TECHNICAL SKILLS:

Firewall platforms: PIX, ASA, Check Point, Juniper (SSG, ISG, SRX), Palo Alto, FireEye Malware detection solution, and Aruba.

ITIL certified.

Cloud Computing: Eucalyptus, Cisco Unified Computing Solution, Amazon, Microsoft Azure and other public vendors.

Operating Systems: LINUX, UNIX - Sun Solaris 10 and 11, Windows 7, & XP.

Programming Languages: Perl, C, C++, Android APK and AOSP, GNU Make Build System, LAMP stack, Java, Trusted Platform Module API, and HTML.

Machinery: Cisco, Juniper, Nortel, Lucent, Tipping Point, McAfee, Aruba Networks, and F5.

Mobility: Android Platform.

System Engineering: System wide focus, interdisciplinary team approach to problem solving, software development life cycle.

Policy: FEDRAMP, NIST, FISMA, and DISA STIGS.

PROFESSIONAL EXPERIENCE:

Senior Security Architect

Confidential, Centreville VA

Responsibilities:

• Designed and configured an enterprise communication service leveraging web robot technology, and C# developed project on top of Microsoft Azure cloud environment.
• Leveraged Microsoft Azure IaaS to implement an instance of SUSE Linux RDMA.
• Activated and managed a number of Ubuntu Virtual Machine instances on Microsoft Azure PaaS.
• Deployed Fireeye solution inline leveraging Gigamon GigaVUE.
• Create the Linux build environment for Android ROM cross compiling for the Samsung platform.
• Installed and configured the Symantec Endpoint Protection Solution on network devices.
• Implemented web, email, and remote desktop solutions leveraging Microsoft Azure.
• Created, reviewed and executed different project deliverable documentation as well as Methods of Procedure documents for the purpose of activation, implementation, and service improvement.
• Administered Juniper SRX 110 as a gateway to test environment, and leveraged various features such as anti-spam, anti-virus, and web filtering.
• Used the Samsung source code combined with AOSP to create a working image to be flashed on the phone.
• Leveraged Android studio to create various apps made of the Android framework as well as NDK for native development.
• Implemented next generation firewalls such as PaloAlto and Fortinet.
• Investigated different security issues associated with the Android platform as well as potential solution strategies in order to improve the solutions.
• Provide advisory strategy on solutions and technology, which would improve the security, performance, and availability of the IT services such as web, terminal, remote access, and authentication.
• Expert use of various pen testing and ethical hacking tools such as Kali Linux, Nmap, and OWASP tools to identify potential vulnerabilities within enterprise environment.
• Deploy Trusted Platform Module at enterprise level to ensure trust within enterprise infrastructure, servers, and host machines. TPM integration within various enterprise and cloud services such as SSL, Secure Web, Active Directory, and IPsec VPN.
• Leverage Trusted Execution Environment within Android platform by modifying the source within AOSP and building the image within LAMP stack in an effort to achieve greater App security.
• Design, deployment, and management of secure services in virtual and cloud environments based on OMB, FISMA, and Clout Security Alliance guidelines.
• Administration and implementation of various Web servers running Apache, or Percussion. Everyday activities involved performance tuning, log management, patching, and upgrades.
• Implementation, integration, management, and upgrade of various network components such as Cisco routers, switches such as catalyst, Juniper devices such as SRX, and Palo Alto models PA-200 - PH-5000.
• Integration of different web applications with Single Sign On.
• Management and upgrade of enterprise CA site minder solution.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Configured various load balancing methods on F5 big IP solution.
• Install and maintain large scale Linux platforms to provide security, database, web and other services.
• Lead the design and Implementation of the security solutions.
• Improve the IT services efficiency and performance of the IT infrastructure.
• Evaluate and improve the organizational security posture through operational and strategic means.
• Assist organizations meet Cyber security challenges through proper evaluation and implementation of effective security solutions such as next generation firewalls, web application firewalls, host and network Intrusion detection and prevention solutions, and etc.
• Mobile security expert in the areas of authentication, trust, payment industry technology, and trusted platform module. Leveraged the AOSP combined with Samsung source to create a build environment, and add functionality to the image in the form of Native and assembly code, apps, self-made device drivers, and modified source code.
• Leveraged code on Git repositories to build other implementations, and validated the functionality on a real device.
• Java card implementations of embedded apps on PIV cards.
• Effective scripting techniques to automate repeatable tasks within Linux platform.

