System Security Engineer /PKI Engineer
Resume:
CLAUDE HARRIS III
Phone 484-***-****
adb60q@r.postjobfree.com
SUMMARY: Talented, results-driven Information Security Professional with versatile, cross-platform experience in systems/network architecture and security. Experience in hardware, software, networking, and security technologies, analyzing network security deficiencies and violations, performing risk assessments, audits, vulnerability assessments, and penetration tests. Delivered solutions implementing administrative, technical and physical controls establishing security management, protection of assets, and compliance. Demonstrated organizational and interpersonal skills working across departmental boundaries while maintaining strong communications and disseminating information from technical to comprehensible language to management, peers, and users. Performed as a highly motivated, goal-oriented team player with ability to work on projects alone.
EDUCATION Bachelor of Arts, Applied Mathematics (minor Computer
Science), Oakwood University, Huntsville, AL
TECHNICAL HIGHLIGHTS
2003/2008/2012/2016 Active Directory Engineer
Security + CE
A+ certified
Network + certified
MCP certified
ITIL V3 certified
AMAG Certified
OCSP System Administrator
Wireless Configuration and security, WEP, WPA2
Certification Lifecycle Management
Implementing RAS, VPN, Norton Ghost, RIS, maintaining all Microsoft Server environments
Tumbleweed OCSP
Infrastructure Engineer
ACAS/Nessus/ DISA STIG Scan and Remediation
DRA 8.1, NetIQ
LandDesk Management.
Virtualization technologies
(ESX/ESXi)
Luna Safenet, HSM, RSA
EXPERIENCE
March 2019 – Present Cerner
Directory Services Engineer
Ensured standardization, compliance and enforcement of Air Force policies and NOSC daily operating procedures. Maintained user, group, and computer accounts for the AETC enterprise network. Managed Group Policy Objects (GPOs) throughout the Active Directory (AD) enterprise. Developed project plan, served as primary task resource, implemented and migrated domain from Windows 2008 R2 to Windows 2012 R2. Responsible for developing, engineering, deploying and supporting comprehensive solutions based on the MHS unique and complex requirements and problems as they relate to identity and directory services.
August 2017- March 2019 Canon
Infrastructure/Security Engineer
Implement the PKI infrastructure for the Cyber Security program in conjunction with DOD standards. Provide ACAS Nessus security scan reports to management and remediate any anomaly’s, vulnerabilities and misconfiguration as it relates to compliance. Conduct compliance and vulnerability assessments on UNIX, Windows, networking, databases, virtual environments, applications, and Web servers. Penetration testing manual and automated methodologies to identify, assess, and report security risks. Prioritize findings based on risk and document detailed corrective and remediation plans and actions. Communicate threat, vulnerabilities, and risk information to stakeholders in executive management positions clearly and recommend solutions for client technical and security challenges. Provide full life-cycle operational and cyber support and differentiated capabilities to meet our customer’s challenging mission. Direct the preparation for CAC enabled PKI DOD standards deployment. Inspect operational status of servers and applications. Correct PKI/Kerberos anomalies and warning conditions; review logs as necessary. Responsible for patch management and DISA Security Technical Implementation Guides STIG remediation and security compliance which also includes vulnerability patching of servers and applications. Provide security review and analysis of business requirements as well as the design of solutions for new and existing applications. Create and maintains functional and technical design specifications and solutions to satisfy security project requirements required by DISA. Plan and direct upgrades and enhancements to operating systems and CAC enabled applications. Develop and maintain/update standard operating procedures. Identifies and implements appropriate testing strategies. Executes all steps required to deploy/implement the application solution in preparation for audit. Providing engineering and integration support, administering, maintaining, and deploying various PKI and multifactor authentication systems. Build PKI Lab and perform Proof of concept and test environment for future software upgrades.
January 2015- August 2017 (Knight Point Systems) Food and Drug Administration
PKI Enterprise Engineer
Resolve all failures related to the PKI Certificate Authority infrastructure. Operate, maintain, manage, and upgrade the entire agency PKI/PIV infrastructure. Administer, operate, and manage the Certificate Authority environment including the management of trusted root certificate chains in the Active Directory. Provide all Tier Two and Tier Three hardware and software support for the PIV functionality PIV enabled multifunction printers and their associated smartcard readers. Provide all Tier Three remote support for the PIV functionality of the PIV enabled multifunction printers and associated smartcard readers in the agency district, regional, and field offices. Install and configure middleware software required for PIV compliancy. Modify PKI Group Policy Object settings and update scripts for helpdesk personnel when necessary to remediate certificate-related issues. Utilized NetIQ IAM to manage FDA environment. Recover, download, and install escrowed certificates for all users and systems requiring access to data encrypted with previous certificates Perform all network and system non-PIV Certificate issuance tasks for Public Trust, Common Policy, and Certificate Authority issued certificates. Download, deploy, configure, and troubleshoot the Access Card Utility (ACU), and ActivClient software create, manage, and maintain installation guide, SOP, and CONOPS documentation.
