EXPERIENCE:

Information Security Engineering Technical Lead

Confidential, Novato, Ca

• Responsible for the day to day support of enterprise applications and the Microsoft Stack Technologies as well as Lead Project Implementation Integrations related to Active Directory, Federation, LDAP, PKI and Mobile Technologies. Manage Vendors and Stack holders of FFIC’s complex network environment from a Info Sec perspective designing and implementing Federation, Identity, Mobility Solutions, Encryption, DLP, SIEM solutions that meet or surpass our diverse internal and external environment needs.
• Implement solutions that support SAML 2.0 based authentication to internally hosted and cloud based web applications
• Configure solutions to support mobile applications using OAuth 2.0.
• Integrate with multi - factor solutions including certificate, token based OTP and on demand OTP to provide for higher assurance SSO.
• Provide Tier 3 support for authentication solutions.
• Provide strategic guidance to the Identity & Access Engineering team on industry best practices and trends.
• Serve as the subject matter expert for SAML and OAuth authentication *PKI, *SSO (single sign on) token management, *SAML, *WS-Security, *ID-FF, *ID-WSF, *WS-Federation, LDAP integration, PING Federate, Symplified, OKTA, McAfee CIM, ADFS, TFIM, Microsoft FIM, OIM
• Coordinate with vendors, customers, developers, engineers and support personnel to develop highly scalable, globally deployed authentication
• SSO solutions for web and mobile applications.server, LDAP, SSO login page
• Working knowledge of web server and web application platforms such as Microsoft Internet Information Services (IIS), Apache, Manage Enterprise in the Cloud data and Access
• Implemented ADFS, Federation Solutions, Mobil technology, Direct Access, TFIM
• SME for Active Directory, Federation, SaaS, Mobility and Access Management
• Manage different engineer’s technical stacks across various enterprise platforms.
• Engage Business Project head on and implement Security requirements up front.
• Manage Vendors, Projects, People and Costs
• Implement Security Roadmap, Manage Security Controls Provide governance and management of Network, Application and Access controls. As well as SDLC of user and Group Lifecycle.

Information Security SME for Active Directory

Confidential, San Francisco, Ca

• Established a New Company Certificate Authority cross-certified with the Federal Bridge while adhering to NIST. Manage MS Server, Entrust; VeriSign PKI Templates facilitate the deployment distribution, audit & revocation of digital certificates on the enterprise. Perform, Monitor installation integration testing and performance monitoring of systems software products and applications, Email, Code Signing, SSL. Work with Developers, QA Various OS Teams, Operations and Project Managers. Develop strategies and communications for internal and external stakeholders lead efforts as necessary. Cross-departmental Information Security consulting of software security solutions, Manage expectations and perceptions while building strong internal relationships. Develop long-range technology and process improvement roadmaps, Produce Metrics and Reporting for various Administrative Platforms and Tools to include IAM, ESSO, SSPR, ACTIVE DIRECTORY GROUP REBUILD, UNIX, IBM TIM 4.6/5.1, 2 Factor Authentication optimization and integration, including role management and user provisioning for integration of HR systems and directory services, employee id re-numbering initiatives, PIV employee re-badging efforts, RBAC management, Various SCADA and Smart Grid efforts.