Senior Security Architect

Confidential, Tysons Corner VA

Responsibilities:

• Review and evaluate of Android security issues and technologies such as Samsung KNOX for purpose of secure enterprise mobility solution.
• Design and implementation of a context-aware Android app for first responders to guide during an emergency.
• Review of current vulnerabilities associated with the Android platform.
• Java implementation of various data structures, and use of various APIs such as NASA’s World Wind.
• Web Application Firewall SME and application security expert to address any and all concerns associated with Web services. Advised the customer of the initial security policy configuration, and its potential impact. Modified the specific signatures for various functionalities such as email notifications, false positive elimination, or address unique traffic matching. Responsibilities include implementation strategy, mitigation methods, risk analysis, implementation of various enterprise security solutions.
• Audited enterprise web services residing on various platforms and provided the scan results to the management team.
• Compliance methods and metrics.
• Evaluated various database security solutions, and implemented a mechanism to address concerns associated with SQL injection, cross site scripting, cross site request forgery, and other OWASP top ten vulnerabilities. This was accomplished using OWASP tools such as burp suite.
• Effective monitoring and management of the security solutions.
• Daily maintenance of the infrastructure in place composed of Linux operating system; Centos
• Review of Kali Linux tools towards potential use.
• Advised client on required activities and process improvement towards securing the application layer as per OWASP, Whitehat, and Secure SDLC recommendations.
• Design and Implementation of the Imperva Web Application Firewall solution and the associated configurations such as Active Directory Integration, SMTP, Threat Radar, and SIEM logging.

Network Security Architect

Confidential

Responsibilities:

• Daily evaluation and update of security posture, including firewall policy and other network devices in order to provide secure connectivity.
• Configured and managed other services on Linux platform on Centos and Ubuntu release.
• UNIX - Sun Solaris 10 porting to Linux environment.
• Lead engineer for Networking, Firewalls, Cisco ASA and Juniper SSG-140, and Information Security.
• Management of Cloud solutions private and public.
• Evaluate various IT solutions for desired functionality and interoperability.
• Setup of various test environments for proof of concept of security solutions.
• Identifying areas of improvement within the enterprise. Defining the problem to be addressed, evaluating different solutions and select the one which best addresses the stakeholder requirements.
• Compiled a Data Center consolidation road map.
• Tested management interface to Eucalyptus private cloud instance. The same interface can be used to manage an Amazon cloud instance of images.
• Also participated in validating the design goals within the lab prototype environment. Specific areas of expertise are Networking, Switching, and Firewall Administration. Tested a number of security functionalities on the switch before deployments. Implemented two different firewall solutions within the prototype, and production environment. Worked as a member of the integration team by updating the firewalls, and providing visibility into the network traffic. Blocked access to part of the network as per requirements. Provided feedback on next steps, best practices, etc.
• Providing strategy and documentation for various ITIL lifecycle stages to different Government agencies.
• Hands on everyday maintenance and monitoring of Firewalls, Servers, and storage infrastructure.
• Discuss and evaluate best security solutions based on the customer requirements.
• Performance and efficiency improvement of complex systems
• Security protocol modeling, analysis and validation

Security Design Engineer

Confidential

Responsibilities:

• Responsible for gathering requirements, writing design document, interface with other engineering groups in an effort to complete the installation of security solutions. Assist other engineering groups with their efforts, and provide guidance to comply with NIST standard.
• Lead engineer for the implementation effort of an Intrusion Detection solution, how and what it monitors, the operations, and management aspects of the solution, performance requirements, and etc.
• Managed the policy for the IronPort Web Proxy instance. Submitted a design based on ACE load balancers, and WAF solution.
• Address connectivity issues through enterprise firewalls, and updated the policy on every day basis.
• Fine tune IPS alerts, and help monitoring group respond to incidents.
• Participate in design efforts for future upgrades. And make recommendations regarding configuration, device, and technology to use for all of the security solution in DoD environment including, authentication, firewalls, Intrusion Detection, Data Loss Protection, Web Application Firewalls, and logging and correlation of events.

