SUMMARY

• Twenty + years of professional experience in all aspects of IT Service Lifecycle Management with focus on managing and maintaining PKI & HSPD - 12 solutions infrastructure.
• Experienced with maintaining multiple internal PKI environments, enabling web applications to use SSL, deploying, maintaining and managing HSPD12 Infrastructure.
• Extensive integration experience with Active Directory and Identity and Access Management (IAM) solutions for COTS & non-COTS applications.
• Extensive past involvements with Active Directory services centered projects while having design, implementation, integration, migration, and operational responsibilities as a technical lead
• Wide range of technology infrastructure management experience including disaster recovery, enterprise desktop management, server farm management, identity and access management, security and vulnerability testing, and policy and procedure implementation.
• Superb problem-solving skills aided by the breadth of technology understanding
• Extensive support experience in 24x7 operation environment with intimate understanding of the urgency, responsiveness, and efficiency needed to meet customers’ demands
• Proven ability to communicate effectively with people of varying technical understanding and proficiency

TECHNICAL SKILLS

OS Platforms | Services | Applications: Entrust Security Manager, Entrust Administration Services, Entrust Entelligence Security Provider, Entrust Auto-enrollment Server (AES), Entrust CMPv2, SCEP, EST, Entrust Enrollment Server for Web, Entrust Security Manager Administrator, HSPD-12 (Probaris ID/SP, HID Global/ActivIdentity Credential Management System, ActivClient Middleware Agent), SafeNet Luna K5/K6 Hardware Security Module, OCSP and Certificate Revocation List (HID Global/Corestreet Validation Authority, HID Global/CoreStreet Responder Appliance), Windows Server & Desktop Operating Systems (7, 8, 10, 2003, 2008, 2012, 2016, 2019), Microsoft Active Directory (AD, Kerberos, ADLDS), Group Policy, Symantec Endpoint Protection, Microsoft Office Suite, Backup Solutions (Windows Server Backup, Acronis Backup)

Infrastructural Management and Planning: Disaster recovery planning and testing, System redundancy design and architecture, Business continuity planning and testing, Systems Development Life Cycle (SDLC) and/or technical project management methodologies to deliver projects and operational requirements.

Technical Documentations: System Activity Schedules, Processes and Procedures, Best Practice Guidelines, Technical Instructions, Server Build Standards, Market Research, Requirements Analysis, Standard Operating Procedure.

PROFESSIONAL EXPERIENCE

Confidential

USCIS-DHS PKI Engineer (SME)

Responsibilities:

• Lead engineering personnel designing, implementing, and administering enterprise certificate services for people, non-person entity (NPE), and devices within a fast-paced DevOps environment
• Perform all aspects of systems design and PKI engineering in support of various PKI systems deployed
• Provide in-depth subject matter expertise for engineering support related to Public Key Infrastructure (PKI) systems, especially in a government setting
• Design and implement solutions that conform to the policies and standards of the Department of Homeland Security Presidential Directive 12 (HSPD-12), Federal Bridge Certification Authority (FBCA), National Institute of Standards and Technology (NIST), and other policies and standards as required
• Lead efforts in gathering requirements, performing gap analysis, developing and presenting potential solutions, and creating detailed design and implementation plans
• Identify security architectures and implementation gaps, vulnerabilities, and risks; developing, testing, and implementing solutions to address the gaps, and new or updated requirements
• Develop and update systems documentation (e.g., wikis, operating procedures, architecture diagrams and documents.)
• Work directly with Federal customers to understand needs, analyze requirements, and then deploy security solutions to meet those requirements
• Provide advice and assistance to help desk and ICAM environment permanent operations and maintenance staff in understanding operational aspects of the ICAM environment, administration of software and hardware configurations, and recovery from operational failures and user identity and access anomalies
• Perform product evaluations and make product recommendations, including but not limited to COTS ICAM solutions and publicly trusted Certification Authorities
• Interact with information system security officers and systems engineering personnel as well as help desk employees
• Monitor and troubleshoot performance of the system as necessary and supporting other systems which interact with ICAM

Confidential

Security Engineer

Responsibilities:

• Worked as part of the PKI Engineering Team, that has implemented PKI solutions for the US Patent and Trademark Office.
• Worked on multiple application (HID Global CMS, Entrust Security Manager, Entrust Admin Services, Entrust ESP, Entrust ESW, Probaris ID/SSP) upgrades and migrations to support new server OS and new server OS levels.
• Provided guidance and training to multiple teammates.
• Created/wrote support, training, OSP documents as needed.
• Created portal on SharePoint with information available to the entire agency with relevant PKI/HSPD-12 related information.
• Worked with Cyber Security and C&A teams to monitor and address vulnerabilities for the applications we support.
• Maintained and supported multiple internal PKI environments, one of which is cross-certified with the Federal Bridge Certification Authority at the Medium Assurance level, that include certificate validation by OCSP responder, digital key management by HSMs, and provide digital signing and encryption services via Entrust Entelligence.
• Maintained and supported Certificate Authorities (CAs) based on the Certificate Policy (CP) and Certification Practices Statement (CPS) for those CA.
• Worked with network team to leverage F5 Big-IP LTM Load Balancing to ensure high availability of applications.
• Enabled web applications over myriad platforms to use SSL - using both internally issued and commercial certificates - over a wide variety of different keystore implementations.
• Maintained and supported Entrust Auto-Enrollment Server to issue certificates to all Windows Servers on campus to harden RDP sessions and SSL connections for MS-IIS.
• Deployed, maintained and managed HSPD12 Infrastructure consisting of Entrust CA, Probaris Identity Management System and ActivIdentity Card Management System Engineered which captures Identities of end users for issuing HSPD-12/PIV badges to provide logical and physical access control for government employees and contractors.
• Deployed, maintained and managed a solution to enable PIV card users to manage their cards remotely.
• Implemented COTS packages include the Entrust Authority suite of products, including Entrust Authority Security Manager using AD, Entrust Administration Services (AES, CMPv2, SCEP, EST), HID Global/CoreStreet Validation Authority & OCSP Responder, as well as SafeNet LunaSA Hardware Security Modules.
• Supported numerous internal and external audits and remediated the findings.

Confidential

PKI Engineer

Responsibilities:

• Was part of the PKI Engineering Team, a team that has implemented PKI solutions for the US Patent and Trademark Office.
• Maintained and supported multiple internal PKI environments, one of which is cross-certified with the Federal Bridge Certification Authority at the Medium Assurance level, that include certificate validation by OCSP responder, digital key management by HSMs, and provide digital signing and encryption services via Entrust Entelligence.
• Maintained and supported multiple external PKI environments, providing strong authentication for filing Intellectual Property, designed to serve attorneys and inventors by allowing secure access to USPTO web resources, complete with certificate management tools.
• Maintained and supported Certificate Authorities (CAs) based on the Certificate Policy (CP) and Certification Practices Statement (CPS) for those CA.
• Enabled web applications over myriad platforms to use SSL - using both internally issued and commercial certificates - over a wide variety of different keystore implementations.
• Maintained and supported Entrust Auto-Enrollment Server to issue certificates to all Windows Servers on campus to harden RDP sessions and SSL connections for MS-IIS.
• Deployed, maintained and managed HSPD12 Infrastructure consisting of Entrust CA, Probaris Identity Management System and ActivIdentity Card Management System Engineered which captures Identities of end users for issuing HSPD-12/PIV badges to provide logical and physical access control for government employees and contractors.
• Deployed, maintained and managed a solution to enable PIV card users to manage their cards remotely.
• Implemented COTS packages include the full Entrust Authority suite of products, including Entrust Authority Security Manager using AD and ADAM, Entrust TruePass and Entrust Self-Administration Server (legacy) / Administration Services - along with client-specific customizations - CoreStreet Validation Authority OCSP / Responder, and SafeNet LunaSA Hardware Security Modules.
• Supported numerous internal and external audits and remediated the findings.

Confidential

Sr. Microsoft Systems Engineer

Responsibilities:

• Led team responsible for Active Directory, Group Policy, IAM/RBAC, and Application Integration.
• Trained new team members.
• Configured and maintained Active Directory, Group Policy, DNS, DHCP in a mixed mode Windows XP/7 workstation and 2000/2003/2008r2/2012 server environment supporting the USPTO through all stages of implementation (Development through Production) including disaster recovery planning.
• Performed Active Directory sizing, forecasting, and capacity through the assessment overall business growth, evolving needs, and future application and technology changes.
• Designed, developed, tested, implemented, Group Policy Objects and including new preferences (advance GPO) and custom ADMs and ADMXs as well as consolidation and redesign to include streamlining multiple related GPOs into one Policy for easier manageability.
• Made numerous enhancements to the AD environment, including AD schema updates, AD object hierarchy modifications, FIM synchronization of user accounts and Exchange contacts, AIS integration, Kerberos Single Sign On and Authorization, and Server load balancing.
• Integrated and maintained USPTO’s automated information systems (AISs), across multiple repositories, directories, systems and platforms through Kerberos and Windows Integrated Authentication, with Active Directory for authentication, authorization providing authorized personnel access to the AISs increasing application and system security, while reducing administrative, implementation, and maintenance costs of AISs.
• Supported USPTO Next Generation Applications (PE2E, TMNG, FPNG) IAM/RBAC, Authentication and Authorization activities.
• Facilitated the centralized management of personnel, customer, and partner information, which ensures information consistency and provides a capability for role-based access control (RBAC).
• Served as key contributor in market research and alternative analysis task for USPTO’s future ‘Identity Access Management’ (IAM)/’Role-Based Access Control’ (RBAC) solution including on functional and technical requirements analysis, market research, and COTS solution evaluation.
• Performed Server 2008r2 migrations and domain upgrade involving the installation and testing of Server 2008r2 and Server 2008r2 Core as well as working with PKI and Middleware teams to ensure functionality of all CAs and Applications.
• Worked closely with the PKI team providing extensive directory support for PKI related projects such as application of CALs to AD/AD-LDS, so certain container would be publically available, and PKI and smart card interaction within the organization.
• Leveraged tools such as Microsoft AGPM (Advance Group Policy Management) and Quest GPOAdmin to enable workflow for GPO creation and updating (check in/out, approval, etc.) allowing version control and rollback capabilities.
• Worked extensively with Citrix team in order to convert the ‘Patent and Trademark Depository Library’ (PTDL) to ‘Patent and Trademark Resource Centers’ (PTRC) allowing innovative method for secure public access via VPN and Citrix to Patent applications requiring troubleshooting server issues, group policy security and lock down settings, scripting to delete profile data at logoff, etc.
• Provided extensible communications and identity management by synchronizing with a variety of products including Oracle and UNIX through Forefront Identity Manager (FIM) across multiple domains and environments.
• Served as Microsoft SME, for all aspects, on the FDCC, USGCB, Universal Laptop, Internet Explorer, Google Chrome, Mozilla Firefox and Server Security teams, from development through production, for the configuration and implementation of policy setting (FDCC, USGCB, CIS, NIST, USPTO) via GPO, to include maintaining, consolidating, and/or combining settings with current policies allowing highest security settings while allowing applications to function properly.
• Worked with the several teams to create formal policies and workflows and procedures for desktop rights management (DtRM) including installation, configuration and management of Beyond Trust PowerBroker application, allowing implementation of Least Privilege across USPTO workstations which was implemented throughout the organization.
• Created procedural documentation for management of AD Accounts, Group Policy, and Authentication/Authorization/SSO implementation in order to streamline the process from the time of request through production implementation.
• Worked with several teams to create procedural documentation in order to streamline and manage the application development process from architecture through production deployment.
• Was responsible for creating Processes and Procedures, Best Practice Guidelines, Technical Instructions, Server Build Standards, Standard Operating Procedure documents for Enterprise Directory Services team and other collaborating teams.

