Post Job Free

Resume

Sign in

Security Engineer

Location:
Winter Garden, FL
Posted:
January 12, 2020

Contact this candidate

Resume:

INFORMATION SECURITY ENGINEER- PRINCIPAL LEAD

Detail oriented, self-starting IT professional with extensive knowledge of cyber security strategies, standards, and network intrusion detection and encryption technologies. Experienced in information systems Cyber Security operations and management for enterprise wide initiatives. Exhibits superior communication skills for the effective management of project timelines, resources and client expectation. Proven leadership capabilities in cost management, providing workable strategies and risk mitigation.

AREAS OF EXPERTISE

Penetration Testing- Red-Team & Blue-Team, Replay attacks

Cyber Range Blue & Red Team Exercises

AWS

Cyber Range Management

Network Hardening

NIST

Cloud Security

Defense in Depth

Vulnerability Management

Two Factor Authentication

Vulnerability Assessments

Firewalls, Routers & Switches

Intrusion Detection/Intrusion Prevention (IDS/IPS)

Systems Security Engineering

Strong Written & Oral Communication Skills

Team Leadership

IP Networking IPsec, SSL, TLS, DNS & Proxy Services

Strong Diagnostic & Problem Solving Skills

TOOLS

Defensive Monitoring

Network Traffic Analyzers

PKI Tools

Identity & Access Management

Penetration Testing

Snort®

Wireshark®

Symantec MPKI

Airwatch

Kali Linux

ArcSight

EtherApe

Venafi

Cisco ISE

Burp Suite

Cylance Optics

Nmap

OPERATING SYSTEMS & VIRTUAL TECHNOLOGIES

Windows (Win. 10, Server 2012 R2, Server 2016)

Linux (Red Hat, Ubuntu)

Citrix VDI

Cisco Identity Services Engine (ISE)

EDUCATION & TRAINING

CISSP® - Certified Information Systems Security Professional (403797)

University of Maryland University College

Graduate Certificate: Cyber Security Technology

University of Maryland, Baltimore County

B.A.

PROFESSIONAL EXPERIENCE

Principal Security Consultant Remote Jun.2019-Jul.2019

Cylance Inc.

Worked in professional services at Cylance under the vCISO program providing strategic services working as a Virtual CISO.

Conducted Purple Team exercise to test incident response plans and managed security services providers through targeted penetration testing and assessment of blue team response.

Perform Incident Response Readiness Assessments to assess the maturity of a client’s documentation configurations.

Worked with clients on Table Top exercises across a variety of security related activities.

Perform security tools assessments for clients to gauge their maturity and ability to response to security incidents and events.

Principal Consulting Security Engineer Remote Mar. 2017-Feb. 2019

Synchrony Bank, Lynx Technology

Worked on team providing security engineering to Synchrony Financial business applications migration to the Cloud.

Worked with network operations to remodel network topology to increase security to include; hardening of firewalls, Blue Coat Proxies, IDS deployment, network protocols, etc.

Developed and wrote policy for security awareness and encryption, to include top level policy as well as procedures.

Engineered, deployed and maintained Synchrony Financial PKI systems related to Identity and Access Management for Cisco ISE, Airwatch, Mac and user authentication.

Worked with AttackIQ FireDrill to perform security hardening of virtual servers, desktops and issued laptops.

Created and managed the Certificate Templates used for: Certificate Auto-enrollment, Mac SCEP Certificate Template, AirWatch Cloud SCEP Template and all code signing, digital and user certificate templates.

Migrated AirWatch Mobile Device Management from an integration with Symantec MPKI to a SCEP based secure Cloud Solution with HydrantID.

Principal Consulting Security Engineer Remote Jan. 2016-Feb. 2017

Atlas Air Inc., Momentum Resource Solutions

Act as the principal consulting security engineer for all Atlas Air IT Security projects to meet federal government NIST Special Publication 800-53.

Worked on team engineering and deploying new IDS/IPS, Endpoint protection, network firewall configuration and SIEM.

Conducted security scans and review of the DMZ to assess vulnerabilities and remediate threats as part of a complete DMZ redesign.

Provide security engineering for the Atlas Air CyberArk upgrade and redesign project, to include requirements gathering, security architecture review and design upgrading CyberArk from version 8.1 to 9.6. This includes integration with DUO two factor authentication to provide increased security controls for privileged accounts.

Provide security engineering for the Atlas Air Cisco Identity Services Engine (ISE) design project, to include requirements gathering, security architecture design and review, as well as final state security assessment.

Provide Security engineering and testing of a newly deployed secure Guest Wireless Portal to replace the current insecure Guest Wireless Portal.

Function as Atlas Air Public Key Infrastructure (PKI) subject matter expert designing a new enterprise wide PKI infrastructure leveraging Hardware Security Modules (HSM) for offline root CAs and Online Intermediate Issuing CAs, with distributed High Availability (HA) Certificate Distribution Points (CDP) for Certificate Revocation Lists (CRL).

Senior Information Security Engineer Remote Jan. 2015-Dec. 2015

T. Rowe Price., Merritt Technical Associates

Conducted security assessments of vendors working with T. Rowe Price to assess security controls, vulnerabilities and risk levels and provide a vulnerability assessment report identifying vulnerabilities and a remediation plan.

