Top 50 Security Engineer Skills

high Demand

• Developed all documentation relating to design & implementation of network infrastructure in both technical & user-friendly formats.
• Supported team developing infrastructure, cost and schedule estimates for data operations center.
• Worked on installation, configuration, and administration and troubleshooting of LAN/WAN infrastructure.
• Collaborated with other systems architects to design and develop infrastructure solutions.
• Conduct Penetration tests for internal products and infrastructure.

• Engineer state of FL MyFloridaNet security infrastructure.
• Designed and maintained global security infrastructure utilizing Cisco Firewall, MPLS technology and Intrusion Prevention Systems (IPS).
• Investigate and resolve any security issues found in the infrastructure according to the security standards and procedures.
• Conducted white, gray, and black box penetration tests on internal and external infrastructure.
• Provided training on Public Key Infrastructure (PKI) to the administrative security team members.

• Created and supported processes for global security compliance as it related to server infrastructure.
• Partnered with IT-Operations to implement a patch management process for all devices in infrastructure.
• Revamp 50+ enterprise AWS infrastructure implementations with CIS Benchmark security requirements leveraging Evident.io cloud security configuration monitoring and compliance tool.
• Managed Vmware infrastructures for testing and technology demonstrations.
• Created and supported operational processes for Configuration management and Infrastructure Maintenance processes for Wintel, UNIX, Network, and Mainframe.

• Assisted in design and configuration of SNMP monitoring infrastructure using HP Openview and Cisco Secure.
• Led the implementation of a Public Key Infrastructure (PKI) Laboratory at Electrosoft.
• Monitor, Analyse and respond to security incidents in the infrastructure.
• Migrated Firewall infrastructure from Check Point R65 to Netscreen ISG2000.
• Monitor ongoing operations and IT service infrastructure performance with applications set to anticipate IT service problems.

Show More

high Demand

• Install and configuration & maintained Windows XP - Vista Business Microsoft Windows server 2003, 2008 and 2012server, Exchange Server.

Show More

high Demand

• Company provides creative business and information technology solutions for a large and diverse clientele.
• Assisted with developing and maintaining the System Security Plan for major Information Technology systems.
• Worked in the United States Army Medical Information Technology Center (USAMITIC) in a tier 3 escalations Security Center.
• Coordinated approvals for laptop SSAA and Personal Information Technology Device User Statement (e.g., for Palm Pilots).
• Maintain rule set for Cisco firewall devices and provide support to other departments in Information Technology.

• Supported Center for Information Technology helpdesk and provided tier III technical assistance.

Show More

high Demand

• Installed and configured network printers.

Show More

high Demand

• Provide a secure, and password protected environment using Cisco VPN and RSA tokens for authentication of remote users.
• Supported the Build out of VPN and Remote access solutions for Site to Site/3rd Party connectivity.
• Planned, designed and implemented IPSEC VPN's to strategic partners and as MPLS backup.
• Provided service to vendors setting up their VPN access and provided excellent customer service.
• Worked on PIX Cisco firewall, configured and connected all corporate branches via VPN.

• Configure Solar Winds access for external customer portal via SSL-VPN and PAT.
• Focused on bandwidth control, redundancy, encryption and VPN's.
• Work with business Partners Utilizing Cisco SSL_VPN access, and telnet.
• Build SSL-VPN at all sites for secure communication to internal network.
• Performed Virtual Private Network (VPN) installation and configuration.

• Process remote access requests to access our VPN.
• Redesigned firewall architecture and client VPN access.
• Provided comprehensive presale product features and product benefit demonstrations of BMC PATROL and Check Point Firewall-1/VPN-1 software to key decision makers.
• Secured network, reissued new userID's and passwords, installed new VPN solution implementing 802.1x and EAP-Fast.
• Configure, maintain, and troubleshoot remote access via SSL VPN and site-to-site VPNs.

• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
• Configured Client VPN technologies including Cisco VPN client using IPsec.
• Maintained the companies VPN devices and connections (Site to Site, IPSEC, Clientless SSL.).
• Configured Cisco VPN 3060 concentrator enabling approximately 500 users.
• Performed management of client Checkpoint FWs/VPNs from a Security Operations Center (for MSSP).

Show More

high Demand

• Demonstrated advanced level experience authoring and modifying IDS/IPS/WIDS signatures and configurations.
• Developed and implemented IDS standards on Intrusion Detection Sensors, including remote management and monitoring of more than 15 IDS sensors.
• Researched and made recommendations for software solutions for host based firewalls, IDS/IPS, anti-virus.
• Assist with management and operations of state dedicated IDS systems (PA-5060).
• Monitor and analyze signature-based IDS alerts and associated packet (PCAP) data.

• Performed authoring and modifications of IDS, IPS &WIDS signatures and configurations.
• Configured, installed, and maintained 20+ Linux based IDS and database systems.
• Maintained and monitored host and network based Intrusion Detection/Prevention Systems (IDS/IPS).
• Filter IDS traffic according to baseline of normal traffic provided by customer.
• Monitor IDS and firewall for attacks through Site Protector Console.

• Have oversight on IDS/IPS and other threat management software.
• Manage, Maintain and Troubleshoot IDS issues e.g.
• Manage and administer IDS Alerts.
• Manage endpoint AV, firewall, IDS/IPS, App Control, SONAR and Insight policy and controls.
• Monitor firewall, NIDS and HIDS logs though the use of a SEM tool (ArcSight).

• Tracked the activity of many worms by using the ArcSight, ISS NIDS and ISS HIDS.
• Virtualized Untangle firewall/VPN/IDS system for cloud based operating system.
• Monitored and help develop policy for the IDS (Tippingpoint) and Proxies.
• Installed and configured multiple IBM Proventia GX4002 IDS devices for intrusion prevention.
• Support of Active Directory, TACACS, Checkpoint, McAfee IDS/IPS, McAfee SIEM, Radware, Arbor.

Show More

high Demand

• Performed Certification for FIPS 199 High, Medium and Low watermark sensitivity level categorization information and information systems.
• Participated in weekly stakeholder's conference calls to discuss resource allocation, and deliverable milestones.
• Participate in review and improving company Security Certification program for high risk applications.
• Created VA security risk analysis documentation for IPv6 implementation.
• Administered application security access for employees on multiple platforms.

• Reviewed current NIST documentation 800 series and verify the security requirements and its effects if any for the implementation of IPv6.
• Developed and enhanced the company s information security program in accordance with NIST 800-53 and NERC CIP requirements and guidelines.
• Provide insight into the selection, implementation, and maintenance of security equipment and software.
• Reviewed NIST special publications 800 series for system/information requirements and 500 series system profile IPv6.
• Attended various work groups meetings that are part of the initiative for the IPv6 requirements.

• Inspected equipment, structures and materials to identify the cause of errors and defects.
• Used LSMW Scripts for Mass template role creation and SQVI for reports.
• Modify, test, and implement custom HIPS rules and establishes exclusions.
• Possess basic understanding of OSI and TCP/IP security protocols and standards.
• Develop automation scripts to handle and track incidents.

• Enable signature updates on all IPS modules.
• Performed report writing at the request of the DOIM's beyond the DIP.
• Developed security training program for American Embassy in Djibouti * Recipient of 5 Service Medals
• Reviewed network architecture and restructured networks to be compliant with ISA99, NERC CIP, and CFATS standards and regulations.
• Used John the Ripper, RainbowCrack, Hydra, Ophcrack for Password cracking tests.

Show More

high Demand

• Implemented the Data Center Disaster Recover documentation Secured and applied patches on UNIX/Windows servers.
• Analyze various systems and architecture for proper Disaster Recovery and Fail Over configurations.
• Participated in Disaster Recovery exercises for mainframe systems.
• Configured and tested Network Disaster Recovery for client.
• Created new disaster recovery/Business continuity plan.

• Develop Loop back driver to enable/disable users, assign resources on a set of preconditions, when the user is created.
• Implemented Tenable Log Correlation Engine into the DISA ACAS solution to provide event monitoring capabilities for JSP-Mark Center.
• Completed 9 sites which have resulted in successful assessments and site connectivity to the DISA voice networks.
• Work with clients to solve malicious network attacks, data breeches, and post-hack disaster recovery.
• Participated in Six (6) disaster simulations increasing start-up time to over 85%.

• PROFILE: SECURITY-DISASTER RECOVERY ENGINEER- This included heavy LAN/WAN experience, extensive Project Management experience.
• Submit connection approval recommendations in accordance with DISA SCAO policy, policies and directives.
• Experience capturing agency wide GroupLocal Policies recommendations by Microsoft, DISA, and NIST.
• Support a 24 x 7 disaster recovery service at the customer site.
• Configured IPSLA monitor to track different IP route when disaster occurs.

