William Lappner

***** ****** ****

Austin, Tx ***58

Cell: 737-***-****

adu9z0@r.postjobfree.com

SUMMARY OF QUALIFICATIONS

· Network Mapping- Compilation of electronic inventory of the systems and services on a network.

· Security Assessment- Able to identify and evaluate potential network security holes by using vulnerability analysis tools to probe internally and externally to extract risk assessment.

· Risk Management- Effective management of vulnerability data with the use of security tools such as Nessus, Foundstone, Kali Linux, Retina and Metasploit..

· Decision Support- Communicates results through comprehensive reports and charts that contribute to making effective decisions to improve an organization's security posture.

· Security Policy Development- Defines and enforces valid security polices when used during security device installation and certification.

· Network Design- Ability to design information systems with the highest availability and security while ensuring alignment with business core objectives.

· Open Source Linux- Have experience implementing cost effective solutions on Linux platforms to include network monitoring, session monitoring, bandwidth monitoring, vulnerability assessment, pen testing, File Integrity Management (FIM), log aggregation and centralized IDS management.

· Network Analysis- Implemented LAN/WAN analysis to analyze traffic and determine bandwidth utilization using: Netscout, Cacti, MRTG and Nagios.

· Security Integration Services- Implement and support firewall, IDS/IPS, VPN technology, AAA security, and maintenance of security mechanisms that are critical to achieve the level of protection required. Routinely monitor and test to ensure the highest security practices are enforced into policy.

· PCI, GLBA, NIST, FISMA and HIPPA compliance and implementation experience.

PROFESSIONAL EXPERIENCE

ACE Institute- Systems Administrator (VRRAP program)- Elmhurst, NY Apr 2021 – Aug 2022

· Managed and administered Windows 2019 and 2016 Server Domain Controllers via VMWARE virtualization.

· Administered Cisco Routers, switches and ASA Firewalls in virtual simulation using Cisco Packet Tracer. Project included designing and configuring various campus networks. Managed these networks using Cisco CLI and GUI management interface. Created secure Cisco routing and switching design using VLAN technology. This includes information on using router diagnostic commands, Cisco network management tools, and third-party troubleshooting tools.

· Provided documentation to include Visio designs on these simulated WAN and LAN networks.

Field Nation- Network Engineer- New York, NY Sep 2018 – Feb 2021

· Configured and administered Cisco Routers, Switches and ASA Firewalls in an enterprise network environment for campus sites to include: subnetting and network segmentation (CIDR blcoks/VLSM) of new networks configuring network interfaces, creating VLANs to communicate to secure segmented access to multiple VLANS at layer 2 switch level. configured dynamic routeing to all Cisco Routers via RIP v.2, EIGRP, OSPF, MPLS and BGP (interior ATM pvc ILMI to Frame Relay via pvc DLCI networks and external BGP using ASN). Created secure access-lists on both internet routers and firewalls at the DMZ for exterior Web Servers, DNS servers and external Mail Server (relay SMTP). Installed crypto cards on Cisco 5505 ASA Firewalls to implement VPN tunnels. Configured both site to site and remote access VPN tunnels for remote site clients and systems administrators. Have experience troubleshooting connectivity issues from both the endpoint client to the internet router.

· Provided cable management for SOHO network environments such as terminating patch panels using 110 punch tool so that clients can access to the swtiches between cascaded VLANs. Also laid plenum grade CAT5 cables to overhead and terminated endpoints into the female RJ45 socket connectors cubicles. Have experience terminating RJ45 Ethernet Connectors onto patch cables for endpoint devices and network appliances. Have experience using a CAT5 Fluke cable tester to ensure connectivity at all levels from the network switch to the female RJ45 socket endpoint client that the PC connects to. Furnished Word, Excel spreadsheet and Visio documentation on all matters relating to network implementation and infrastructure for the intellectual property of the company.

