We provide IT Staff Augmentation Services!

It Security Operations Resume

SUMMARY

  • 12+ years as a Information Systems Security Analyst/ Engineer I have been involved in all seven stages of Incidents Response.
  • I have Responded to alerts generated from various systems; evaluating and remediating impact to enterprise systems resulting from the unauthorized access, violations, threats, protecting client data, documents, work products.
  • I have been responsible for maintaining the information technology environment; and implementing and maintaining information security systems in the corporations global information technology environment.

TECHNICAL SKILLS

IPS/IDS Tools: McAfee ePO, Tripwire,DLP, HIPS, SEIM,CWS,VSE,ADM, TIE, DXL Wireshark, Symantec, Administration, Crowdstrike, Application Control, WebGateway, Change Control, ENS 10.5, EDR, MOVE, Site Advisor, Splunk Enterprise, Data Analysis, Websense, Firewall,Qualys

Network Protocols & Tools: TCP,UDP

Servers: Linux,Windows

Operating Systems: Windows Server 2003 - 2008, Linux, Windows 7,8,10 VM ware

Ticketing Systems: Remedy, Heat, Service Now

Directory Services: Active Directory, LDAP

DevOps Tools: Docker, Git, Jenkins,Ansible, Chef code can, Kubernetes

Server Operations Systems: Win9X thru 10, Win2K/Win2K3 Pro/Win2008/2012 Server, Microsoft Office 97,2000,20008, thru 2010, VMware vSphere Client

Security Standard: NIST sp 800-37 NIST sp 800-39 NIST sp 800-60 NIST sp 800-53 NIST sp 800-171

Vulnerability Management Tools: Nmap, Nessus, Tenable sc

Cloud Platforms: AWS, Microsoft Azure

Scripting Languages: Python, Linux, Powershell

PROFESSIONAL EXPERIENCE

Confidential

IT Security Operations

Responsibilities:

  • ePO Administrator in a Multi-Security Enclave supporting 3,000+ worldwide customer base Windows & Mac Enterprise
  • Implemented, deployed, managed and monitored McAfee DLP
  • Configured rules for USB blocks in McAfee DLP
  • Designed, implemented, configured, deploy, and tested McAfee products in various environments
  • Implemented McAfee ENS 106.1 in the Confidential Environment
  • Deployed drive encryption on endpoints and conducted training for McAfee Drive Encryption
  • Performed management for multifactor authentication (RSA)
  • Designed, implemented, configured, deployed, and tested McAfee products from scratch in various environments
  • Performed Server administration and management
  • Initiated built and maintained McAfee ePO servers as well as its associated infrastructure and the associated security policies in collaboration with the IT Security OperationsTeam
  • Provided incident management support, including compliance management, threat protection, activity monitoring, shadow services, DLP violations oversight, etc.
  • Created and analyze security policies and reports to ensure security
  • Oversaw users’ security access and reviewed logs
  • Managed ENS 10.6.1 migration from VSE
  • Built and maintained McAfee ePO server as well as its associated infrastructure
  • Provisioned and managed admin accounts for IDS/IPS
  • Utilized the Endpoint Migration Tool for the ENS migration to migrate custom Policy settings
  • Reviewed licensed McAfee products and made recommendations
  • Monitored the EPO server and SQL database health
  • Performed log analysis, traffic flow analysis and experience with associated infrastructure and systems to aid in the identification of malware or other malicious behavior
  • Provisioned and managed admin accounts for IDS/IPS
  • Authored policies and performed, client tasks
  • Utilized Tripwire for vulnerability management
  • Creation and tuning of new rule sets and policies
  • Created tested strategies, developed documentation and policies, and maintained system documentation
  • Performed repository updates with product versions planned for deployment
  • Deployed and Implemented McAfee Endpoint protection for servers
  • Implemented McAfee Endpoint and Network based solutions across the enterprise
  • Maintained Security applications to include installing updates and modify configurations to monitor the system.
  • Provided technical leadership for Endpoint Protection. This includes implementation of advanced features / capabilities within the endpoint protection software
  • Performed implementation of new Endpoint Protection solutions, inclusive of solution research/comparison, planning, documentation, testing and deployment
  • Engaged in hands-on testing prior to implementations and upgrades (e.g. testing detection efficacy, new feature evaluations)
  • Acted as the single point of contract for Endpoint Protection incident and problem resolution
  • Coordinated problem resolution as needed with customer IT staff
  • Made suggestions of new policy upgrades
  • Provided status reporting to management for projects and operational support matters
  • Assisted other security analysts as needed as a part of incidence response.
  • Kept documentation of incident and problem resolutions
  • Utilized AWS Security best practices (SG, IAM, Resource Policies, etc)
  • Built ECS computer platforms with integrations to various AWS database engines
  • Implemented serverless application’s CI/CD pipeline using the AWS CI/CD stack
  • Assisted in the splunk build and dashboard development also development of systems and architecture.
  • Developed filters to identify specific events
  • Administered and managed splunk apps to perform customized functionalities Data Platforms
  • Maintained and managed splunk infrastructure also managed overall health of splunk
  • Initiated the Setup and installed Splunk instances on multiple machines
  • Performed content development to properly identify data feeding SEIMS and correlation of events
  • Assisted in th proper operation and performance of splunk loggers and connectors
  • Initiated data on-boarding and developing search queries in Spluink