Distributed Information Security Engineer

Confidential, Bloomfield, CT

• Migrated Greatwest Healthcare's Active Directory and UNIX Environments into CIGNA’s high-availability Active Directory and Solaris Environments. This consists of over 130+ Domains and Sub Domains, surrounded by 540 Domain Controllers running a mix of 2000/2003 and 2008 Servers and 600 Solaris UNIX Boxes.  Participate in a rotating 7x24 on-call rotation to respond to escalated incidents for a Windows 2000, 2003 and 2008 server and advanced server environments some in Citrix MetaFrame environments.  3rd level support with constant communications with back line engineering, vendors and clients in accordance with perform troubleshooting and root cause analysis related to Active Directory authentication/replication for all supported servers. Perform documented system integrations, modifications and additions Administer release management, change management, configuration management, and quality assurance standards Enforce directory Services and server configuration standards. Ensure that all managed servers and databases meet or exceed firm standards. Create and maintenance of AD supports OU Objects, PKI, SSO Issues\ and GPO’s. Maintain; tune Active Directory for all environments. Provide Project Team, DEV and PROD support, as well as reporting and analysis and metrics for management. Ensure my Systems environments are always Audit ready.
• Daily operational security administration and access control support for application and user access needs create access roles and add/change/delete user access.
• Troubleshoot NTFS, AD, GPO, Passlogic SiteMinder SSO application security production issues
• Provide Systems administration on Windows and/or UNIX systems security aspects of variety of Application troubleshooting and public key infrastructure issues.
• Servers, Web Servers, Directory Servers, Media/Content Servers, Messaging Servers, Database Servers, and Integration Servers. DMZ Administration, Web portal Administration
• Provided administration and troubleshooting for all systems that rely on Application authentication or authorization via LDAP, Active Directory, RSA ClearTrust and Netegrity siteminder
• Provide Tivoli Identity Manager 4.6, Sun Identity Manager, CA Identity Manager/Identity Minder operating-system administration for UNIX and Windows NT/2000 Exchange, IIS, SQL Server, SharePoint Server, ITIM, RSA Secure ID, RADIUS
• Educate end users, vendors on the process for properly submitting SCR or access requests Via HPSM, Vantage for request-based application and resource provisioning
• Performing end-to-end application security reviews and process control self assessments, providing risk guidance on projects involving the business, completing management activities associated with the Application Security Assessment and Control Self Assessment programs, monitoring IT Risk or IT Audit identified issues through to remediation, and providing risk awareness training for the business.
• Drive specific activities to comply with regulatory and industry requirements related to Sarbanes Oxley (SOX),
• Gramm-Leach Bliley Act (GLBA), and the Payment Card Industry (PCI) Security Standard.
• Perform Application Security engineering in conjunction with software engineering teams reviews across production, Test and DEV environments.
• Perform application risk activities including risk rankings, PI assessments, and audit remediation tracking, and coordinating security testing

Active Directory QA Security Lead

Confidential, Richmond, VA

• Migrated/Merged Confidential acquisitions, Bank South, People First Bank, Capital One Auto Finance, Hibernia, North Fork Bank and Chevy Chase Bank, 25 Domains into (1) Primary and 10 Sub Active Sub Domains Microsoft Active Directory object structure. QA Validated the Implementation, the Migration of the IT infrastructure the Administration aspects of the System for Microsoft Based platforms. Active Directory Authentication, Manage corporate LDAP Single Sign-On Technologies as well as automated systems deployment, systems integration. Upgrading Servers Hardware Raising all the domain and forest functional levels of domain controllers to 2003 Level and then retiring old servers.
• 1 of 4 QA Leads AD, EXCHANGE, ILM, NOVELL Input test cases/scenarios into Quality Center
• Reviewing of business requirement, design documentation for completeness and testability
• Test Case Management Creating, executing, and managing test cases with or without business requirements/design docs
• Defect Management: Entering and managing defects to completion.
• Risk Management and troubleshooting for AD based Applications shaping risk based testing approaches/plans
• Write and analyze test reports across a broad audience and present recommendations to a Management and senior audiences.
• Liaison with Application owners to for Software Application Testing Plans and Scripts and Coordinate with users to plan user acceptance testing, alpha and beta testing.
• Test Data preparation process review and study existing test scenarios using processes followed in Test Design and load test framework
• Assist with design, development and review of UAT test Cases and Scripts.
• Participate in Test script execution, defect reporting and tracking test result analysis and document the same.
• Ensures that system tests are successfully completed and documented and all problems are resolved.
• Always Identify recommend and implement changes to enhance the effectiveness of quality assurance strategies.
• Working cross functional across the Enterprise with Network teams and Multiple Vendors IBM, WIPRO, ATT Vendors for VLAN Support and Firewalls updating ACLS, GPOs, ADFS, NTFS, PKI, user logon Scripts Etc