• Provide support during large scale outages and disaster recovery efforts.
• Author of DR manuals, set-up on-site Disaster room.
• Owned Disaster Recovery Plan for NNS/IP security team.
• Applied STIGs to HBSS environment during preparation for DISA and NSA security audits.
• Conduct validation testing using eEye Retina, Wireshark, DISA STIGS, SRR and DISA GOLD Disk.

Show More

high Demand

• Audited and analyzed Checkpoint and Juniper firewall rules and logs for unauthorized and abnormal traffic.
• Enforced/Configured security policies within checkpoint Smart-Dash-Board: Configured DLP, URL filtering.
• Managed Checkpoint management server for a complex Provider-1 Firewall environment.
• Install, configure, and create Firewall rules for small business, Checkpoint firewall.
• Assess risk based on internal policy and procedure to Cisco ASA and Checkpoint firewalls.

• Implemented firewall rules requested by the business in Checkpoint R75 and Juniper SRX firewalls.
• Upgrade of Checkpoint Gateways and Cisco ASA's in Cluster with Minimal downtime.
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution.
• Configured site-to-site VPN and added rules in encryption domain on checkpoint.
• Worked on Checkpoint Firewall policy provisioning and Checkpoint VSX firewall.

• Implement Checkpoint firewall using VPN, VSX technology.
• Designed and developed integrated security system solutions including Cisco and Checkpoint firewalls for the EDS Check Processing Service environment.
• Worked on checkpoint UTM1, VPN1 and activating blade licenses to be used as Intrusion prevention and antivirus appliance.
• Tested Palo Alto PA 3020 and PA 500 application firewalls as well as CheckPoint application firewall solutions.
• Installed hardware and software, including network configuration for Checkpoint and Palo Alto firewalls.

• Worked with Checkpoint FW1 NG, PIX, and Netscreen firewalls.
• Supported IT Risk Management Operations managing perimeter security (Checkpoint firewalls and BigIP.
• Designed site-to-site and client-to-site VPNs utilizing CheckPoint NGAI / NGX / VPN-1, IPSec compliant routers to include Cisco PIX.
• Implemented the stateful & serial failover for PIX/ASA firewalls, Checkpoint Clustering and load balancing features.
• Migrated with a team from a predominantly Checkpoint environment to a Palo Alto global solution.

Show More

average Demand

• Provided vulnerability assessment of the Linux production network systems utilizing QualysGuard.
• Developed strategy to perform automated testing on Linux systems.
• Created and managed user accounts, security, rights, disk space and process monitoring in Red hat Linux.
• Conducted analysis using Kali Linux environment and effectively neutralized DOS, DDOS, XSS and SQL Injection Attacks.
• Initial SRR scan certification of all new Unix/Linux hosts in the LMP and DTCI hosting sites.

• Scanned and created remediation plans for Windows, Linux, and Network devices across the agency.
• Installed upgrades, kernel patches, systems configuration, performance tuning on Unix/Linux systems.
• Network administration and support of Windows, Linux and UNIX base servers.
• Compiled and installed applications both manually for source and using Linux binaries.
• Run port scanning on all systems with Linux based scanner.

• Installed Linux and Windows servers as needed.
• Created user accounts on Linux machines.
• Administered Linux servers of various flavors: RedHat, OpensSuse, Solaris 11, Ubuntu, Fedora, Backtrack Linux.
• Provided administration and lead engineering support for Red Hat Enterprise Linux as well Red Hat Enterprise Virtualization.
• Deploy Tripwire agents on Cisco, Linux, Solaris and Windows devices.

• Migrate users from UNIX (AIX, Solaris, and HP-UX) to Linux (Red Hat).
• Researched resolution and compensating controls for vulnerabilities within iSeries, Windows, Solaris and Linux platforms.
• Handled tasks in Red Hat Linux includes upgrading RPMS using YUM, kernel, Multi pathing and LVM file system.
• Install ePolicy Orchestrator and deploy enterprise-wide Antivirus solution and Host Intrusion Protection system products to Windows and Linux servers.
• Implemented and installed Rapid 7 Metasploit Pro on a Centos 5.9 Linux server to assist and validating vulnerabilities.

Show More

average Demand

• Investigate intrusion incidents, conduct forensic investigations and mount incident responses.
• Authored, implemented and oversaw an enterprise-level incident response plan.
• Assist with security incident response and investigations as necessary.
• Function as technical expert during a security incident response.
• Participated in incident response and recommended corrective actions.

• Developed the NSOF IT Security Incident Response Plan and Policy and supported training NSOF staff.
• Conduct training to the AFS Service Desk of incident response processes and procedures.
• Worked as a member of Security Operations Center and Incident Response team.
• Managed incident response team and performed network forensics using MSSP platform.
• Developed a Computer Security Incident Response Team (CSIRT).

• Conducted auditing, penetration testing, and incident response.
• Develop incident response plans, processes, and procedures.
• Provide ad hoc technical training to computer security incident response analysts.
• Process and Control recommendations Incident response team member
• Provide incident response for security issues (mostly DDoS) reported to the MFN NOC by the state of FL.

• Reviewed and evaluated the new US-CERTguidelines with current NASA Security Incident Response Management Work Instruction and NIST SP800-61 rv2 guidance.
• Conducted malware forensics for Boeing Commercial Airline (BCA) Network Security Incident Response Team (IRT).
• Provide computer emergency response and log finings in the incident response database.
• Created Incident Response Plan for Malware relating to assembly line devices.
• Provided Qradar training to Security Operation and Incident Response Team.

Show More

average Demand

• Acted as an impartial representative for the DAA to conduct legacy systems security assessments to identify associated vulnerabilities and residual risks.
• Provided oversight and direction for security assessments, incident handling and response, and implementing enterprise anti-virus and two-factor authentication solutions.
• Participated in Computer Security Engineering Team, conducting computer security assessments of Air Force bases.
• Performed hands-on investigations and forensic analysis, as well as security assessments.
• Performed security assessments against new applications and systems to detect security vulnerabilities.

• Performed security assessments for multiple web applications and web services.
• Improved security posture by conducting & documenting information security assessments.
• Perform vulnerability testing, risk analyses and security assessments.
• Performed security assessments of internal applications and projects.
• Conduct security assessments of strategic operating units.

• Reviewed and evaluated 3rd party security assessments.
• Perform Mobile application security assessments.
• Performed various types of audits: User ID access/activity, web activity, firewall logs, system access and security assessments.
• Implemented Security assessments (using ISO 17799 2700x) of 3rd party partners to address risks for Corporate data and network.
• Performed security assessments to ensure compliance to firm's security standards (i.e., OWASP Top 10, SANS25).

• Participate in annual cyber security assessments for the regulated sites.
• Perform Physical and Cyber Security assessments of Data Centers.
• Completed regular blackbox security assessments and penetration tests of Red 5's Chinese stack, revealing multiple critical vulnerabilities.
• Performed computer security assessments at various Air Force bases and other DOD sites upon request.
• Perform security assessments of systems and applications utilizing Web Inspect, AppScan, Qualys and nmap.

Show More

average Demand

• Learned detailed functional knowledge of DoD and/or DISA network security requirements, Information Assurance procedures and/or guidelines ensuring IAVA compliance.
• Analyzed general information assurance-related technical problems and provide basic engineering and technical support in solving these problems.
• Promoted to IA/CND to advise military customer on information security regulatory requirements and train information assurance personnel.
• Assisted in the development and implementation of policies and procedures relating to information assurance and network security.
• Implemented digital signature capabilities onto National Geospatial-Intelligence Agencies' Software Assurance Forms.

• Provided internal feedback for updating CC evaluation assurance documentation.
• Qualified as a quality assurance inspector.
• Execute all aspects of Information Assurance Support including Certification and Accreditation of federal information systems in accordance with OMB and FISMA.
• Manage and track all Remedy tickets within DHS HQ Information Assurance ticket queue via Excel workbook, which I created.
• Apply information security and information assurance policies, principles, and practices in the delivery of all IT services provided.

• Manage the Information Assurance Vulnerability Management (IAVM) program for Infrastructure & Operations (I&O).
• Developed test plans and test cases for manually testing software applications required in the CC independent testing assurance requirement.
• Provide Information Assurance (IA) expertise to a DARPA information management solution.
• Review changes to USCG Firewall in order to identify any Information Assurance concerns.
• Provide direct support to the DARPA Information Assurance Manager (IAM).

• Led Joint Tactical Edge Network Information Assurance (IA) Working Group.
• Act as Remedy Change Manager for DHS HQ Information Assurance team.
• Focused on issues related to software security and assurance..
• Provided Information Assurance support for the ITCC contract at USSTRATCOM.
• Author several Standard Operating Procedures (SOPs) for multiple DHS HQ Information Assurance procedures.