Responsibility for building and maintaining the entire Microsoft Certificate Services internal PKI infrastructure for T. Rowe Price, to include; building and maintain intermediate Certificate Authorities in the Production, Development and Quality Assurance environments.

Maintained root keying material for all three offline root Certificate Authorities.

Maintained and updated the Certificate Revocation List CRL for all three intermediate Certificate Authorities.

Configured and administered Safenet Luna Hardware Security Module HSM in a High Availability HA, environment.

Engineered, tested and deployed Keyon Registration Authority RA, as part of T. Rowe Price’s enterprise wide PKI infrastructure upgrade. The Keyon Registration Authority was the first step in improving PKI practices by improving certificate tracking, renewal and issuance.

Senior Consulting Security Engineer Remote Jan. 2014-Dec. 2014

Bank of America, Ettain Group Inc.

Developed and documented the Bank of America Certificate Lifecycle Management Governance Program that outlines the organization, responsibilities and operations of the Certificate Governance Compliance Team.

Analyzed Bank of America Public Key Infrastructure (PKI) certificate management documentation and provided detailed documented industry best practice process improvements.

Supported Bank of America Line of Business Public Key Infrastructure administration efforts on Venafi Encryption Director (VED).

Provided PKI certificate consulting to Bank of America CIO/CTO technology teams using Venafi to include; training, troubleshooting and technical support.

Developed and documented procedural documents for Certificate Governance that outline the processes and procedures for executing the Certificate Governance Program.

Senior Information Security Engineer Hanover MD June 2012-Nov. 2013

Computer Sciences Corporation (CSC)

Developed the Cryptographic Module (CMVP) & Cryptographic Algorithm (CAVP) programs for the U.S. labs by leading the program successfully through the NVLAP laboratory accreditation process.

Use network traffic tools Wireshark & Wireplay to perform penetration testing such as generating SSL keys and capturing them to perform replay attacks on network appliances.

Perform validation testing of cryptographic systems to validate conformance claims to FIPS 140-2 standards and generate testing reports for National Institute of Standards and Technology NIST validators.

Perform extensive penetration testing of hardware and software environments to harden the final product.

Performed fedRAMP testing of cloud-based products for sale and use by the federal government, using NIST 800-53 and FIPS 199.

Provide hands on team management, oversight and training to junior security engineers in network security engineering, cryptographic algorithm evaluation and validation and penetration testing methodologies.

Use strong communication skills to interface directly with vendors and clients through all stages of security certification and kept projects on budget and time with weekly status calls and constant communications of projects needs.

Create reports for management, vendors and NIST validators on project status and technical test findings.

Sr. Information System Security Officer (ISSO) Washington, D.C. July 2010-June 2012

Immigration & Customs Enforcement (ICE), Department of Homeland Security/ Knowledge Consulting Group

Team management of all Cyber Security tasks for the ICE Office of Professional Responsibility, across two enterprise information systems providing effective management of project timelines, resources and client expectation and cost management.

Used CCURE 9000 to provide IDAM identity and access management to ICE assets through two factor authentication utilizing a PKI (Public-Key Infrastructure) certificate authority and PIV (Personal Identification Verification) cards.

Deployed Juniper Netscreen Firewalls to create end to end VPN and VLAN to segregate and protect mission critical information such as physical access control databases & surveillance video used in the protection of Immigration & Customs Enforcement assets and personnel. The Juniper Netscreens functioned as both firewalls and Intrusion prevention systems by blocking all traffic not originating from a Juniper Netscreen by utilizing point to point AES 256 encryption.

Performed security operations on a point to point firewall Virtual Private Network VPN configured to provide increased security and confidentiality for an agency wide IDAM.

Utilized Tivoli/BigFix endpoint manager to remotely schedule patches and server restarts, as well as to diagnose system performance and perform security audits of system settings.

Provided Cyber Security consulting to executive level management for all other security documents, for example, security incident reports, security product recommendations, operating instructions, technical vulnerability reports, and contingency plans.

Lead yearly table top training for contingency testing to insure all key stakeholders in Disaster Recovery roles are identified and trained to perform the needed COOP actions in the event of a system interruption.

Cyber Security Analyst Washington, D.C. October 2009-June 2010

Federal Aviation Administration (FAA)/ Endeavor Systems

Analyzed and developed baseline security requirements for FAA Internet Access Points (IAPs) based on FAA security policies written to comply with FISMA regulations and NIST standards

Review FAA Security Authorization packages, to determine baseline security requirements for existing systems and prepare for compliance interviews with security personnel on site

Review security policy documents to evaluate current program guidelines and procedures

Conduct independent, on-site system information assurance reviews of the management, operational, and technical security controls, in accordance with mandatory regulation

Generate reports on degree of system compliance to information assurance Federal FISMA Regulations, NIST Special Publication 800-53, and FAA Security Orders

Brief Information System Security Managers (ISSMs) & CISO on observations and recommendations to enhance their information systems assurance program

Work with ISSMs on the remediation efforts of vulnerabilities discovered during the information assurance review of the security program and systems



Contact this candidate