Information Security Analyst

Confidential, West Phoenix, AZ

• Provide Systems Administration of Active Directory MS Exchange, Lotus Domino Servers REMEDY CRM Queue Management as well as an assortment of McKesson, EPIC Products, MEDITECH, Picis CareSuite, and Direct Connect Products. Liaison with Clients on support issues Provide Metrics and other Data as requested.
• IBM midrange security AS/400, IBM mainframe security ACF2, RACF, Top Secret, MVS/TSO, ISPF, Unix; (Sun OS, Solaris, NeXT), Windows NT desktop and server, Novell Netware 3.1x, VMWARE, (Oracle, Sybase, SQL Server) and applications (MS Office Suite), Various PC hardware/software, Firewalls.
• Monitors systems and networks, reporting incidents and anomalies to appropriate security and client staff and management.
• Lockdown and Change management activities on Various server Operating Systems
• Assists in both internal and external audit activities. Prepares audit responses and reports dealing with compliance for review by Specialists and Managers. Compiles and summarizes basic information security audit outcomes, making recommendations where appropriate.
• Maintains records of all sensitive processes and documents and keeps log of all related information. Follows up as necessary to ensure most current practices and information are recorded. BMC Remedy Queue Management
• Assists in the development and implementation of CareConnect Software Implementation.
• Provides help-desk support. Maintains technical documentation for assigned programs and ensures currency. Processes access requests in accordance with Perot Systems standards.
• Updates technical documentation and follow change control procedures, as required. Documents changes to procedures and ensures appropriate parties are notified.
• Suggests improvements in current practice, based on thorough knowledge of client and Perot Systems corporate procedures and processes, which may result in improved compliance and service levels.
• Correlate services and needs with Doctors, Nurses and IT stakeholders on small details as well as large product integration issues and needs.

IT Security Administration Mgr. Consultant

Confidential, Oakland, CA

• Responsible for multiple systems account administration and provisioning. User Accounts Administration as well as on going change management of existing Domain and User level objects & accounts to include Change, Audit, Move and Add access with groups permissions Internationally to external and internal Applications, Servers and Databases.
• Work with Business owners for each application to validate process and process flow. Finally executing the process access requests with owner or management signoff insuring Audit and SOX compliance before granting access and to modify roles/classes, access levels, rules, checks and balances as necessary
• Audit security related tables to identify and correct any data integrity issues (e.g. blank fields, duplicate ids, ids with wrong user information, contractor accounts not converted to FTE)
• Develop and maintain detail logical access administration performance reports: daily/weekly/monthly.
• Analyzed request statistics identifying trends, and made resource adjustments reducing customer risk.
• Develop, install and support the process and procedures for local, remote, and international users to request and obtain data system access to production computer data systems.
• Publish information for end users advising what data systems are available and their access requirements.
• Maintain documentation on security administration procedures for all supported systems.
• Manage Global Network ID’s using Active Directory Mainframe, OpenVMS, UNIX, ORACLE, AS400, CITRIX
• MS EXCHANGE, OBLIX, TERADATA, SAP7 via GRC Access Control and Crystal Report.
• Create Global User ids: Active Directory, Exchange, UNIX, Oracle; Mainframe, APCA, CICS, TSO, ACF2 &
• AS400, VPN, VMWARE. Passlogic SiteMinder SSO
• Provide users with access to multiple network functions.
• Manage request using Kintana CRM Application, and Remedy AR Request System as well as email phone and occasional walkups.
• Monitors security events and security audit logs take actions and contact Security Team Stakeholders.
• Managed Radius Server and Encryption Keys and Certificate Access
• Incident Response Team

