SUMMARY

• Over 12 years of experience as a security professional, with a combination of risk management, information security, and IT consulting, to include the following: Information security role • IT leadership • Relevant experience in AWS Cloud Architecture, network firewall security, project management, with demonstrated achievements and progressive responsibilities

PROFESSIONAL EXPERIENCE

Confidential, Atlanta, GA

Cloud Network and Security Engineer

Responsibilities:

• Responsible for architecting, design and deployment comprising of build release management, software config, design, development of multi - tier and web applications scalable using best practices Amazon Web Services
• Maintain and create new, as needed, cloud compute instances, virtual, storage, database, and analytic warehousing cloud services as required in support of system infrastructures and application development
• Involved in the design and deployment of various applications utilizing AWS stack including EC2, EBS, VPC, Route53, S3, RDS, DynamoDB, Lambda, ELB, CloudFormation, CloudTrail, CloudWatch, Redshift and IAM
• Use of Infrastructure as Code toolkits (Ansible, Chef, Puppet, Terraform) to leverage continuous configuration automation to change, configure and automate infrastructure based on its programmatic approach
• Maintain the continuous delivery pipeline for enterprise software applications. CI/CD/Automation issues such as broken builds, failed test suites, and failed deployments, maintain documentation of all automation
• Knowledge of deployment and operations of containerized-based technology platform utilizing Docker ECS
• Created VPC’s, transit, public/ private subnets and distributed them as groups into various availability zones
• Manage users, groups and roles in IAM, least privilege priciples, security groups for in/out access to instances
• Created S3 buckets, with various life cycle policies to archive the infrequently accessed data to Glacier, EBS volumes for storing applications for EC2 instances when iSCSI mounted and snapshots to backup volumes to S3
• Strong knowledge and experience with networking required (subnet, routing protocols, ACL, Elastic IP, etc.)
• Created, configured Elastic Load Balancers/Auto Scaling to distribute traffic, be fault tolerant, highly available
• Configured DNS with lookup zones using Route53, configured DNS failover and monitored health checks
• Engineered hybrid data warehouse solution Splunk Enterprise AMI cloud service EC2 and Kinesis
• Lead engineering design metrics of CloudGuard IaaS Check Point Security Solutions R77.30 and R80.10 EC2
• Strong knowledge of Linux, Unix, Red Hat, Ubuntu, Windows, perform Unix and Linux scripting
• Working experience writing code and scripts utilizing programming languages BASH, Java and Python
• Exposure to Scaled Agile Framework and Agile best practices (JIRA Software Data Center enivronment)
• Technical acumen and customer-facing skills that will enable to effectively represent AWS within a customer’s environment, and drive discussions with senior leadership regarding incidents, trade-offs and risk management
• Some exposure to other cloud computing services such as Google Cloud Platform and Microsoft Azure
• On-premise Checkpoint R77.30 appliances, manage policies, global policies, security architecture via Provider-1
• Troubleshoot connectivity, debug processes, packet captures, fw monitor, tcpdump services that we manage
• Site to site VPN, IPSEC, IKE protocols, vSec for AWS/Google, Public/Private cloud, Multi Domain Management
• Configuration of Cluster XL technology and IP clustering for high availability and Cluster Control Protocol (CCP)
• Proactively monitor IDS events extracting pertinent security data from Splunk solutions, audit, logs, reports
• Manage MSSP team offshore SOC personnel, providing eye on the glass monitoring of malious threats via Splumk
• Advise client executive on their cloud strategy roadmap, improvements, alignment and further improvements
• ITIL Foundations processes and to influence stakeholders, CIO, service providers and architecture teams
• Standardized architecture for PCI/DSS, via Cloudformation templates that automate the deployment
• Life-long learner - always looking to stay up to date with attack vectors, vulnerabilities, remediation protections

Confidential - Alpharetta, GA

Sr Security Engineer

Responsibilities:

• Knowledge in planning, design, implementing, troubleshooting complex networks and advanced technologies
• Design, Installation and configuration of CheckPoint Provider environmen, engineered, deployed Check Point Next Generation Firewall, R75 - R77 GAIA, VSX, VPN and managed thru Provider-1 software blades
• Provides installation, configuration, and administration of firewall rule sets, network traffic flows in an enterprise environment, involving network application flows between multiple hosts and geographic cations
• Knowledge in IPSEC VPN design and protocols, IPSEC configuration, encryption and integrity protocols
• Advanced knowledge in Cisco ASA 5000 series and PIX installation, configuration and maintenance
• Knowledge in TCP/IP suite and routing protocols, such as OSPF, BGP, and EIGRP.
• ISE Threat Centric NAC with Sourcefire and Cisco Advanced Malware Protection (AMP) administration
• Integration with monitoring and configuration management tools, such as Solarwinds, eHealth and Splunk
• Assisted with the upkeep of network infrastructure including switches and load balancers F5 LTM
• Wired/Wireless, guest, profiling content aware policies, authenication/authorization policies, posture assessment, supplicant configuration, BYOD on-boarding and registration and deployment phases
• Security risk analysis, attack mitigation and penetration tests via Nessus,
• Use of Remedy/ServiceNow change management system to closure

Confidential - Stamford, CT

VP Global Security Operations

Responsibilities:

• Develop, implement and monitor strategic, comprehensive information security risk management program to ensure the integrity, confidentiality, availability of information owned, controlled or processed by organization
• Engineering Checkpoint software blades running on GAIA R77.10, and manage Juniper SRX firewall series
• Tufin Secure Track for policy change management, policy analysis, auditing and compliance, and reporting
• Knowledge and experience with applying HFAs on Checkpoint software blades and product
• Checkpoint IPS protections to identify and or prevent and mitigate malicious activity
• VPN troubleshooting, debug, tunnel management configuration and VPN encryption issues
• Conduct continuous monitoring and analysis of security threat information via ArcSight ESM content
• Participates in Blue Team Incident Response team, coordinate with Cyber Security Incident Responder
• Knowledge of Sarbanes-Oxley Act (SOX) and Payment Card Industry/Data Security Standard (PCI/DSS)

Confidential

Engineer ArcSight

Responsibilities:

• Design, implementation and deployment of ArcSight Professional Services, solutions, architecture and upgrades
• Installation, integration of Smart connectors, Databases, Manager, Console, Logger, Connector appliances
• Develop and direct the development of content for a complex and growing ArcSight infrastructure, including Use Cases, Dashboards, Active Channels/Lists, Reports, Rules, Filters, Trendscin support SIEM initiatives
• Life-cycle management of ArcSight platforms to include coordination, planning of new eployments and upgrades

Confidential - Dunwoody, GA

Network Security Sr. Advisor

Responsibilities:

• Confidential Technology Group implementation and administration of Checkpoint FW-1 NGX R60 - R75, Provider-1, IPSO, Crossbeam
• Juniper Network SRX services gateways, Netscreen SSG/ISG/NSM and Cisco PIX/ASA VPN
• Deployed, implemented and supported Palo Alto and Sourcefire IPS
• Troubleshoot issues with NAT, TCP/IP,, EIGRP, static routing and BGP, OSPF proxy ARP
• Performed firewall rule modification, reviewed network traffic flows to filter required firewall rules to lock down application, and troubleshoot firewall problems over the enterprise environment
• Strong knowledge of Linux, Unix, Windows, performs Unix and Perl scripting
• Perform vulnerability and threat assessments using Nessus
• Provides systems and network diagram documentation using Visio

Confidential - Omaha, NE

Security Engineer Analyst

Responsibilities:

• Primary responsibility consists of implementation, administration, troubleshooting, Nokia IPSO 4.2 devices running Checkpoint NGX R65 instances, HA configuration, Checkpoint Provider-1 management environment
• Comprehensive experience with site-to-site, client-to-site VPN encompassing IPSEC, IKE protocols
• Administration, configuration of Juniper SSL/Network Connect VPN and Cisco PIX/ASA VPN
• Enterprise web security protection with Blue Coat ProxySG integration, control and acceleration
• Knowledge of TCP/IP, OSI layers, network protocol analysis, packet captures using tcpdump and fw monitor
• TCP/IP network connectivity, utilizing troubleshooting commands tracert, netstat, traceroute, ping, nslookup