Show More

average Demand

• Performed risk assessments, threat assessments, intrusion detection, vulnerability/risk validation, and secure application development- revised network architecture.
• Developed, tested and operated firewalls, intrusion detection systems, enterprise anti-virus systems and software deployment tools.
• Install and maintain intrusion detection devices such as microwave/passive infrared motion detectors and door contacts.
• Monitored security audit and intrusion detection system logs for system and network anomalies.
• Experience with Intrusion Detection/Intrusion Prevention System/ Wireless Intrusion Detection monitoring and analysis.

• Experienced in managing firewalls, anti-virus and intrusion detection systems.
• Updated security issues, attack methodology and intrusion detection practices.
• Configure and install firewalls and intrusion detection systems.
• Configured and managed Network Intrusion Detection Systems.
• Planned and implemented various security projects including (Intrusion Detection Systems deployment, network monitoring, and network architecture).

• Deploy, tune, and maintain Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS).
• Update McAfee and Fire Eye Agents on end user nodes intrusion detection system.
• Deployed intrusion detection, installed and configured McAfee and Tumbleweed IDS products.
• Managed and monitored enterprise scale intrusion detection systems (IDS).
• Be proactive on any down or Intrusion Detection issues found.

• Respond and mitigate intrusion from Fire Eye Intrusion Detection System.
• Configured firewalls, and tuned ISS intrusion detection systems.
• Evaluate all new Information Technology projects for security compliance Monitor and review Intrusion Detection Systems (ISS) and Firewall logs.
• Executed and analyzed reports on existing packet capture data utilizing Intrusion Detection Device with a focus on the timeline of intrusion.
• Install, configure and monitor RealSecure Intrusion Detection System software and provide security reviews for Windows and Solaris networks.

Show More

average Demand

• Configured, installed and maintained McAfee endpoint security on management and policy servers.
• Managed and configured all McAfee endpoint products in a way to maintain a balance between security and functionality on production networks.
• Reduced the number of malicious websites by 30% through categorization and reviewing the daily log files on the McAfee gateways.
• Supported infrastructure for McAfee endpoint protection services and worked with Network/ Firewall team at the time of incidents.
• Upgraded Drive Encryption, VirusScan Enterprise, Data Loss Prevention and McAfee Agent to versions that support migration.

• Monitored and maintained McAfee\Intel Secure Server (HBSS) modules to include DLP and HIPS tools.
• Implemented McAfee DLP DCM to control and restrict the use of removable media on classified systems.
• Helped to build McAfee agents for desktops and upgrade to the latest version.
• Implemented McAfee Move to reduce performance overhead on Virtual Workstations and Servers.
• Worked with customers and vendor McAfee on the key initiatives.

• Manage the SQL 2005/2008 Databases for McAfee Vulnerability Manager.
• Managed Tumbleweed products for inbound and outbound email protection which provided identity validation secure file transport and antivirus using McAfee updates.
• Assisted other Security team members in the installation and testing of McAfee Security products on Solaris and Red Hat Linux.
• Managed the company's web content filtering servers (Smartfilter, later upgraded to McAfee Web Gateway).
• Performed software installations and upgrades to operating system and McAfee Foundstone Scanning software.

• Conduct a McAfee foundstone Vulnerability scans and assessments.
• Deploy HBSS products via McAfee ePO and SCCM.
• Investigate Alerts generated by McAfee ePO Orchestrator, and coordinate resolution of confirmed incidents with the appropriate team(s).
• Configure, Support, update and install McAfee IPS and DLP systems, Firemon, Cisco ASA and Fortigate Firewalls.
• Maintain and utilize McAfee Host Based Security Suite/ePolicy Orchestrator for USCYBERCOM FRAGO 13 and CTO-133 compliancy.

Show More

average Demand

• Conducted research, mitigation, and coordination of actions designed to reduce information security risk across internet facing presence.
• Monitor network and systems vulnerability using ISS Internet Scanner and System Scanner for security assessment and compliance.
• Developed and maintained F5 application security policies to protect Internet facing applications from common web application attacks.
• Performed authentication and validation of network access and corporate security for Internet access.
• Created new network topology of the Internet security environment.

• Implemented and maintained security controls for the Company's internet sites, application services and WAN connections.
• Analyzed and executed customer requests related to e-mail, network, application, and internet security.
• Design and manage global BlueCoat ProxySG and ProxyAV servers to control and protect user Internet access.
• Configured Internet Domain Name Service (DNS), mail servers, and web servers.
• Integrated and installed internet firewalls on UNIX and Windows NT platforms throughout the United States.

• Conducted penetration testing of several Treasury networks for phone and Internet based attacks.
• Implemented Black box pen testing on internet and intranet facing applications.
• Created, Tested, and distributed Internet security keys.
• Designed the Internet edge DMZ, VPN and UTM platform.
• Performed host forensics examinations to investigate system compromises Analyzed Internet Telephony/VOIP protocols for security vulnerabilities

• Initiated project to manage Jumpstart installation, configuration, and maintenance of a new infrastructure to replace existing Internet proxy servers.
• Experience with using F5 Load balancer in providing worldwide data and file sharing, continuous internet connectivity, optimized web performance.
• Managed production Load Balancer product lines to optimize delivery of applications over the Internet and private networks.
• Worked with different internet and telco providers to investigate and resolved different tickets and issues.
• Implemented Site-to-Site VPNs over the Internet utilizing 3DES, AES/AES-256 with ASA firewalls.

Show More

average Demand

• Created user accounts, modified and deleted according to the environment using user administration in Active Directory.
• Provided support for Active Directory maintenance.
• Design and implement the Active Directory forest architecture to synchronize with multiple clients AD domains and provide managed services to clients.
• Review and validate the privileged users and groups at Active Directory, Databases and application on a periodic basis.
• Analyzed and made changes to Active Directory Group policy for regulatory compliance and maintain best practices.

• Develop Active Directory driver (NetIQ Identity Management) to synchronize users and groups.
• Managed account creation and deletion in Active Directory as well as employee status changes.
• Manage and configuring active directory (user, group, service and protocols).
• Manage Active Directory (Windows 2003, Windows 2008 and Windows 2012 Domains).
• Integrated Active Directory to the Vault Server to discover devices using bind account.

• Developed organizational units in Active Directory (AD) and managed group policies.
• Install, configure for Windows Active Directory (client information).
• Managed all Active directory groups relating to E-mail retention.
• Created users account in Microsoft Active Directory.
• Participated in Active Directory Federation Services deployment to support Successfactor application deployment.

• Respond to IP address routing changes, and escalation device and user authentication for users in Active directory or Eracent.
• Involved in maintaining and updating Active directory, GPOs, Global Groups and Resultant Set of Policy for authentication.
• Experience in VMware, Microsoft Active Directory, Puppet, security settings, group policies.
• Worked with both Active Directory and Novell Directory Services managing users, groups and policies.
• Managed several end points to active directory using ITIM provisoning policies.

Show More

average Demand

• Configured Cisco 7204 routers which were also connected to Cisco ASA 5540 security appliances providing perimeter based firewall security.
• Designed, configured, and deployed 18+ Cisco ASA firewalls providing IPSEC/SSL WebVPN access for viewing corporate camera systems.
• Upgraded 200+ WAN/LAN/MAN Cisco PIX/ASA firewalls, with and without IPSEC VPN tunneling, under strict time constraints.
• Configured and maintained ASA firewall systems (Firewall Administration, Rule Analysis, Rule Modification).
• Performed change control modifications on Cisco ASA, McAfee Sidewinders, and McAfee web washers.

• Worked on the migration project of Converting old PIX firewalls into new ASA firewalls.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500.
• Maintain security patches on appliances such as Cisco ASA 5510, 5512.
• Configure Cisco IPS modules on all Cisco ASA firewalls.
• Provided support for NASA GSFC Security Incidents Response Team.

• Administered and setup Cisco ASA firewalls at multiple sites.
• Manage and administer Cisco IPS ASA-SSM-20.
• Installed and configured Cisco ASA firewalls.
• Experience in configuring various ASA models such as Cisco ASA 5510, ASA 5520, and ASA 5540.
• Upgrade Cisco ASA IOS from 8.4 to 9.1(2)5.

• Build Check Point Security Gateways, Pala Alto Gateways and Cisco ASA Firewalls from Ground.
• Installed, configured and managed VPN appliances, including Cisco VPN Concentrators and Cisco ASA.
• Help in migration from Cisco ASA to Paloalto firewall.
• Registered servers to Pentasafe (NetIQ) Manager.
• Managed 50+ Cisco ASA firewalls, managing the ACLs and NATs on the devices.

