Confidential, Suitland, MD
Information Systems Security Engineer
- Worked on a contract at Confidential Satellite Operations Facility that was classified.
- Daily activities included capturing monitoring of systems and writing Operational Instructions for those activities. The remainder is classified.
Confidential, Suitland, MD
Network Security Engineer
- Supported Confidential at their Confidential Satellite Operations Facility.
- Remediated Cisco vulnerabilities and collected evidence of remediation for POA&M milestones.
- Partnered with the Network Engineering teams, Satellite Operations/Geostationary Operational Environmental Satellite (GOES), Polar Operational Environmental Satellite (POES), JASON - Ocean Surface Topography Mission, and the Earth System Prediction Capability (ESPC).
- Assisted with the implementation of Palo Alto firewalls program after waiting for the acquisition of new licenses (procurement takes a while). Configured existing firepower service on the ASA’s while waiting for the PAN licenses.
- Attended change control meetings for all programs as the security POC, to include network outages and/or changes (replacing old equipment (mostly switches but some checkpoint firewalls also needed to be upgraded as well).
- Assisted the Network Team on ESPC program in implementing the Palo Alto 7050s.
- Monitored network traffic and network device controls utilizing SolarWinds on a daily basis
- Ran Nessus scans monthly on each program.
- Researched vulnerabilities and updated any new plugins for Nessus enterprise. These areas also included known issues with some outdated equipment that could not be updated due to a C&C problem.
- Assisted other areas as needed, such as the system administration team, helping to mitigate POA&M findings and guiding new installations with security measures.
- Wrote System Security Plans (SSPs) and Standard Operation Procedures (SOPs) for the various programs.
Confidential, Elkridge, MD
Senior Information Security Engineer / Team Lead
- Supported the State of Maryland Department of Human Resources.
- Created and revised System Security Plans (SSPs), Security Integration Architecture (SIAs) and Privacy Threshold Analysis (PTAs).
- Managed the team SharePoint collaboration site.
- Reviewed change control items, created plans for Network Engineering team to upgrade Cisco ASA firewalls that interfaced with the client side. Recommended to Xerox corporate to replace border (Checkpoint) firewalls with Palo Alto devices (after POC with client).
- Created new VLANs to accommodate growth within the facility.
- Reviewed group policies for potential NIST SP 800-53 Rev4 violations.
- Reviewed password policies across all platforms for issues.
- Looked for ways to consolidate some areas (i.e. IDS and web filter) into a cheaper and more efficient solution that could reduce costs for the company.
- Assisted in the implementation and project planning of major data center migration from Xerox corporate data center in Dallas to Indianapolis data center along with implementing a backup data center simultaneously in Baltimore over the two years.
- Stood up new Security Information and Event Management (SIEM) for all applications. Started with QRadar but ultimately implemented in production LogRhythmn.
Confidential, Washington, DC
Senior Information Security Engineer
- Worked on a contract supporting the Confidential as a Security Engineer/Auditor tasked on security flaw in HP printers on campus.
- Assisted in the remediation of security gaps with analysis.
- Performed daily vulnerability scanning with Foundstone and WebInspect.
- Utilized ePO policies for district office variances in the IT standards.
Confidential, Silver Spring, MD
Senior Information Security Analyst
- Served as the Team Lead for the Information Security four-person team.
- Managed day-to-day security operations and project management (approximately 96 ongoing projects).
- Responsible for all Cisco ASA firewalls, to include redundancy, auditing and delegation of managing duties.
- Utilized daily network monitoring tools (CiscoWorks and SolarWinds).
- Maintained Cisco ACS for access control to network device management.
- Interfaced with project management office, a separate department outside of IT, along with other department heads to acquire business requirements and offer alternative security solutions.
- Reviewed monthly access logs to all data centers and network closets.
- Issued and maintained all SSL certificates, and investigated and tested new products.
- Maintained Proxies
- Initiated project to virtualize the DMZ and placed new switches along with separate VLANs for VMware.
- Started and planned project to implement application layer firewalls (Palo Alto), along with Panorama servers for management of the PAN devices. This project also required new security policies development and approval with association from the board of directors and especially the corporate communications department.
- Mitigated problems that escalated to my level, to include but not limited to, Active Directory clustering problems, Citrix issues, AntiVirus spawning multiple instances in one VM, virus eradication, change management problems and power distribution.
- Migrated Cisco IronPort (on-premise device which relied on the user to determine whether to encrypt their email or not) to Proofpoint hosted solution. Set up automated encryption of emails depending on content.
- Implemented foundation roadmap for Identity Access Management (IAM) implementation upon allocation of funds. Utilized VB to turn on hidden fields in Active Directory and made the authoritative source the HR system.
- Took inventory of existing firewalls. Created and implemented plan to replace with ASA’s within the facilities.
Confidential, Reston, VA
Information Security Specialist
- Platform owner for Novell/Windows AD and RSA SecurID.
- Trained delegated Security Administrators in their respective divisions.
- Interfaced with internal and external auditors on a two-week rotational basis.
- Helped out other platforms when they were short handed, including Lotus Notes and Sybase.
- Used ePO for standardization on all workstations.
- Worked with functional divisions to deliver security schemas. Adapted security relations with divisional leaders to deliver BCP expectations.
- Instrumental in the adoption of disaster recovery within many departmental areas.
- Worked with the department heads to designate data/object owners for the Oracle Identity Access Management (IAM) solution.
- Attended weekly change control meetings that concerned the platform, departmental or key area issues concerning data ownership, assignment or transferrable.
- Helped the firewall team manage Blue Coat web proxies as a cross training initiative.
Confidential, Reston, VA
- Contracted to Confidential for Security Administration.
- Granted access to contract workers and Confidential employees to various services and shares.
- Conducted security assessments and reviews of shares that were incorrectly setup and corrected the problem.
- Answered trouble tickets with the use of Vantive.
- Set up new users, granted access to current users and created shares with Novell 5 NDS administration.
- Assisted in Windows 2000 Active Directory administration.
- Set up Biometrics and Single Sign On.
- Set up Lotus Notes R5.