Cloud Security Engineer
Resume:
Michael Rains
**** ******* **** ******, *******, NC 27616
****.*****@*****.***
EMPLOYMENT HISTORY
Senior Information Security Engineer
January, 2015 - Present
Citrix
Responsible for vulnerability management program for multi-tiered Software as a Service (SaaS) products hosted across multiple internal data centers, Amazon Web Services, Microsoft Azure, Google Compute, and Linode hosting services
Work directly with development and operation teams to remediate vulnerabilities
Serve as the incident response chief for the Citrix Cloud Services Business Unit SaaS products involving cross function coordination with communications, legal, compliance, development, operations, and senior management
Manage the security operations team responsible for the overall security posture for the Citrix Cloud Services Business Unit
Manage the operations of security monitoring tools Alert Logic, CloudPassage, Dome9, CloudAware, Rapid7 Nexpose, WhiteHat, McAfee SECURE, Trustwave TrustKeeper, and Splunk
Primary security technical contact for compliance with FedRAMP, SOC 2, HIPPA, and PCI DSS
Primary contact for customers wanting to perform security assessments of SaaS products
Subtask Lead for Security Reporting, Enterprise Identity and Access Management, and Section 508 Compliance
September, 2013 - January, 2015
CSC (Supporting the US Environmental Protection Agency)
Managed the operations of Novell (NetIQ) Identity Management for the EPA to include directory consolidation or integration with Microsoft Active Directory, IBM Domino, Oracle Internet Directory, and Microsoft Office 365 cloud services
Managed the operations of Novell (NetIQ) Access Manager and Novell SecureLogin for the EPA’s identity federation and single sign-on implementation
Managed the operations of EPA's HSPD-12 (smartcard) implementation for Logical and Physical Access Control Systems (LACS and PACS)
Managed the operations of Active Directory Federation Services (AD FS), Active Directory Lightweight Directory Services (AD LDS) formerly known as Active Directory Application Mode (ADAM), and Windows Azure Active Directory Synchronization Tool (DirSync) for 20,000 user environment connectivity to Microsoft Office 365 cloud services
Architected high availability authentication, authorization, and identity solutions to meet complex business needs in a highly regulated federal government environment
Oversaw the operations of web site and application testing for accessibility to people with disabilities (Section 508) for the EPA
Security Reporting Team Lead
October, 2010 – September, 2013
CSC (Supporting the US Environmental Protection Agency)
Managed the operations of IBM Tivoli Endpoint Manager (BigFix) Security and Configuration Management (SCM) for the EPA
Managed the operations of BindView / Symantec Control Compliance Suite for the EPA
Supported the EPA's Federal Information Security Management Act (FISMA) quarter, annual reporting requirements, and monthly Cyberscope reporting requirements
Supported EPA audit and ad-hoc security-related reporting needs using combinations of PERL, Shell Scripts, PowerShell, Visual Basic, SQL, and XML
Designed security baselines for the EPA based on Security Content Automation Protocol (SCAP), National Institute of Standards and Technology (NIST) checklists, Department of Defense's Defense Information Systems Agency (DISA), and Center for Internet Security (CIS) guidelines to meet compliance needs
Participated in the community development of Department of Defense's DISA STIGs and Center for Internet Security (CIS) guidelines
Participated in the community development of XML standards: Security Content Automation Protocol (SCAP), Extensible Configuration Checklist Description Format (XCCDF), Open Vulnerability and Assessment Language (OVAL®), Common Vulnerabilities and Exposures (CVE®), and Common Vulnerability and Exposure (CVE®)
Senior Professional System Analyst
March, 2009 - October, 2010
CSC (Supporting the US Environmental Protection Agency)
Implemented a three tiered Public Key Infrastructure (PKI) using Microsoft Certification Services and nCipher Hardware Security Modules (HSM)
One of the technical leads for Identity and Access Management evaluations for the Environmental Protection Agency
Senior Active Directory Engineer
February, 2008 - March, 2009
KFORCE (Supporting the US Environmental Protection Agency)
Designed and tested a Microsoft based Public Key Infrastructure compliant with Federal Bridge PKI standards to support a national wireless deployment, smart cards, and single sign-on
Replicated production Netware Identity Management environment composed of Netware 6.5 and Active Directory into a VMware 3.5 lab environment for testing
Supported for national Netware 6.5 to Microsoft Active Directory migration
Primary technical contact for risk assessment based on NIST SP 800-53 controls and system security plan
Primary technical contact for Microsoft Security Assessment
Developed and presented Public Key Infrastructure and Microsoft Group Policy training presentations for EPA national security and operations conference
Manager of Technology Services Team
April, 2006 - February, 2008
Visiting International Faculty Program
Designed and implemented J1 visa orientation training setups where up to 180 people per week participate in information session at a temporary remote site for four months
Responsible for $800k budget to include salaries, training, maintenance contracts, equipment replacement, and projects.
