SUMMARY

Offers seventeen years of leadership and managerial experience in the fields of Information Technology and Information Security through the architecture, development, security, administration, and quality assurance of enterprise applications, project management and business acumen, introduction and guidance on emerging technologies, continual process and standards improvement, the ability to resolve and troubleshoot issues, and provide guidance, mentorship and conflict resolution for team building and management. Seeking a security role in a leadership position with an opportunity to apply knowledge and experience gained especially in progressive and fast paced environments.

AREAS OF EXPERTISE

• Information Technology
• Enterprise Application Integration
• Electrical
• Software Engineering
• B2B Systems Integration
• Occupational Hazard and Safety
• Internet Technology
• Application Security
• HealthCare
• Distributed Technology
• Web Services
• Insurance
• Mobile Technology
• Quality Assurance
• Financial
• Client/Server Technology

TECHNICAL SKILLS

Architecture: OGAF 9.1

Languages: Java, C#, C/C++, GOSU, JavaScript, Python, Perl, PHP, Fortran, COBOL, ASM, XML, XSD, XSL, XLink, XPath, XSLT, XSL - FO, CSS, HTML, XHTML, XQuery

Concepts: Object Oriented Principles (OOA/OOD/OOP), UML, Design Patterns, Continuous Integration, Refactoring, Web Development, Distributed Computing, Service Oriented Architecture (SOA), Enterprise Service Bus (ESB), Component Based Development, Web Services, Cryptography, Object Relational Mapping (ORM), Business Process Management (BPM), Business Activity Monitoring (BAM), Dependency Injection (DI) Spring, Hibernate, EclipseLinks, JPA, SWT, AWT/JFC/Swing, JSE, JEE, JMS, JSP, JSF, Servlets, EJB, JNDI, JDBC, JSTL, JAXB, JAXP, JAXB, MOXY, JAX-RPC, JAX-WS, JUnit, SOAP, REST, SAX, DOM, STAX, XEP, RegEx, RCP, eRCP, BouncyCastle, AJAX, BeanIO, Jersey, Wicket JBoss, JRun, Oracle Application Server (OC4J), Orion, Tomcat, WebLogic, WebSphere Apache Synapse, WSO2, WebMethods

APIs Application Servers: ANT, Apache, Axis, Cocoon, Commons, CXF, FOP, HTTPClient, Jelly, Log4J, Maven, POI, Xalan, Xerces, XFire

Enterprise Service: Internet Information Services (IIS), Apache, Oracle HTTP Server (OHS)

Bus Apache Projects: Oracle, SQL Server, MySQL, PostgreSQL, DB2, MS Access

Web Servers: Eclipse, IntelliJ, RAD, WSDD, JDeveloper, Forte, JBuilder, TextPad, Rational Rose, TOAD, PL/SQL Developer, XMLSPy, VNC, Putty, Cygwin, WinSCP, FindBugs, Checkstyle, Cobertura, Visual Studio, SQL Server Integration Services (SSIS), cURL

Databases: Windows XP/Win7/2003/2008, Linux (RedHat/Kali), Unix, VAX/VMS, Android

Development Tools: LDAP, Active Directory (AD), OID, Apache Directory Studio, SSH, SSL, SSO, FTP, FTPS, SFTP, vSphere, Citrix, Terminal Services, F5 Load Balancer

Operating Systems: CVS, ClearCase, TFS. RTC, StarTeam, Subversion (SVN), Vault, Perforce

Miscellaneous Version Control: JIRA, GreenHopper, TestDirector, ClearQuest, Bugzilla, Rally, SOAPUI Crystal Seagate, Actuate, SQL Server Reporting Services (SSRS)

QA Tools: Hudson, Jenkins Confluence, SharePoint

Report Tools: AppScan, BurpSuite, Qualys, Veracode, WhiteHat Sentinel, Zed Attack Proxy (ZAP), Archer

PROFESSIONAL EXPERIENCE

Confidential

Interim Manager/Team Lead/Security Evangelist/Threat Intelligence Analyst III

Responsibilities:

