Truong Q. Thai

ad2hov@r.postjobfree.com

Fairfax, VA - 571-***-****

SUMMARY

Experience with SIEM deployment, vulnerability assessments, System Architect.

Experienced ArcSight/Splunk/AWS solution architecture.

Fifteen years in SIEM security and 22 years in Unix system administration, Oracle, System Engineer.

PROFESSIONAL EXPERIENCE

DHS/OBIM/GDIT (2018 - Present)

Senior SIEM Security Engineer/Security Compliance Engineer/AWS Security Engineer

Deploy new technical refresh ESM, Loggers, ArcMCs, and SmartConnectors.

Install/Configure data inputs and forward data to the central Splunk ES for data ingestion.

Create correlation rules to detect complex security threats by combining different data sources.

Support AWS team to migrate a workload running in Corporate Data Centers to AWS (Terraform).

Set up a VPN/Direct Connect to allow on-premises to connect a secure connection w/ AWS. Work with MS Active Directory and the AWS Managed AD. Work with AWS EC2 instances, EBL Security Group, ACL, and AWS IAM (Identify and Access Management) policies.

Created an executive presentation of infrastructure costs for SAP migration project from On-Premises to AWS using Ansible.

Support ISSO client with POAM artifacts findings to meet NIST 800-53 compliance requirements.

Develop and update security authorization packages per client requirements and compliant with FISMA to include System Security Plan, Risk Assessment Report, Security Assessment Plan and Report, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, RMF, and ATO etc.

Validate protective measures for physical security to deal with HAPOLICIED, SELinux, Windows Audits, and audit.rules.

Develop/coordinate testing and training on contingency plans and incident response plans.

Perform risk analyses to determine cost-effective and essential safeguards.

Perform security control assessment using NIST 800-53A guidance.

Experience working with the following:

oIP networking, networking protocols, and understanding of security DHS-related technologies including SSL/TLS encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, and VoIP.

oInternet, web, application, AWS (Netflow, CloudtrailDHS//CloudWatch) and OneNet and OBIM network security techniques.

oRelevant operating system security and STIGS/SELinux audit policies (Windows, Solaris, Linux, AIX, Oracle, AWS).

oTenable scanning and intrusion detection products and import data CVE files into ArcSight.

oFederal regulations related to information security (FedRAMP, FISMA, RMF, STIG, DHS 4300).

oData feeds: Windows, RHE, AIX, Susse, AWS, Oracle, WebLogic, McAfee, Sophos, Nessus SM, F5, VoIP, SANs, and VCenter).

oTracking security policy violations, unauthorized activity, and providing an audit trail for investigation.

Fannie Mae (2016 -2018)

Senior Cyber Security Engineer/ISSO

Experience with ArcSight SIEM/Splunk systems in three ESM instance environments to include ArcSight ESM Manager 6.8, ArcMC 2.6.1, SmartConnect 7.0 through 7.7, Connector appliance, Logger Pool v 6.5, Windows Server 2008. Linux V6.8, network devices (F5 ASM, FireEyes, BlueCoat, IronPort, Swift, checkpoint, McAfee EPO, Guardium, zScaler, Anomalies, NAC, AWS CloudTrail, and FireEyes).

Oversaw the development, review, and consolidation of the cyber operations SOPs.

Initiated/maintained after action reports (AAR) to ensure operational continuity.

Managed the continuity of operations plan (COOP) documentation.

Helped develop/support automated solutions for SIEM deployment in on-premises and cloud environments.

Led the process to gain authorities-to-operate for software systems using the RMF standards.

Analyzed enterprise-level security architectures, network management architectures, communication

architecture, and key management.

Accrue Partners (2015 - 2016)

Cyber Security Engineer - TIAA CREF/ Financial Services Project

Supported the operation and maintenance of ArcSight Security Information and Event Management platforms, including four ArcSight ESM Managers, six Connector Appliances, six Logger Appliances, and sixty Agent Servers (SmartConnectors/FlexAgent).

Built/implemented security solutions in Windows (WUC/WEC), NetWitness, Symantec SEP EndPointProtection, IntruShield, BlueCoat, DLP Vontu, IronPort, FireEyes, and Invincea.

Performed real-time analysis of caching events, events loss, malicious activities.

Helped build/implement event correlation rules and content in ArcSight, and logic to filter out security events associated with known false positives or known errors.

TC CyberSecurity Consulting Company (2014 - 2015)

Senior ArcSight/Splunk Security Engineer

Performed SIEM evaluations.

Integrated Splunk/QRadar with ArcSight SIEM.

Identified issues in CEF/CIM event format, Splunk App for Windows, IDS, FISMA, and Stream PCAP.

Assessed the capacity planning at ESL level to determine the current workload of incoming for Splunk data for future deployment.

InsightGlobal (2014 - 2014)

Senior ArcSight/Splunk Security Engineer (ATK Inc. Project)

ArcSight SIEM/Splunk components installation, implementation, and deployment.

ESM, Logger, Smart Connector and Flex Connector troubleshooting and setup.

Health checks & configuration of rules, reports, dashboards, data monitoring etc.

Stock ArcSight connector installation, migration, and maintenance.

Experience with system administration in both Unix and Windows technologies.

VariQ Corp (2012 - 2013)

Senior ArcSight Security Engineer

Performed standard O&M activities for the ArcSight SIEM using TSA infrastructure program requirements.

Used SIEM tools to monitor and analyze network performance and cyber security incidents and reports to detect vulnerabilities and anomalies or problems or issue.

Used ArcSight ESM to elevate threat items to incident responders.

Developed ESM rules, reports, dashboards, data monitors, active channels, and trends.

Used cases to identify threats and optimize data mining.

Analyzed current and proposed configurations to ensure compatibility within the overall system.

Tangible Software Inc ( 2008 - 2012)

UNIX Security Engineer/ISSO Information Portal at FBI HQ

Lockheed Martin Inc (2006 -2008)

Unix/Windows System Administrator & FBI Sentinel and EDS Project

Pragmatics Inc (2003 -2005)

Solaris System Administrator for JOPES Project

System Administrator/Technical WPS Support

Network Engineer/ Network Administrator/Network Support Analyst

Computer System Analyst

Computer Science Corporation (1997- 2003)

System Administrator/System Hardware Integrator

AlliedSignal Technical Services Corporation (1991 – 1997)

Data Management Analyst

Spacecraft System Engineer/Hubble Space

Data Operation Controller

EDUCATION & CERTIFICATES

Education: Bachelor of Science in Computer Information System graduated in 1993

Certificates:

oCompTIA CASP+ (2023)

oAmazon Web Services Certificate (2023)

oMultiCloud & DevOps (2023)

oHP ArcSight ESM Administrator (2016)

oRSA NetWitness w/ ArcSight (2015)

oCyberGuard Firewall TSP Administrator (2012)

Work References 1991 -2012 available upon request

Contact this candidate