Show More

average Demand

• Provide direction and support for maintaining perimeter security with periodic penetration testing utilizing Nessus and GFI LAN Scanner.
• Perform and/or coordinate regular security scans and assessments of existing or new infrastructure utilizing Nessus vulnerability scanner.
• Performed web application vulnerability scans and Pen testing utilizing SNORT, Nessus, client/configuration.
• Performed vulnerability assessment and penetration testing using open source tools such as Nessus.
• Manage and administer Tenable Security Center and Nessus for Vulnerability scans.

• Performed vulnerability testing using tools such as Nessus and QualysGuard.
• Run Nessus vulnerability scans and configure policies and configurations.
• Installed and configured Nessus vulnerability scanner.
• Scan systems using AppScan and Nessus to identify vulnerabilities and ensure remediation has taken place on unacceptable risk.
• Leveraged OpenSCAP and Nessus Security Scanner as an additional level of confirmation that benchmarks have been met.

• Performed vulnerability scans & assessments for the Security via ISS and Nessus.
• Performed OS hardening for baselines and applications using Nessus scanning software.
• Provide day-to-day management/maintenance of ArcSight devices Performed Nessus Vulnerability scanning/reported findings
• Used Qualys Guard and Nessus modules to assess the entire enterprise network for vulnerabilities including Web Applications.
• Skilled using Burp suite, Nmap, Nessus for web application penetration tests and infrastructure testing.

• Implemented, configured and managed multiple vulnerability assessment tools such as Nexpose, Nessus.
• Utilize Nessus, Burp to scan, identify and remediate existing vulnerabilities.
• Network scanning using tools like NMap and Nessus.
• Performed vulnerability scanning penetration testing and analysis using ISS, Snort, Nessus, Nmap, Wireshark, Lumeta and others.
• Engineer the Tenable Nessus scanning platform (Nessus Security Center, Nessus Scanner, Nessus Log Correlation Engine).

Show More

average Demand

• Change Management to highly sensitive Computer Security Controls to ensure appropriate system administrative actions, investigate and report on noted irregularities.
• Studied and analyzed client requirement to provide solutions for network design, configuration, administration and security.
• Gathered internal and external documentation as required by NIST for federal government enterprise security architecture.
• Plan security, operating systems, server application support, network systems administration, and customer support for the military.
• Enforced Password Cracking tests over the administrator and user accounts to evaluate the strength of passwords used.

• Developed test requirements and assertions for NIST Trust Validation Tool (TVT).
• Involved in Firewall Administration, Rule Analysis, and Rule Modification.
• Enable TAC-ACS on all devices and maintain Cisco ACS server administration.
• Performed BGP, OSPF and EIGRP routing protocol administration.
• Plan and implement service updates and Patch Administration.

• Blackberry BES 10 full administration and patching.
• Manage and administer Entrust Identify Guard.
• Administered NTFS permissions through AD Groups.
• SAP Security administration, GRC.
• Integrated the use of Concept of Operations (CONOPS) (NIST) 800-137 and (CAESARS) tool as guidance.

• Administered network security access for employees on multiple platforms, researched and developed advanced security programs, implemented Courion Provisioning software.
• Installed, Manage and administer Dell Data Protection Encryption Enterprise, DDPE (Credant) Software based encryption deployment 5000+ Devices.
• Phase II - Certification Conducted manual generic security Technical test for legacy system in accordance with the NIST 800-53 controls.
• Provided day-to-day systems administration of Windows 2003 and 2008 servers.
• Work with Ibuilder and Imonitore for RF Satellite administration.

Show More

average Demand

• Developed and maintained an access control database used to track access security incidents.
• Collaborate with Architecture Solution team to improve AWS IAM access control using Microsoft AD federation and IAM Assume Role functionality.
• Managed access using role based access control, administer user accounts, passwords, and password aging.
• Install and configure Check Point firewall NG on (windows server) and maintain access control.
• Created Access Control List and protected object Policies and authorization rules for fine grained access control.

• Applied DOD and Information Assurance mandated security blocks and access control lists to routers and firewalls.
• Resolved complex user access control related issues across various LAN/WAN, UNIX, Mainframe platforms.
• Integrate Active Directory, LDAP, and VAS authentication and access control.
• Provided strategic plan for access controls, video and network security.
• Implement Cisco Secure Access Control Server (ACS) for TACACS+.

• Design and implement Tripwire dashboards using role base access control.
• Use password evaluation tools to maintain access control.
• Integrate Microsoft infrastructure with Novell Identity Manager to manage user provisioning, role based access control and synchronization with client directories.
• Develop Roles and Resources structure for Role based access control Develop Active Directory driver to synchronize users and groups.
• Used Access Control Instructions (ACIs) to create access permissions for users.

• Assisted with firewall Access Control Reviews (ACRs).
• Managed Access Control systems, Security Event Manager RSA envision system design, deployment , testing and documentation, Splunk.
• Design, installation and configuration of eSSL access control systems including biometric access (physical access control).
• Installed access control for TSA/US Customs secured doors using Bioscript biometric card readers linked to two real-time servers.
• Design and implementation of next generation security services including virtualized firewalls, virtualized switches, and virtualized access control.

Show More

average Demand

• Conducted Firewall assessment and vulnerability scanning and mitigation as required by the PCI-DSS.
• Give recommendations for hardening solutions within PCI Compliance regulations.
• Assisted in risk management assessment, following SOX, GLBA, and PCI, HITECH/HIPAA guidelines throughout the BD sites globally.
• Discovered remote vulnerability via fuzzing and alerted major PCI vendor to patch before any type of public disclosure.
• Led project for PCI/SOX/HIPAA in which vulnerability scanning and mitigation was conducted as required by PCI-DSS.

• Assisted first time merchants with proper PCI Self Assessment Questionnaire (SAQ) selection and completion.
• Worked with business IT to mitigate quarterly PCI assessment vulnerabilities found on internal systems.
• Supported security information and event management (SIEM) in an AWS PCI environment.
• Managed PCI DSS (Payment Card Industry Data Security Standard) compliance project.
• Conducted testing over the applications to comply with PCI DSS Standards.

• Interfaced with internal and external IT auditors for PCI compliance efforts.
• Worked with GAP internal staff to address PCI audit findings.
• Manage PCI compliance and be current on requirements.
• Developed policies in accordance with PCI DSS Requirements.
• Assisted in maintaining the organization s compliance with PCI DSS v2.0, ISO 27001:2005, HIPAA/HITECH and Safe Harbor.

• Configured and managed Imperva database firewalls, used to protect business-critical data and to audit transactions for PCI compliance requirements.
• Initial concentrations on vulnerability management and PCI compliance.
• Monitor system health and produce quarterly metrics Created and manage quarterly certification process of PCI data.
• Worked with ASV vendors such as Firstdata, PCI Rapidcomply, Tenable.
• Support Cox Communications as PCI DSS liaison for Security Operations team Audit firewall rules and remediate any findings Review and mitigate vulnerabilities

Show More

average Demand

• Develop technical comprehensive reports including assessment-based test findings, outcomes and propositions for further system security development.
• Maintained System Security Authorization Agreement (SSAA) documentation packages for each assigned weather system.
• Performed IT security certification & accreditation and conducted system security tests.
• Design system security architecture and develop in depth security designs.
• Implement system Security Contingency planning for data recovery and availability.

• Developed and implemented the Information System Security Program.
• Assessed assigned system to determine system security status.
• Perform non-technical security tasks such as contributing technical information to sections of the System Security Plan (SSP).
• Assigned as the DTS Information System Security Officer, identified potential threats and responded to reported security violations.
• Provided system security certification and accreditation for the Air Force Weather Agency (AFWA) computer systems.

• Developed System Security Plans and performed FIPS 199/NIST 800-60 Sensitivity Assessments and Risk Impact Assessments.
• Act as Information System Security Officer (ISSO) for three DHS enterprise systems.
• Assisted in the development of System security Plans and Security Awareness Reports.
• Briefed government leads and official on system security and state of readiness.
• Provide cybersecurity support to include design, implementation, maintenance, and monitoring of system security requirements.

• Provided Information Assurance support for the National Security Agency, Multi System Security Initiative Team.
• Worked on cross-functional and special security projects on Infosec, Red Team, and System Security.
• Managed user and system security on the iSeries systems.
• Certified Information System Security Professional (CISSP) Cyber Security GIS traffic monitoring.
• Configure system parameters for Avaya & Cisco telecommunications systems Provide system access Monitor and maintain system security for various telecommunications systems

Show More

average Demand

• Maintained network performance by performing network monitoring and analysis, and performance tuning, troubleshooting network problems.
• Provided level two support and troubleshooting without any further escalation.
• Network administration, configuration, and troubleshooting network connectivity issues.
• Involved in troubleshooting aforementioned firewalls on a daily basis.
• Provide timely troubleshooting measures for all of our customers to ensure a satisfactory resolution is provided, including third parties.

