Post Job Free
Sign in

Cyber Security Information Technology

Location:
Brighton, MI, 48114
Salary:
Negotiable
Posted:
February 12, 2025

Contact this candidate

Resume:

Joseph Mall

Brighton, MI

248-***-****

Overview

I have worked as a consultant in the IT, Nuclear, Pharmaceutical, Biotechnology, and Medical Device industries for 25 years. I have recently graduated from Cyber Security Bootcamp at Michigan State University School of Engineering. I am now attending Southern New Hampshire University working to complete my BASc degree in Cyber Security.

My specialties include Ethical Hacking, Information Security, Penetration testing, or Pentesting, for proactive cybersecurity practice where authorized professionals simulate cyberattacks on a system to identify vulnerabilities and strengthen the system's defenses, Information Technology, Application Security, Cyber Security, Splunk, Metasploit, Autopsy, John the Ripper, nmap, Zenmap, Ansible, Docker, Intrusion Detection Systems (IDS), SIEMS, IV&V, Computerized System Validation (CSV), IT Validation, Data Integrity, facility and equipment C&Q, Configuration Management, GAMP5, cGMPs, GEPs, Automated and Control Systems, 21 CFR Parts 11, 210, 211, 820, predicate rule, Annex 11, ASTM E2500, ISO 13485, NIST 800-53.

Professional Experience

04/2008 – Present Carolina Technical Support LLC, Greenville, SC

Full-time employment working as an Cyber Security Engineer / Sr. Validation Engineer. Dedicated cybersecurity professional with hands-on experience in utilizing a variety of industry-standard tools and techniques for both offensive and defensive security measures in line with NIST SP 800-53. Proficient in Wireshark for network protocol analysis, enabling detailed inspection of data traffic to identify vulnerabilities and ensure secure communications. Skilled in using Metasploit for penetration testing, allowing for the identification and exploitation of security weaknesses in systems. Experienced with Splunk for log management and analysis, facilitating proactive monitoring of network activities. Competent in employing Burp Suite for web application security testing, ensuring robust protection against common vulnerabilities. Well versed in Penetration testing, or Pentesting, for proactive cybersecurity practice where authorized professionals simulate cyberattacks on a system to identify vulnerabilities and strengthen the system's defenses, Proficient with nmap and Zenmap for network scanning and mapping, assisting in the assessment of security postures. Knowledgeable in Intrusion Detection Systems (IDS) to detect and respond to threats, reinforcing defensive security strategies, and experience implementing SIEMS. Committed to leveraging offensive security techniques to strengthen organizational defenses and promote a culture of security awareness.

Startup and management of the CTS Quality Unit with 10 direct reports, regulatory compliance consulting including Quality Risk Management, software validation in line with GAMP 5, CFR Parts 11, 210, 211, 820, ICH, SoX, HIPAA, development of redundant Linux/Windows based networks and server configurations, SME, IT infrastructure compliance, ALCOA+, Data Integrity, development of secure network architectures and applications, web application management, Webmaster, Hostmaster, Postmaster, and SEO.

Other responsibilities included management of the Automation Engineering group, PLC design/programming, smart relay programming, PanelView and HMI design/programming, control panel design with AutoCAD Electrical, development of pollution control systems, SME for Engineering and IT services, vendor and QA doc control management, system design, User Requirements, and Functional Requirements specification development, administrative and procedural SOP development, validation and project master plans, project management and bid process.

11/2020 – 03/2021 Novo Nordisk, Clayton, NC

Full-time contract employment working as a Sr Validation Engineer on a DeltaV Syncade MES, DCS, and PCS Remediation Projects. Primary job responsibilities included Risk Assessments, Risk Management, development of life-cycle documentation to align with current FDA/MHRA standards and guidance for industry. Documentation included RTM, FAT, and SAT, with adherence to ALCOA+ principles.