· Installed and configured fibre channel LC connectors for both Cisco MDS 9200 series fibre channel switch and Brocade 6505 multi layer SAN switches to provide for disaster recovery, high availability, scalability, and a dynamic storage solution in an MPLS environment environment. Installed Nagios on Linux to provide for network monitoring solutions on all network appliances, devices and SAN infrastructure.

VISA Inc.- Sr. Cyber Security Engineer/Analyst- Aug 2013 – Dec 2013

· Furnished Visio illustrations on the physical, logical and Enterprise Logging integration architectures encompassing multiple data centers across

VISA’s Global Information security infrastructure. This architecture includes vendor technologies such as Q1 Labs SIEM, Splunk (log aggregation and

filter scripts), Hadoop, IBM Guardium (DAM), DOP server for metrics reporting (bash shell scripts), Cold storage archiving with GreenPlum DB.

Design topology security model includes: Physical classification, logical classification, and reporting flow encompassing the Enterprise

Logging and Q1 Production SIEM environment. This architecture is comprised of production QRADAR version. 7.2 (MPC) and multiple EP/EC’s

distributed globally as well as QA Lab SIEM environment for testing purposes (i.e. enrollment on new parsing formats, patch upgrades, untested binary

utilities in Console Services, etc).

· Performed EPS and storage capacity reporting on all Q1 SIEM appliance components in Visa’s global Enterprise Logging infrastructure. The reports

generated in various formats such as graphical.pdf for executive reporting and in metric table data (.xls) to be imported into technologies like Tableau.

· Provided gap analysis/audit on all devices in Visa’s global Enterprise Logging on all Open Systems collecting data, technologies include: Windows

2008, Windows 2008 R2, RHEL 5 & 6, Sun Solaris, and AIX systems. This exercise involved extensive analysis on pervious documentation on

Technical Security Requirements, running queries against sample hosts, thorough review of raw logs/UTF payloads, assessing design requirements

(TSR), contrasting inventory lists, and discovery of devices/assets collecting and not collecting data (Open Systems only).

. Generated multiple reports for metric reporting to include devices such as Firewall, IDS/IPS, AV systems, WAF, Proxy Servers, Windows and Linux

Servers. Also provided reporting and CRE/BB rulesets for emerging threats such as APT attacks, BotNet C&C threats, Ransomware detection,

Malware discovery, IDS/IPS blocks, and Anti Bot blocks.

Nationwide- Sr. Security Consultant (Endpoint Security)- Columbus, OH Jun 2013 – Jul 2013

· Provided Gap Analysis on Nationwide’s endpoint security infrastructure Excel spreadsheet. This analysis included reviewing Nationwide’s current endpoint security posture from a 3 tier layer security perspective (Physical Layer, OS Layer, and Application Layer). This consisted of identifying specific threats to Workstations, laptops and servers running Nationwide’s current security endpoint products to include: McAfee ePO suite (EEPC, AV, HIPS, ), FireEye and Symantec DLP,

· Made recommendations on how to improve Nationwide’s security posture from both an architectural endpoint security perspective and client side protections to the current emerging threats such as APT, BotNet C&C attacks, Ransomware, and forms of sophisticated malware.

· Performed an OS and application security assessment on OS images to for all laptop and workstation platforms. Also performed security posture assessments for all RHEL 5 & 6 severs. As part of the assessment review process I furnished a an OS/Application hardening guide for all RedHat Linux servers running on RHEL 5.x & 6.x code.

Ogilvy and Mather World Wide- Sr. Cyber Security Consultant- New York, NY Sept 2012 – Oct 2012

· Furnished Visio design on both the Physical and Logical designs encompassing multiple data centers across Ogilvy’s global Security

Infrastructure. Architecture includes perspectives AAA Authentication, Wireless security, SEIM infrastructure, Application security and overall Network

topology security model. SIEM infrastructure includes the physical design classification with multiple sites hyperlinked to the logical design

which is comprised of the Q-1 Lab Qradar SIEM: Magistrate Processor Core (MPC), multiple EP/EC’s and Q-Flow Collectors. These Ogilvy’s

current illustrations to include traffic patterns from endpoints (raw data/event data), Event Collectors, Q-Flow Collector, Event Processor Engine,

Rules Correlation Engine, and both Database Servers (Ariel and Posgres SQL DB).