December 2013- January 2015 (RPI Group) Marine Corp Quantico, VA
PKI Infrastructure Engineer
Directly support the Marine Corps implementation of DoD PKI with operational focus on the implementation, management and sustainment of the Marine Enterprise PKI. Work directly on the continued implementation of the DoD PKI within the Marine Corps, both NIPR and SIPR, to include enterprise certificate validation infrastructure, directory services and support to deployed forces. Responsible for the management of USMC PKI Infrastructure as it relates to use of DoD PKI and CAC and SIPR Token. Certification Lifecycle Management and Participate in the implementation and management of all SAN and VM Infrastructure associated with USMC PKI. Responsible for the implementation and management of all USMC hardware security modules. Use systems analysis techniques and procedures, including consulting with users to determine hardware, software, or system functional specifications. Also serve Enterprise Information Security with responsibility of helping to secure the Marine Corps worldwide network and enable two-factor authentication to Marine systems. Analyze PKI and PIV-I requirements, policies, and procedures to help define viable courses of action to integrate PIV-I smart cards into the Marine Corp enterprise. Assist with the coordination all PKI and PIV-I requirements across multiple internal and external stakeholders. Assist with the development and maintenance of PKI documentation, including PKI policy documents, system guides, outreach material, lessons learned fact sheets, and help desk FAQs. Perform Tier 3 helpdesk support for PKI-related issues. Research and maintain proficiency in PKI policy, tools, and trends.
July 2011 – October 2013 (MRE Technology) Pentagon, Arlington VA
Information Assurance Officer
Symmetry 2008 Administrator, system programmer, and technical expert for NCC Network Control Center and the AMAG access control system. Responsible for leading a multi-discipline technical team containing a mix of senior and junior engineers with electrical, software and systems engineering backgrounds specializing in the design, integration, validation and certification of DIACAP. Primary interface with Senior and Executive Leadership, reporting the status/progress on the IA/SSA Team performance. Guide team members on the utilization of systems and hardware design processes and provide assurance that the design activities are consistent with requirements for product safety, reliability, maintainability, performance, qualification and certification. Responsible for the development of artifacts required to achieve DIACAP (DoD Information Assurance Certification and Accreditation Process) Certification.
Responsible for remediation reviewing, writing and evaluating all types of security related papers and documentation that is required for product certification. Ensures that system requirements are correctly implemented into the overall system architecture, and will help oversee security related testing for the system. Routinely update system, resolves system problems, submit service requests, perform maintenance on access control equipment, grant access to restricted areas and trains personnel on access control systems. Manage the database, grant access to database, conduct system updates, and develop format for reports as needed. Support access control center. Provide on-call 24/7 Maintenance Support service for the Pentagon. Document service and installation actions by completing forms, reports, logs, and records. Assist with performing a variety of tests to determine whether product functions as specified; determine cause of product failure; analyze test results. Design, build, maintain and clean up Windows Server 2003, Active Directory environment. Managing and maintaining the performance of network, Servers, OS, security, network configurations, and 3rd party software. Provide technical support and guidance to users as needed. Design processes to improve efficiency of corporate network.
October 2008 – July 2011 (SRA International) Army National Guard, Fairfax VA
Enterprise System Administrator
Managed configuration baselines for FDCC Compliance within Army National Guard organization. Manage all the states exchange and active directory domain controllers. Retrieve FDCC regulations regarding permissions and granted user rights to certain applications and processes. Enabled effective configuration management from discovery of all systems connected to the network through establishing and managing the baselines across those systems, and identifying where those system drift from their expected configurations. Deployed and maintained PKI certificate validation using Tumbleweed Online Certificate Status Protocol (OCSP), Tumbleweed Desktop Validator and ActivClient to allow for smartcard authentication using DOD Common Access Cards (CAC) also known as Smart Cards. Certification Lifecycle Management and managed all state and enterprise OCSP servers which includes configuring the server, install applications, set up user accounts, configure host and network interface, assign security privileges and access controls for accounts and other trusted roles, create procedures to support recovery from catastrophic system loss, perform system backups, perform software upgrades and recovery, change the host or network interface configuration, generate OCSP Responder certificates (for Root VA only), install OCSP Responder certificates and initiate ARNG OCSP Responder certificate requests. Facilitated effective planning, controlling, troubleshooting and reporting on FDCC Group Policy changes. Responsible for building, testing and delivering a standard Server for deployment across Defense Logistics Agency ‘s enterprise class network, using a Hercules distributed network architecture as part of HBSS security solution. Myself along with the EOSS Team directly supported the Army National Guard CIO/G6 in preparing for and receiving a successfully 'passed' Department of the Army Inspector General (DAIG) inspection of Information Assurance (IA) policies, practices, and procedures. (Only 7 of 52 activities have passed this DAIG to-date) . Took lead on IAVM and STIG(Security Technical Implementation Guidelines) compliance for System Services Enterprise servers providing POAM and Mitigation plans. Assisted other System Services team members with IG issues. Created GPOs for different server groups, and wrote numerous documents that was required for IG submission.
