloud Security Standard governing global AWS Architecture, using AWS Native Security Controls, Third Party Tooling.
• Perform Secure Code Reviews for CI/CD Pipelines, ensuring secure coding practices for application infrastructure in development and production environments.
• Lead facilitator amongst various IT teams, bridging multiple skill sets to complete critical projects, secure workflows, and communicate to C-Level individuals on TCO and ROI.
• Approver for all Confidential Firewall Service requests supporting Palo Alto and Cisco Firewall architecture.
• Administer Signal Science solution for WAF layer on-prem and off-prem.
• Manage specific security relationships with third party vendors for Managed Services, and SOW engagements.
• Utilize Python, Scala, and other automation techniques, as well as core Cyber Security, Cloud, Infrastructure, and DevSecOps skills to drive success in my daily job function.

Confidential, Holmdel, NJ

Resident Engineer

Responsibilities:

• Implemented Palo Alto VM-Series (100, 300, 500, 700) Firewalls to secure AWS architecture.
• Configured AWS Gateways and Customer Gateways to exchange BGP routing information traversing Palo Alto Firewalls.
• Configured multiple Load Balancing methods to distribute application traffic and support traffic based on demand.
• Migrated Marsh Data Center Cisco ASA 5000-Series Firewalls to Palo Alto 7000-Series Firewalls using the Palo Alto Migration tool.
• Utilized Python in handling of API management for Palo Alto Firewalls with malware detection platforms including Cyphort and Cisco AMP.
• Designed, implemented, and maintained extensive Palo Alto, ASA, F5, Bluecoat, and CyberArk architectures.
• Managed and configured multi-vendor Firewall platforms featuring Palo Alto 7000-Series, 5000-Series, 800-Series, 200-Series and Cisco ASA 5585-X Firewalls.
• Project lead for implementing Bluecoat ASG proxy and SSLV appliance. Utilized PAC file. DHCP Option 252, Group Policy, and WCCP for internet traffic redirection to ASG appliance. Leveraged Microsoft PKI Infrastructure to utilize and key chain hierarchy for SSL interception and decryption.
• Project lead for design, configuration, and implementation of Cisco Firepower NGFW 4100-Series. Used Firepower inline-tap mode for passive traffic discovery and inspection. Moved Firepower configuration to inline blocking after extensive tuning and policy configuration to stop malicious network behavior.
• Determined security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.

Confidential, New York, NY

Information Security Manager

Responsibilities:

• Designed, implemented, and managed Information Security Program for the Confidential . Incorporated HITRUST Common Security Framework practices in developing a multi-tier security architecture including next-gen firewalls, malware prevention and detection, DLP, and forensic capability. Developed security policy and procedures providing IT governance for the Confidential business operations and patient data protection.
• Managed and monitored the hospital's security perimeter including Palo Alto, Cisco ASA, DMZ architecture, PulseSecure, Aruba Wireless, and ForeScout NAC solution.
• Monitored and controlled network traffic and access security. Diagnose and resolve network and communications problems. Maintains network security and other communication records and statistics.
• Managed and reported security violations, possible data breach/leak and attempted denial of service attacks. Made recommendations for remediation and risk mitigation.
• Resolved problems on security related activities that span other areas such as network, database management, applications development, and other systems related areas.
• Developed and maintained third party connectivity architecture with DMZ network segmentation design best practices, Intrusion Detection/Prevention Systems tuning, security hardening techniques, application firewall design.
• Malware / Endpoint protection design and implementation, vulnerability scanning, penetration testing remediation, and SIEM.

Confidential, New York, NY

Senior Data Security Engineer

Responsibilities:

• Designed, Engineered, administered Bluecoat Global Enterprise Proxy Architecture.
• Managed and maintained McAfee Enterprise firewall (Sidewinder) security zones deployment.
• Lead engineer in design, engineering, optimization of enterprise Cisco architecture with extensive use of Routing Protocols EIGRP and BGP.
• Managed interface configurations for Link Aggregation, VP First Hop Routing Protocol: HSRP, VRRP, GLBP, End-to-end QoS.
• IP Multicast Protocol: PIM Sparse/Dense mode, Anycast RP.
• IPSEC VPN + GRE Tunneling.
• Engineered Security / Firewall, VPN services and associated technologies. DMZ, Zoning, and Network Access architecture.
• Maintained Edge network routing, switching, and connectivity technologies, Load balancing technologies, IP / DNS services.
• Principal Architect managing a team maintaining multi-datacenter architecture (servers, network devices, firewalls, SANs) and provided Tier 3 level support.
• Provided network/system design & implementation services for clients. Interface with clients for technical and non-technical questions.
• Installed, supported and configured Storage Area networks (SAN)
• Installed, supported and configured Cisco routers, switches, and firewalls as well as all necessary security applications.
• Provided ongoing network maintenance, including updates and security patches.
• Developed and maintained documentation related to the installation, administration, and maintenance of network infrastructure.
• Assisted with the planning and design of future network architecture wired and wireless. Disaster recovery planning and execution.
• Managed the deployment, maintenance, support and upgrade of servers, SANS, hardware, software, operating systems.
• Administration of Microsoft Exchange and Microsoft SQL Server.
• Implement security principles, penetration testing, vulnerability testing, HIPAA, Sarbanes-Oxley.
• Lead Architect in Afghanistan Network Security build-out expanding the Counter-IED network to 45 sites using Military Encryption Techniques, Advanced Router Firewalling, Microwave Line of Sight (MLOS), and Tactical Networking Engineering. Provided high bandwidth, low latency, secure communications to the Afghanistan Intelligence community supporting the Counter-IED mission.
• Network Design Architect proactively engaged in engineering & implementation duties in support of NIPRNET, SIPRNET, CENTRIX, JWICS, NSA communication networks.
• Provided engineering & implementation for Cisco networking infrastructure using ASR, 7600, 7200, 4500, 3800, 3700, 2800, ASA platforms and multiple service modules to include NAM, Ether Switch, WAAS, IPS/IDS, FWSM.
• Administered GEM-X solution for TACLANE support throughout the COIC network.
• Lead in DMVPN solution supporting tactical units in dispersed geographic locations. Developed Cisco VPN strategy to support remote users and devices.
• Managed all network routing interconnects using BGP routing protocol and peering capability to route network traffic across multiple private ASNs. Provide reachability and services through a complex routing and switching environment.
• Configured and troubleshoot TACLANEs, Cisco Optical Network Systems, Virtual Switching Systems, (VSS).
• Configured and troubleshoot of OSPF, EIGRP, L2TP V3, SNMP V3, PVST, VSS, VRF, and DWDM network configuration.
• Configured and monitored Cisco MARS and Network Compliance Management (NCM).
• Provided guidance on application of IA policy, programs, and .