• Provide Tier 3 support to Tier 2 Administrators, troubleshoot suspicious entries in logs, and resolve discrepancies.
• Provided technical support, installed Intel-based, SPARC and HP systems, and provided troubleshooting support.
• Maintain and troubleshoot internal/external DNS server, including assignment, update and/or configuration of IP addresses.
• Install, configure, maintain and troubleshoot SafeNet Authentication Manager for remote access.
• Ghost and Bart's PE and troubleshoot hardened Windows images.

• Assist with network / security troubleshooting.
• Blue Coat configuration and troubleshooting.
• Support & troubleshoot hardware issues, configuration policy issues, business applications performance and availability.
• Provided level two support and troubleshooting on many different technologies.
• Configure and troubleshoot F5 load balancer implementations.

• Provide configuration, maintenance, and troubleshooting support for corporate and datacenter firewalls, routers, and switches.
• Helped customers troubleshoot network issues using TCPDump on the Security Devices we controlled.
• Perform advanced troubleshooting using Packet tracer and tcpdump on firewalls.
• Configure, maintain, and troubleshoot network load balancers, Cisco Content Switch and Citrix NetScalers.
• Assisted in other engineering tasks such as Wyse deployments and Citrix XenDesktop troubleshooting.

Show More

low Demand

• Developed prototype network vulnerability reporting tool using Perl and MySQL, integrating information from multiple tools in a central database.
• Updated built-in scan templates, host detection profiles, and scanner controls including PostgreSQL support and storage.
• Search user account, security groups identity using Microsoft SQL query commands and syntax.
• Configured firewall rules and granted access to SQL Azure servers to perform operations.
• Advance knowledge of Java based application Server architectures such as MYSQL, Tomcat.

• Defined & created standard Groups and Roles for Oracle and SQL Server Database.
• Performed hardware upgrade for application running on SQL Server 2000.
• Assisted with administration, maintenance on databases Oracle & SQL.
• Involved in writing SQL Queries, Stored Procedures.
• Identified issues like SQL injection, XSS, CSRF etc using Burp Suite.

• Maintained SQL databases (MySQL and SQL Server) with DBA (virtualized using XenServer 5.0).
• Installed and configured Microsoft Clustering with SQL databases on IBM X-series, BladeCenters, HP Proliant.
• Develop monthly report for client Oracle, SQL server, ColdFusion, systems integration expert.
• Perform both manual and automation vulnerability assessment using tools like burp suite, SQLMap.
• Analyzed and resolved security faults (iframe attacks, SQL injection, DDOS).

• Used SQLmap to dump the database data to the local folder.
• Identified attacks like SQLi, XSS, CSRF, logical issues.
• Performed on-going log analysis (access logs, MySQL, firewall, bruteforce detection, and email).
• Developed server-side functionality utilizing Drupal, custom PHP, and SQL queries on PostgreSQL database.
• Tested vulnerabilities in application using Burpsuite, Netsparker, Sqlmap, Havij etc.

Show More

low Demand

• Analyze and translate rules from disparate environments and integrate into Cisco and Juniper environments.
• Assisted with the design, monitoring and operational support for enterprise Cisco/Juniper network.
• Mitigate the audit risk by assisting admin users migrate to Juniper SA Series SSL VPN solution for all management traffic.
• Performed Checkpoint firewall upgrade of 20 firewalls from Juniper SSG320M and SSG140 to Checkpoint R77.30.
• Configured and maintain SSL VPN remote access using Juniper SA-6000's.

• Experience working Juniper T-Series, M-Series, MX-Series, J-Series Routers.
• Manage, troubleshoot, configuration of Cisco and Juniper firewalls.
• Lead Engineer in designing and testing Juniper Firewall Service offering.
• Supported Juniper Firewalls using Unix Shell Services.
• Interacted daily with Juniper's Resident and Sales Engineers (RE's, SE's), and Q1 experts.

• Worked with NSM and ScreenOS, on the Juniper ISG2000's.
• Managed Checkpoint Firewalls using Multi SmartDomain Manager, Juniper with Network Security Manager.
• Managed and configured Juniper Netscreens, SRX, SA, EX, and J series platforms.
• Managed and supported client based VPN systems(CIsco and Juniper) for employees and vendors.
• Managed and optimized firewall rule sets on Checkpoint and Juniper firewalls on Linux and Junos platforms.

• Install and implement changes to Juniper SRX, Lucent Brick, HP Tipping Point IPS.
• Included hands on support for Juniper Network environment (SSL-VPN SA-6000, UAC-IC 4500, Netscreen and Junos Firewalls).
• Key accomplishments include: Project support for SSL VPN migration from Cisco and Citrix to Juniper.
• Experience working on Juniper based Mx series router, SRX 220 firewall.
• Installed and configured firewalls, IPS, IPSec VPNs and various screens for intrusion prevention on Juniper srx equipment.

Show More

low Demand

• Installed, configured, and maintained DOD-approved communications software on government computers and configured the network to allow proper user access.
• Performed Enterprise Architecture and policy definition roles for Joint Information Environment (JIE) transformation of DoD networks and information systems.
• Acted as the Lead and primary point of contact to the DOD Traveler community for all matters concerning DTS Security.
• Analyzed and tested Windows and UNIX based tactical systems in accordance with DoD configuration policies and the Common Criteria.
• Monitored Department of Defense (DOD) Internet Access Points (IAP) for potential Denial of Service Attacks.

• Develop and maintain Assessment and Authorization packages IAW DoDI 8510.01 and the Authorizing Official's additional requirements.
• Utilize continuous monitoring concepts and tools to assess and measure the risk state of the DoD enterprise.
• Hired by DoD contractor to evaluate and implement security systems to protect installations in Eastern Europe.
• Engineered and implemented E-eye REM/Retina client/server application used by DoD to ensure IAVA compliance worldwide.
• Worked on the design team for the DOD Medium Assurance Directory Service.

• Configured Network to comply by NISPOM standards as required by DoD.
• Manage local DHS/DoD IAVM notification, tracking and reporting system.
• Worked with DOD and Netscape to support split key technology.
• Implemented DoD DISA STIG standards to compliance.
• Test & Evaluation Planner with DOD for 10 years.

• Ensured DoD Standards are implemented on Windows / UNIX servers and desktops by utilizing DISA STIGs and Checklists.
• Architected, designed, and developed consumer-facing products for the DoD community.
• Bridged the GAP between DoD and Qwest requirements/Cultures.
• Consulted on project to perform security hardening to meet audit requirements for Government contracts (DOD Security
• Conducted "Ports and Protocols" audits in compliance with DoD policies, directives, and guidance.

Show More

low Demand

• Utilized various security monitoring applications SIEM, Packet Analyzer, Flow Analyzer.
• Develop and maintain SIEM technology/services to automate security monitoring.
• Extract the logs, Perform real time log analysis using SIEM technologies and Forensics Analysis of logs as per the request.
• Conduct monthly analysis of vulnerability and threat data from SIEM tool to maintain and enhance the defenses for AFS information systems.
• Acted as senior security analyst evaluating SIEM data and alerting customers to threats and remediation needs.

• Create periodic reports for management showing the health of the SIEM program.
• Worked with other departments to introduce new log sources into SIEM.
• Help develop internal and external McAfee SIEM training courses and tools.
• Use SIEM tools to correlate events to see full history.
• Provide monitoring and technical procedures on SIEM related issues.

• Configured new hardware and installed new SIEM software.
• Completed online McAfee SIEM training.
• Provide industry thought leadership in the areas of log managements, SIEM, big data and security analytics.
• Assist with operation and tuning of state dedicated SIEM (JSA/Qradar) tools.
• Researched and implemented Enterprise wide SIEM system using Q1Labs Qradar.

• Planned and implemented complete re-architecture of Arcsight SIEM platform.
• Monitored, reviewed & responded to security events generated by Websense & Splunk SIEM tools & developed appropriate incident response processes.
• Implemented security products in various disciplines such as Encryption, DLP, Mobile Security, Malware Protection and SIEM solutions.
• Manage and administer Mcafee Nitro SIEM tool- Log Correlation.
• Traffic analysis using Wireshark, TripwireSIEM Data analytics using Splunk.

Show More

low Demand

• Utilize HTML skills and understanding of java script to troubleshoot web design & development issues with Symantec related web based products.
• Served as a Big Data SPLUNK 3 and 4 and SSIM 4(Symantec Security Information Manager) System Administrator.
• Deployed and Managing Enterprise wide Symantec Endpoint Protection system to 15,000 clients across multiple regions and 400+ offices.
• Deploy Symantec Endpoint Protection 12.x to 14K+ Windows, Mac, and Linux client On-Prem and in Cloud.
• Tested and implemented the GuardianEdge(Symantec) disk encryption environment for the company's 2000+ laptops.

