TECHNICAL EXPERTISE:

Hardware: Cisco 3750 Switches, 3825 Routers, and 7613 Routers, Cisco 3750 Switches) Cisco 5000 and 7000 series NEXUS Switches, Cisco ASR9006 Routers, McAfee (Sidewinder G2) Firewalls, Cisco ASA 5500 series Security Devices, Cisco 5580­20 ASA Security Devices, Counteract Network Access Control 6.3.3 and Enterprise Manager for NAC. InfoBlox DNS Servers., SafeNet KG340 Encryption devices, Juniper SRX1400 Firewalls, Juniper SRX550 Firewalls, Juniper M80e routers, Cisco ASR6006 Routers, Cisco ASR4600 Series Switches, Cisco 7600 Series Routers, Cisco 3750 Switches, Cisco 3825 Routers, Juniper EX 4200 Switches, Juniper EX 4500 Switches, Cisco Firepower FP9300 Security Appliance, Cisco 5585 Firewalls. ACAS Vulnerability Scanner

Security Devices (Firewalls, Encryption): Cisco ASA 5505, 5580­20, 5500­X Firewalls, Juniper SRX 1400 and SRX650 Firewalls, SafeNet KG340 Type 1 Encryption devices, General Dynamics KG­175G, Cylink Type 1 encryption devices, McAfee Firewalls, SafeNet VPN Concentrators. Cisco ACS Server, SafeNet SE Type 3 Encryption devices, ACAS Vulnerability Testing, SafeNet KG 175G and 175x Encryption Devices, Palo Alto Firewalls running 7.0.0., Cisco ASR9006 Edge Routers, Cisco ASA 5585 running multiple contexts, Juniper MX480 Routers, Juniper EX 4500 Switches, Cisco 6503 Routers, Cisco Firepower FP9300 Security Appliances, Cisco VPN connections, Blue Coat SG Proxy Servers, IronPort Mail GatewaysInformation Assurance: eMASS,NIST 800­53 RMF, FISMA, DoD 8005, NIAP, Disa STIG,HAIPE Encryption, Type 1 Encryption, VPN(monitoring, configuration, and troubleshooting) TIAL Lab ISSO and JRSS Network Engineer, RADIUS using PKI Exchange, and TACACS.

EXECUTIVE SUMMARY:

• Seasoned network and security Confidential experienced in designing, implementing, and supporting VPN and encryption solutions throughout Federal Agencies including the Department of State, the Confidential, the TSA, Confidential and Camp Arifjan in Kuwait, and DISA.
• Tracked and Updated IA Compliance Documentation using eMASS, ACAS, and SCAP Tools
• Experience obtaining Authority to Operate (AT0) and Authority to Connect for Air Force Medical Networks and Devices.
• Assists in the development of multiple vendor C&A (RMF, DIACAP, PIT, etc.) artifact documentation to be used in the accreditation process. Upload C&A artifact documentation/notes into appropriate tracking tool.
• Experienced in writing, supporting, testing, and documenting security on both Classified and Unclassified networks for both Internal and DMZ networks.
• Experienced with building and implementing VPNs for site­to­site connectivity, and for remote access for users Tested, evaluated, integrated, and implemented COTS solutions for VPN, network monitoring, Type 1 and Type 2 encryption devices, and network optimization tools
• Tested and produced documentation using DISA STIGS, NIST 800­53, and DoDD 8500 FISMA, DISTCAP, and IA CA processes for SSH, SYSLOG, Authentication, Authorization, and Accounting using TACACS/ RADIUS authentication.
• Monitored DoD, DHA, and AF notifications for required medical device software updates and patches.
• Uses Automated Security Clearance Approval Systems (ACAS)/other DoD security scanning software and coordinates with network operations centers to obtain required security scans of assigned medical devices.
• Ensures medical device manufacturer validated patches are installed on the associate medical devices. Performed coordination with manufactures under a support agreement, through an automated patch server, or manual installation
• Experience with eMASS supporting medical equipment RMF s.
• Experience in Information Assurancecompliance usingNIST SP 800­37, and security legislation, standards and guidelines, FISMA, SSE­CMM, FIPS 199, NIST SP 800­53.

PROFESSIONAL EXPERIENCE:

Cyber Security Analyst

Confidential Management Analyst

Fort Detrick, Maryland

TEK Systems

Responsibilities:

• Tracked and Updated IA Compliance Documentation using eMASS, ACAS, and SCAP Tools
• Experience obtaining Authority to Operate (AT0) and Authority to Connect for Air Force Medical Networks and Devices.
• Assists in the development of multiple vendor C&A (RMF, DIACAP, PIT, etc.) artifact documentation to be used in the accreditation process. Upload C&A artifact documentation/notes into appropriate tracking tool.
• Monitors DoD, DHA, and AF notifications for required medical device software updates and patches.
• Uses Automated Security Clearance Approval Systems (ACAS)/other DoD security scanning software and coordinates with network operations centers to obtain required security scans of assigned medical devices.
• Ensures medical device manufacturer validated patches are installed on the associate medical devices. Performed coordination with manufactures under a support agreement, through an automated patch server, or manual installation
• Experience with eMASS supporting medical equipment RMF s.
• Experience in Information Assurance compliance using NIST SP 800­37, and security legislation, standards and guidelines, FISMA, SSE­CMM, FIPS 199, NIST SP 800­53