Confidential

Microsoft Systems Engineer

Responsibilities:

• Configured and maintained Active Directory, Group Policy, DNS, DHCP, Exchange 2003 in a mixed mode Windows 2000/XP/Vista workstation and 2000/2003/2008 server environment supporting the DOJ (Department of Justice), EOIR (Executive Office of Immigration Review), DOJ Civil Rights, and EPA.
• Performed system monitoring and maintenance including backup & restore, patch management, system upgrades, and capacity planning.
• Reviewed technical proposals and documentations prepared by junior consultants for accuracy and content appropriateness.
• Served as SME for creation & deployment of Vista Gold image using Symantec Ghost Solutions, verification of Vista Test Environment (software, configuration) and support of Vista Testers.
• Provide Logistical Support maintaining & tracking government assets as well as coordinating and scheduling deliveries to various locations.
• Provided training to new engineering and support staff.

Confidential

Sr. Microsoft Systems Engineer

Responsibilities:

• Autonomously managed heterogeneous network environment composed of Windows 2000/XP workstations and 2000/2003 servers, including Active Directory (AD), Group Policy, DNS & DHCP, SharePoint 2003 supporting the Asset Forfeiture Management (AFM) Consolidated Asset Tracking System (CATS).
• Designed and established group policy within the organization resulting in increased security while enhancing efficiency in management of user and workstation settings.
• Redesigned AD structure into a more manageable and tailored organizational structure, working with all teams to ensure uptime, compliancy and functionality from Development through Production.
• Worked on project to integrate SharePoint 2003 with Active Directory.
• Monitored system performance and errors in all environments (development through production) including vulnerability scanning, using tools such as McAfee Foundstone & Symantec Security Expressions, as well as scheduling & implementing changes using WSUS.
• Responsible for managing McAfee ePolicy Orchestrator, scheduling backups using VERITAS, maintaining CheckPoint Firewall rules, configuring and maintaining email (MS Exchange 2003), performing basic network maintenance of Cisco switches and routers.
• Installed, configured, maintained and managed PointSec server and installations.
• Increased efficiency and standardization of workstation and laptop deployments through establishment of baseline images using Symantec Ghost.
• Served as SME to Help Desk, Desktop Support teams, and other project teams with AD and Windows server infrastructure related matters.
• Performed Interviews for new applicants and training of new engineering staff, as well as providing leadership to junior consultants, including helping them to resolves routine and complex problems.

Confidential

Systems Administrator/NOC Operator

Responsibilities:

• Autonomously managed the daily activities of the 24/7/365 datacenter operation using Concord, EM7, Microsoft Operations Manager and other monitoring tools.
• Provided accurate notifications of system outages to internal and external clients via email and/or telephone calls.
• Documented, tracked, and monitored problems/issues to ensure a timely resolution, including problem ticket creation, processing, queue management and documentation of activities in a daily log.
• Performed batch backups and rebooting of servers during the scheduled outage window.
• Involved in COOP testing and preparation including support of all IT COOP functions and monthly tests.
• Provided timely feedback on process/procedural improvement areas including workflows, processes, and procedures in order to optimize system operation and maximize resource utilization.
• Created and managed scaled datacenter diagram including datacenter hardware, building structure, utilities layout and other environmental information.
• Worked with supervisory staff to improve datacenter resiliency and efficiency by introducing automation of environmental monitoring and alerting system.