SR. Field Support Engineer

Confidential

• Supported a robust Microsoft based network spanning Vallejo, Sonoma and Napa. XP Clients with 2003 Server and Lotus Notes Mail Supporting 15 Wineries. Assist with purchase orders for hardware and software procurement. Purchase Recommendations. Install and maintain WAN and LAN SQL, Crystal Reports Hardware and Software. Troubleshoot network usage and computer peripherals. Install new applications and hardware. Perform system backups and data recovery. Resolve network communication problems independently
• Setup users and Network Resources in Active Directory, Hyena, DAMEWARE, CISCO VPN Client.
• PC, MAC and Laptop with and without docking station support (Tier Level 2 or 3). Perform the duties daily based on Priority and SLA.
• Assisted with PC installation, maintenance, E-mail administration, disk capacity monitoring as well as network Security. Insure backup are ran Swap Server out Tapes
• Hardware and Software troubleshooting. Augmented with excellent customer service skills to work effectively with end users & vendors.
• Train end users on internal company Applications Support Blackberry Phone connection issues.
• Document all issues and problems in CRM TeamTrack. Communicate issues and trends to other members of Team and Management.
• Install/deploy Windows based computers. Remote Install or Ghost.
• Self motivated and able to work with minimal supervision set priorities and be flexible in a fast paced environment.
• Immediate Support for Franciscan Winery, Wild Horse Winery, Blackstone Winery, Robert Mondavi Winery,
• Ravenswood Winery, Drylands Winery, Estancia Winery, Mount Veeder, Simi and Tintara Winery.
• Routine Phone support on 24x7 nationwide rotation

Computer Systems Security Analyst

Confidential, CA

• Manage a verify UNIX/AIX/AS/400 and Active Directory Structure and content with cross reference PeopleSoft HR Accounts Identify Abnormal accounts and user access. Domain Security Administrator responsibilities for server account creation, modification, and deletion to include exchange account and shared network resources and permissions. Prioritize, manage and complete a myriad of tasks utilizing ITIL Practices by Project Plan timeframes within the Global Infrastructure.
• Track and Monitor HOT ID’s and Sudo ID’s create and Administer Network folders SAP user accounts. Perform Audits on Servers and logon Credentials.
• Validate Users and Accounts across the Enterprise submit change mgt and problem management. Limited Access hours Lock down internal Hardware.
• Verify Document System and process ID’s Cross platform Across the Enterprise
• Lockdown any ID’s that meets yearly production lockdown guidelines.
• Meet and coordinate across functional AD, ENGINEERING, and DEVELOPEMNT groups to determine best practices for system access Sudo verses HOT ID and lockdown of secure ID’s.
• Provide Feedback to Management of activities. File recovery (undelete and restore. SQL Server
• Application processes. Data Migration Activities as well as Global Administration RACF & VMS.
• Participate in change management Server Lockdown Remediation stay abreast of systems coming online and going offline across the FTT Enterprise, EMC2 Backup solution, CA Unicenter
• Public key infrastructure (PKI) management server Disk encryption
• Maintain a 100% lockdown on all platforms and applications coming live. Create procedures and ensure that all documents are updated as needed in EDR and SharePoint.
• Windows 2000 Server, Windows 2003 Server, Solaris, AIX, Linux, Active Directory, VISO, CITRIX, MS Siteminder, Passlogic SiteMinder SSO Federated Servers, Office and MS Project.
• Identifies and proactively resolves issues that could impact system performance, reliability and usability as part of Incident Response team.
• Sun Identity Manger transition to Tivoli Identity manager as infrastructure change from SUN Based to IBM
• Track and manage Process ID’s and System ID’s Applications ID’s on a server by server basis.
• Provide problem tracking and Identification as well as guidance to change management teams assists SOX team with compliance issues.

Support Services Supervisor

Confidential, Oakland, CA

• Provide technical support to the Corporate Offices, 300 Stores Nationwide 24/7 supervise and train 10 employees to respond to questions regarding POS Transactions on IBM 5690 Registers, computer systems, phone problems and all technical related needs. Utilizing (Clientele) to route service requests and change control, etc. Supervises direct reports; delegates individual assignments and goals; reviews performance; provides counseling; plans. Handles discipline and documentation in problem employee situations as well as dismissals.
• Provides service level management. Responsible for the overall performance of the unit. Develops
• and implements plans to raise the quality of service/support, and consistently monitors client
• Satisfaction. Takes corrective action when necessary
• Manage all delivery of services with various IT Groups Desktop Support, DBA, Development and
• Networking, Manages outsourced vendors and contracts nationwide.
• Perform Administration duties for Backups
• Manage Active Directory user accounts, e-mail accounts, and Remote access and System backups for AS/400 Daily weekly.
• Pushing Updates & Packages Via Wise, Install Shield or Group Policy
• Perform installation and maintenance of computers or computer-related hardware and software.
• Insure all store end of day processes are processed. ITIL best practices
• Perform Installation and maintenance of Registers, RF guns and Scanners
• Manage Symposium telephony and telecommunications equipment.  
• Manage PC and MAC Assets as needed by troubleshoot equipment usage as necessary.
• Act as liaison between the stores and various groups.
• Keep the Managing Director apprised of technical issues that affect the Network.
• Communicates with team to deliver timely information regarding system issues, process changes and enhancements
• Managed Store Encryption security and PKI for stores
• Manage Remote vendors IBM, SPENCER, FUSIONSTORM, SMS, SPRINT, and VERIFONE

