Post Job Free

Resume

Sign in

Software Engineer Cyber Security

Location:
California, MD
Posted:
November 28, 2023

Contact this candidate

Resume:

KENNETH R. BROWN

***** ***** **** *****, **********, MD 20619 ad1jc0@r.postjobfree.com

240-***-****

Experience

SAIC Inc. 45310 Abell House Ln, California, MD 20619

Sr Software Engineer 11/10/18-12/17/21

●Responsible for application build & release process which includes code compilation, packing, security scanning and code quality scanning, deployment methodology and application configurations.

●Integrated security tools like Fortify, Veracode, Snyk, SonarQube, Checkmarx in Jenkins CI/CD build pipeline.

●Preformed SAST, DAST, SCA and IAC security testing on applications and performed false positive analysis.

●Worked closely with software developers and DevOps to debug software and system problems.

●Extensively worked on GitHub Actions for continuous integration and for End-to-End automation for all build and deployments.

●Developed custom DTD/XML document files from raw FOSI source code with Arbortext IDE, CSS, JavaScript

●Performed security assessments, vulnerability scans and penetration tests and presented reports to stakeholders.

Blackstone Technology Group Inc. 1110 N Glebe Rd, Arlington, VA 22201

Cyber Security Analyst 02/06/14-04/01/14

●Responsible for the USDA application security enhancement of high-level security source code review and ethical hacking/penetration testing/evaluation and recommend acquiring IT security tools within the USDA.

performance monitoring, tuning.

●Implementation of black-box testing/OWASP pen-testing procedures with Samurai-WTF, Veracode, Nexpose/Rapid7, passive/con, and security frameworks for protecting information assets using SAN 25/NIST 800-53, WebInspect 9.0, Burp WebSphere portal 9, Suite Pro, AppDetective Pro, Nessus, Fortify SCA/SSC, Python 3.0, IBM AppScan Enterprise, Nmap, W3Af, Zed Attack Proxy (ZAP) Metasploit, R&D with Checkmarx source code scanning using DAST/SAST with Eclipse Java IDE. Linux administration experience with writing and debugging scripts/

●Application source code scanning Java, JavaScript, XML, XSLT, ASP.Net vulnerabilities OWASP Top 10 CSRF, XSS, SQL injection, buffer/heap overflow.

FSI/Edge Source Consulting Inc. 901 N Washington, Suite 402 Alexandria, VA 22314

Cyber Security Engineer 12/16/11-9/19/13

Further IT security audit responsibilities included the following: Conduct vulnerability assessments of network systems, software, and websites. Deployed, Siteminder SSO, SasS, User groups, Login/password, and tech support. SAML 1.0/2.0, XML, XSLT, XACML, WS-Security, SOA, ASP.Net, AngularJS, jQuery, Java/J2EE, JavaScript, Python scripting 2.7.14, Node.js,

●Conduct vulnerability assessments of network systems, software, and websites. Perform software security and system architecture reviews and risk assessments to identify network and system-specific risks within Windows 2008/IIS, SQL Server 2005, NetVCR, OWASP, HP Fortify 360/SCA, Checkmarx CxSAST/Jenkins CI/CD, HP ArcSight, IA/C&A, Rapid 7, WebSphere Portal 8.0/IBM AppScan. Windows/Linux administration.

●Evaluate and recommend the acquisition of IT security tools, implementation of procedures, and practices for protecting information assets using NIST 800-53, HP WebInspect 9.0, Burp Suite, AppDetective Pro., IBM AppScan source code scanning, TIM/TAM.

Vets America Business Consulting, Inc. 8300 Greensboro Drive, Suite 800 McLean, VA 22102 (DoD Secret Clearance)

Security Engineer 01/16/11-11/30/11

●Responsible for identity and access management with installation/configuration of products such as IBM Tivoli Federated Identity Manager and Tivoli Access Manager, WebSphere Portal 8.5, DataPower, JSR 168/286, IBM AppScan, Computer Associates SiteMinder, and Identity Manager, source code scanning with Fortify 360.