· Provided gap analysis/audit on all devices in Ogilvy’s global SIEM network that needed to collect data, This exercise involved extensive reporting,

assessing design requirements and inventory lists, and discovery of devices and assets collecting and not collecting data. (Methodology: host

discovery, port mapping, and OS/Application fingerprint scanning, QRADAR log reports, etc).

· Performed EPS, storage capacity, and hardware sizing assessments (in command-line Linux) to provide for a roadmap to increase performance for

the addition of new devices collecting data.

· Provided recommendations for increased performance, scalability, capacity planning (storage and device licensing), online storage to satisfy

NIST and SOX compliance requirements. These recommendations included procuring and repurposing existing hardware to be used as Event

Collectors to provide for load balancing and coverage to Ogilvy’s global infrastructure.

· Applied necessary MR-5 patches to all components (MPC, EC and Q-Flow Collectors) and plan of action to upgrade from 7.0 to 7.1 software code

scheduled for maintenance change control window.

VNSNY- Sr. Cyber Security Architect Jan 2012 – Mar 2012

· Implemented, installed and configured Symantec SSIM 4.7.4 (SIEM) and LogLogic to meet HIPPA compliance standards. Compliance included SIEM redundancy through event forwarding (Active/Backup mode), online storage requirements, administrative controls (correlation, dashboards, filtering, asset management) and compliance reporting.

· Installed SSIM, configured and troubleshoot collectors/agents to receive event data from various endpoint appliances/servers: Configured endpoint appliance/servers to send data (push or pull) to collectors to include: Juniper IDP, (500&800), Juniper Netscreen Fws, Websense Web Security (MS SQL 2005 DB), Cisco Netflow (QoS Flow data), Cisco IronPort, Linux Server Logs, Windows Server Logs, eEye Digital Scanner, Symantec (SEP), Symantec State Protection, and Websense Data Security Suite-DLP (though Log Logic message routing via syslog).

· Implemented Splunk Linux Server for third party log collection for legacy devices (Syslog) and various security appliances SSIM had no collector agents supporting the format.

· Installed Nessus Scanner for internal vulnerability compliance reporting through SSIM (.nbe import format). Installed Acunitix Web Vulnerbilty v.8 pen tester on INFOSEC server to test and report on common web application threats against correlated rule sets such as SQL Injection, Cross Site Scripting (XSS) attacks, SSL persistent, Brute Force Web Authentication, etc.

· Implemented IDP-500 and configured NSM v. 2009 integration for IDP signature management (DI/Attack rules) and reporting.

· Used Damballa Enterprise Portal to determine environment to fine tune Juniper IDP signatures and SSIM filtering, dashboards, and correlation rules based on intrinsic ratings on specific malware. Used Wireshark to look at payload PCAP files from Damaballa captures to make determinations on specific threats Utilized OpenDNS to filter blacklisted sites and update IP/DNS reputations on SSIM for rapid detection.

· Implemented CentOS 6 Linux on laptop sandboxed on VMWARE virtual environment to run Backtrack 5.0 pen testing tool and run PHP/ Pear development scripts to 30 active DNSBL active blacklist networks.