June 2007- October 2008 Aptify, Washington, DC
Network Administrator
Administer accounts on Active Directory servers, network domains, application processors, appliances, and other computing equipment, including, but not limited to account creation, modification, and deletion, and privilege and rights administration. Maintain LAN network operability as well as connectivity to the Corporate WAN. Maintain and document wiring infrastructure in a neat and orderly manner. Recommend information technology strategies, policies, and procedures by benchmarking technology/processes/organization, identifying problems, evaluating trends, and anticipating current and future requirements. Maintain and administer information security applications. Provide security administration in a Windows/Active Directory environment. Manage exchange and email related applications. Perform backup job maintenance. Manage the fileserver for all the local and remote users. Update and manage the Symantec Antivirus server. Manage Cisco Unity Phone system creating accounts and “Punching” phone lines. Responsible for corporate messaging environment comprised of email and instant messaging. Design and implement new network solutions. Manage network resources and personnel. Provide guidance on projects as needed. Oversee Active Directory and Exchange operations for an international infrastructure. Perform Windows 2003 server installation, configuration, administration, management and monitoring, including all patch and service pack levels. Perform Active Directory and Security Management, including Group Policy Objects. Perform Exchange server administration and maintenance. Perform backup recovery (Backup Exec). Expert knowledge of Microsoft applications and Anti-Virus/Spy-Ware/Spam support. Work with the IT Manager and all IT team members to assess and solve all enterprise-wide IT issues. Create and assist in the management of user e-mail accounts.
November 2002- June 2007 Howard University Hospital, Washington, DC
Network Specialist I
Installed workstations on our local and wide area networks using XP operating systems and XP office along with a wide variety of application programs. Assisted in evaluating new hardware and software; advised users and administration on hardware and software alternatives; recommended standards for selection of software to ensure it met user needs and was network compatible. Provided network performance monitoring with Loadrunner, reporting, identification and resolution of network issues. Participated in the development of network standard and operational procedures by building on Cisco technology while using their switches and routers because of the security level. Applied technology that is in compliance with HIPPA (HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT), which keeps the hospital compliant with governmental laws. Diagnosed, repaired, and oversaw hardware failures of servers and workstations; maintained inventory of equipment and parts; maintained maintenance contracts by using Track it! software. Provided ongoing maintenance of existing Cisco network systems by closely monitoring activity on our Siemens interface. Responded to help desk calls servicing users; troubleshooting computer problems and developing solutions; made minor repairs to equipment and arranged for other servicing needs. Solved computer network connectivity issues with the internet and the intranet. Provided major support with Norton Antivirus software to protect the network from viruses and unauthorized personnel. Assisted in all aspects of internet access and development projects. Assisted in all other areas as necessary and maintained a positive working relationship with office network specialist. Ran backups for the different servers such as the SNA/Openlink server which runs an application called Invision, which keeps the hospital HIPPA compliant. This particular server also holds sensitive radiology and pharmacy information. Installed work stations and implemented the banking software. Tested network connectivity between the bank and remote servers. Made sure that deadlines where met and “Go Live” dates were in place for deadlines. Communicated with the central office to make sure that network security had not been jeopardized during the installations of the “Go Live” dates that were in place.
September 1997- May 2001 Oakwood College, Huntsville, AL
Computer Lab Tech
Provided standard administrative technical support and production services for information that supports end users. Performed routine hardware and software maintenance on computers in campus computer lab. Assisted students\staff with configuring email accounts, mapping network drives and attaching to various computer peripherals such as printers and scanners. Assisted in computer classes by coaching and tutoring individual students in class assignments. Evaluated new software for potential usefulness in lab; make recommendations regarding new purchases as requested. Maintained inventory of lab supplies/equipment and reordered as needed.
SKILLS
-Outstanding leadership skills, excellent communication skills
-Effectively assess technical issue and present innovative technical solutions to management
-Achieved success developing and implementing IT projects from the planning stages to execution
Contact this candidate