●Deployed, PKI architecture, certificate tools (open SSL, CA SiteMinder SSO form-based authentication, User groups, log security, Managed permissions and roles, Java Keystore), Security Patterns, ASP.Net, JAAS, OWASP Top 10, JSF, JSP, JavaScript.

●Deployed, SAML 1.0/2.0, XML, XSLT, XACML, WS-Security, VA PIM Smart Cards/Biometrics, SOA, AJAX w/ColdFusion, Java/J2EE, AppDev, Chef/Puppet R&D and IBM TIM/TAM.

Verizon Inc., COMSYS Inc. 9737 Washingtonian Blvd., Suite 500 Gaithersburg, MD 20878 (Telecommute)

Security Engineer 11/16/09- 12/15/10

●Responsible for the rapid enhancement of high-level security source code review and ethical hacking/penetration testing of Verizon/Wal-Mart, Java, AJAX, Python scripting, JavaScript, Java EE, JSP, ASP.NET, Informix/Shell script, PCI/web applications using the following tools, WebSphere Portal, DataPower, IBM AppScan, TIM/TAM, OWASP Top10 web application source code scanning.

●JSR 168/286, Ounce Labs, WebInspect AppDetective Pro, MetaSploit, ArcSight, and Fortify 360/OWASP Top10 Provide security solutions that require resolution of complex operational and integration issues associated with networks, data systems, and applications to successfully deploy secure technologies and to enhance existing technologies, SSO/SAML, SNORT and Nessus, WebSphere Portal, DataPower, JSR 168/286,

Pega Systems Inc. 101 Main Street, Cambridge, MA 02142-1590 (Telecommute)

Cyber Security Engineer 10/08- 11/06/09

Enhanced existing enterprise applications and developed custom stored procedures for a subcomponent of the enterprise application. Debug and maintain existing code base, static source code analysis, and created unit test code. Responsible for PRPC 5.2/5.3 security programming/penetration testing using Web security testing, CFML, J2EE, JavaBeans, ASP.NET, JSF, Web 2.0, JSR 168, JSF, EJB, XML, XSLT, WebSphere server V6, IA, IDS, IPS, Tomcat, JavaScript, Python scripting, BPM PRPC application design, Portlet Factory Designer V6.1, RAD 6.1, PRPC v5.4, Linux system administration, UML 2.0.and Spring Security.

L-3 Communications, Chantilly, VA (DoD Secret Clearance)

J2EE Architect/Security Engineer 07/07- 09/13/08

●Enhanced existing enterprise applications and developed custom stored procedures for a subcomponent of the enterprise application, IBM AppScan.

●WebSphere Portal, DataPower, JSR 168/286. Responsible for programming using, TIBCO GI/BI, TIBCO Hawk, ASP.Net, Oracle, J2EE, JavaScript. JavaBeans, JSF, Web

2.0, JSR 168, JSF, EJB, XML, XSLT, AJAX w/ColdFusion 2.0, WebSphere Commerce suite 5.1, WebSphere Process server V6.1, Message Broker/ToolKit V6, BPEL, ESB, Portlet Factory Designer V6.1, RAD 6.1, UML 2.0.

●Interfacing with SQL database and applying standard core security design patterns where applicable, CA SiteMinder SSO. Performed web application vulnerability scans and Pen testing utilizing SNORT, Nessus, client/configuration.

Lockheed Martin-TSA TWIC (Main Sail LLC.), Annapolis Junction, MD (DoD Secret Clearance)

Security Architect/J2EE Developer 01/07-06/07

●Overall Responsibility for the implementation design patterns for multiple J2EE/EJB, WebSphere Portal applications, and software deployment for the Lockheed Martin-TSA TWIC project.

●Improved the security/ and system functionality of the TWIC Web/TWIC Portal applications utilizing Oracle, Java Smart Card, PKI, IBM Rational Application Developer v6.0, ClearCase/UCM, Portlet Factory Designer v6.0, PKI/SSO, LDAP, RUP, UML 2.0, JSP/Design Patterns, J2EE, JAAS, JSTL, Apache Struts, Tiles, JSF, JSR 168, AJAX/DWR.

