Sr. Security Engineer / Information Assurance Engineer Principal Resume
Washington, DC
SUMMARY:
- IT professional with 10+ years of total IT experience (Business Analysis and Project Management in the financial industry) and 8+ years of Information Security experience as well as graduate coursework in Information Security.
- Strengths in network security, application security, server security and network administration in distributed, web and mainframe environments.
- Experience administering Active Directory, Lotus Notes access and conducting access reviews using Enterprise Security Station and eTrust Access Control / Security Command Center.
- Experience performing SOX, GLBA, HIPAA and PCI related compliance audit at the enterprise level in gathering information to ensure that all security policies are implemented based to government requirements.
- Proven ability to establish and maintain a high level of client trust and confidence with the ability to adapt easily to new concepts, responsibilities or environments.
TECHNICAL SKILLS:
Hardware: Cisco switches & routers - Catalyst 1900, 2500, 2600, 2900 & 3600 routers.
System: Windows 2000 Professional & Server, XP, 2003 Server, Routing & Remote Access, Internet Information Services (IIS), Internet Security & Acceleration (ISA), SNMPc, Distributed File system, FAT, FAT32, NTFS, Linux Red Hat 5.3, Lotus Notes
Security: Motorrola AirDefense, SiteScope, LogLogic log information management System, Wireshark, Select Access, Remote Access, NetOP, Tipping Point - Security Management Systems, Provider-1, MDG and SmartDashboard Centralized GUI console for all CheckPoint Confidential firewall management software, SmartDash Board, SmartView Monitor, Smart Tracker, RSA ACE/Server, RSA SecurID, FoundStone, Iron Mail, Control SA Passport, Enterprise Security Station, eTrust Access Control / Security Command Center, CyberArk, Active Directory design, managing Directory objects, creating & managing group policies, authentication, authorization and replication, Group Policy Objects, Intruder Detection, System Hardening, Proxy, VPN, Perimeter Network Design (DMZ), Bastion Hosts, firewalls packet filtering, Norton Antivirus, TripWire, Juniper firewall, Juniper IPS/SSL extender, CrossBeam, Nokia, NetOptics, PortAuthority, McAfee, FireMon and SkyBox, IP360, Gardium SQL Guard, Loglogic, MyNIRT Lotus Notes Domino Administration and etc.
Database: DB2, IMS DB
DB/DC System (OLTP): CICS
Central Enterprise Application: CAP, STAR CAP
Protocol: TCP/IP, TELNET, FTP, DNS, DHCP, WINS, PPTP, L2TP, IPX/SPX, NetBEUI
Other: Word, Excel, Visio, PowerPoint, Outlook, Project Management using Microsoft Project 2000, 2003 & 2008 ITIL V.3, JIRA/Confluence Cyclopes.
PROFESSIONAL EXPERIENCE:
Confidential, Washington, DC
Sr. Security Engineer / Information Assurance Engineer Principal
Responsibilities:
- Provide oversight for Judiciary IT Security projects by developing and designing new standards for enterprise security, web security using WAF web access management and authentication
- Serve as ISSO on CSAM, Fortify SSC, and other major projects
- Design / test infrastructure readiness for SOA gateway
- Conduct all Judiciary applications and other product hands-on test evaluation in LAB based on Enterprise Security and business requirements
- Conduct research on emerging technologies, review standards and assess these new technologies for use in US Judiciary
- Create standards for the use of emerging security technologies ranging from authentication, DDoS mitigation, zero-trust model test and implement in US Judiciary
- Maintain Security devices in include Firewalls, IPS/IDS, Proxies, WAFs and SoAs in accordance with government guidelines
- Monitor all firmware, signature updates, maintain firewall rules / ACLs
- Manage and monitor all Privileged Identity Accounts using PIM tool set
- Managed and monitor all Privileged Access Management accounts using CyberArk
- Architecture and engineering leadership guiding other AD engineers.
- Provide technical expertise and advice on areas of security technology, including- Directory, platform security, authentication/authorization systems (Ping), application security using (Fortify), security architecture, policy enforcement, and security frameworks.
