SKILLS - ABILITIES:

• VCP 410, VSP 5, VSTP 5
• ISC2 Cert (CAP)
• Tenable Nessus Certified Auditor ertified Ethical Hacker, Tanium IR Training, ArcSight Flex Connector
• Splunk Power User Certified Cert-189153 | Splunk Cert Admin Cert-200874
• Basic Code experience: batch, powershell, visual basic for applications, Perl RegEx
• ArcSight, Splunk, Nessus, Foundstone, Nexpose, Archer, Service Now, Solstra IOC, CentOS, Red Hat (5,6,7), Windows Server (2003, 2008, 2012), Tanium, WebInspect, Kali, NMap, VMWare vSphere 4 & 5, Red Hat OpenShift, Amazon AWS, MS Azure, MS Office Applications, Visio
• FEDRAMP, FISMA, 800-53 Rev4, 800-37 Rev 1, 800-18, 800-34, 800-60, ISO 17020:2012

PROFESSIONAL EXPERIENCE:

Confidential, McLean, VA

Principal Consultant & Splunk Architect

Responsibilities:

• 20+ Multi - site cluster environment, Departmental & Bureau Data Onboarding, responsible for the vision & strategy of the Splunk environment.
• Deployment and management of Multisite cluster
• Deployment of DMC Console
• Adhoc inputs of data, parsing, and content development

Confidential, Vienna, VA

Security Engineer Consultant

Responsibilities:

• Support the NAS Cyber Operations by understanding requirements and planning the implementation of solutions that will assist in better monitoring, incident detection, and incident response.
• Deployment/Configuration of ArcSight ESM/Logger/Smart Connectors; integration of Splunk environment with ArcSight environment. Identifying specific events, transform events in CEF, and execute real time searches and forwarding of events in SIEM.
• Capacity Planning, Architecture design, Deployment and Configuration of Splunk Indexers, Search Heads, Deployment Servers, Forwarders, and Splunk Applications.
• Development of a Splunk Application for automating the Analysis of Nessus Vulnerability Scans.
• Architecture Review of the ArcSight Connectors, Integration of Splunk with ArcSight ESM, site components architecture for over 30+ sites.
• Integration of Indicators of Compromise in STIX format via a TAXII Server into Splunk Indexers.
• Deployment, configuration, and operations of Tanium. Configuration of Tanium Saved Search and configuration of Connect Module to forward Asset Inventory data to Splunk.
• Content development for information obtained from assets into the Splunk environment.
• Support the Incident Response Planning and Cyber Guard Exercises
• Support the NAS Cyber Operations Management in new initiatives
• Vendor Products identification, introduction, and coordination of Pilot Programs.
• Integration of Security tools in the Splunk environment (i.e., Akamai Event logs, Nessus scans, vulnerability data enrichment, IP Reputation from Honeypots, Syslog Events, and others).
• Development of custom Data Models in Splunk environment to provide content to Analyst, System Owners, and other stakeholders.
• Support Security Assessment activities by configuring and execution of the Nessus vulnerability scans, WebInspect scans, and NMAP Scans.

Confidential

Security Engineer

Responsibilities:

• Development of Standard Operating Procedures, research, and development of technologies (i.e., PostgreSQL, Apache Server, MS SQL Server, Windows Server 2008, Windows 7, and other) to ensure compliance.
• Configuration and capture of technology gold disk for implementation in the environment.
• Server as Nessus SME.
• Modify .audit files to meet Agency Specific parameters. Standardize Nessus scanning policies.
• Execute Vulnerability Assessment activities (i.e., Nessus and Retina) and Penetration Testing assessments using Metasploit.

Confidential

FISMA Consultant

Responsibilities:

• Provide consulting services in the implementation of Security Controls for a Cloud Service Provider in accordance with Confidential requirements.
• Implementation of Configuration Management (CM) Security Controls. Development of Custom Security Benchmarks for assets/components to implement security controls (i.e., Access Control, Identification and Authentication, Audit and Accountability)
• Provide recommendations in the development, content, and implementation of the System Security Plan, Configuration Management Plan, and Contingency Plan.
• Implementation of Configuration Management Office, CCB, Plan, and Policies and Procedures.
• Implementation of Contingency Plan, COOP, and Table Top exercise for training.
• Development of the Project Structure and Organizational Structure.
• Consult client in all aspects of Confidential Cloud Services requirements and FISMA standards.
• Configuration of AlienVault SIEM, validation of Security Events.
• Technical proposal writing for Cyber Security response on RFP.
• Program Management of Cyber Security Line of Business.
• Identify and pursue opportunities for growth. Establish strategic partnerships with Prime Contractors and Vendors
• Business Development and Capture activities

Confidential, Oakton, VA

Sr. Technology Security Manager / Information Assurance Engineer

Responsibilities:

• VMWare vCenter Servcer and Virtual Machines Security Configurations
• Conduct security testing on TNET (Treasury Network) critical and non-critical devices/servers using McAfee Foundstone. Responsible for Foundstone Appliance upgrade, stability, and configuration. Work with the vendor on problems with the appliance.
• Notify and coordinate with the Change Control Board and System Administrators the new vulnerabilities on their respective system and the remediation and/or mitigation of these. Outline a project plan to mitigate vulnerabilities and participate in the process as required.
• Analyze Vulnerability scans results on Windows Servers (2008, 2003, XP), Red Hat Linux, Cisco ASA devices, Cisco IOS (Routers), F5 Big IP, VMWare ESX appliances, and other devices found in the infrastructure.
• Develop and maintain a vulnerability scanning schedule in compliance with IRM, and NIST requirements.
• Ensure compliance of TNET components with different baselines such as: CIS Benchmarks, STIGS, IRM, and FDCC. Use of Foundstone to conduct SCAP audits and baseline scans to ensure the compliance of all our devices. Work with the IA Team to develop or improve the baseline on all devices.
• Assist System Administrators in the patching process, updates, and tool deployments as needed.
• Deployment and administration of EPO Server and McAfee Antivirus products in the environment. Deployment of LinuxShield for all Red Hat servers.
• Ensure of compliance of Group Policy objects in Active Directory (Windows Server 2008)
• Ensure the security configurations on new Treasury Sites is in place. Conduct initial vulnerability scanning.
• Implementation of Splunk fowarders and receivers. Content development in Splunk. Added Splunk forwarder to common baseline image. Ensure Splunk (audit tool) captures the necessary events to comply with NIST Audit and Accountability requirements.
• Support the Certification and Accreditation Security and Testing Evaluation by providing evidence as required per the NIST control. Guide audtitors through some application environments to help them understand the application and the purpose.
• Develop and maintain the Information Assurance Standard Operating Procedures.
• Validation of Change Request Implementation for all Cisco Configuration Changes, BlueCoat Blacklist imports, and Infoblox DNS Changes.
• Development of rules in Alterpoint using PERL RegEx to validate network devices running-configs. Validate rules against all devices to ensure compliance with CIS Benchmarks and STIGS.
• Develop proposal for the acquisition of Technology solutions.
• Vulnerability Management activities for Confidential: remediation and/or recommendation for remediation. Validation of implementation.

Confidential, Washington, DC

Senior Information Security Engineer

Responsibilities:

• Certification Agent for the Inspector General Support System. Use NIST Guidance to conduct Risk Assessment, update Contingency Plan, update System Security Plan, and conduct a Security Test and Evaluation (ST&E).
• Primary point of contact for the Security Program for the Inspector General Support System (IGSS).
• Responsible of successfully implement and test the security program/controls for the IGSS and ensure compliance with FISMA, NIST, and OIG.
• Classify systems based on FIPS 199 and NIST SP 800-60.
• Conduct and analyze vulnerability scans from GFI Languard, Nessus, WebInspect, and AppDetective.
• Review Audit Logs periodically in Security Manager.
• Coordinate and execute Contingency Plan testing and Incident Response Testing.

Confidential, Washington, DC

Information Assurance Engineer

Responsibilities:

• Certification Agent for all Federal Student Aid applications. Conduct Certification and Accreditation utilizing NIST 800-37 procedures.
• Develop Security Assessment Report and Plan of Action and Milestones, analyze scans results (WebInspect and AppDetective tools), and prepare the Certification and Accreditation package for the organization.
• Assisted in the development of the company Standard Operating Procedures for conducting Certification and Accreditation on Federal Agencies.
• Primary Author of the Security Assessment Plan template to be utilized enterprise wide.
• Primary Author of the Pre-Certification Package with System Boundary Information for use enterprise wide.
• Complete C&A execution from Initiation Phase to Accreditation de-brief. Including, interviews with the Project Team, Technical Experts, reviewing the security documentation and providing recommendation on findings.
• Trained new Certification Agent on the company Standard Operating Procedures and audit
• Assisted the organization in the Capability Maturity Model Integration (CMMI) by describing and maintain Certification and Accreditation Management Documents. Determine the risk, opportunities, and deliverables that involve the Certification and Accreditation.
• Provide training to Information System Security Officer on NIST requirements and IT Security.

Confidential, Washington, DC

Information System Security Officer

Responsibilities:

• Deputy Information System Security Officer (ISSO) for a major application (EFTPS) that processes over 3 trillion on Federal Taxes yearly.
• Assisted in the Security Program implementation on the application to ensure compliance with FISMA and NIST SP 800 publications (i.e., 800-18, 800-30, 800-60, 800-34, 800-37).
• Manage a Plan of Action and Milestones with over 500 findings. Addressed findings and coordinated with contractors the mitigation of findings.
• Review and validate the proof of closure for each finding.
• Provide recommendation on the mitigation of findings for a complete closure of these.
• Support the Certification and Accreditation process.
• Implementation of the Continuous Monitoring Plan.
• Collaborate with the team in demonstrating counter-measures to lower the risk of vulnerabilities.
• Supported security assessments by collaborating with the Certification Agent providing evidence for the implementation of security controls currently in place.

Confidential, Mayaguez, PR

Software Engineer

Responsibilities:

• Assist in the development of an Accounting Information System, web based application for the Department of the Education.
• Assist in the development of a Information System for Hospitals and Private Doctor’s Offices. The system manages Medical Records in compliance with HIPPA Law, accepts and processes payments and Insurance Plans.
• Build from scratch the company Local Area Network and configure the hardware.
• Hardened the security of servers that were hosting the applications. Conduct vulnerability scan using Nessus and NMap scans. Remediate vulnerabilities and configure server for application deployment.
• Work as a Domain Administrator as required.
• Complete the SDLC process for every change performed in the system and update documentation.
• Visual Basic development environment, use of ADO to connect with MS SQL Server database.