Objective and Skills

Senior Security Engineer with over 9 years of experience, looking for a challenging and rewarding experience to further technical skills and be apart of a company on the cutting edge of the Information Security and Technology field.

Experience

Confidential

• Performed vulnerability assessments, network and web penetration tests, and full scope red team engagements for various commercial and government customers. Maintained all aspects of customer relationship from creating scopes, leading engagement kick-off meetings to final report delivery. Performed physical engagements that included tailgating, custom badge making, lock picking and other aspects of bypassing physical security controls. Conducted social engineering engagements for multiple customers that consisted of creating custom websites and engagement scripts to be used for email, phone, and USB assessments. Created custom tools for internal and engagement usage to help automate and increase productivity during assessments. Led training classes on penetration testing and security fundamentals for junior engineers and summer interns. Provided insight on updating and mainstreaming assessment procedures and methodologies. Updated core service offerings and created brochures and questionnaires for potential customers.
• Confidential Lead vulnerability assessment and penetration testing activities, including overseeing the establishing, maintaining, and coordinating testing schedules for government customer. Performed discovery activities, attack planning, test execution, and detailed reporting on test scenarios, findings, and recommendations. Conduct penetration-testing activities using closed and open source tools. Write or modify exploits and binaries using well-known reverse engineering software. Modified exploits in order to bypass Anti-Virus and other Operating System protections e.g. ASLR, DEP and SEH . Perform research activities in order to stay on top of any 0-days or other threats that may affect the government customer's security posture. Mentor junior staff by providing periodic training and oversight during assessments. Regularly briefed internal staff and other government agencies on threats and new techniques, tools and procedures on a monthly basis. Confidential
• Involved with all commercial services offered by Securicon, including social engineering activities, physical posture assessments, and network penetration testing. Conducted application assessments and transactional application penetration testing for various government and private sector customers. Preformed war dial and VoIP assessments using various applications included in the VAST Assessment framework, Phone-sweep and other PBX/VoIP assessment tools. Conducted wireless protocol assessment, manual and automated web application testing. Performed NERC CIP Compliance audits for various utility customers.

Confidential

• Conducted testing of Internet facing applications, as well as applications containing PII. Led and participated in many assessments of in-house applications and servers, as well as commercial solutions that produced critical findings such as cross-site scripting XSS , SQL Injection, session hijacking, and privilege escalation. Performed physical infrastructure assessments involving lock picking and other situational tests approved by the FDIC CIO. Performed monthly wireless war-walks to identify unauthorized wireless access devices. Actively participated in various decision-making discussions amongst the vulnerability assessment team, and with the client. Updated processes based on the latest technological developments, industry best practices, and feedback from the client. Developed requirements based on proposed architecture, and determined the logistics and feasibility for continuity coordinated with the client, the operations team, and various vendors. Configured Tenable Nessus scanner s for regional desktop/server scanning purposes. Additionally, created a QA environment in the lab by utilizing older technologies to test various exploits and provide proof of concept verification for the FDIC CIO and system owners. Supported colleagues in the ST E team in various tests by providing technical security assessments for major and minor applications. Conducted and analyzed vulnerability scans, as well as host/service discovery scans. Played a crucial role in the vulnerability management effort, improving processes from data collection to vulnerability review.

Confidential

• Performed LOG/US CERT searches to help with historical analysis and customer inquiries. Maintained and monitored multiple IDS/IPS systems for over 200 co- and fully Managed Security Services MSS customers. Performed baseline and tuning for new customers IDS/IPS policies as well as Tier III duties as needed or requested by management for MSS clients.

Confidential

• Served as the designated point of contact for inbound IDS alerts from Office of the Secretary of Transportation. Investigated and researched reported intrusions and provided courses of action to the ISSO for remediation or eradication. Coordinated with field administrators on security problems for various software updates. Maintained FoundScan and Retina device configurations based on security best practices and recommendations in conjunction with the FMCSA security team. Verified false positives and correlating information in Retina Enterprise Management console and suggest course of action to the ISSO on remediation and security controls to minimize the risk of exploitation.
• Operated the FMCSA E-Trust IDS/IPS solution and performed signature refinement based on environment, security best practices, and recommendations from the FMCSA security team. Researched new security technologies and provided information and recommendations on their potential value to the environment. Conducted research focused on finding solutions to minimize the security risk within the environment. Assisted with analyzing Watchfire AppScan reports and verifying vulnerabilities to eliminate the chance of false positive reporting. Suggested remediation options on security controls and high-risk vulnerabilities found in Watchfire. Other duties included maintaining C A packages for the field and other FMCSA service centers, and performing security posture assessments.