OBJECTIVE

Information Security professional with over 10 years of experience in systems and threat detection and analysis, incident response, implementing and maintaining quality commercial and open - source security solutions for effective threat-based strategies.

CORE COMPETENCIES

• Information Security Management
• Compliance
• Governance
• Encryption
• Identity and Access Management
• Computer Network Defense
• Intrusion Detection
• Incident Response and Management
• Endpoint Protection
• SIEM Content Creation and Management
• SIEM Events/Incidents Correlation and Management
• Custom Signature Creation and Management
• Vulnerability Assessment
• Threat Analysis
• Penetration Testing
• Malware Reverse Engineering
• Forensic Analysis
• Threat Intelligence Analysis
• Security Policy Creation and Development
• Client Relations
• Configuration/Integration
• New Product Deployments
• Change Management

PROFESSIONAL EXPERIENCE

Information Security Analyst

Confidential, Herndon, Virginia

Responsibilities:

• Direct report to Chief Information Security Officer/Chief Information Officer
• Manage Cybersecurity program for corporate enterprise of 750-1000 end users
• Design and Implement an Information Security Management System to comply with ISO 27001 standards
• Assume leadership role in all Incident Response activities
• Interpret Business Goals and Departmental Goals to develop Security Objectives that are congruent with company direction and vision
• Manage achievement of established Security Objectives
• Manage the implementation and compliance of a company-wide Security Awareness Program that includes an Annual Security Awareness Training Course
• Act as internal liaison to external vendors providing annually-held penetration testing and oversee all related activities and subsequent remediation
• Maintain regular contact with Vendors and Value-Added Resellers of Information Technologies and Services to maintain awareness of Industry trends and standards
• Maintain regular contact with special interest groups and professional associations to maintain awareness of Industry trends and standards such as: FBI’s Infragard, Cloud Security Alliance, ISSA
• Oversee a Vulnerability Management program that consists of regular patching and remediation to minimize risk
• Oversee testing, adoption, deployment, and administration of all security technologies
• Manage a portfolio of information and security technologies that includes: Cisco ASA, Palo Alto NGFW, F5 BIG-IP, FireEye, Cisco IronPort, Proofpoint, Lancope StealthWatch, GlobalScape Mail Express, Windows SCCM, Red Hat Satellite, Riverbed WAN Optimizer, MS EMET, Symantec Endpoint Protection, Carbon Black Defense, Qualys
• Primary contact for Managed Security Services Provider fielding all escalations and collaborating to maximize the service’s effectiveness
• Lead a team of IT personnel who are key to the secure operations of the enterprise and preside over regular meetings and gatherings of the team
• Provide Subject-Matter Expertise in all matters regarding Information Security within the enterprise and as it applies to company operations, products, and services
• Report to Leadership and advise on all matters regarding Information Security

Lead Specialist Engineer - Network and Information Security

Confidential, Reston, Virginia

Responsibilities:

• On loan to The United States Confidential
• Perform administration of Incident Ticketing System, Confidential Remedy
• Analyze network traffic by means of monitoring/detecting, research, and forensics to identify malicious activity
• Vet escalations from a Security Operations Center by means of research and forensics on tools that include: Snort, ACE Live, NetWitness, and TippingPoint to ensure accurate escalations
• Reverse-engineer found malware to create content for various detection tools including: Snort, TippingPoint, NetScreen, and BlueCoat to better facilitate future detection and prevention
• Escalate incidents to other groups including: US-CERT, internal security hardware administration teams, and other DOI bureaus to begin remediation
• Process external sources of threat intelligence to create content for detection of emerging threats and zero-days
• Train other teams with the introduction of new processes or policies
• Strong working knowledge of system administration, UNIX and Windows
• Perform backend tuning to intrusion detection and health monitoring platforms to ensure optimum analysis
• Produce monthly security brief for customer that highlights Intrusion Detection System performance reviews, observed trends in the wild and on customer tools, security intelligence from multiple outside sources, analysis, and recommendations for threat mitigation or eradication
• Develop processes and frameworks for creating next-generation content
• Develop advanced content for Next-Generation Splunk-based SIEM
• Splunk 6.3 Certified Administrator
• Design curriculum featuring advanced, in-depth training for Security Operations Center analysts

Team Lead Intrusion Analyst

Confidential, Herndon, Virginia

Responsibilities:

• Analyze network traffic by means of monitoring/detecting, research, and forensics to identify malicious activity
• Reverse-engineer found malware to create content for various detection tools including: Sourcefire, ArcSight, BlueCoat, and Yara to better facilitate future detection
• Escalate incidents to other groups to begin remediation
• Process external sources of threat intelligence to create content for detection of emerging threats and zero-days
• Strong working knowledge of system administration, UNIX and Windows
• Perform backend tuning to intrusion detection and health monitoring platforms to ensure optimum analysis