Pacific Life- Sr. Cyber Security Engineer- Newport Beach, CA Sept 2011 – Nov 2011

· Maintained and managed ArcSight SIEM for special projects in an operational and administrative control capacity. These projects include installing Smart Connectors, upgrading older versions of the connector (from 4.5.x to 5.0.x), importing scan data (Rapid 7 NexPose, Qualys), tweaked RAM memory management on the Flex Connectors (based on throughput rate for individual devices/agents). Administrative functions include creating new Zones and Asset Groups, ensuring the zones and assets group match and that the appropriate assets are in the correct group,

· Updated IP watchlists/reputation, software patches, collector releases, and software updates on HP ArcSight (SIEM) and TippingPoint IPS (via SMS). Configured/tuned HP TippingPoint on specific threats based on analysis

· Applied administrative controls such as correlation, dashboards, filtering and reporting for common threat pattern in financial space.

· Audited CheckPoint FWs through Provider-1 (MDS) management interface to ensure global security policies mimicked the DR Backup recovery CMA managed Checkpoint firewalls.

· Assisted in the design effort to incorporate Qualys vulnerability scanner appliance to scan within VLANs on trusted domain FW VLANS. Utilized CP Voyager to derive Interface and VLAN information for the network mapping effort.

· Furnished Visio on current ArcSight SIEM architecture for both physical and logical design perspectives to include all business units/divisions.

· Assisted in Change Control team in CheckPoint FW configurations and policy pushes.

EMC2/RSA Security- Sr, Cyber Security Architect- Southboro, MA (Headquarters) and Bedford (RSA Division), MA Apr 2011 – Aug 2011

· Furnished Visio design on both the Physical and Logical designs encompassing multiple data centers across EMC’s global (enVision) SIEM

Infrastructure. Architecture specifications include the physical design with multiple sites hyperlinked to the logical design which is comprised of the

enVision SIEM server components in a clustered environment with their corresponding data flow. These illustrations show the traffic patterns from

endpoints (raw data/event data), Local Collectors, A-Serv (Application Server), and the D-Serv (Database Server)

· Provided high level documentation Device/Asset Management and Change Management procedures on adding, modifying and/or removing a device

from log collection in enVision. This document includes Table of Contents, Data/file type matrices, swim lane flow charts on (change control process-

add, remove or modify a device), detailed configuration and installation/uninstalling instructions.

· Compiled document for Roles-Based Access (ITEL change management) on all device-type for the EMC GSO network to be entered into a

Centralized database. This document includes a list of all device-types, ownership from the different levels in Operations, account approvers, account

creators, types of accounts associated with levels of privilege, approval routing, and sensitivity ratings.. Vendor platforms to include: SourceFire 3D

Sensors, Imperva WAF, NetWitness, Foundstone (VS), RSA Authentication Manager, Cisco IronPort, RSA DLP Suite, etc.

· Provided gap analysis/audit on all devices authenticating 2-factor (via RSA SecureID) in GSO network, This exercise is to identify the security posture

of devices authenticating via 2-factor that could be at risk for compromise. Discovery process included host discovery, port mapping, and OS/App

fingerprint scanning (Foundstone Vulnerability scan).

netForensics INC.- Professional Services Security Engineer- Edison, NJ Jan 2010- July 2010

· Deployed nFx SIM One 4.1 and 4.1.1 SIEM solutions to Fortune 500 corporations throughout the world. Built design plans on

various projects included DB sizing, DB expansion, hardware sizing, specifications, and recommendations for optimal

performance. Installed and configured the SIM One nFx software components to SOC infrastructure on Redhat Linux/Sun Solaris

server platforms.

· Have experience designing SOC infrastructure to accommodate a host of environments to include banking, credit card industry, telecom, DoD agencies, healthcare and various MSSP’s (compliance requirements include PCI, GBLA, NIST, FISMA and HIPPA). In the process of the design phase an assessment is made with regards to hardware sizing, capacity planning (how many agents, engines, and distribution of component services), online storage requirement (usually do to compliance), performance and if migration of master/transaction is necessary from an older version of code.

· Have experience troubleshooting the flow of events and the proper maintenance, management and performance of each nFx component in the SIM One to companies that have large data feed in global environments.

· Configured performance tuning to various components such Oracle DB, nFx Engines and collectors to provide for optimal performance.