Security Analyst

Confidential

Responsibilities:

• Design and Implementation of IP services for customer. Providing secure IP connectivity through Cisco Systems Routers, Switches, and Firewalls. Monitoring traffic for Intrusion Detection, and working with various IT organization in enforcing security policy.
• Providing roadmap for business challenges, and identifying key performance indicators for the management group. Also suggesting tools, process, and solutions for upcoming mandate.
• Troubleshooting connectivity issues for various services like data, Voice, and Video across Enterprise environment. The network is composed of Remote Access connections on Cisco Concentrator, various Cisco Systems switches and routers, Cisco PIX, ASA, and FWSM firewalls, Juniper Netscreens. Traffic is also impacted by WebSense monitoring solution, and Intrusion Detection Services managed by our group. It is our job to identify the exact nature of issue and update the configuration to provide the service to client as per Business and security policy.
• Securing the enterprise environment through technology available on Cisco IOS, AAA, VPN and SSL encryption, Authentication, and Hashing. Providing application inspection or web services by using Websense and Blue Coat proxy platform. Ensuring spam filtering using IronPort. Also familiar with Fortinet and Palo Alto firewalls.
• Design, Maintained, and upgraded various IDS and IPS solutions for clients. Vendors such as Snort, Tipping Point, McAfee, Cisco IDSM2, IOS IPS, ASA solution.
• Also actively participating in various efforts to build and improve the management of Network devices. Issues like Database design and setup of servers for more granular monitoring of traffic.

Network Design Engineer IV

Confidential, Reston VA

Responsibilities:

• IP engineer in charge of various efforts that service the customer like Firewalls that protect the Data Center and handset clients behind them. The servers that provide ring tones, or http services to customers or Internet users. This is primarily a Cisco environment composed of Cisco 6500 switches, and PIX 535.
• Integrating new IP security services with a project lifecycle driven environment. Ensuring security of system as new services are added to the enterprise environment for example Intrusion Preventions and Detection technology, GPRS service, updated AAA services for more granular control and more.
• Prepare configuration procedures for VPN activation with Confidential Clients, and work with Operations during execution of MOP to ensure successful implementation of the service.
• Evaluating budget requirements for upcoming projects, auditing timeline as per work breakdown structure of each project.
• Writing requirements, Design Document, test plan, overseeing the testing process and result, writing the first office application document and ensuring smooth integration of new service before handoff to operations and other downstream customer.
• Supporting the security issues related to mobile environments of iDEN, and CDMA 2000 packet networks. Developing road map for improving, and updating different services within provider network.
• In charge of troubleshooting IP connectivity issues and to determine required configuration on the router, switch, or the firewall. Received escalated issues almost every day.

Install Engineer

Confidential, Ashburn VA

Responsibilities:

• Implemented and tested none-standard requests for Confidential high profile clients. Services like Virtual private networks with PIX or checkpoint firewalls, with or without Quality of Service parameters.
• Also installed Cisco Intrusion Detection Systems in accordance to client’s Security Policy.
• Also provided remote access Virtual Private solutions using Nortel Contivity or Cisco Concentrator.
• Everyday configuration of backbone routers such as Cisco, and Juniper.
• Acted as Senior Engineer in charge of escalated issues related to Network or Satellite transmission issues. Was also responsible for any all issues related to packet data service over Satellite link to customers examples are routing issues, DNS, delay and packetloss issues and more.

Network Support Engineer

Confidential, Fairfax VA.

Responsibilities:

• Supported any and all issues related to biggest backbone exiting in the United States.
• Supported IP routing for any type of service you can think of over any type of connection offered here in the States or overseas during the last 10 years.

Configuration Engineer

Confidential, Fairfax VA.

Responsibilities:

• Configuration and testing of equipment for Confidential clients for dial or high speed services.