United States Postal Service (Code Plus Inc.), Merrifield, VA (DoD Secret Clearance) Security Analyst/Network Engineer 05/04/05-12/06

●Responsible for rapid enhancement, IA, IDS, development, and deployment of the J2EE web-based label Enhanced Distribution Labeling system (EDL), static source code analysis, and the Automated Tray Label Assignment System (Web ATLAS).). The new label format for all trays, sacks, tubs will include a unique 24-digit barcode to replace the current PASSPORT 10-digit system.

●Design/build and tested Portal/JSR168 Portlet API/J2EE/EJB prototypes with Hibernate, Core Security Patterns, WebATLAS/Oracle, ATLAS/Oracle application for backend integration with a variety of databases and servers, Linux scripting/ Eclipse IDE, SQL Server, ASP.Net, Tomcat 5.5.15, WebSphere Commerce suite 5.1, TIM/TAM, PKI, SSO, Nessus, Fortify v4.0., SNORT.

Northrop Grumman Internal Information Services, Reston, VA (DoD Secret Clearance)

WebLogic/WebSphere Portal/Oracle Architect 11/04-04/05

●Developed and implemented enterprise-class J2EE/EJB application based on SAP, WebSphere 5.1 Portal/WBI for Internal Information Services, Software/web application security assessment, and pen-testing, CA SiteMinder web SSO, Managed permissions/roles, form-based authentication, .Net/Java/PHP, jQuery Python, AJAX, ColdFusion/CFML integration. UNIX/Linux system build design scripts and administration.

●Implemented/migrated an end-to-end content management internal web portal site from Livelink to IBM web content management/workflow for NGs, email, document searching, customers, partners, Sametime and WSPS collaboration components, static source code analysis, vulnerability/pen-testing Oracle identity security tools/management.

Information Innovators, Inc., Alexandria, VA Defense Information Systems Agency (DoD Secret)

WebSphere Portal Developer/Security Architect 09/01/04-10/04

Responsible for the conversion of a DISA (Defense Information Systems Agency)/TPS portal development and the programming of DISAs TPS web portal components utilizing core J2EE design patterns, designing custom controls/database controls, implementing core J2EE security standards/methodologies, Oracle/SQL Server, SNORT, Intrusion Detection Systems (IDS/IPS) security engineering/security manager, vulnerability/pentesting.

COMPUTECH, Inc. (CBP Secret Clearance SSBI), Bethesda, MD

Java, J2EE /Security Engineer 03/06/03-08/30/04

●Responsible for the conversion of a US Customs CBP OS/390 CICS mainframe application to Java 1.4/J2EE architecture. Analyzed existing Dyna/Comm mainframe scripts; Adapted conversion methodology/Oracle, SQL Server database.

●Developed a J2EE/EJB framework/OOAD, using JCA, WebSphere 5.0/5.1/WBI, Oracle 9i/PLSQL, Core J2EE business patterns, SAML/SSO, PKI, XML, JSF, JSP, EJB, Rational XDE/UML, CFML/AJAX, WebLogic 7.0/8.1, RedHat Linux admin. Python scripting, JProbe, Jacada Integrator as the IDEs for all J2EE development/vulnerability/pen-testing, static source code analysis.

American Chemical Society (TAC/EDP Consultant), Washington, DC

Senior Security Engineer /Network Administrator 08/02-12/03

●Responsible for the deployment of ACS/Chemistry.org portal application components and subsystems, J2EE APIs, including Struts, JavaScript, JNDI, JMS, JSP/Servlets, and EJB/Linux system build design scripts and administration.

●Assisted ACS/SilverStream developer with Chemistry.org code/server migration from SilverStream 3.7.4 to 3.7.5, ePortal Framework 2.3, Security+, Intrusion Detection Systems (IDSs) security engineering, Pen-Testing/Oracle IAM frameworks.

Bechtel- SAIC Company LLC, McLean, VA

Systems Programmer Analyst II/ Security Engineer 01/02-06/02

●Developed, implemented computer web applications/systems software, computer hardware, and/or data communications systems development or modifications.

