Experience

Confidential

Penetration Tester / Security Engineer

• Performed penetration testing on Library of Congress network's infrastructure
• Vulnerability assessment of database servers for entire network
• Reviewed documentation and make recommendations
• Performed internal and external penetration testing
• Performed dynamic and static analysis of web applications
• Created policies and act like a Subject Matter Expert on best practices
• analyze systems for potential vulnerabilities that may result from improper system configuration, hardware or software flaws, or operational weaknesses
• Scanned Financial database for Peace Corps for vulnerabilities. Conducted White /Gray box penetration testing on the systems.
• Confidential
• Technical Lead / Web Application Security Testing
• Managing Nessus Tenable Security Center across multiple platforms
• Implementing security policies within the client's infrastructure
• Customizing report and finalizing it
• Creating policies of the network perimeter, DMZ, etc
• Ran some Vulnerability and Compliance scanning on test machines
• Reviewed security standard and Minimum Security Baseline for the client
• Interact with Client to find suitable solutions for the Network infrastructure
• Provided proper documentation and guidelines to the Security policies

Confidential

Web application Security Consultant/Penetration Tester

• Helping customers manage cyber risk through a variety of services geared towards minimizing exposure and maximizing return on investment.
• Managing projects, penetration tests, and client relationships.
• Conducting network application penetration testing, web application security reviews, and source code security analysis for internal clients
• Assisting in ongoing vulnerability management across the enterprise
• Working with developers and administrators to remediate identified vulnerabilities
• Managing a business that provides website development, networking solutions, and server administration for small businesses and individuals
• Conducting penetration testing of web applications and networks
• Developing proof-of-concept exploits and knowledge on risk rating methodology like CVSS scores
• Working with clients to review policies and recommend adjustments
• Knowledge about OWASP Top 10 vulnerabilities with an understanding of Web-based application vulnerabilities and SANS methodology
• Performing on-site and remote internal, external, wireless, and web application penetration tests for a diverse set of customers

Confidential

IT Security Consultant, Network Support Lead

• Developing secure network architecture for new and existing environments
• Performing Engineering applications install on workstations
• Providing customers with best practice guidelines and practical suggestions to protect against or mitigate threats
• Scanning Networks, Servers and other resources for customers to validate compliance and security issues using numerous tools
• Specializing in network security assessments, perimeter defenses, log analysis, information security monitoring, and risk analysis
• Create/Review security policies and procedures
• Configuring and install workstations and peripherals for network access
• Creating detailed reports containing prioritized findings, demonstrations of exploits, explanation of compromise impacts, and recommendations for mitigation and remediation
• Cisco switching and routing
• Responsible for configuring and maintaining communications including firewalls, Internet connections, VPN, point to point connections, and remote access
• Responsible for the implementation, troubleshooting, and maintaining operations of network systems
• Provided customers with best practice guidelines and practical suggestions to protect against or mitigate threats provided remediation recommendations as needed coordinated with Engineers on customer device changes to enhance security posture in response to potential threats and realized incidents

Confidential

Technical Consultant Security

• Conducting penetration testing of web applications and networks
• Conducted penetration testing on in-house developed applications, production networks, and production systems and devices. Assisted in resolution of exposed security weaknesses
• Performing daily backup of data and disk imaging systems using Acronis True Image
• Setup Email accounts for new users and administer email accounts through Active Directory
• Troubleshooting hardware problems for desktop systems and peripherals
• Configuring and install workstations and peripherals for network access
• Maintaining workstation and peripheral inventory
• Performing periodic audit of workstations to ensure virus protection is updated and unauthorized software is not installed
• Blackberry Enterprise Server Updates Cell phone configuration and administration
• Working closely with customers in resolving day to day problems in Unix/Networking Environments.
• Applying operating system updates for workstations
• Configuring and maintain wireless hardware devices including coordination of repair and maintenance through support vendor

Confidential

Technical Specialist, Enterprise Security Attack Penetration Team

• Create detailed reports containing prioritized findings, demonstrations of exploits, explanation of compromise impacts, and recommendations for mitigation and remediation. Validate customers' remediation activities upon request.
• Providing third party level support for internal computer problems and network problems
• Designing and installing Cisco Routers and Switches configuration
• Installing and maintaining network availability and performance monitoring and notification system
• Specializing in network security assessments, perimeter defenses, log analysis, information security monitoring, and risk analysis
• Administering penetration testing on wireless technologies on both LAN and WAN
• Configuring Cisco IP Phone 7940 G series configuration with Call Manager Express
• Coordinating the designing and planning of Local Area Network expansion of the organization
• Utilize commercial, open source, and custom-created software to assess and attempt to infiltrate customers' networks, systems, and applications.
• Provided customers with best practice guidelines and practical suggestions to protect against or mitigate threats
• Responsible for incident response, development of security infrastructure, and security policy

Confidential

Installation Engineer

• Installing remotely software Agent on client systems through GoToAssist A remote support technology which included AIX, Linux, Exchange DR MAPI, SharePoint, Oracle, Win XP, Win VISTA, SQL, Solaris, HP-UX, iSeries AS/400
• Installing new computer systems and connecting them into the Local Area Network
• Configuring Virtual Private Network for remote users in order for them to login into the system
• Managing Vault for all clients using Evault Director Software
• Performing clients backup and restores using Web Central Control or Window Central Control
• Configuring HP laptops/desktops for new hires, and departures, ran updates
• Providing support to off-site clients via telephone and e-mail regarding such issues as technical support, policies, procedures
• Performing backup and restores using Storage virtualization configuration, management, etc
• Conducting daily maintenance of user's security accounts in window 2008 including desktop Workstations

Confidential

Data Center Engineer

• Analyzing and resolving computer problems built and upgraded systems installed software and performed general troubleshooting and maintenance for business clients.
• Configuring IBM printers series 3490's for the Payroll and Sales Department
• Organizing and implementing the design of the Data Center Local Area Network and physical Security Infrastructure
• Overseeing daily operations using the AS400 BPCS Batch processing system connected to a Tivoli scheduling system that ran all batch processing
• Performing backups, restores, and tape inject/eject using the Veritas 6.0 6.5 Netbackup system and Netbackup 7.0
• Monitoring and supporting TSO, CICS, IMS, DB2, VM users
• Assisting with AS/400 planning and managing the virtualization and migration of Applications into the new Data Center

Skills

Technologies

Programming Languages

Concepts

Networking Penetration Testing