01/2020 – 11/2020 Bristol Myers Squibb, Summit, NJ

Full-time contract employment working as a Sr Validation Engineer on PLI Readiness, 21 CFR Part 11, and Data Integrity remediation project at a CAR T Cell Therapy manufacturing facility. Primary job responsibilities include development of life-cycle documentation to align with current FDA/MHRA standards and guidance for industry. Documentation included URS, CS, RTM, OQ, and PQ with adherence to ALCOA+ principles. Systems include MUSE Cell Analyzer and MACSQuant Flow Cytometer. Fully trained on HP ALM software.

08/2019 – 01/2020 AstraZeneca, Philadelphia, PA

Full-time contract employment working as a Sr Validation Engineer on a Data Integrity remediation project at a CAR T Cell Therapy manufacturing facility. Primary job responsibilities included development and approval of change controls and life-cycle documentation to align with current FDA/MHRA standards and guidance for industry. Working with focus on the ALCOA+ principles, documentation included SATs, URSs, and IOQs for Labelers and AssetCentre.

03/2019 – 06/2019 Baxter, Marion, NC

Full-time contract employment working as a Sr Validation Engineer. Primary job responsibilities included change management, development and approval of SAT/IQ/OQ as well as validation execution of the Distilled Water Control System - WFI Control System.

11/2018 – 01/2019 Pfizer, Rocky Mount, NC

Full-time contract employment working as a Sr Validation Engineer. Primary job responsibilities included Periodic Review template development, and Internal Audit of Validation documentation.

05/2018 – 08/2018 Merck, Durham, NC

Full-time contract employment working as a Principal Engineer. Primary job responsibilities included writing lab equipment retirement plans.

Other responsibilities included Automation Support Engineer for Data Integrity Remediation project.

08/2017 – 03/2018 Regeneron Pharmaceuticals, Rensselaer, NY

Full-time contract employment working as a Project Manager - Sr Automation Validation Engineer. Primary job responsibilities included Data Integrity, External Audit of Vendors, project life-cycle document reviews, commissioning and qualification management, scheduling, resource and vendor management, change controls, and quality of project deliverables.

Other responsibilities included Automation Technical Writer, CAPAs, authoring of SOPs and associated Work Instructions for Yokogawa Videographic Chart Recorder user administration, user access management, audit trail review, firmware version verification, and GE Proficy Data Historian.

01/2017 – 04/2017 Stallergenes Greer, Lenoir, NC

Full-time employment working as a Computerized System Validation Supervisor. Primary job responsibilities included Management of the CSV Group with 4 direct reports, PER document and program development.

Other responsibilities included primary signatory for all CSV documentation, Project Management, Resourcing, Mix Control System Allen Bradley Control Logix PLC code review and regression analysis, vendor management, CSV program development, DSCSA Serialization initiative; Tracelink, JDE, labeling, information push scheduling and format, and author of Intro to PLCs course plan.

04/2016 – 12/2016 Stallergenes Greer, Lenoir, NC

Full-time contract employment working as a Sr Validation Engineer - Validation Project Lead on an aseptic filling facility expansion project. Primary job responsibilities Equipment and Utility C&Q, Commissioning and Validation of Autoclave, Clean Steam, Clean Compressed Air, Nitrogen, Mix Control System, Filler, HVAC, and Cleanrooms.

Other responsibilities include Project Management, Resourcing and Coordination working with a remote team, Engineering program development, and Regulatory consulting.

06/2014 – 02/2016 GlaxoSmithKline, Aiken, SC

Full-time employment working as Computer Systems Validation (CSV) Lead in the GSK Quality Unit. Primary job responsibilities include Management of CSV Group, CSV Program Development, Quality Management System alignment and development, Gap Analysis, Root Cause Analysis, CAPA, SOP Development, Computerized Systems Access Management Administrator, GxP Compliance Determinations, Validation Life-Cycle Development, Periodic Review, Audit Trail Review, ERES, 21 CFR Part 11, 210, 211, Annex 11 and Annex 15.