Information Security Analyst & Systems Administrator

Confidential, Walnut Creek, CA

• System Administration and screening of various user access privileges across the domain and enterprise on multiple platforms on a user by user basis. Create RBAC Sun Identity Manager models for AS/400, Mainframe, AIX, WINDOWS platforms. Liaison with various depts. To create roles as well as validate Roles, Access and Ownership. Create Owners of Job descriptions and complete the work preferably within the desired Service Level. EPIC Software Implementation Project to tie in with Active Directory with various EPIC Modules. Successful fulfillment completed within various guidelines for Local and State laws and exceeded HIPPA guidelines.
• Work with other Medical Center Business partners, local EDS, Regional/National Security as well, as
• ther IT staff to support the creation of accounts on UNIX, EMC2, REGP, EPIC, Lotus Notes5/6.5, Active
• Directory CS/AIX, VMWARE and other OS Level and Healthcare Main Frame Applications.
• Understand the priorities of the KP business partners and ensure successful delivery of Ids and Access privileges per SLA Guidelines.
• Domain Administration for Northern California with Active Directory management NTFS, SSO, ADFS permissions and troubleshooting GPO management and OU administration over 3000 changes per month.
• Use KP technical tools TIM & SUN Identity Management Solutions to manage, Administrate and process IDs (Remedy, NIKU, Lotus Notes, Active SAP, Directory, AS/400, UNIX, Health Connect, etc.)
• Focus on Partnering, Delegating, Consulting, working across various functional groups on various KP-IT Projects
• Perform RACF security administration functions in accordance with KP security policies, standards, and procedures with TSO and ISPF, PKI and Disk Encryption technology management.
• Epic Systems Implementation and support Team.
• Troubleshoot complex security integration and administration issues within a diverse and widespread environment with SMS remote and software distribution.
• Resolve technical issues with vendors, technical support, management, and Business partners
• Review and update secure access management policies and procedures
• Support all internal and external audit reviews in REMEDY and other support Databases.
• Responsible for second level operational support for access management issues
• Provide technical and support assistance for project teams both divisional and national 0
• Provide written documentation regarding security issues and projects
• Change management And disaster recovery Planning as well as various other duties as defined by team lead or manager

Hardware and Software Support Manager for Education Systems

Confidential, Elk Grove , CA

• Addressing both hardware troubleshooting (break-fix) isolating root cause diagnose ordering parts and dispatching service to users via field support vendors and Apple field Teams Recommending customer installable parts, sell and positioning Apple's warranty products and technical solutions.
• Reporting and escalating issues and problems through appropriate channels when necessary. Provide application support to customers, pertaining to software functionality, incident resolution and system configuration
• Contribute to overall success of the customer, the support team and the company.
• Escalates to and works with Technical Specialists to resolve complex support issues.
• Collaborate on small support teams to provide critical customer support and feedback.
• Document and log support issues and subsequent resolution in CRM tool.
• Reports status and updates to department manager on a regular basis.
• Serves as department Mac OS X Server subject matter expert and mentor; responds to product changes, customer needs, and opportunities for new and advanced topics.
• Managed APPLE Store Mac Based POS system registers and Servers.