• Participated in BSIMM study and attended 2015 and 2016 BSIMM (Building Security In Maturity Model) Conferences
• Following BSIMM model, fostered and evangelized creation of Security Satellites across Enterprise with indirect report structure to TVM
• Managed Application Vulnerabilities for Threat & Vulnerability Management (TVM) team across enterprise for all divisions (Servicing Technologies, RealEC, Data & Analytics, and Origination)
• Provided remediation for vulnerabilities discovered from Static Application Security Testing (SAST) using Veracode, Dynamic Application Security Testing (DAST) using WhiteHat Sentinel and Application Penetration Testing/Manual Ethical Hacking performed by Cigital
• Implemented and administered Cigital SecureAssist server and rolled out IDE-plugin/add-in for Eclipse/Visual Studio to developers across all divisions
• Recommended and implemented automated retrieval and storage of Qualys networking vulnerabilities using cURL, Qualys API, SSIS, SQL Server 2012, and SQL Server Agent Job for executive reporting using Tableau to replace manual process
• Recommended and implemented two-tier approval for Veracode findings using IBM's Real Team Concert (RTC) with security satellites and development teams using Risk Work Items, real-time updates by email, online discussion, peer code review and bi­ weekly meetings
• Recommended and performed code-along sessions as needed with developers and security satellite staff in Java/C#
• Mentored junior members on TVM team and security satellites in each division on Java/C# remediation
• Determined and recommended High Risk Applications from CMDB data with Director of TVM
• Scheduled kick-off and demo meetings, initial and re-tests for annual Application Penetration Testing Cycle of fifty applications performed by Cigital. Reviewed and disseminated Cigital reports from tests and held remediation meetings, acted as liaison between vendor and Confidential staff
• Used BurpSuite to reproduce, prove and demonstrate vulnerability findings to Confidential staff
• Presented and reported at monthly Security Council to CISO and executive staff all application vulnerabilities
• Created and presented 2016 Secure Coding 201 Confidential Online University Course with Director of TVM for live streaming and recording
• Created annual Top 5 Bugs & Flaws List
• Created and presented Cross-Site Scripting (XSS) Campaign to over 85 developers, QA, and managers using PowerPoint presentation, WebGoat web application and Zed Attack Proxy (ZAP)
• Recommended Cigital add cWe number to reports for correlation of vulnerabilities across other security vendors
• Recommended Cigital add and modify features to Cigital Security Portal currently being implemented
• Recommended and started implementation of IBM's AppScan to fill technology gaps for static code analysis of COBOL and JavaScript
• Recommended and started implementation to automate usage and reporting of Unauthorized Software by Confidential staff using cURL, BigFix API, SSIS, SQL Server 2012, and SQL Server Agent Job to replace manual process

Confidential, Marietta, PA

Consultant (Senior Solution Architect/Technical Team Lead/Scrum Master)

Responsibilities:

• Led integration team consisting of ten developers, two QA testers, one DBA, and two BAs for a multi-million dollar billing system implementation project using Guidewire Billing Center 8
• Led daily Scrum meetings, worked with Product Owner to plan Sprints and determine resource allocation
• Implemented, configured and administered Maven for automated builds and Jenkins for Continuous Integration
• Designed and implemented encryption solution for database passwords using BouncyCastle framework to protect against plaintext passwords
• Learned GOSU programming language and Guidewire Billing Center 8
• Learned P&C Insurance Billing business processes
• Recommended and implemented JPA 2.1 persistence framework to simplify database integration layer and protect against SQL Injection
• Researched and implemented BeanIO framework to simplify usage of flat and XML files from external systems
• Recommended creation of Test Plans to QA Manager to remove QA bottleneck during Sprints which was successfully adopted and allowed for increased QA productivity
• Recommended and mentored usage of SOAPUI tool for testing of Web Services to QA Manager and team which was successfully adopted
• Installed and configured Development, QA and UAT environments
• Conducted design and code reviews to approve and/or recommend changes
• Set guidelines and standards for code reviews, Java/GOSU coding and source code management
• Mentored team members in JSE/JEE technology

Confidential, Jacksonville, Florida

Enterprise Application Architect

Responsibilities:

• Recommended and introduced TOGAF 9.1 architecture framework to EA team
• Partnered with Security Manager to begin implementing OWASP Best Practices
• Documented current architecture by applying the TOGAF architecture framework to create a strategy, target architecture and roadmap to move towards an SOA environment implementing services and utilizing an ESB and BPM
• Created a technology blueprint for a Partner Gateway System to implement all new Managing General Agent (MGA) Program Business for all lines of business (LOB)
• Led a team of onshore and offshore developers and testers to implement the Partner Gateway System
• Recommended and implemented Open Management Group (OMG) Property and Casualty data model for ODS (Operational Datastore) using Oracle 11g R2 and ACORD Insurance Standard for data exchange
• Recommended, implemented, configured and administered Maven for automated builds, Jenkins for Continuous Integration and Subversion for Source Code Repository including Checkstyle for coding standards, FindBugs for static code analysis and Cobertura for code coverage
• Recommended, implemented, configured and administered WSO2 ESB
• Recommended, installed, configured and administered JIRA for Issue Tracking and GreenHopper for Project Management using the Scrum Agile Methodology
• Recommended, implemented, configured and administered IBM's Licensing Metric Tool (WebSphere, DB2, Tivoli Integrated Portal, VSphere) as a solution to comply with subcapacity licensing of WebSphere and reduced PVUs from 5400 to 2510 for a $75,000 licensing cost reduction and provided a cost avoidance of $385,000 for an invoice on overage after aConfidential audit
• Recommended JAX-WS technology to replace JAX-RPC and implemented JAX-WS web service for Tier Rating using WAS 6.1 Web Services Feature Pack and SQL Server 2008
• Automated the database bundle deployments for the PLMSS application using ANT which allowed 172 bundles deployed in 6 hours compared to two DBAs manually deploying 15 bundles in the same time period
• Worked in conjunction with Application Production team and management to resolve Production issues by providing root cause analysis and solutions
• Led meetings and coordinated efforts to resolve DEV environment issues for the PLMSS application with EA team members, DBA members and offshore and onshore development teams
• Designed and developed B2B processes to transfer, store and process MOJ MGA Program Business for both premium and claims data
• Designed and developed an enterprise wide reusable FTP module implementing the FTP, FTPS and SFTP protocols for transferring data to and from third parties utilizing the ChilKat Java component
• Tax District web service - Created a JAX-RPC web service to retrieve a tax district code based upon location using WebSphere 6, RAD 7, SQL Server 2005 (XMLDB), XML, WSDL, log4j, XPath, JNDI, and JUnit
• CompRater web service - Created a JAX-RPC web service based on the Service Gateway framework to return a quote proposal for Personal Lines Auto and Home using WebSphere 6, RAD 7, SQL Server 2005 (XMLDB), XML, WSDL, log4j, XPath, JNDI, and JUnit
• Coverage Verification web service - Created a JAX-RPC web service based on the Service Gateway framework to return Coverage statistics for OneShield and Guidewire applications
• Audit logging framework - Created a framework to store all request and response pairs for web services using JMS, MDB, WebSphere 6, RAD 7, SQL Server 2005, XML, JAXB and XQuery
• Service Gateway web service framework - Designed and developed a generic web service reusable framework (JAX-RPC)
• Upload Gateway Component (UGC) - Maintained and supported the Agency Interface team's vendor integration component which is comprised of three web applications (Merlin, Upload Gateway, and Global Transformation) using WebSphere 6, RAD 7, SQL Server 2005, XML, XSL, XSLT, DOM, Servlets, JSP, JSTL, Struts and JUnit
• Conducted design and code reviews to approve and/or recommend changes for both internal and external projects involving MSA employees, CapGemini, Value Momentum, WiPro and OneShield consultants
• Set guidelines and standards for code reviews, Java coding and source code management
• Mentored team members in JSE/JEE technology
• Obtained knowledge in the Property and Casualty Insurance domain
• Supported Development, QA, QA2, Staging, UAT, and Production environments

Confidential, Jacksonville, Florida

Senior Software Application Manager

Responsibilities:

• Promoted to Senior Software Application Manager over a team of developers
• Developed a proprietary XML driven workflow engine for B2B Integrations handling the following tasks: FTP, FTPS, SFTP, (JSCAPE), PGP Cryptography (BouncyCastle), Flat2XML (JAXB, XSD, XML), Staging and Import (Hibernate)
• Recommended SOA/ESB technologies and placed on team for future recommendations and development
• Mentored three teams of Cold Fusion developers in the usage of the Java language and object-oriented concepts
• Recommended and implemented JUnit testing
• Recommended and implemented Maven build system

Confidential, Jacksonville, Florida

Application Engineer

Responsibilities:

• Administered JIRA issue tracking application
• Developed a project plan for the installation, upgrading, and documented project release and deployment documentation for the JIRA issue tracking application in the Confluence Content Management application
• Gathered requirements, wrote Software Requirements Specification (SRS), designed, coded, unit tested, tested, and deployed new intranet Online Services Store (OSS) web application which utilized the JBoss application server, Hibernate (ORM) for back-end, Java Server Faces (JSF) for front-end. The OSS application centralizes employee service requests from any department in the company in an online catalog. Utilized Web Services (XFire) solution to create Remedy Help Desk tickets for service requests and manage existing and new service requests between Remedy and OSS.