• Expand Symantec Data Loss Prevention to new data centers and after corporate acquisitions and support the solution.
• Designed and Implemented Symantec Control and Compliance Suite to scan systems enterprise wide including secure regulated network.
• Subject Matter Expert (SME) for Symantec Anti-Virus Corporate Edition version 9, 10.
• Managed endpoint security via Symantec Client Security, LanGuard GFI, and Tumbleweed Email Firewall.
• Migrated Symantec Enterprise Servers running on Windows Server 2003 to the newest release.

• Re-mediated malicious logic codes using Symantec Endpoint Protection and Microsoft Antigen for Exchange.
• Implemented and administered Symantec Endpoint Protection Manager (SEPM).
• Worked with Symantec DLP for data leakage prevention incidents.
• Architected Symantec Endpoint Protection to achieve Local & Remote High Availability with maximum security.
• Migrated global customer (with 16K+ nodes) from an unmanaged to managed Symantec AV environment.

• Used Symantec System Center Console to monitor and remove viruses and malware.
• Supported over 50,000 clients running Symantec Antivirus Enterprise Edition software.
• Planned and migrated to Symantec Antivirus 10.1.
• Monitored & analyzed system logs on Symantec Endpoint Protection anti-virus, Symantec Data Center Security & Credant Encryption servers.
• Supported Symantec Antivirus Server on about 900 Wintel Servers throughout the WAN/LAN.

Show More

low Demand

• Conducted studies of new security technologies to provide more efficient and cost effective security solutions.
• Assist with information system security engineering, security solutions, and security guidance.
• Provided wireless network security solutions to customers using a variety of Cisco products.
• Test security solutions in an isolated environment using industry standard analysis criteria.
• Researched security solutions and developed pen testing capabilities for internal security auditing.

• Review customer requirements and provide detailed AUTOCAD drawings of security solutions.
• Achieved seamless transition and integration of new security solutions.
• Test security solutions using industry standard analysis criteria.
• Engineer security solutions for updating legacy systems in effort to comply with new Joint SAP Implementation Guide (JSIG).
• Conducted functional testing of security solutions like Novel single sign on, RSA two factor authentication, SIEM and DLP.

• Provide security solutions for hardening the Agencies' Red Hat and Debian Linux systems maintained within the Information Assurance Division.
• Provided network security solutions using Cisco Firewalls, VPN's, Routers, Switches and other Cisco Hardware and software.
• Collaborate with different areas of IT in order to provide security solutions for the bank.
• Author high and low level designs detailing the implementation of security solutions.
• Advised clients on network and computer security solutions.

• Evaluate and implement new security solutions and tools.
• Recommend security solutions for Zseries based servers utilizing RACF and z/OS architecture.
• Provide security solutions for Quest's Authentication Software (Vintela/VAS/QAS).
• Developed disaster recovery procedures for Symantec Endpoint Protection anti-virus, McAfee anti-virus & Symantec Data Center Security enterprise security solutions.
• Develop secured security solutions for Clearquest, BIRA, Cognos, VAS, Rational and Clearcase.

Show More

low Demand

• Attended USCYBERCOM required administrator training.
• Monitor CyberArk reports and respond to failed password verification alerts and work with system account owners to resolve failure alerts.
• Conduct Pre-Cyber Command Readiness using Security Technical Implementation Guides (STIG's) at USCG sites.
• Served as system administrator for CyberArk Privileged Identity Management (Password Vault).
• Worked with CyberArk utilities, PAR explicate, PACLI and PAR client.

• Resolved CyberArk issues in CPM communicate with host to reconcile credentials.
• Served as a liaison/ Project lead for deployment and migration of Verizon production applications from VeriSign Digital Certificate to Cybertrust Certificates.
• Lead weekly training sessions for offshore security analysts on investigating cyber attacks.
• Supply Technical writing for cyber security monitoring and escalation.
• Provided cyber security support to the Boeing St. Louis Special Access Program (SAP) F-15 Simulator project under JAFAN.

• Utilize the Cyber Security Assessment and Management (CSAM) tool to track and manage all SA&A artifacts.
• Design architect for multiple specialized IT products of enterprise scale, requiring cyber security compliance, evaluation, and accreditation.
• Ensured that EMEA, USA and ASIA Cyber Security Corporate requirements are identified, validated and documented.
• Plan and carry out computer security counter-measures on networks and systems from cyber-attacks.
• Generated reports of the account and devices inventories in the Cyber Ark.

• Worked on Cyber Ark Enterprise Password Vault and PVWA.
• Counseled and staged the threats of cyber terrorism.
• Conducted Cyber Vulnerability Assessment for physical security, badging and other NERC-CIP regulated systems and applications.
• Identify, analyze, remediate, and report on cyber security incidents.
• Project 4- Cyber Security Encryption (CSE) Role: Development and Testing Description: Encryption Analysis.

Show More

low Demand

• Provide business solutions to resolve Unix security related issues escalated to the Unix security problem management team.
• Provide guidance and support to UNIX security incident management and access administration teams.
• Installed and evaluated FreeBSD Unix systems as potential low-cost network security analysis workstations.
• Facilitate solutions for secured communications within the Unix environment.
• Performed vulnerability scans for Unix/Linux environment.

• Created Active Directory groups to allow secure access to Windows and UNIX/Linux platforms as well as file shares.
• Served as primary IA tester for various Windows, Linux and Unix systems within each program.
• Work with Infrastructure team members (Network, Linux/Unix Administrators) to troubleshoot server issues.
• Completed product upgrade application testing of Lotus Notes, Microsoft Exchange 2003, and UNIX/OMNI/FileNet.
• Develop and update documentation relating to UNIX and web services security.

• Perform Security patching and hardening for various UNIX platforms.
• Developed several JDBC and Unix drivers to synchronize users
• Secured Unix System Services on MVS systems.
• Installed, configured and tested successfully all CA eTrust Admin, Audit and Directory software in the Windows and UNIX environments.
• Build detection rules in QRadar for over 50,000 Windows, Unix, and Mainframe log sources.

• Assisted the UNIX Admin groups as needed in Tivoli problems, root and audit problems.
• Installed Tivoli agent on all UNIX systems for internal backup.
• Developed unix based software for multiple DOD federal clientele.
• Serve as subject matter expert for the UNIX and Intel team service catalog/support repertoire.. Windows server system support.
• Automated privilege elevation using common commands (sudo/su) for Unix, Linux, and Solaris platforms.

Show More

low Demand

• Provided consultation on security issues, developed policies and provided oversight for protecting the company's computing security systems.
• Assisted network administrators, security consultants and business partners worldwide with advanced IP and security issues.
• Perform initial triage and technical due diligence of any externally reported security issues.
• Investigated and provided expert advice on security issues to stakeholders and customers.
• Perform research of emerging security issues and vulnerabilities.

• Evaluate new security issues, tools and technologies, and provide directional advice to senior management and executives.
• Scan Servers, Networks and other resources to validate compliance and security issues using numerous tools.
• Developed policy and procedure for how security issues will be handle for all Pilot sites.
• Served as a single point of contact for customers on Managed Security issues until resolution
• Monitor, and resolve security issues using the security tools provided with great success.

• Assess threats, risks, and vulnerabilities from emerging security issues.
• Provide incident handling and data analysis for IPS/IDS and security issues.
• Worked with clients to resolve various security issues within the products.
• Identify security issues and risks, and develop mitigation plans.
• Utilize Arcsight for internal security issues to research the IP to the user workstation and location.

• Respond to information security issues during each stage of a project's lifecycle.
• Handled security issues in the AIX 5.3 migration project, including AIXpert.
• Architected and implemented Alert Logic Log Manager solution that meets compliance requirements and identifies security issues across the environment.
• Help team to remediate security issues with sample code Preparation of risk registry for the various projects in the client.
• Solved complex cyber security issues, while working in a dynamic, responsive, and collaborative environment.

Show More

low Demand

• Configure, maintain, and manage the RSA Security Console along with the distribution of hard and soft tokens.
• Plan and complete company-wide deployment of laptop encryption using PGP Universal Server, including laptops used by senior executives.
• Executed daily audits of critical infrastructure, install patches, and manage access list and RSA soft tokens.
• Led the development, planning, and implementation of RSA Authentication Manager and SecurID client software.
• Designed new Active Directory structure and oversaw the migration from previous domain to new domain.