- Provide escalation support for SOC on all security devices
- Support Security gateways for all Confidential Courts including critical Enterprise Applications
Confidential, Alpharetta, GA
Lead Network Security Engineer
Responsibilities:
- As Lead firewall security engineer I designed new and efficient firewall rules to meet Confidential compliance
- In this role I was responsible for improving the compliance processes
- Leading product security engineers while improving process implementation and mentoring engineers.
- Lead other Security Engineers for the execution and oversight for / technical support
- Responsible for contributing to security-related processes, developing product security program plans, leading the product security program execution, mentoring engineers and executing special initiatives across the business.
- Lead and perform security analyses of Firewall rules performed rule change, testing, and implementation of new rules
- Collaborate with cross-functional teams in performing changes to firewall rule of various LOBs
- Mentor and develop junior security engineers
- Provide timely communications on significant issues or developments
- Document technical data generated by the assigned project consistent with engineering policies and procedures
- Participate as a presenter or reviewer in technical and program reviews
Confidential, NA
Lead Network Security Engineer
Responsibilities:
- Lead Network Security Engineer on Confidential Application and Firewall decommissioning project
- Research and recommended application to be decommissioned
- Research / Discover Firewalls, Applications, Servers and nodes
- Continue implementation work with decommissioning Firewalls, Applications, redundant servers and nodes
- Review firewall rules and recommended the disabling and or removal of objects
- Participate in sub - projects where T1 and VPN lines are remove and replaced with DS3 lines
- Participate in the migration from Cisco PIX firewall to Cisco ASA and CheckPoint R75
- Participate in various systems merger and integration from Wachovia to Confidential environment
- Participate in monitoring, maintenance, support, upgrade and replacement of firewall devices
Confidential, Atlanta, GA
Information Security Consultant
Responsibilities:
- Wrote process improvement Cook Book for use by ISD Access Management team.
- Wrote Access Control requirement list to stream line access requirement process for ISD team.
- Administered / Managed users and group permission for Active Directory (AD) and Enterprise Directory (ED).
- Implemented users & groups add/delete/modify for Lotus Notes Domino Administration.
- Managed and Administered Blackberry Subscription service.
- Administered users access in Enterprise Identity Management Suite and Enterprise Security Console.
- Participated in the implementation of GPO for all Confidential System.
- Designed and co - authored roles and responsibilities matrix which was vetted in ISD and now being vetted with Systems & S&R.
- Performed the following functions; DLP Data Loss Prevention - Data in motion, Data at rest and Data in use
- Strong hands on experience with Data Privacy.
- Participated in coordinating various implementations across Confidential Districts and branches including the DDR project.
- Managed and coordinated all aspects of access provisioning for FR staff.
Confidential, St. Petersburg, FL
Information Security Consultant
Responsibilities:
- Built, configured and deployed Adaptive Authentication (Passmark) servers in Windows environments, as well as MS - SQL Servers for multiple clients in the United States and South America.
- Performed the following functions; DLP Data Loss Prevention - Data in motion, Data at rest and Data in use.
- Migrated current Adaptive Authentication (Passmark) 2x environment to 6x environment
- Implemented and documented migration process.
- Performed Digital finger printing - water marks as well as incident response forensic function.
- Strong hands on experience with Data Privacy.
- Wrote and documented SOP and training materials.
- Performed 24/7 on call support while maintaining or managing the migration process.
- Monitored security logs on servers and mitigated any issues from access or maintenance.
- Performed other security support functions for Confidential eBanking division for all cash management products.
- Performed SOX, GLBA, HIPAA and PCI related compliance audit at the enterprise level information to ensure that all security policies are implemented based to government requirements.
- Provided a high level consulting services in the area of process improvement, cost and defect reduction. Manage, plan and organize process improvement initiatives, coordinate and monitor the deployment initiatives to ensure delivery of overall project.