Confidential

Security Operations Administrator

Responsibilities:

  • Designed, implemented, configured, deployed, and tested McAfee products from scratch in various environments
  • Implemented, deployed, managed and monitored McAfee DLP
  • Designed, implemented, configured, deployed, and tested McAfee products in various environments
  • Initiated built and maintained McAfee ePO servers as well as its associated infrastructure and the associated security
  • Receives daily Anti-Virus (VSE) and periodic Host Based Intrusion Prevention System (HIPS) (Block High, Medium, and Low) signature updates
  • Built and maintained McAfee ePO server as well as its associated infrastructure
  • Prepare, develop and maintain Access Protection Policy for the Administration to include:
  • Active Directory; Application Control
  • Host Intrusion Prevention System (IPS); Firewall and Trusted Networks; AV/Antispyware protection
  • Asset Baseline Monitor
  • Data Loss Prevention implementation, deployment, management, expansion, policies, rules, configuration & architecture
  • Network Data Loss Prevention and data classification
  • Endpoint Security (ENS) integration, setup and configuration
  • ATD Installed and configured and Implemented
  • Carbon Black endpoint sever protection
  • McAfee ESM to perform investigation of potential threats
  • Deployed drive encryption on endpoints and conducted training for McAfee Drive Encryption
  • Performed management for multifactor authentication (RSA)
  • Performed Server administration and management
  • Provided incident management support, including compliance management, threat protection, activity monitoring, shadow services, DLP violations oversight, etc.
  • Created and analyze security policies and reports to ensure security
  • Oversaw users’ security access and reviewed logs
  • Creation and tuning of new rule sets and policies
  • Reviewed and documented the current ePO Deployment, Configurations and Policies.
  • Documented the migration procedures and technical steps.
  • Provided written and verbal reports and updates to customers/business units
  • Supported major projects, including new initiatives, capacity, life-cycle management, upgrades, new products and/or features, and integration
  • Developed process and architecture diagrams
  • Managed ENS 10.5.4 migration from VSE
  • .Created and Configured Policies for ENS 10.5.4 Threat Prevention, Firewall and Web control
  • Utilized the Endpoint Migration Tool for the ENS migration to migrate custom Policy settings
  • Reviewed licensed McAfee products and made recommendations
  • Monitored the EPO server and SQLdatabase health
  • Authored policies and performed, client tasks
  • Performed repository updates with product versions planned for deployment
  • Deployed and Implemented McAfee Endpoint protection for servers version
  • Implemented McAfee Endpoint and Network based solutions across the enterprise
  • Developed and maintain security processes and controls that ensure security posture meets and/or exceeds FISMA and other Federal security standards as required
  • Created documentation in support of the efforts to include Security Control Assessment Reports, System Security Planed and Security Standard Operating Procedures
  • I initiated the provisioning and managing of administration accounts for IDS/IPS
  • Maintained Security applications to include installing updates and modify configurations to monitor the system.
  • Fostered an innovative and inclusive team-oriented work environment
  • Supported and maintain security tools to include Splunk, McAfee EPO, Forcepoint, IBM Siteprotector, Symantec Endpoint Management, Tenable Security Center, etc.
  • Created scans and Reports using Tenable Security Center
  • Created Splunk dashboards and custom search queries
  • Created and maintain PowerShell scripts
  • Prepared project ask details, presentations and reports on department performance metrics and assigned projects
  • Managed security related projects which included projects driven by regulatory or internal requirements
  • Created a threat events query and reviewed threat event log data and investigated anomalies
  • Developed and maintained SOPs and IT security processes; configured Application Control policies
  • Assisted in the splunk build and dashboard development also development of systems and architecture.
  • Developed filters to identify specific events
  • Administered and managed splunk apps to perform customized functionalities Data Platforms
  • Maintained and managed splunk infrastructure also managed overall health of splunk
  • Initiated the Setup and installed Splunk instances on multiple machines
  • Performed content development to properly identify data feeding SEIMS and correlation of events
  • Assisted in th proper operation and performance of splunk loggers and connectors
  • Initiated data on-boarding and developing search queries in Spluink
  • Utilized AWS Security best practices (SG, IAM, Resource Policies, etc)
  • Built ECS computer platforms with integrations to various AWS database engines
  • Implemented serverless application’s CI/CD pipeline using the AWS CI/CD stack