Confidential, Jacksonville, Florida

Consultant (Application Engineer)

Responsibilities:

• Designed, developed, tested and deployed a new stand-alone version of the Find-A-Doc (FAD) Internet web application which utilized a proprietary MVC framework and the JBoss application server. The FAD web application allows users to search for Confidential doctors and display their biographical data. The previous FAD application was embedded within a proprietary Content Management System and the data was maintained by the development group. The new version of FAD allowed greater searching capability, the data to be maintained by the Credentialing department and integrated the e-Referral application and the Opinio Patient Satisfaction Survey.
• Designed, developed, tested and deployed a new stand-alone version of the eCards Internet web application which utilized a proprietary MVC framework and the JBoss application server. The eCards web application allows users to send eCards to patients at Confidential . The previous eCards application was embedded within a proprietary Content Management System and maintained by the development group. The new version of eCards added new functionality to allow assigned administrators to administer the application.

Confidential, Gallatin, Tennessee

Consultant (Lead Developer/Architect)

Responsibilities:

• Utilized IBM's J9 JVM, WSDD IDE, and SWT
• Developed an auditor/picker mobile warehouse application using a Symbol MC9000 scan gun running WM2003 for PPC

Confidential, Franklin, Tennessee

Senior Software Developer

Responsibilities:

• Applied in-depth knowledge for performance tuning of the Oracle 9i/10g infrastructure (WebCache, OHS, OC4J, SSO, OID)
• Applied patches and upgrades for the Oracle infrastructure
• Utilized WebMethods Integration Solution to determine the feasibility to create a Service Oriented Architecture using an Enterprise Service Bus to create a unified Transcription Platform
• Created new functionality for the Medical Transcription Editor
• Sole developer for a production application using WebMethods Integration Solution to allow a network administrator to replicate configuration settings from one VPN Concentrator 3000 to many
• Aided and assisted the load testing of the Medical T ranscription Platform to ensure the highest quality from the application and Oracle platform
• Developed code with other team members to utilize JNLP and Maven plugins to greatly decrease the amount of time involved for clients to download Confidential software
• Prototyped a Medical Transcription Editor using Eclipse's Rich Client Platform (RCP)
• Developed an MT application in C# to help MT's access Account Specific information utilizing keyboard hooks and popup notification windows
• Supported Development, QA, Staging and Production environments
• Obtained knowledge in the Healthcare industry, particularly in the arena of transcription and dictation

Confidential, Nashville, Tennessee

Lead Developer

Responsibilities:

• Initiated the utilization of the Apache ANT build tool with IT personnel in both Development and QA departments
• Directed and led several projects writing functional and technical specifications over Development and QA efforts
• Developed new functionality, and upgraded existing code for the maintenance of a Document Delivery System (DDS)
• Developed daily system cycle reports using Crystal Reports for DDS
• Operated as an auxiliary to the Qa department developing test plans and cases
• Introduced, installed and administered MDL's first J2EE application server (Orion) to allow the creation of a Material Safety Data Sheets (MSDS) On Demand Website, which allowed verified customers to receive MSDS's on demand to meet strict OSHA guidelines and requirements
• Supported Development, QA and Production environments
• Obtained knowledge in the Occupational Health and Safety domain

Confidential, Nashville, Tennessee

Consultant (Quality Assurance Analyst)

Responsibilities:

• Created test cases, conducted regression cycles, blackbox testing and performed system installation testing on various platforms
• Documented defects and recommended improvements using Mercury's TestDirector for Quality Center

Confidential, LaVergne, Tennessee

Intern

Responsibilities:

• Developed code for firmware upgrade testing using ATEasy
• Benchmarked a new prototype circuit monitor CM4000 using its two predecessors, CM2000 and PowerMonitor (PM)
• Conducted manual testing using ROTEK 8000, MSB100, and UPC32 energy standard and waveform capture machines
• Created drivers for energy standard machines to facilitate communication over GPIB and utilized SYLINK and Modbus communications over a 232 and 485 serial to communicate with a precursor monitor and like devices
• Collaborated with senior engineer staff to conduct production noise-level verifications leading to adjustments on two major cards as recommended by lead engineer
• Conducted tests on unit's thermal heat regulation throughout device and cards using specifically placed thermocouples in a laboratory convection oven
• Discovered and helped correct major flaws in the unit's ability to assess incorrect three phase wiring