Other responsibilities included Autoclave Upgrade, Regulatory Inspection Readiness Subject Matter Expert for CSV Internal and Regulatory Audits. Regulatory agencies include FDA, EMA, TGA, and Anvisa. System Validation included EMS/BMS, TrackWise, Online TOC Lab Systems: AA, UV-VIS, Mastersizer, FTIR-NIR.

05/2014 – 06/2014 J&J Depuy Synthes, Monument, CO

Full-time contract employment working as a Sr Validation Engineer. Primary job responsibilities included remediation of CSV Equipment, legacy review, System and Software Development Life-Cycle gap assessment and SDLC roadmap development.

07/2013 – 01/2014 Shire Pharmaceuticals, Lexington, MA

Full-time contract employment working as a CSV Validation Team Lead promoted to Validation Project Manager. Project scope included major Engineering/Validation Remediation and Alignment Project in response to FDA observations. Primary job responsibilities included CSV Project Manager with 6 Validation Engineer direct reports, development and oversight of BMS, PCS, and CMS Alarm Response/Alarm Periodic Review program Gap Analyses and Remediation, Risk Assessment SME and Facilitator, BMS Hazard Analysis & Critical Control Points (HACCP) for cGMP/GEP/GxP re-determinations, Alarm Re-Prioritization, GAMP5, 21 CFR Part 11 and Annex 11 Compliance Assessments, Implementation/Execution Plan development, Alarm Management Policy and Rationalization Procedure, Alarm Response and Alarm Periodic Review Interim Remediation Plan, SOP and Engineering Procedure development, Preventive Maintenance program development and System/Software Development Life-Cycle (SDLC) Gap Assessment and roadmap.

Other responsibilities included Design Review/Risk Assessment oversight and facilitation, resource management and tracking, work structure breakdowns, staffing, new employee on-boarding, responsible for quality, delivery, tracking of milestones, deliverables, baselines; Remediation Plan, VMP, and Project Plan.

10/2011 – 07/2013 U.S. Department of Energy, Aiken, SC

Full-time employment working as QL-1 Software IV&V Lead Engineer for the U.S. Department of Energy on the U.S. Non-Proliferation Project (weapons grade plutonium disposition) Mixed Oxide Fuel Fabrication Facility construction and facility startup. Primary responsibilities included QL-1 Software IV&V Lead with 2 IV&V Engineer direct reports, Regulatory Compliance, Safety Control Systems and Advanced Triple Modular Redundant (TMR) Triconex Safety PLC Programming and Validation, QL-1 SDLC Program Development, and Subcontract Responsible Engineer for V&V and Vendor Oversight. Working relationship, escort, and host for regulators including DOE, National Nuclear Security Administration (NNSA), and Nuclear Regulatory Commission (NRC), Design Verifications, Discipline Reviews, Qualified License Configuration Management and Control, and Applicability Determinations.

Other responsibilities included Programmatic Development: QL-1 Software Project Procedures, Engineering Guides, Software Configuration Management, Software V&V Plan, and Software Quality Assurance Plan, Software Criticality, Hazards, and Software Risk Analysis Reports, V&V Task Reports, V&V Task Iteration, Management V&V, and Baseline Change Assessment. Certifications and Qualifications: Design Verifier Certified, License Configuration Management Assessment Certified, Advanced TMR Safety PLC Programming Certification, Foreign National XPAT Escort Certified, Six Sigma Yellow Belt, NSI Secret Security Clearance.

Focus On: IEEE-829, IEEE-830, IEEE-1012, IEEE-1078, NRC NUREGs

08/2011 – 10/2011 Smith & Nephew Orthopedics, Memphis, TN

Full-time contract employment working as a Sr. Validation Engineer - Project Manager and intermediary between the Global Business Unit and Global Information Services organizations. Primary job responsibilities included IT Infrastructure, Risk Assessment Facilitation and development of RA reports, Risk Mitigations, Remediation Plans, Validation Master Plans, Quality Assurance Plan revision, IQ, OQ, PQ validation protocol development and execution, development of IT Infrastructure security and environment, regulatory, and QA consulting.