· Constructed the Scope of Work (SOW) contracts documents for project engagements to include pre-requisite requirements on OS package builds, hardware specifications, partitioning, distribution of nFx Components, and SIEM SOC Visio design.

· Developed customized correlation rules for nFx Top 10 threats scenario for netForensics to include in the next release for an out of the box solution based on real world threat conditions. I also testing the triggering of these rules with a python script tool that allowed me to demonstrate and simulate an attack scenario by sending sample data via XML to the SIEM.

· Assisted client to send event data from vendor appliances such as: Cisco (FW, IDS/IPS, Netflow), Juniper Netscreen (Fws and IDP), SourceFire (3D Sensor via eStreamer), Log Logic (message routing to avoid port conflicts),

· Provided customized power point training on nFx SIM One 4.1.1 product line for both Boot Camp and Advanced Configuration.

· Installed, configured and implemented Cinxi Midway and Ranger appliance SIEM solutions for large to midsize companies.

CXI Consulting/Northtrop Grumman- Security Infrastructure/Systems Administration Consultant Chester, VA Mar 2009- April 2009

· Furnished Visio designs on the current SOC infrastructure to include: SOC Infrastructure and SIEM flow design and detail hardware and software configurations on Intellitactics SIEM servers on NSM 5.6 platform, centralized firewall management servers (NSM and CSM), ISS Real Secure NIDS, Cisco ACS, Bluecoat Proxy, Bluecoat AV servers and EMC SAN/Navisphere 6.0 manager. SIEM platform servers include: SOC tier (Web Portal), SDW tier, Reporting SDW tier, DA tiers (Event Collector), SAM server, and ACTL (Analysis Engine-Correlation).

· Assisted in the systems administration of Intellitactics SIEM (Linux OS Platform) to include asset management, filtering expected traffic, and developing good correlation for the sole purpose of centralized network security management on government agencies for the state of Virginia (VITA).

· Assisted in the troubleshooting security issues regarding log aggregation and analysis.

Cognizant/YUM! Brands- Security Infrastructure Consultant- Louisville, KY Nov 2008- Jan 2009

· Evaluated and made recommendations on security posture on Security Operations Center. Furnished documents including a presentation of

YUM’s SOC infrastructure to include gap analysis and areas for improvement. Security assessment included recommendations on asset mgmt,

device mgnt.,trend analysis, reporting, on SIEM filtering on expected traffic, developing good correlation rules on Qradar SIEM, IDS/IPS

placement, effective IDS/IPS configuration, centralized management on OpenSource Snort IDS and future design considerations.

· Furnished designs on the current SOC infrastructure to include: SOC escalations matrices, SOC Global Infrastructure and SIEM flow design.

· Made evaluations on false positives, configured tuning/suppression on IDS/IPS and furnished a organized spreadsheet that defines what was configured to each device for effective security analysis (vendors include: OpenSource Snort IDS (SUSE Linux), SourceFire IPS, and Cisco IPS’s).

· Assisted in the configuration of Qradar SIEM (Q1 Labs) to include asset management, filtering expected traffic, developing good correlation on offenses, and accurate weekly reporting.

· Provided education and training on proper procedures on security analysis. This includes thorough investigation on src and dest hosts (nmap, whois, nslookup, etc), packet captures (tools include: IDS/IPS- (SourceFire 3D Sensor,Snort,Cisco), Cisco ASA FW, Sguil, Wireshark) and crafting alerts based on findings. Provided best practices on mitigation procedures to include containment (egress filtering on FW and secure VLAN traffic) and on serious offenses such as malicious code outbreaks and attacks on confirmed exposures.

· Configured SourceFire 3D sensor for customized PCI compliance reporting and dashboards on events relating to web transactions and authentication (monitor events such as web brute force attemps, SQL Injection, XSS attacks, insecure cryptography/2-factor auth, Cross Site Request Forgery (CSRF), etc.