Sr. Systems Security Administration and Support Lead

Confidential, San Leandro, CA

• Perform all the functions of the Support Specialist position working with workstations in an IP-based network environment. Strong interaction with end users, fix and resolve user issues all the while demonstrating customer service. New workstation build, software hardware installation and desk side support for Home Office users.
• Managed Sr. Desktop Support Staff direction and assignments, including evaluation and testing of new applications plus existing hardware configurations, recommend upgrades, patches and/or fixes.
• Fine-tune and monitor rollouts of new products and applications.
• Identify problems and implement fixes for application problems that may exist in the end user environment. Tracking performance, Creating SLA, Evaluate productivity of the Desktop Support team. Own service delivery.
• Perform security audits of off-the-shelf and custom applications and infrastructure. Define global security policies, standards, guidelines and procedures to ensure ongoing maintenance of security.
• Perform NT/2000 Server and SMS Server Administrative functions such as setting up network printers, creating shares, and auditing levels of workstation security permissions and Software distribution.
• Responsible for the development and management of the Desktop Support Group budget and P&L
• Perform Change Management on Proxy Servers and Windows Servers, WAN and LAN with vendors and stakeholders.
• Team management, performance evaluations, and corrective actions if necessary.
• Maintained NT servers, Terminal Servers, application servers, domain and directory structures, accounts, permissions, profiles including upgrades to server hardware and software, remote site maintenance and troubleshoot hardware configuration issues and networking 24 X 7 Digital Certificate PKI Management.
• Configuring, troubleshooting POS, PCI, DHCP, WINS, DNS, VPN, RAS and TCP/IP networks from a client perspective, the Evaluations and Reviews of IT staff 12 internal and 2 external.
• Administer CA Unicenter, CISCO Routers and switches Radius Administration.
• This was a varied Desktop/Laptop Environment and server hardware including but not limited to HP, Dell & IBM. Use of various desktop admin tools such as Intel LANDesk & Network Associates ePolicy Orchestrator.
• Administer and Support MS Exchange Server Active Directory, CS/AIX, Tivoli, PeopleSoft.
• Configure, deploy, fine tune, and monitor firewalls, proxies, security information and event management systems, intrusion detection systems, vulnerability scanners, multi-factor/strong authentication technologies, RADIUS/TACACS+ servers, and logging servers.
• Provide in-depth support for information security incidents including internal violations, hacker attacks, viruses and system outages. Assist with the investigation of security breaches, policy violations, and other security incidents.
• Monitor vendor and third party security reports/lists and proactively patch vulnerabilities. Administer Cisco IOS including configuration and troubleshooting. Install and configuration of Sidewinder Firewalls Administration of Cisco ASA, Cisco IPS, and Cisco MARS.
• Perform security audits of off-the-shelf and custom applications and infrastructure.

TECHNICAL SKILLS:

SOFTWARE SKILLS:  Windows NT 4.0, Windows 95/98/4.0/2000/ XP, OS/2, MS Exchange Server and Client, SMS Server, Open VMS, Secure ID, SQL Server, Remedy, HP Asset View, HP OpenView, Microsoft Word, WordPerfect, Word for Windows, Microsoft Excel, RAS, Lotus 1-2-3, Lotus Word Pro, CICS, Outlook, MS Office, SAP, Lotus Office Suite, MVS, SQL 7.0 client utilities, Reflections Client, Novell Netware Administration, Peachtree, GreatPlains, Eudora, PCAnywhere, and Lotus cc Mail, Citrix MetaFrame, MS Terminal Services, Remote Access WAN, Unix, Frame Relay, ISDN, DSL and VPN solutions, Internet Explorer, HTML, internet/intranet client support issues, Symantec Ghost, Various Help Desk problem ticket tracking software, DHCP, WINS, DNS, VPN, RAS and TCP/IP, Active Directory, Hyena, DAMEWARE, CISCO VPN, OpenVMS, UNIX, ORACLE, AS400, CITRIX, OBLIX, TERADATA, mainframe security ACF2, RACF, Top Secret, PKI, NTFS, ADFS, MVS/TSO, and ISPF, Unix, (Sun OS, Solaris, NeXT), Windows NT desktop and server, Novell Netware 3.1x, VMWARE, (Oracle, SYbase, SQL Server) and applications (MS Office Suite), Various PC hardware/software and Firewalls RADIUS Server Administration.