Cyber Security - Network Engineer

Confidential Lab Cyber Engineer

Fort Meade, Maryland

Elite Technical Services / ByLight Technical Services

Responsibilities:

• Lead Cisco ASA 5585 Engineer.
• Evaluated and Tested upgrades on the Cisco 5585 Firewalls, Juniper EX 4500 Switches, Juniper EX 4200 Series Switches.
• Performed Troubleshooting and support for Cisco Firewalls for both Unclassified and Classified Networks.
• Performed system evaluation of the Cisco FP9300 Firepower and ASA Virtual Devices for JRSS.
• Produced Tests and Evaluation Reports along with Test and Implementation Plans.
• Wrote Build­of­Materials and produced Rack documentations for JRSS development and pre­production environments.
• Crafted Security Evaluations, Test Results and Implementation Guides for Cisco ASR9K, Juniper MX480, M320, M10i and MX960 Routers, Cisco WS­C4500x Switches, SafeNet KG340 Type 1 Encryption Devices, Palo Alto 7.x Firewalls, and ASR 9006 Routers.
• Managed, downloaded and installed updates for the Cisco Routers and Switches.
• Tested and evaluated updates using NIST 800­53, DISA STIGS, IAVAs, and CVE alerts for Cisco and Juniper Devices.
• Evaluated new devices using DISA STIGS and Checklists.
• Assisted in the development of lab ATO including STIGS and DoD C&A artifacts..
• Lead Confidential for Tier 3 support on the McAfee Enterprise Firewalls (Sidewinders), Sourcefire IDS, and Juniper SRX1400 Firewalls
• ISSO fpr the TIAL LAB.
• Tier 3 Support for STEP IA Tools DMZ enclaves using Cisco 7613 Routers and McAfee Firewalls.
• Developed a RFM Matrix for IA testing on new Cisco and Juniper Devices using NIST 800­53, DoD 8500, and DISA STIGS
• Lead Confidential for Tier 3 support for the Cisco ASR9006, Cisco 7613 Routers, Juniper SRX Firewalls and Routers, and Juniper Switches
• Managed the POAMs and Tasks in eMASS and developed a matrix for NIST 800­53 evaluations.
• Performed IAVA Testing on Juniper MX Routers, including vulnerability testing.
• Lead Confidential for replacement of the Security Devices using Juniper SRX1400 Firewalls.
• Performed IA Testing on the Cisco ASR 9000, and updates on Cisco 7613 routers.
• Performed IA evaluation on the Juniper CTP Transport Devices
• Performed DISN integration and IA testing of the transport network elements using vulnerability scanning, or other security assessment tools, and manual review
• Developed Network Element IA Test Plans and Test Reports are required for all evaluations. Recommendations for Fielding and Configuration Guide may be required, depending on the test results and the technology being evaluated
• Evaluated product updates for transport equipment currently used in DISN to determine how they impact existing network services and equipment.
• Delivered Test Plans, detailing proposed test cases, and resulting Test Report following successful completion of testing. Other documents, like an Network Element IA Fielding Plan or Network Element IA Configuration Guide may be required
• Performed integration testing of software used to manage network transport equipment to determine suitability for DISN deployment
• Provided Tier III engineering support to field operations and theater personnel to deliver Encryption Lessons Learned reports
• Configured and supported Juniper MX­480 and Cisco ASR 9000 Routers for testing Type 1 Encryption Devices.
• Tested and Evaluated KG­175G HAIPE Encryption devices.
• Tested Wrote Technical Documents and Method of Procedures. for SafeNet KG340 encryption devices.
• Assisted with the development of security policies and procedures.
• Tested and evaluated Cisco ASR1006 Firewalls for Internal and DMZ networks.
• Uploaded NIST 800­53 and DoD Artifacts to EMASS.

Confidential Security Engineer

Clarksburg, West Virginia IMTS / LogixGuru

Responsibilities:

• ConfiguredandsupportedCiscoSwitches(Cisco3750­v2,3750x,4506­E,3550, 6509­E,ASR1002—F, 2912MFXL, and Cisco 5000 Nexus Series Switches)
• Configured and supported Cisco Routers (Cisco 3825, 7201, 2811, 3600, 2600 Routers)
• Configured and supported Cisco ASA (5512 and 5510 Running version 8.4)
• Configured and supported DNS entries using Linux based Infobox Application
• Performed day­by­day entries to the Infoblox DNS/DHCP devices.
• Replaced the 550 and 1050 Infoblox Devices to 820 and 1410s ­including the Grid Master
• Configured, implemented, and supported Infoblox Devices at various call centers
• Maintained and upgraded the NIOS on all the Infoblox.
• Monitor and assess Confidential security program compliance and performance along with NIDS, HIDS, firewall, router and network operating system (access points) logs
• Responsible for the Site­to­Site VPNs on the ASA Firewalls, as well as the DMVPNs on the edge routers.
• Assisted with the development of security policies and procedures.
• Supported, implemented, and performed troubleshooting on EIGRP and BGP Routing throughout the Enterprise
• Employs automated and manual tools to identify demonstrate and remediate security vulnerabilities.
• Assists with the evaluation, recommendation and planned implementation of information security products (including virus protection), tools and methodologies
• Recommends improvements based on security standards, policies and procedures for the network (LAN and Confidential )
• Lead Confidential on Cisco LMS 4.2.2. (Configured, supported, and updated)