Team Lead Incident Response Analyst

Confidential, Washington, District of Columbia

Responsibilities:

• Perform forensic investigations on hosts suspected of infection
• Perform investigation of incidents escalated by Managed Security Provider
• Perform investigation of incidents as prompted by security appliances, including FireEye, WebSense Proxy, Bit9, ArcSight
• Analyze suspicious files and e-mail correspondence for malicious software
• Provide consultation to end-users regarding information security inquiries
• Investigate device health issues for security devices including: Checkpoint firewalls, IBM ISS sensors, Dell SecureWorks iSensors
• Monitor system security compliance by means of ForeScout CounterAct NAC
• Oversee remediation actions for security compliance
• Create training documentation for procedures, and general operations

Lead Intrusion Analyst

Confidential, Chantilly, Virginia

Responsibilities:

• Analyze network traffic by means of monitoring/detecting, research, and forensics to identify malicious activity
• Monitor Proventia ISS alerts from customer network
• Create Problem Management escalations
• Provide assistance in customer inquiries regarding administration of networks, device configuration recommendations, incidents, incident response recommendations, and general troubleshooting of devices
• Perform file system and memory forensics by use of enterprise tools including EnCase, HBGary, Forensic Toolkit, Volatility, RegRipper
• Monitor system security compliance by means of BigFix and McAfee ePO
• Strong working knowledge of system administration, UNIX and Windows
• Perform backend tuning to intrusion detection and health monitoring platforms to ensure optimum analysis
• Contribute to development of proprietary SIEM and log correlation technology
• Create and audit inventory of facility hardware inventory
• Oversee deployment of a new Secure Operations Center
• Create training documentation for device configuration, procedures, and general operations
• Contribute to development of Continuity of Operations Plan
• Create documentation for Continuity of Operations Plan
• Create and maintain running operational project plan to keep project managers and upper management up to date on projects being handled by operations center
• Create and maintain shift scheduling documents for operations center
• Research threat landscape and brief clients of emerging/ongoing threats, vulnerabilities, and exploits on a weekly basis

Lead Network and Info Security Specialist

Confidential, Ashburn, Virginia

Responsibilities:

• Analyze network traffic by means of monitoring/detecting, research, and forensics to identify malicious activity
• Create Problem Management escalations
• Provide assistance in customer inquiries regarding administration of networks, device configuration recommendations, incidents, incident response recommendations, and general troubleshooting of devices
• Administer configuration changes to network security devices that include: PIX firewalls, Checkpoint firewalls, Netscreen firewalls, Sonicwall firewalls, Cisco ASAs, Cisco IPSs, Cisco CSAs, Snort sensors, Dragon network-based and host-based intrusion sensors, Bluecoat Proxies, Sourcefire network-based intrusion sensors
• Monitor device health for devices that include: PIX firewalls, Checkpoint firewalls, Netscreen firewalls, Sonicwall firewalls, Cisco ASAs, Cisco IPSs, Cisco CSAs, Snort sensors, Dragon network-based and host-based intrusion sensors, Bluecoat Proxies, Sourcefire network-based intrusion sensors, mail servers
• Perform Signature and OS updates
• Strong working knowledge of system administration, UNIX and Windows
• Perform backend tuning to intrusion detection and health monitoring platforms to ensure optimum analysis
• Create training documentation for device configuration, procedures, and general operations
• Lead a shift of analysts in analysis, incident response, troubleshooting, and other tasks

Lead Network Security Analyst

Confidential, Reston, Virginia

Responsibilities:

• Analyze network traffic by means of monitoring/detecting, research, and forensics to identify malicious activity
• Provide assistance in customer inquiries regarding administration of networks, incidents, incident response recommendations, and general troubleshooting of devices
• Administer configuration changes to network security devices that include: PIX firewalls, Checkpoint firewalls, Netscreen firewalls, Sonicwall firewalls, Cisco ASAs, Cisco IPSs, Cisco CSAs, Snort sensors, Dragon network-based and host-based intrusion detection sensors
• Lead a team of four to six other analysts in day-to-day operations
• Draft the monthly working schedule for the team

Network Security Analyst

Confidential, Reston, Virginia

Responsibilities:

• Analyze network traffic by means of monitoring/detecting, research, and forensics to identify malicious activity
• Provide assistance in customer inquiries regarding administration of networks, incidents, incident response recommendations, and general troubleshooting of devices
• Administer configuration changes to network security devices that include: PIX firewalls, Checkpoint firewalls, Netscreen firewalls, Sonicwall firewalls, Cisco ASAs, Cisco IPSs, Cisco CSAs, Snort sensors, Dragon network-based and host-based intrusion detection sensors

Service Desk Technician

Confidential, Reston, Virginia

Responsibilities:

• Customer Service
• Create tickets and follow up on progress of customer requests or issues
• Respond to phone inquiries
• Monitor health and uptime of managed devices and escalate all outages