• Managed and supported the TNSI 2-Factor authentication service on the RSA Authentication Manager.
• Installed, maintained, and upgraded VIRSA/SAP GRC suite of security products.
• Configured and deployed RSA SecureID for SSLVPN 2 factor authentication.
• Open FW rules for proper communication between RSA servers.
• Maintain authentication tokens for an RSA SecurID system.

• Project member of RSA ASE/Server for SecureID.
• Head Engineer for the RSA SecureID product.
• Configured RSA AM 8.1 and supporting replicas.
• Performed remote access administration for RSA SecurID.
• Build new RSA 8.1 environment.

• Created and applied ACI rules for Enterprise Directory attribute-driven application access for RSA Cleartrust application.
• Developed universal forwarder procedures for unattended installation and multi-fold software instances on single systems.
• Worked on Directory Traversal attacks manually Implemented Agile Methodology to follow the work flow process.
• Configured RSA devices with Centos and RSA proprietary software for deployment to the field.
• Configured Windows servers to allow RSA logins.

Show More

low Demand

• Established, maintained and configured secure communication using SSL certificate generation and exchange revised and modified as necessary to secure environment.
• Created OpenSSL solutions for self-signed-certs in development environments.
• Experience in design, implementation and administration of VPN Solutions for mobile and remote users using SSL VPN technology.
• Tasked with designing and implementing a NetScaler Gateway 10.1 solution to provide SSL VPN capabilities for external users.
• Researched and negotiated with several digital SSL providers and which saved cost by 20%.

• Developed a process for the creation, and client communication for all SSL certificates.
• Installed SSL certificates via BASH shell to secure websites using PKI cryptography practices.
• Help clients to install SSL and Code Signing Certificates on various OS platforms.
• Implemented and helped design S3L, a lightweight fully symmetric SSL-like protocol.
• Removed SSL v. 3 vulnerability from Windows 2008 IIS 7.5 web servers.

• Requested, installed, tested and verified new SSL certificates.
• Supported client and SSL VPN changes and problems.
• Installed, configured and troubleshot the Web Vpn SSL AnyConnect Client on Sprint customers Cisco ASA Firewalls.
• Performed extensive overhaul of HTTP, SSL, MS-SQL and Radius protocol parsers.
• Remediated and identified vulnerable SSL v3 hosts across the entire network.

• Updated SSL certificates for all websites and Radware appliances.
• Worked extensively on SSL/Vpn portals.Used NETSCREEN as a security measure.
• Remediated SSL Heartbleed hosts in less than 24 hours.
• Configured VPNs like SSL, IPsec, Site to Site VPNs, VPN configuration in AAA and routing in ASA.

Show More

low Demand

• Managed security policy on IDS/IPS/Firewalls/Proxies/DLP & other advanced network and information security systems.
• Provide third-level troubleshooting support for DLP security applications and appliances.
• Served as DLP Single Point of Contact / SME for enterprise and SPOC for vendor technical issues resolution.
• Enforce effective data protection policies using industry standard data loss prevention (DLP) tool.
• Work with the Legal and HR teams on DLP investigations.

• Review DLP policies and investigate violation via non-approved devices.
• Assisted with the creation of the DLP escalation process.
• Configure RSA DLP solution to prevent data leakage.
• Deployed, maintained DLP end point agents.
• Configured and deployed VSE, HIPS, and DLP to over 20,000 endpoints.

• Utilize McAfee security tools (ePO, HIPS, DLP) to implement security policies across the environment.
• Configured Vontu DLP to maximize efficiency, data extraction, reporting, and business security.
• Key Achievements Led and managed the selection for a DLP tool based on business requirements.
• Implemented RSA DLP (Data Loss Prevention) and designed data workflow documents.
• Gained training in RedHat Linux, LogRhythm, and Symantec DLP.

• Conduct onsite risk assessments for compliance with HIPAA Meaningful Use Implement program and oversee the maintenance of DLP software and hardware.
• Architected and managed the implementation of the Symantec Data Loss Prevention (DLP) tool to identify sensitive and regulated data.
• Architected and managed the product implementation of the Symantec DLP tool.
• Monitored enterprise DLP/Vontu DR failover testing and SMTP prevent testing.
• Created and updated security policies for existing McAfee products ( ePO, HDLP, VSE, HIPS and MSME).

Show More

low Demand

• Managed and maintained VeriSign MPKI Portal for all internal and external digital certificates.
• Developed one of the first secure Web solutions, worked with standards bodies to refine PKIX, S-HTTP and SSL.
• Coordinated deployment of PKI digital certificates using MS CA authority for 2 factor authentication on remote access solutions.
• Performed security assessment of PKI Enabled Applications and Promoted a new and cost effective Plan against Phishing Attacks.
• Secured web application development and performed source code review, hardened Linux servers, implemented SSL and PKI.

• Designed, engineered and implemented early PKI identity management solutions for E Commerce and E Business systems.
• Used Remedy to assist customers with various issues concerned with network security and PKI technology.
• Led the team that designed, implemented and maintained the global PKI infrastructure.
• Provided third tier resolution of trouble tickets related to x.509 PKI certificates.
• Worked to solve PKI, PKE, and digital signature issues.

• Issued and revoked server and individual PKI certificates through DEERS/RAPIDS.
• Recommended final OSD PKI Single SignOn (SSO) solution.
• Conducted a tutorial on PKI and LDAP basics.
• Implemented PKI into Windows 2008/Windows 7 environment.
• performed security assessment of PKI Enabled Applications.

• Conducted security assessment of PKI Enabled Applications Performed pen testing of both internal and external networks.
• Lead engineer for physical to virtual migration of all PKI systems at Department of State.
• Developed the first large scale PKI solution for the government (Intelink).
• Developed and implemented the Disaster Recovery procedure for the Entrust PKI.
• Designed redundant PKI topology using Cisco ios 15 Influenced customer to migrate to Virtual Tunnel Interfaces

Show More

low Demand

• Executed different Crafted Payload Attacks to infiltrate the network infrastructure and application layer that is built using NMAP.
• Port scanned servers using NMAP and closed all unnecessary ports to reduce the attack surface.
• Used NMAP and other industry standard COTS tools to complete C&A Packets.
• Used Burp Suite, DirBuster, HP Fortify, NMap tools on daily basis to complete the assessments.
• Performed periodic vulnerability assessments of customer environments with a variety of tools including Nessus and nmap.

• Performed network and system scanning with nmap and zenmap.
• Utilized Nmap, Nikto, Wfuzz, and other penetration testing tools to enumerate networks and web applications.
• Performed vulnerability scans using Nmap, Nessus, NetSparker, MBSA and Nikto.
• Grey Box testing of the applications.Responsibilities: JAVA, Nmap, Nessus, PHP, MS SQL, Burpsuite, Dirbuster.

Show More

low Demand

• Worked with risk management projects that guided vulnerability assessment and remediation, from a business context.
• Identified gaps and identified solutions to improve risk management and application security practices.
• Devised a strategic plan for information security risk management to meet regulatory requirements.
• Conduct penetration tests on critical infrastructure to support the organizations risk management program.
• Maintain Risk Management framework, which incorporates identity management and vulnerability management.

• Risk Management: Protected vulnerable networks following detailed risk assessments.
• Work closely with leadership, team members, peer engineering groups and risk management partners to eliminate and mitigate identified risk.
• Report GAPS, Risk Management issues and/ or Controls deficiencies to Management, maintain communication and provide recommendations for improving controls.
• Worked with various clients in the New York City/New Jersey area, in AppSec penetration testing and risk management analysis.
• Experience performing activities required for the Assessment phase of NIST 800-37 Revision 1 Risk Management Framework, using 800-53A Rev1.

• Attended ICD 503 Risk Management Course: Systems Security Risk Management Course in Chantilly, VA.
• Evaluate and provide assurance that risk management, control and systems are functioning in compliance.
• Provided extensive technical leadership for advanced risk management program for high risk/high payoff tasks.
• Supported compliance risk management activities related to policies within ISBC.
• Risk Management IT Audit Vulnerability Management.

• Provide Corporate IT Risk team timely feedback on IT security risks in projects so that appropriate risk management can be performed.
• Joined Express Scripts Information Risk Management team in October 2008.

Show More

low Demand

• Improved security posture by identifying and reporting on web and network vulnerabilities and included recommendations for improvement and tracking through resolution.
• Supplied customers with recommendations on implementing new security technologies to improve the security posture of complicated environments.
• Diagnosed complex networking problems in various environments and offered recommendation for building a hardened security posture.
• Reviewed daily logs for network and application security controls, resulting in an improved security posture.
• Assisted and prepared for several security audits, resulting in the organization improving its security posture.