Managed and supported 24 x 7 front line Slackware and SUSE Linux Enterprise Server servers used for the custom built business operations Enterprise Resource Planning (ERP) / Customer Relationship Management (CRM) system with over 25,000 applicants per year
Supported the infrastructure for a software development team to test and design an Enterprise Resource Planning (ERP) / Customer Relationship Management (CRM) system based on PERL and Java
Managed and supported an internal Microsoft Active Directory environment with Exchange 2005 and SharePoint 2007 for 120 employees
Major completed projects included:
oISP and telecommunication server provider change
oComplete re-engineering of server and network infrastructure including implementing a Network Appliance F270 NAS to centralize storage and enable virtual development environments using VMware
oFirewall replacement
oSAS 70 based IT Audit
oPBX replacement (VoIP)
oBusiness Continuity Plan
Senior System Administrator
June, 2000 - April, 2006
ADC Telecommunications, Inc.
Project manager and architect for Active Directory, NT domain consolidation, NetWare to Windows 2003 migration, and Agile upgrades
Developed policies and procedures for supporting global infrastructure primarily focused on enterprise desktop and server standards, wireless network standards, lab network standards and security and vulnerability response
Supervised 12 local and remote IT staff across multiple
Administered NetWare, Windows, AIX, HP, and Sun servers; Windows and Red Hat desktops; Nortel PBX, LAN, WAN, and VPN connectivity
Consolidated four different business units’ IT infrastructure within a six month time frame into one location with downtime for all 42 systems, including applications and services hosted on those systems, equal to shipping time plus 24 hours
Evaluated, selected, and engineered enterprise backup solution
IT liaison for off-shore engineering partner’s network connectivity, Cisco VoIP phones, and IBM Rational ClearCase servers; in support of low cost engineering efforts
Primary IT contact for ADC's acquisition and integration of Opencell and FONS
System Administrator III
October, 1998 – June, 2000
Pairgain Technologies Inc.
Directed all aspects of facility move including: budgeting, data center design and layout, selection and supervision of contractors, WAN circuits, and physical move of all computer and PBX equipment
Heavily involved in strategic planning, budgeting, and project planning that achieved goals of providing an affordable disaster recovery plan and Y2K compliance
Raleigh office law enforcement liaison during Internet fraud investigation
Associate System Analyst / System Integration Engineer
October, 1997 - October, 1998
Blue Cross Blue Shield of North Carolina
Played a key role in research and development of hardware and software standards for desktops and servers
Primary responsibilities included management of 36 Intel servers, GroupWise and NetBackup
Major accomplishments included corporate Norton anti-virus implementation, and Tivoli server and desktop testing and implementation
Selection of an enterprise backup solution (Veritas' NetBackup) and implementation of that solution within a four month time frame
Help Desk Technician / System Administrator
June, 1996 - October, 1997
BDM Federal (United States Postal Service contract)
Tier two support for the migration from NetWare 3 to largest NetWare 4 network; with nearly 1,300 servers and 23,000 users
Tier two support for the largest implementation of CC:Mail with over 90,000 users
Supported Windows 3.x, 95, NT 4 workstations and servers in a large corporate environment
Man Pad Team Chief / Automated Logistics Specialist
October, 1988 - June, 1996
US Army 82nd Airborne / North Carolina National Guard
Setup WildCats! Bulletin Board System to assist in the processing of repair parts orders and control inventory of parts for 12 different units spread throughout North Carolina, working in a mixed Unix/DOS/Windows environment using
Desktop hardware and software support for 20 computer office
Leader of one of the top ten Stinger missile teams in the 82nd Airborne
EDUCATION
Computer Engineering Technologies
1995 – 1997
Wake Technical Community College Raleigh, NC
Unix System Administration Program
C/C++ programming courses
Currently pursuing a Bachelor of Business Administration (BBA): Information Technology Degree
2016 - Present
CERTIFICATIONS / TRAINING / SKILLS
CISSP - Certified Information Systems Security Professional
GIAC Web Application Penetration Tester (GWAPT)
CSA Certificate of Cloud Security Knowledge (CCSK)
Cisco Certified Network Associate
nCipher Systems Engineer
AWS Certified Solutions Architect class
VMware Certified Profession (VCP)
Certified Novell Engineer 3, 4, and 5
Microsoft Certified Systems Engineer
ITIL v3 (Foundation)
Shell scripting
PERL / Python / PowerShell
MS SQL / MySQL / DB2 / Oracle
Apache / JBOSS / Tomcat
Novell Access Manager
Red Hat / SLES / Ubuntu / Debian
NIS and LDAP
MS Exchange 5.5 and up
SunOS / AIX / HP-UX
DNS and DHCP
XML / JSON / XSD
Contact this candidate