Confidential

Security Operations

Responsibilities:

  • ePO Administrator in a Multi-Security Enclave supporting a 32,000+ worldwide customer base Windows and Mac Enterprise
  • Implemented, deployed, managed and monitored McAfee DLP
  • Configured, deployed, monitored, operated, secured, and maintained two (2) central ePolicy Orchestrator (ePO) servers, and numerous Enterprise Agent Handlers and Super-Agent Distributed Repositories
  • Received daily Anti-Virus (VSE) and periodic Host Based Intrusion Prevention System (HIPS) (Block High, Medium, and Low) signature updates
  • Built and maintained McAfee ePO servers as well as it infrastructure
  • Deployed drive encryption on endpoints and conducted training for McAfee Drive Encryption
  • Backup and migrate existing policies and client tasks
  • Developed and maintain security processes and controls that ensure security posture meets and/or exceeds FISMA and other Federal security standards as required
  • Utilized Tripwire for vulnerability management
  • Plan and Security Standard Operating Procedures
  • Maintained Security applications to include installing updates and modify configurations to monitor the system.
  • Supported and maintain security tools to include Splunk, McAfee EPO, Forcepoint, IBM Siteprotector, Symantec Endpoint Management, Tenable Security Center, etc.
  • Authored policies for ENS components Threat Prevention,Web control, Firewall
  • Deployed ENS to Test machines before introducing it into the production environment
  • Performed Server administration and management
  • Deployed and Implemented McAfee ENS on endpoints which included servers
  • Performed and managed the migration from McAfee virus scan enterprise to McAfee ENS
  • Transferred and Configured Policies from McAfee Virus Scan Enterprise to McAfee ENS for desktops and Servers
  • Audited Policies in Virus Scan Enterprise before transferring them to ENS
  • Reviewed and documented the current ePO Deployment, Configurations and Policies.
  • Documented the migration procedures and technical steps and made them available for future admins.
  • Provided written, verbal and EPO generated reports and updates to customers and or business units
  • Supported major projects, including new initiatives, capacity, lifecycle management, upgrades, new products and/or features, and integration
  • Developed process and architecture diagrams
  • Used Policy comparison tool to make sure the transfer policy to ENS matched the original in VSE during the ENS migration
  • Used a ENS Test Environment to test Policies before transferring to the Production environment
  • Utilized endpoint migration tool for the VSE to ENS migration
  • Assisted in the splunk build and dashboard development also development of systems and architecture
  • Utilized AWS best practices (SG, IAM, Resource Policies, etc)
  • Administered and managed splunk apps to perform customized functionalities Data Platforms
  • Initiated data on-boarding and developing search queries in Spluink

Hire Now