Confidential Security Engineer

TACSWACA CYBER CENTER

Confidential AT&T­SWA

Responsibilities:

• Monitored and assessed Confidential security program compliance and performance along with NIDS, HIDS, firewall, router and network operating system (access points) logs
• Configured and supported Cisco Switches (Cisco 3750­v2, 3750x, 4506­E, 3550, 6509­E)
• Configured and supported Cisco Routers (Cisco 3825, 7206, 2811, 3845 Routers)
• Configured and supported Cisco ASA (5580­20 Running version 8.4)
• Maintained Diagrams of SIPR and NIPR networks, as well as writing compliance configurations for the DISA STIGS on the ASA Firewalls and Perimeter Routers.
• Responsible for the design and ongoing reporting of metrics associated with information security systems and adherence to service level agreements
• Supported, implemented, and performed troubleshooting on EIGRP and BGP Routing throughout the Enterprise
• Assisted with the evaluation, recommendation and planned implementation of information security products (including virus protection), tools and methodologies)
• Wrote and distributed Theater and Regional level policies and procedures for Confidential security
• Evaluated network performance, tune network infrastructure including routers, switches, fast Ethernet links, network address translations, firewalls, routing protocols, and security features.
• Required by DOD Policy 8570.1 to have a current CISSP to meet with security guidelines for LEVEL III access to military networks

Network Security AnalystMar

Confidential, L­3 Communication

Rockville, MD L3­Communications

Responsibilities:

• Performed evaluations and testing of VPN devices.
• Developed, designed, documented, and implemented Forescout CounterAct Network Access Control (NAC) solution for Confidential
• Designed, implemented, and evaluated Firewall Rules for Confidential
• Performed Evaluation of Network Access Control products.
• Upgraded and implemented Cisco ASA 5550 and 5580­20 Firewalls at Headquarter and regions.
• Analyzed network intrusion using nCircle, QRadar, SNORT, and SYSLOG.
• Configured and Monitored Bluecoat Proxy Servers, Finjan WEB Servers, Ironport Gateways
• Developed Network Access Control Project using Forescout CounterAct Device.
• Developed Procedures and documentation for Cisco ASA Firewall Changes
• Wrote security processes and procedures.
• Proficient in NIST 800­37 and NIST 800­53 tasks and subtasks for and Accreditation.
• Administered Blue Coat Proxy Servers and ensured compliance with US CERT.
• Administered and Supported SMTP Services and Ironport Email Gateways
• Administered and Supported Web Filtering with Finjan Content Engines
• Monitored Malware and Intrusion Detection using SNORT, SourceFire IDS, LogLogic, Blue Coat Proxy Servers.
• Analyzed SNORT Logs using QRadar for network correlations of malware and intrusion attacks.
• Installed and Tested Juniper Firewalls, Switches, and Routers to test the Juniper Network Access Control Devices.

Network Security EngineerMar

Confidential, Reston, VA

Responsibilities:

• Installed, configured, administered, and implemented Sidewinder G2 Firewalls version 6 and 7.
• Experience in Information Assurance compliance using NIST SP 800­37, and security legislation, standards and guidelines, FISMA, SSE­CMM, FIPS 199, NIST SP 800­53, ISO 15408, DoDD 8500, FEA, or DoDA
• Installed, configured, administered, and implemented Cisco PIX and ASA Firewalls­and used Linux based SYSLOGS
• Performed Evaluations of the VPN Products for TSA as well as Provided the development, integration, deployment, operations, maintenance planning support, and documentation for Firewalls and Network connectivity for users and groups
• Designed, implemented, and evaluated Firewall Rules and Worked with Tier 1 and 2 Engineers on Routers and Switches
• Worked with DHS Connectivity using BGP on Cisco Routers
• Designed and implemented Security Procedures for the Sidewinder G2 Firewalls And Developed Roles and Responsibilities for the Security Team and SDLC processes and procedures
• Developed Procedures and documentation for Cisco PIX Firewall Changes
• Used the Risk Management System (RMS) for and accreditation
• Wrote, edited and developed Site Security Plans (SSP), Requirement Traceability
• Engineered solution for application groups and security to ensure FIPS and TSA
• Used the Risk Management System (RMS) for and accreditation
• Worked with Cisco VPN Concentrators for User access to network.
• Worked with groups to allow access through the DMZ and internal network using Cisco ASA Firewalls, Cisco PIX Firewalls, and Sidewinder Firewalls.