●Gathered information, analyze findings, Intrusion Detection Systems (IDSs) security engineering, security+/508 HTML/ColdFusion/CFML documents conversion, prepared UML conceptual.

Meta Group, Reston, VA

WebSphere Portal/J2EE Developer 10/00-01/02

●Developed, implemented, and operated web content-delivered applications. Lead role in Domino Notes R5 server management (web, replication, security, SQL, JDBC/ODBC).

●Re-engineered the migration of Oracle 8i, Domino web-based Predictive Cost Modeling application to XML, XSLT, J2EE 1.3.1/ColdFusion based E-Commerce solution using static source code analysis.

CISCO Systems (EDP Consultant), Chantilly, VA

Network Engineer/Java Architect 07/99-09/00

Developed a client/server/OS/390, database tracking system, network configuration, TCP/IP, Internet protocols, firewalls, Virtual Private Networks (VPNs), Intrusion Detection Systems (IDSs) security engineering, and software lifecycle development. Web-based business application for corporate intranets using Java 1.3, JSP/Servlets, ColdFusion, EJB, XML, XSLT, ODBC/JDBC, Oracle 8/Oracle and Linux scripts, SQL/PLSQL,Linux configuration/administration/ WebLogic.

Tracor International (MBA Consultant), Bethesda, MD

WebMaster/Network Engineer 06/99-07/99

Integrated Documentum DocPage Server WinNT, Sun Solaris, WorkSpace and Netscape Enterprise Server. Developed and coordinated RightSite, DocBase for GSA Intranet and Internet documents, Oracle8, Oracle Scripts/SQL, IAM.

Global Management Systems Incorporated (Matrix Consultant), Bethesda, MD

Java Smart Card Programmer/ Security Engineer 08/98-05/99

●Researched and developed a smart card, biometric authentication Web application. Stored X.509 Digital Certificate on a smart card to authenticate against an LDAP membership directory, MSCrypto API, RSA, SSL 3.0/linux configuration/administration.

●Integrated embedded Java OS SmartCard cardlet data storage system, S/MIME, ISO card readers. Integrated PKI digital signatures, biometric, Oracle8, Oracle Scripts, SQL/PLSQL, Cardlets/Java cryptography, ADSI 2.0 JCard 2.0/MTS, 1.2 JDK, JBuilder.

Titan Software Systems Corporation (New Boston Consultant), Reston, VA

Software Engineer/Internet Specialist 04/98-08/98

Developed and coordinated Titans internet/SEG Request Tracking/SAP and Personnel equipment System with ASP, JBuilder 2.0/GUI development, servlets lifecycle, VB Scripting, Crystal Reporting. Assisted Titan’s programmers with the migration of four FAA Visual Basic Apps. /16/32 bit, Y2K testing, Oracle8, Oracle Scripts, SQL/PLSQL.

MCI/World Com Telecommunication Corporation, Chantilly, VA

Senior Web/Smalltalk Programmer 10/97-03/98

Designed and developed Web-based applications for trouble-ticket reporting/SQL/Oracle for the Local Systems Help Desk, monitored and maintained LAN networks. Corporate Intranets utilizing Java/VBScript, OOP, Smalltalk/Visual Wave 2.0, Visual InterDev ASP, DHML, XML and IIS 4.0.

OAO Corporation (TAC Consultant), Greenbelt, MD

Webmaster/System Administrator 06/97-10/97

Coordinated the development of Internet/Intranet, and security/IIS 3/4. JavaScript/Java

1.1 (AWT) WEB applets /FrontPage 2.0, NetObject Fusion 2.0. Oracle8, Oracle/linux

scripts,

Sprint/ Global One Infrastructure Design & Development IS (HR Consultant)

Webmaster/Network Engineer 02/97-06/97

Developed and implemented Intranet security applet for ID&D Dept. Duties included HTML conversions, Oracle8, Oracle Scripts, SQL/PL SQL, JavaScript/Java 1.1 (AWT) XML,

WEB applets /FrontPage 2.0, NetObjects Fusion 2.0. Assisted Sr. Network Engineer/System Developers with Netscape Enterprise Server 3/SuiteSpot Components Web Dev. LAN.