Other responsibilities included Project Management with the SNI GIS Unit, SDLC Development, Vendor Management, Datacenter Migration and Validation, Building Automation System development, and critical alarming definition.

03/2007 – 04/2008 Schering Plough – Diosynth Biotechnology (CMO), Morrisville, NC

Full-time employment working as a Sr. QA Tech Specialist. Primary job responsibilities included QA Signatory, Automation/Software Validation SME for facility-wide computer systems, Risk Assessment Facilitator, risk management, risk based analysis and validations, IT systems, automated systems, analytical testing, process, cleaning, and process equipment with focus on CFR, ICH Q7A, GAMP 4-5, and EMEA. QA document review included validation documentation, change controls, deviations, SOPs, system specifications, engineering documents, P&IDs, risk assessments, analytical methods, STMs, and vendor documentation.

Other responsibilities included procurement testing as a Principal Validation Engineer on a DeltaV Syncade MES/DCS design of Control Modules, proficient with DeltaV Explorer, and validation dryrun., Also, setup of DeltaV Controllers, Admin/User stations, and field devices i.e. PLCs, Temp/RH/DeltaP, PLC/PanelView/SCADA SME, web application management, project management, software management, facilities, computer compliance, IT infrastructure, ABB DCS upgrade/migration, ERP (GEMMS BAM) upgrade and migration, QA document control, change control, process/facilities deviations, investigations and root-cause analysis, regulatory assessments, QA Internal Auditor, client audits, GMP trainer, and course plan development. Developer of the QA Document Tracking Database and QA website.

11/2001 – 10/2006 ADVENT Engineering Services, Inc., San Ramon, CA

Full-time employment as a Sr. Process Engineer - Sr. Validation Engineer promoted to Project Manager. Primary responsibilities included Project Manager with 5 Process Engineer direct reports, validation of software and process control systems, validation of process equipment, API/BI process validation and engineering, regulatory, and facility start-up including Adenovirus Tablet Manufacturing Facility. Systems included Siemens/JCI BAS (BMS), SCADA, LPC/Pilot/Explorer chromatography systems, Unicorn Control Systems, ABB DCS, AB PLCs, process/non-process HVAC, WPU, CIP, SIP, lyophilizer, Advant MOD 300 DCS security upgrade/validation including: environment, profiles, access classes, and login; critical alarming assessment, critical process separation, batch record development/review, batch reports, data transfer, storage and archiving.

Other responsibilities included Vendor Audits, Patent Inventor of the 21 CFR Part 11 Compliant PLC Security application, web application and software management, invoicing, bid process, scheduling, client audits, End-user technical support, validation master plans, change control, investigation reports, summary reports, automated document development, procedural SOPs for administration of secure systems, IQ/OQ/PQ protocol development/execution, system specifications, and batch documentation development, commissioning, and validation.

Technical Experience

Software Wireshark, Splunk, Metasploit, nmap, Zenmap, john, Docker, Ansible, Azure Secure Network Architecture, DeltaV Syncade MES and DCS, HP ALM, MACSQuantify, Process Compliance, DocCompliance, Blue Mountain Regulatory Asset Management System, CMMS, DDMS, ValGenesis, TrackWise, DBO Documentum, ERP GEMMS/BAM, Thermo Systems/Siemens APOGEE BAS, JCI Metasys MVE BAS, Iconics, Schneider Electric Continuum BMS, Invensys ENE BMS, TriStation, ABB Industrial IT 800xA DCS, ABB Advant MOD 300 DCS, Unicorn Control Systems, iLIMs, RSLogix 500, Studio 5000, RSMacc, RSLinx, RSView, PanelBuilder32, Kaye Validator, Linux Packages: Apache, Postfix, Sendmail, MailScanner, ProcMail, DHCP, DNS, SSL, Perl, PHP, CGI, Advanced Server Configuration Packages: Active Directory, IIS, DHCP, DNS, Visual Studio.net, Visual InterDev/Studio, MS Access, MS Excel, MS Word