- Led complex process improvements initiatives targeted at reducing costs, optimizing cycle time, reducing defects, and/or improving customer satisfaction.
- Conducted facilitation sessions with cross functional teams to document "as is" processes; identify and document the weaknesses of the current environment; perform review of current processes and assess to opportunities to streamline and remove unnecessary work.
Confidential, Alpharetta, GA
Security Operations Analyst
Responsibilities:
- Designed Intruder Detection, System Hardening, strengthening and managing firewalls using Check Point Confidential and other sub applications such as Provider1, SmartView Monitor, Tracker, and Dash Board to provide enterprise level security administration for business critical environments.
- Administered and managed FoundStone to scan network and all ports in possible intrusion.
- Managed and administered ACE server for secureID RSA and eNvision gathering and correlating data while providing actionable intelligence of information.
- Administered Active Directory and Lotus Notes access.
- Strong hands on experience with firewall deployment/management for access including route modification using CheckPoint Provider1, CrossBeam, Juniper and Nokia.
- Conducted access review using Enterprise Security Station and eTrust Access Control / Security Command Center.
- Configured and administered Intrusion Detection Systems (IDS) and Intrusion Prevention System (IPS).
- Performed SOX and GLBA related compliance audit at the enterprise level in gathering information to ensure that all security policies are implemented based to government requirements.
- Performed threat analysis and policy management using tools such as McAfee, FireMon and SkyBox
- Performed Impact analyses to bi - weekly and ad hoc system maintenance.
- Coordinated system integration and maintenance with System Admin, DBAs, Development, Client Production Support and QA teams.
- Coordinated and performed data analysis for all change management as well as coding to be sure they meet all security requirements, while maintaining a 24/7 on call pager rotation.
- Managed all security access to prepaid applications on all Central Enterprise Applications.
- Prepared security design review documents and to ensure the meet all compliance standards for approvals.
- Extracted and performed secured file transfers.
- Wrote and documented SOP and training materials.
- Preformed security testing in various testing environment before implementation into production and Post-production environments (UTP).
- Verified QA Test results for any security issues and recommending fixes.
Confidential, Columbus, GA
Information Security Analyst
Responsibilities:
- Designed Intruder Detection, System Hardening, strengthening and managed firewalls using Check Point Confidential and other sub applications such as Provider1, SmartView Monitor, Tracker, and Dash Board to provide enterprise level security administration for business critical environments.
- Administered and managed FoundStone to scanned Network and all ports in possible intrusion.
- Managed and administered ACE server for SecureID RSA and eNvision, gathering and correlating data while providing actionable intelligence of information.
- Strong hands on experience with firewall deployment/management for access including route modification using CheckPoint Provider1, CrossBeam, Juniper and Nokia.
- Performed threat analysis and policy management using tools such as McAfee, FireMon and SkyBox.
- Designed various Security Systems Development Life Cycle (SecSDLC) to implement and or improve network defense / security and countermeasures by installing Check Point NG/X, Proxy and MS ISA Servers, Monitoring email content to meet compliance standards using IronMail, and PortAuthority.
- Administered AirDefense to perform functions such as providing 24/7 monitoring of Wi - Fi networks to identify rogue WLAN intrusion detection attacks and trained in Information Security Legal, Ethical and Professional issues.
- Designed Risk Management Strategies including Business Continuity planning.
- Designed physical & logical security including change management and personnel security.
- Designed strategies for ongoing security maintenance including technical and administrative evaluation.
- Primarily responsible for the deployment, implementation and support of new cash management applications for various financial institutions and their clients while maintaining thorough understanding of technical interfaces between customer and strategic partners.
- Developed systems architecture to bridge new and existing applications and worked across with other departments to ensure the overall continuity and security for the new environments and applications.
- Managed customer support team while maintaining service level and negotiating with customers on providing continuous service improvement while serving as the final escalation point of complex issues.
- Documented SOP and training materials.
- Maintained a high level of customer satisfaction and confidence by keeping the total cost of ownership down through the delivery of high quality support that exceeded customer expectation.