Confidential, New York, NY

Chief Information Security Officer

Responsibilities:

• Firewall request approver for the Office of the Chief Medical Examiner Security Engineering team.
• Completed ASA, FWSM, IPS, and NAC deployment for The Office of the Chief Medical Examiner of New York. Provided Network Security Design, Development and Completion of Security Policies, Configuration and implementation of security devices; Resulted in providing OCME with a new Security Architecture and completion of a multimillion-dollar project.
• Developed OCME IT Security Program as Acting Chief Information Security Officer, involving Security Policy development, Security Awareness, Incident response procedures, Oversight into all IT Security related tasks.
• Intracal member of Disaster Operations Team, provided IT support to OCME Special Operations group in disaster scenarios.
• Designed and configured Cisco Wireless network for OCME Disaster operations, using Cisco EAP-FAST security with domain integration and Cisco ACS radius authentication.
• Design and configured Unified Victim identification system (UVIS), Command vehicle, Mobile Morgue and family assistance center (FAC) mobile network setup for Disaster operations.
• Designed, implemented and configured the citywide OCME network infrastructure upgrade for Manhattan, Brooklyn, Bronx and Staten Island.
• Project Lead for Blue Coat proxy deployment across Department of Defense Iraq network, deployed Bluecoat Management Center, ProxySG, SSLV & Reporter.
• Configured and administered WAN/LAN routers including Cisco 7200, 6500, 4500, 3800, 3700, 3500, 2800 series routers and switches.
• Engineered and maintained routing solutions including BGP, MPLS, EIGRP, and OSPF implementations.
• Administered Cisco PIX firewalls, ASA security appliances, and access-list controls on perimeter routers.
• Consulted on Air Force network management systems, including: CiscoWorks, SMARTS, HP OpenView, What’s up Gold, routers, switches, and DNS.
• Consulted on Air Force IT security architecture, design, and configuration, including internal and external routers, switches, DNS, web proxy servers, and mail flow, Sidewinder firewalls, and Cisco Pix Firewalls.
• Implemented optimization techniques on routers, switches, Sidewinder firewalls, Virtual Private Networks, Remote Access, Cacheflow/Blue Coat Web Proxy, DNS, Sendmail, and web servers.
• Analyzed configurations for Enterprise Security Manager, Internet Security Scanner, and Password Policy Enforcement software.
• Reviewed Base Network security policies and procedures and recommended solutions to Department Managers and Administrators.
• Monitored advancements in network management and information security technologies and changes in legislation and accreditation.

Confidential

Data Security & EMSEC Manager

Responsibilities:

• Conducted cyber in war operations to defend the US against cyber-attacks of significant consequence. Secure, Operate, and Defend DOD’s networks and mission systems. Support combatant commanders around the globe, delivering to them all-domain, integrated cyber effects.
• Conducted extensive tests of AF base-wide Host and Network Operating Systems, identified vulnerabilities, developed and implemented countermeasures, initiated immediate response to virus attacks, and compiled test reports for senior leadership.
• Served as TEMPEST/EMSEC Security Manager for McGuire AFB, securing leaking emanations, including unintentional radio or electrical signals, sounds, and vibrations, for unclassified and classified DoD Information Technology Systems.
• Served as System Management Server (SMS) Administrator for Langley AFB, patched workstations and servers, developed queries and packages, and deployed packages for optimal results.
• Designed, implemented, and administered Air Force internal and external routers, switches, DNS, Web Proxy Servers, Mail Flow, Sidewinder Firewalls, Cisco Pix Firewalls, F5 Big-IP, Virtual Private Networks, Remote Access, Cacheflow/Blue Coat Web Proxy, DNS, Sendmail, and Internet Facing Web Servers.
• Installed and managed Enterprise Security Manager, Symantec Intruder Alert, Internet Security Scanner, and Password Policy Enforcement software.
• Supported classified and unclassified data networks for 21 deployed network communications centers.