Bell Atlantic (Boss Temps/Kelly Services Consultant), Arlington, VA

Java/Smalltalk Programmer 10/96-01/97

● Programmed the online Consolidated Handbook. Duties included JavaScript, HTML conversions and JavaScript 1.1 programming, client/server. Tested software of the accounting/billing applications/Smalltalk, VisualWave, and WEB/documentation for the end-user.

Bechtel- SAIC Company LLC, McLean, VA

Systems Programmer Analyst II/ Security Engineer 01/02-06/02

●Developed, implemented computer web applications/systems software, computer hardware, and/or data communications systems development or modifications.

●Gathered information, analyzed findings, Intrusion Detection Systems (IDSs) security engineering, security+/508 HTML documents conversion, prepared UML conceptual designs, .Net, MVC/Struts Framework.

Meta Group, Reston, VA

WebSphere Portal/J2EE Developer 10/00-01/02

●Developed, implemented, and operated web content-delivered applications. Lead role in Domino Notes R5 server management (web, replication, security, SQL, JDBC/ODBC).

●Re-engineered the migration of Oracle 8i, Domino web-based Predictive Cost Modeling application to J2EE 1.3.1 based E-Commerce solution using static source code analysis.

CISCO Systems (EDP Consultant), Chantilly, VA

Senior Systems Engineer/Java Architect 07/99-09/00

Developed a client/server/OS/390, database tracking system, network configuration, TCP/IP, Internet protocols, firewalls, Virtual Private Networks (VPNs), Intrusion Detection Systems (IDSs) security engineering, and software lifecycle development. Web-based business application for corporate intranets using Java 1.3, JSP/Servlets, Cold Fusion, EJB, XML, XSLT, ODBC/JDBC, Oracle 8, Oracle Scripts, SQL/PLSQL, WebLogic

Tracor International (MBA Consultant), Bethesda, MD

Web Master/ Senior Systems Integrator 06/99-07/99

Integrated Documentum DocPage Server WinNT, linux admin./ Sun Solaris, WorkSpace and Netscape Enterprise Server. Developed and coordinated RightSite, DocBase for GSA Intranet and Internet documents.

Global Management Systems Incorporated (Matrix Consultant), Bethesda, MD

Java Smart Card Programmer/ Security Engineer 08/98-05/99

●Researched and developed a smart card, biometric authentication Web application. Stored X.509 Digital Certificate on a smart card to authenticate against an LDAP membership directory, MSCrypto API, RSA, SSL 3.0.

●Integrated embedded Java OS SmartCard cardlet data storage system, S/MIME, ISO card readers. Integrated PKI digital signatures, biometric, Cardlets/Java cryptography, ADSI 2.0 JCard 2.0/MTS, 1.2 JDK, JBuilder.

Titan Software Systems Corporation (New Boston Consultant), Reston, VA

Software Engineer/Internet Specialist 04/98-08/98

Developed and coordinated Titans internet/SEG Request Tracking/SAP and Personnel equipment System with ASP, JBuilder 2.0/GUI development, servlets lifecycle, VB Scripting, Crystal Reporting. Assisted Titans programmers with the migration of four FAA Visual Basic Apps. /16/32 bit, Y2K.

MCI/World Com Telecommunication Corporation, Chantilly, VA

Senior Web/Smalltalk Programmer 10/97-03/98

Designed and developed Web-based applications for trouble-ticket reporting/SQL/Oracle for the Local Systems Help Desk, monitored and maintained LAN networks. Corporate Intranets utilizing Java/VBScript, OOP, Smalltalk/Visual Wave 2.0, Visual InterDev ASP, DHML, and IIS 4.0.

OAO Corporation (TAC Consultant), Greenbelt, MD

Web Master/System Administrator 06/97-10/97

Coordinated the development of Internet/Intranet, and security/IIS 3/4. Oracle, Java, JavaScript/Java 1.1 (AWT) WEB applets /FrontPage 2.0, NetObject Fusion 2.0.

