We provide IT Staff Augmentation Services!

Principal Cyber Security Engineer Resume

SUMMARY

  • Cyber security practitioner with over 17 years of experience supporting both private and public sector clients.
  • Established experience architecting, designing, and integrating IT security measures and solutions into new and existing information system environments and technologies.
  • Established experience designing, managing, and securing a wide array of information system technologies and environments.
  • Experience serving in multiple cyber security roles (Security Engineer, Security Architect, Information System Security Officer, Information Assurance Manager, SME, Consultant).
  • Established experience assessing, auditing, and protecting information system environments and technologies.
  • Experience developing and supporting enterprise level cyber security programs for both private and public sector clients.

PROFESSIONAL EXPERIENCE

Confidential

Principal Cyber Security Engineer

Responsibilities:

  • Provide cyber security consulting and program support to the office of the Chief Information Security Officer (CISO)
  • Provide subject matter expertise (SME) to the Chief Information Security Officer (CISO), Agency system Owners (SO) and Information Systems Security Officers (ISSO) on the remediation of agency risks and vulnerabilities; and on the implementation of effective security controls and countermeasures.
  • Support the development of agency level information assurance programs and cyber security policy documentation (e.g. Cyber Security Program Plan (CSPP), Intrusion Detection System (IDS) Monitoring Plan).
  • Support information assurance and systems security needs and activities such as security risk assessments, IT security cost - benefit analysis, IT security control GAP analysis, configuration management, security test and evaluations (ST&E), vulnerability management, risk management, incident response management, Security Assessment & Authorization activity, etc.
  • Responsible for identifying security requirements, recommending and designing security solutions.
  • Coordinate with system owners and IT operations to ensure solution assurance and compliance to security policy, procedures, standards and baseline security configurations.
  • Coordinate with system owners and IT operations to remediate and resolve issues discovered during security scans, system assessments, system audits, and cyber breach investigations.
  • Perform technology planning, design, implementation and change support of IT Security infrastructure solutions.
  • Conduct on-demand scans, assessments, and audits to assess infrastructure security posture.
  • Active team member of NARA’s Continuous Diagnostic and Mitigation (CDM) program.
  • Senior member of NARA’s Computer Incident Response Team (CIRT). Tasked with detecting, containing, investigating, and preparing for computer and information security related incidents (data spills, information leaks, insider threats, outside threats, privilege abuses, etc). Fully involved in all the phases of the agency’s incident response and handling lifecycle.
  • Active participant of US-CERT’s weekly meetings to stay abreast of the latest vulnerabilities, cyber threats, threat actors, and indicators of compromise (IOC).

Confidential

Lead Cyber Security Consultant

Responsibilities:

  • Provided cyber security consulting and program support to the office of the NNSA Chief Information Officer (NNSA-CIO)
  • Provided SME Consultation to the Chief Information Security Officer (CISO) and Information Systems Security Manager (ISSM) on threats, vulnerabilities, risks, and countermeasures.
  • Supported and facilitated IA and engineering needs and activities such as security risk assessments, security test and evaluations (ST&E), system hardening, vulnerability testing, incident response activity, configuration management, disaster recovery activity, business continuity planning, information security policy development and enforcement, and security plan development
  • Vulnerability management (IAVA/IAVM) of customer information systems
  • Security Assessment & Authorization / POA&M management of cyber environment
  • Implemented appropriate technical controls, security features, safeguards, and countermeasures in order to maintain the confidentiality, availability and integrity of agency information systems
  • Developed enterprise-level policy documentation
  • Assisted with the development, implementation and enforcement of information system security plans, cyber security programs and organizational policies
  • Performed technical assessments and audits on classified and unclassified networks
  • Participated in the prevention, detection, and investigation of IT security related incidents (e.g. data spills, information leaks, insider threats and cyber attacks).
  • Performed remediation and mitigation activities after intrusions and data spills
  • Active participant in agency’s Cyber Incident Responder meetings and workgroups
  • I also lead a multi-contractor team of information assurance professionals that provided an array of information assurance and security management needs to the client.

Confidential

Lead Information Systems Security Engineer

Responsibilities:

  • As lead of a team of security engineers, we were responsible for the security design, development, and maintenance of client IT infrastructures.
  • Deployed, configured and administered appliance and software-based security products
  • Performed vulnerability assessments utilizing tools such as Gold Disk Platinum, WASSP, Retina, NESSUS and NMAP
  • Researched, evaluated, implemented and maintained insider threat detection solutions
  • Provided technical security guidance focused on the information security architecture
  • Performed hardening of workstations, servers, routers, network switches and software applications utilizing DISA STIGs, CIS benchmarks and NSA hardening guides.
  • Facilitated and managed vulnerability assessment activities conducted on assigned systems
  • Performed system administration and security engineering tasks.

Confidential

Senior Systems Security Engineer

Responsibilities:

  • Developed and maintained information system security awareness program
  • Conducted information system security oversight over assigned information systems
  • Developed C&A documentation such as System Security Plans, CONOPS, Certification Test Plans, vulnerability assessment reports, privileged user guides and other IA documentation
  • Developed the security design for IT architectures and implemented appropriate security features and safeguards for information systems as provided in government directives and community best practices
  • Monitored security audit and system logs for system and network anomalies
  • Deterred, identified, monitored and investigated computer system intrusions and data spills
  • Assisted in performing computer forensic and data recovery tasks
  • Performed system design, setup, and hardening of workstations, servers, routers, network switches and software applications
  • Performed system administration and security engineering activities on several operating system platforms

Confidential

Senior Systems Administrator / ISSO

Responsibilities:

  • Designed, built, secured, and managed several Active Directory network environments that included UNIX, Linux, and Windows operating systems. These environments also included Cisco devices, NIDS/HIDS systems, email servers, DNS servers, network attached storage devices, database servers, and site-to-site VPN devices.
  • Managed patch management servers (WSUS), firewalls (ISA, sidewinder), proxy servers (ISA) and anti-virus servers (Symantec)
  • Performed vulnerability assessment scanning utilizing vulnerability assessment scanners (Retina, MSBA, NESSUS, NMAP) to detect and assess vulnerabilities in operating systems, network devices, and applications
  • Deployed and configured a variety of hardware and software security products
  • Developed the security design for assigned information systems and implemented the appropriate security features and safeguards for these systems
  • Developed and implemented SSPs as part of the C&A process

Confidential

Systems / Network Administrator

Responsibilities:

  • Performed system and network administration on the site network.
  • Installed, configured and administered both Novell and Windows based servers.
  • Administered system backups and performed data recovery services.
  • Performed training for end users, and audited and monitored network events and resources.

Hire Now