· Configured all port monitoring (interfaces go into promiscuous mode) for netScout analyzer for bandwidth manage ment purposes. Administered all layer 2 Cisco Catalyst switches and Cisco Routers to send raw flow data to Cisco Netflow server by enabling the flow protocol on all interfaces capturing realtime traffic in Yum Brands enterprise network. These were tools used so that at the SIEM level we could better analyze suspicious traffic patterns on the network so that as we configure Dashboards, Building Blocks and Offense rules in Qradar we have a better understanding as to the network telemetry, traffic patterns, and trend analytics provide when creating Dashboards, Building Blocks and Offense rules to flag trafic patterns that appear to be suspicious and or anomalous. Configured Q1 Labs Qradar to receive all flow and layer 2 traffic from Cisco Netflow (flag repetitive anomalous traffic patterns (port scans, ping sweeps, and OS/Application identity) used in reconnaissance scenarios that unsuspecting hackers try to use to infiltrate a network with malicious code}

· Utilized Splunk and various scripts for record location, correlation, cyber security and information gathering on cross platform data for E-Commerce Business Units (BU) using Univeral Fowarding in Splunk to Q1 Labs Qradar SIEM.

Estee Lauder Corporate- Network Security Engineer- Melville, NY (Long Island) Jan 2008- Apr 2008

· Implemented Cisco ASA firewall failover solution using ASA 5505 for Estee Lauder. Solution to include implementing site to site VPN for multi-vendor connections inline behind firewalls- VPN vendors: Nortel Contivity 600, Nokia CheckPoint IP60, Checkpoint R55, Checkpoint-NG. Project consisted of setting up egress filtering, secure ingress translation for IPSEC connectivity, VPN redundancy, and device monitoring.

· Experience configuring proxy server solutions using Celestix ISA server. Solutions to include configuring Websense integration for URL

filtering, web chains, protocol filtering rules through site to site VPN connections.

· Configured RSA for 2-factor authentication with RADIUS protocol for remote access VPN, and device authentication on access control.

Oxford Global Resources/Goodyear Tire Corporation- Network Infrastructure Consultant- Akron, OH Sept 2007- Nov 2007

· Designed and configured both core and remote routers for VPN implementations for Goodyear Tire corporation. Network was fully meshed

that included redundancy pair Cisco 3548 core routers (HSRP). Remote routers were configured with GRE tunnels to pass OSPF traffic.

· Configured 3G wireless WAN backup solution to allow for a point to point cellular connection into Verizon network using 3G HWIC cards.

· Furnished technical specifications and Visio diagrams detailing design and infrastructure.

Honeywell Corporation- Infrastructure Analyst/SOC Architecture- Mayaguez, PR (SOC/CIRT Team) and Tempe (Datacenter) Jul 2007- Sept 2007

· Designed and configured NOC to have the ability to support application and security monitoring. Supported applications to include

HP Mercury and Symantec I3 application monitoring suites.

· Configured and managed Vontu DLP (now Symantec DLP) and related endpoints. Monitored suspicious web and email traffic such as

attachments, file transfer, monitored watchlists. (in accordance with Honeywell Internet usage policy)

· Configured, tuned signatures, software updates and analyzed using SourceFire Defense Center Management Console in SOC for effective event

management (SourceFire 3D Sensor appliances).

· Furnished technical specifications and Visio diagrams detailing network security design and infrastructure.

· Provided recommendations for disaster recovery to include data communications, telephony, and data backups.

Oxford Global Resources/Century Tel- Security Infrastructure Engineer- Monroe, LA (Headquarters) and Marrion, LA (Datacenter) May 2007- Jul 2007

· Designed and configured equipment for a PCI compliance project for internal network infrastructure. This consisted of security design plan, network redundancy, secure VLANs, 2 factor authentication, IDS/IPS monitoring, implementing firewalls and management (NSM), OS hardening, vulnerability assessment (Network and Application layer) and penetration testing. The vendors include Juniper Netscreen ISG 2000 FWs with failover (NSRP) and redundant interfaces, redundant Foundry MLX-8 routers (VRRP-e), redundant Cisco Catalyst 6513s (HSRP), Cisco IDS/IPS, TriGeo SIM, and RSA Secure ID with RADIUS authentication (2 factor) to HP 9i UNIX transaction servers.