Operating Systems Kali Linux, Ubuntu, Linux CentOS v4, Linux RedHat v5.0/5.2/6.5/7.2/Enterprise, Linux Fedora Core v1-v5, FreeBSD, Mandrake v6.0/6.1/6.2/8.2, Linux Slackware v3.4, Open Linux, BeOS, QNX, HP-UX 10.2 (w/MOD 300 DCS), Windows 11, Windows 10, Windows 8, Windows 7, Windows Vista, Windows XP, Windows Server 2003/2008, Windows XP Advanced Server, Windows 2000 Advanced Server/Pro, Windows ME, Windows 95/98, Windows NT Workstation 4.0, Windows NT Server 4.0, MS-DOS

Advanced Skills Cyber Security, NIST SP 800-53, Data Integrity, ALCOA+, Serialization, Computerized Systems Validation, GAMP5, 21 CFR Part 11, 210, 211, 820, EU Annex 11, Annex 15, ASTM E2500, ICH Q7, Q8, Q9, Q10, Software Development Life Cycle (SDLC), Risk Assessment Facilitator, Risk Management, Change Management, Change Controls, Configuration Management, SoX, GxP, SAP, IT Systems, Compliance Determination, Validation Life Cycle, QA Auditor, cGMPs, PCS, DCS, Spreadsheet Validation, SCADA Systems, PLC/HMI programming, secure Linux/Windows client/server configurations, digital electronics, chip logic, circuit design and fabrication

Programming Ladder Logic, Function Block, Structured Text, Statement List, PanelBuilder 32, Taylor Control Language, Assembly Language, CSS, UML, XML, DHTML, HTML

Specialties

oPatent Inventor: Security Systems for Programmable Logic Controllers (Part 11 Compliant PLC/PanelView Security Module - Patent No. 200********)

oWireshark, Splunk, Metasploit, nmap, Zenmap, John the Ripper, Docker, Ansible, Azure Secure Network Architecture

oIT Infrastructure: Cyber Security, Secure Networks and Architectures, AD, Group Policy and Secure Desktops – Configurations for 21 CFR Part 11

oData Integrity and ALCOA+

oSerialization

oInternal and External Audits

oComputerized Systems Validation: Control Systems, DCS, EMS, BMS, PCS, CMS, PLC/SPLC, HMI, SCADA, Safety Control Systems, IT Infrastructure

oFacilities/Utilities Systems Validation: HVAC, Clean Steam, WFI, Chilled Water, Compressed Air, Clean Room

oProcess Validation: Chromatography, API/BI Process, Fermentation, Fractionation, Isolation

orequirements, Security/Administrative SOP Development

oProgramming+ Tristation Safety PLC, RSLogix 500/5000, PanelBuilder32, Multiple Method Editors, Assembly Language, Hand Held Terminal

Education

Michigan State University

Cyber Security Bootcamp

Graduation Date 04/2024

Southern New Hampshire University

BASc – Bachelors of Science Degree in Cyber Security

Graduation Date 05/2025

Isothermal Community College, Spindale, NC

AASEET - Associate of Applied Science Degree in Electronics Engineering Technology

Graduation Date 05/1999

Emphasis placed on automated systems, Programmable Logic Controllers, and Assembly Language programming. Extensive lab experience covering analog and digital circuit design and fabrication, analysis and troubleshooting of operational amplifiers, semiconductor devices, embedded systems, interface protocol and fabrication, SMT and industrial control devices. Extensive studies in hydraulics, pneumatics, actuators, process control systems, data communications and assembly language programming based on the Motorola 68HC11 Microprocessor architecture. Advanced PLC programming of Allen-Bradley PLC SLC 100, SLC 150, and SLC 5/02 with hand held programmer and RSLogix 500. PC board design, fabrication, soldering and repair.



Contact this candidate