Sprint/ Global One Infrastructure Design & Development IS (HR Consultant)

Web Master 02/97-06/97

Developed and implemented Intranet security applet for ID&D Dept. Duties included HTML conversions, JavaScript/Java 1.1 (AWT) WEB applets /FrontPage 2.0, NetObjects Fusion 2.0. Assisted Sr. Network Engineer/System Developers with Netscape Enterprise Server 3/Suite Spot Components Web Dev. LAN.

Bell Atlantic (Boss Temps/Kelly Services Consultant), Arlington, VA

Java/Smalltalk Programmer 10/96-01/97

Programmed the online Consolidated Handbook. Duties included HTML conversions and Oracle/Java, JavaScript 1.1 programming, client/server. Tested software of the accounting/billing applications/Smalltalk, VisualWave, and WEB/documentation for enduser.

American Alliance for Health, Physical Education, Recreation and Dance, Reston, VA

Publishing Technology Coordinator 09/95-10/96

Art directed magazine covers, periodicals, and book covers. WEB pages/HTML 2.0, 3.0, VRML 3D, PDF files, Java 1.0/applets/JavaScript 1.0 and FTP file transfer/internet.

Fraser Wallace Advertising (AeroTech Consultant), Reston, VA

Junior Art Director/System Specialist 02/95-08/95

●Designed and managed the production of corporate logos, real estate brochures, flyers, business cards, corp./logos, postcards, etc.

●Assisted Art Director and Network Administrator, monitoring maintaining LAN/Dev. Servers Ethernet Token Ring, software/upgrades, hardware, HTML programming, network/Mac troubleshooting systems, and technical support.

Black’s Guide, INC., The Directory of Commercial Real Estate Information, Gaithersburg, MD

Graphic Designer/GUI Programmer 04/94-02/95

Coordinated, organized electronic maps, charts, logos, and text files for the profile and editorial section, and complete/half-page ads, 4/C, 2/C, B/W fills full/half and Multimedia Presentations.

Chesapeake Publishing Corporation, Waldorf, MD

Composition Supervisor 09/90-04/94

Supervised the composition and advertising, departments. Coordinated the weekly publications and classified sections, graphic design. Assisted system administrator with software/upgrades, hardware, networking Mac/PC, and troubleshooting network/Mac systems.

Education and Training

The Art Institute of Philadelphia, Philadelphia, PA 1988-1990

Associate in Arts in Specialized Technology

Seminars/Workshops/Certificates/Continuing Education

Certified Cyber Security (CC) ISC2 (Udemy 2023)

CompTIA Security+ (SY0-601, CBT Nuggets 2023)

Application Security (SDLC, Udemy 2023)

DevSecOps & DevOps with Jenkines, Kubernetes, Terraform & AWS (Udemy 2023)

AWS Certified Developer Associate DVA-C02 (Udemy, 2023)

Certified Web Application Security Tester (C-WAST, Udemy, 2022)

DevOps (CBT Nuggets, Selenium/Edureka Online Training, 2017)

Jenkins, Splunk, Blockchain Ethereum, Solidity (Edureka Online Training, 2016)

Security Encryption (VTC Online University, 2008-07-11)

Cyber Security (National Foreign Affairs, U.S.DOS. 10, 2012)

Application & Computer Security (VTC Online University, 2008)

Systems Security Certification Practitioner (SSCP, CompTIA, 2008)

CEH Certification & Penetration Testing (VTC Online University, 2008-04-15)

CISSP, CompTIA Security+ (VTC Online University, 2007-03-05)

IT Project + Management CompTIA (Computech Inc., 2003)

SDLC/CRM Orientation, Training Course (US CBP, 2004)

Sun Microsystems: Java 2 Enterprise Edition (J2EE Platform, JSP, JMS, EJB, JSF, JDO, 2006)

PVCS Dimensions Fundamentals 7.2 (US CBP, 2005)

Microsoft Visual Studio, .Net C# Framework, ASP.Net (Meta Group Inc., 2005)

Novell: SilverStream extend Composer and Director/Workbench, J2EE Web Services (ACS, 2003)



Contact this candidate