· Configured remote access VPN with 2 factor authentication with RSA SecureID tokens on Netscreen FW.

· Implemented firewall redundancy on Juniper Netscreen ISG 2000 pair configuring NSRP with redundant interfaces (Active/Backup mode).

· Installed Netscreen Security Manager (ver. nsm2007.1) on RedHat Linux for centralized firewall management (PCI requirement).

· Managed firewall pairs with NSM using Delta Summary config interface. Used NSM’s centralized logging to monitor and troubleshoot traffic passage as well as ACL security’s effectiveness.

· Built a vulnerability assessment server using Nessus on RedHat Linux.

· Implemented Cacti on OpenSource Linux for sessions based and bandwidth monitoring via SNMP for Netscreen ISG 2000 redundant firewalls.

· Installed and configured RSA Authentication Manager using internal RADIUS for group policy 2 factor authentication for ssh users to UNIX transaction servers.

· Project also included documentation on technical specifications/design layout and project plan for security analysis.

NetEffects Consulting/AT&T- Security Infrastructure Engineer- Durham, NC Sept 2006 - Nov 2006

· Configured/implemented and provided documentation for network service monitoring and authentication log tracking using open source solution running Nagios on RedHat Linux AS4 for AT&T/SBC GCSC network.

· Experience customizing PERL scripts in Nagios to do various tasks with SNMP, process monitoring, and authentication notification to all servers (includes Intellitactics SIEM (Linux), backup, etc), routers, switches, firewalls, and Dragon IDS appliances (Slackware Linux).

· Experience working on Intellitactics SIM/SIEM platform to include design: Parser Aggregator (PAG), Data Consolidation (DOP), Data Acquisition (DA), Web Portal, Correlation Engine, PostGres SQL Engine and configuration of NSM 5.1 for the development of security analysis.

· Assisted in implementation and design of SAN architecture which consisted of Hitachi SAN, Brocade Silkworm switch, Dell PowerVault Disk Array and Veritas Backup Server. Provided documentation on SAN design and technical specifications.

· Assisted in configuring OpenLDAP on Linux for single sign on authentication to all servers and network appliances in security platform.

Amtex Systems /New York Health and Hospital Corporation (NYCHHC)–Sr. Security Analyst-Bronx, NY-Jacobi Hospital (DC) Jul 2005 – Jun 2006

· Monitor, manage and maintain network security infrastructure for The New York Health and Hospital Corporation. Network consists of 14 remote hospital locations comprised of over 45,000 employees.

· Security infrastructure to include Cisco IDS 4235 Sensors, Cat 6K IDSMs, Mcafee Intruvert IPS, VMS 2.2/2.3, NetForensics 3.21 Engines/SIM, and PIX 525 firewalls.

· Responsible for upgrading signatures/OS on IDS, generating alerts on vulnerabilities, risk assessment on new threats, identifying security holes, routine security analysis, troubleshooting issues with IDS devices and netForensic agents.

· Implemented netForensics Agent on Solaris 8 for IDS data analysis on remote hospital sites.

· Have experience working on ArcSight SIEM (ESM) with regards to administrative controls such as: filtering, asset mgmt, device mgmt, dashboards, and developing correlation rules (approx. 5-6).

· Have experience on ArcSight SIEM (ESM) from an operational perspective doing security analysis such as identifying threats, escalations, ticketing, threat management, trend analysis, and weekly reporting.

· Have experience evaluating false positives and possible security threats on IDS by running packet captures with Ethereal (Wireshark).

· Built Nagios on RedHat Linux server to perform

Contact this candidate