• Interpret security requirements into technical solutions and analyze system configurations to determine security posture.
• Monitored and managed computer security posture for a network comprising 1,514 computer systems.
• Improved overall security posture by ensuring adherence to information security policies and standards.
• Utilized industry tools to harden the organization's technical security posture.
• Implement wireless penetration tests to assess compliance with established security posture.

• Developed information security policies to improve corporate security posture.
• Assessed current state of Security posture, and prescribed plan to Senior Management for improvement of Security over two years.
• Develop and maintain customized scanning tools written in PERL and used to validate the security posture of network systems.
• Initiated and participated in meetings with the stakeholders on improvement of security posture of the agency's assets.
• Assess security postures of various IS systems.

• Inspected organizational units security posture to ensure security of their resources were adequately being protected from intruders.
• Monitored security posture and security incidents in regards to trending outside and inside threat vectors.
• Created and defined Nexpose vulnerability scanning rules for assessing security posture and compliance.
• Provide recommendations on increasing the networks security posture.
• Created new procedural templates and policies increasing Stratcom's network & security posture

Show More

low Demand

• Implemented a split-brain DNS to isolate the First Chicago NBD networks from the Internet for additional internal stability.
• Designed a wide area Windows networks using, implementing DHCP/WINS/DNS, for all of General Motors Truck Plants.
• Developed troubleshooting skills on basic HTTP, ESMTP, DNS, ICMP inspection on ASA.
• Discovered improper use of DNS names across multiple applications and took initiative to correct it.
• Performed troubleshooting procedures to solve connectivity and TCP/IP, DNS and WINS issues.

• Provide ongoing Support for Sony DNS Infrastructures internal and external as needed.
• Implemented IP security measures and cured areas of DNS vulnerability.
• Make internal and external DNS changes.
• Worked on administrating common TCP/IP-based services, including DNS, DHCP, HTTP, FTP, SSH, SMTP, etc.
• Manage and configure different type of server (DNS, DHCP, and RAUDIS).

• Maintain systems including: ACAS, Syslog, LogLogic, HBSS, DNS Servers, Cisco Servers and Firewall Management.
• Work to ensure that F5 load balancers, 3DNS, GTM's are implemented, maintained and highly available.
• Design the network and virtualization architecture - including DNS, replication, Routing, DMZ, DR etc.
• Designed and installed a new Internet Solaris-based firewall in Chicago, including work on DNS and email.
• Migrate Sony F5 3DNS 4.6.x to GTM 9.2.x global load balancers across two data center.

• Managed and configured web application firewalls, DNS, and Real-time Blackhole (RBL).
• Maintained DNS security via DNS ACLs and other DNS security measures.
• Maintain DNS appliances from Infoblox.
• Work with infrastructure network/security technologies including f5/bigip, dns, firewalls, proxy.
• Network: Configure and troubleshoot TCP/IP, DHCP and DNS, IPsec VPN, Static NAT, IP naming.

Show More

low Demand

• Managed cloud-based security systems on behalf of F5 clients, providing real time mitigation and resolution of security events.
• Implemented F5 GTM configurations with adherence to company global IT and InfoSec standards and industry best practices.
• Configured F5 LTM's for VIP's, virtual servers as per application requirements.
• Experience with configuring Virtual Server and Configuring Load balancing methods in F5 LTM.
• Conducted testing in the F5 Lab environment before going to Production.

• Configure F5 BigIP GTM and LTM pools for critical applications.
• Retained knowledge on the inter-workings of the F5 Big-IP.
• Manage GTM/LTM via F5 Enterprise manager.
• Develop Engineering Documentations to record F5 environment and change processes LTM/GTM/iRules.
• Create design documentation for F5 LTM Migrated Checkpoint Provider-1 R55 to Checkpoint Provider-1 R62 with three CMA and 15 Firewall modules.

• Upgrade the code in F5 LTM's in the lab environment and working on VIP's and Virtual servers configuration.
• Traffic capture using TCPDUMP and analytics profiles on f5 for further investigating the issue.
• Involved in Big-IP F5 load balancing for internet traffic across web servers using I-rules.
• Experience with connectivity of Cisco Networking Equipment with F5 Load Balancer.
• Performed updates and modified Palo Alto firewalls (F5).

• Designed, deployed and support Firepass F5s.
• Subject matter expert in F5 LTM, GTM, ASM, WAM, Link Controller, and iRules.
• Migrate F5 BIGIP 4.6.x to LTM/GTM [ ] 9.2.x for internet, intranet environment.
• Design migration process for Alteon load balancer to F5 BIGIP hosting 10 VIPS.
• Virtualized F5 Big ip for grid cloud operating system.

Show More

low Demand

• Designed and implemented Hyper-V environment for development teams; transitioned VMware machines to Hyper-V..
• Provided security input for the VMWare implementation projects.
• Assisted with the development of a new virtual server environment using Hyper-V and VMWare technology to replace all legacy servers.
• Replicate customer's issues in a lab environment using VMWare and actual hardware (SPLAT, Nokia).
• Installed and configured TIM/TAM using VMware server(Ubuntu) hosting WinServer 2012 domain and machines.

• Utilized VMware software to build and utilize Linux CentOS Machines.
• Configure VMWare View client to have access to VDI workstations.
• Utilized Chef, Vagrant, and VMWare for deployment.
• Manage and administer Trend Micro AV for ESX/VMware.
• Utilized VMWare ESXi to run scripts written in Python, Ruby, PERL and C for testing purposes.

• Designed and deployed Microsoft Hyper-V and VMWare ESXi.
• Installed and Maintained Virtual Machines (VMs) using VMWare Vsphere, VmWare Workstation and Oracle Virtual Box.
• Advanced working knowledge of cloud and virtualization management products in OnApp and VMware (ESXi).
• Build and configured VMware virtual machine templates for Redhat/Centos 6 & 7 servers.
• Support a large multi-site, multi-datacenter environment that utilizes VMware and VMotion techniques on NetApp grade SAN to deliver 24x7 availability.

• Manage large scale cloud deployment utilizing Xen, OpenStack, and VMware.

Show More

low Demand

• Create and maintain architectural diagrams and other relevant documentation for Splunk platform.
• Utilize Splunk to investigate security events.
• Perform data integration, data transformation, field extraction, event parsing, data preview and Apps management of Splunk platform.
• Advised in the design of a centralized security log management and monitoring solution utilizing open source log management tools and Splunk.
• Created dashboards in Splunk and McAfee Active Response to more efficiently see potential threats and drill-down into events.

• Implemented Splunk version 6.3 across infrastructure which consist of over 300 Linux hosts collecting 60 GB per day.
• Create and manage dashboards, reports, and alerts for security events using Splunk (SIEM).
• Act as a security engineer to support Splunk architecture, deployment and content development.
• Perform complex deployments of Splunk and it's components on a large scale enterprise.
• Build custom dashboards in Splunk for log and event visibility.

• Deployed and administer Splunk for agency-wide server log collection.
• Create Dashboard and Alerts through Splunk user interface.
• Evaluated threats via ArcSight and Splunk live feeds.
• Manage a team of Splunk consultants to help support various business operations such as Fraud, Middleware, and Digital Media.
• Monitor and track Splunk performance problems, administrations and open tickets with Splunk if there is need.

• Monitor events in Arcsight and Splunk for possible malicious activity coordinate the remediation of infected workstations.
• Implemented and manage the central IS logging and reporting solution using Splunk and Syslog.
• Experience with Splunk as a Super User writing quieries and creating dashboards.
• Deployed TripWire FIM monitoring Migrate from LogRhythm SIEM to Splunk SIEM.
• Perform searches in Splunk of suspicious IPs and domains.

Show More

low Demand

• Performed penetration testing for certification and accreditation based on FISMA standards.
• Provide test event feedback and overall system risk assessment utilizing DoDI 8500, NIST 800.53 & FISMA standards.
• Led the FISMA-based technical testing of a category HIGH GSS at the Environmental Protection Agency (EPA).
• Attend meetings to respond to questions and report on TAF/FISMA reporting requirements in assigned areas of responsibility.
• Developed and conducted annual Security Awareness Training for program staff to adhere to FISMA guidelines.

• Ensured required support for FISMA annual security reviews as mandated by OMB 130.
• Monitored, track, and managed FISMA compliance for multiple IT systems.
• Trained users for IT Security training according to FISMA standards.
• Provide compliance to FISMA roles and standards set by NIST.
• Revised password policies conforming to FISMA and new OMB mandates.

• Performed mapping of DIACAP controls to NIST/FISMA standards.
• Assist with the FISMA reporting requirements as needed.
• Conducted FISMA, and other compliance requirements.
• Work at the USAID program trying to get the people to incorporate FISMA requirements across the nertwork
• Developed security Standards for Company with multi control constraints ISO 27001, Nist and Diacap/Fisma.

Show More