Information Systems User Experience
Resume:
Jerome A. Caldwell Jr.
Address: **** ********* **. *******, ** 20603.
Cell phone: 240-***-****
Email Address: ************@*****.***
Clearance
Secret
Education
Bachelor of Science - Information Systems
Computer Security
Strayer University
Certifications
CompTIA Security + ( CE ) (Renewed to Oct 2026)
Professional Work History
Security Endpoint / Intune Administrator
January 2024 – July 2024
Expansia Group
USAF – Remote
End of Contract
Provides EIT services across USAF’s 187 bases to implement consistent, high quality user experience across several mission environments and enable the USAF to transition focus from network operations to mission operations
Responsible for maintaining and applying the financial business metrics for the contract to include monthly, quarterly, and yearly budget.
Supports USAF Cloud computing devices utilizing Azure, Microsoft Intune.
Familiarity with Powershell Scripting.
Primarily responsible for enrolling new devices into Intune and creating custom policies.
Configure Data Loss Prevention application for USAF’s entire bases for approved devices.
Position functions include maximizing security via Microsoft Defender to monitor anti-virus alerts and using SPLUNK as our SIEM to create dashboards, query logs as a incident response engineer.
Utilize SCCM to patch and deploy products throughout the organization.
Supports the use of packaged application deployments via SCCM and pckgr across multiple environments.
Provide weekly status updates to senior leadership for on-going projects and tasks.
Conducts daily, weekly, and monthly vulnerability scans while providing a matrix of finding for leaderships, awareness and remediation.
Primarily responsible for Resource Access Control Facility (RACF) in which I restrict and allow access to individuals with the proper requirements to perform his or her role.
Utilized high powered mainframes in an effort to process thousands of data entries used to ingest numerous amount of data from multiple sources.
Extremely well diverse in Microsoft Office suite of tools.
Provide excellent end-user support on technical issues while also providing end-user training.
Proficient in all Microsoft Office suite of tools to include, Office, Excel, PowerPoint, Project, OWA, and Word.
Excellent verbal and writing customer service experience for high ranking government officials for over 20 years.
Sr. Security Engineer / Intune Administrator
October 2022 – January 2024
National Archives Research Agency (NARA)
22nd Century
Implemented and configured CrowdStrike as the endpoint security solution for NARA while providing end user training and developing best use cases.
Manage McAfee EPO and CrowdStrike installations, deployments, design for all endpoints
Conducting security monitoring using Splunk queries.
Responsible for conducting weekly and monthly scans within tenable and Qualys.
Utilized Microsoft Intune to securely managed enterprise assets throughout the NARA network to include mobile devices.
Responsible for ensuring each manages assets as the appropriate software and patches are up to date.
Provides daily, weekly, and monthly reports that show current vulnerabilities.
Utilizing Splunk to create custom dashboards and queries.
Microsoft Intune policy creation and implementation
Sr. Security Engineer
September 2014 – October 2023
Defense Advanced Research Projects Agency (DARPA)
Agile Defense
Primarily responsible for the overall health of DARPA’s unclassified HBSS.
Microsoft Intune policy creation and implementation
Utilize SCCM to patch and deploy products throughout the organization.
Patch management
Participated in the migration of Microsoft InTune for server for the agencies in which included, planning, testing and implementation.
Pre-tested known compatibilities with existing server software with business needs.
Managed Time Sharing Option (TSO) to allow DARPA’s programmers consistent access to special programs allowed to perform their essential functions for their desired mission statement of work.
ested new security controls and provided updates in accordance to government guidance.
Tracked worked hours and managed labor cost through project deliveries.
Operated within a 24x7 SOC environment.
I utilized Zsecure as another security layer as an administrative to ensure that user accounts are authenticated and removed once a a user no longer requires access or leaves the company.
Evaluated threats via ArcSight and Splunk live feeds.
Performed updates and modified Palo Alto firewalls (F5).
Respond and coordinate issued TASKORDS. Develop a way forward and a plan of action.
Created custom reports for HBSS new users according to job role and function in addition to user training.
Performed several ePO server build upgrades from version 4.0 to 4.5; 4.5 to 4.6; 4.6 to 5.1 and 5.1 to 5.3
Monitor rouge devices to determine their validity on the network.
Utilized IT mainframes to process request from multiple sources in which I was able to gather large amounts of data sets for identifying and securing security data and information.
I was able to effectively leverage Bro (Zeek) to identify anonymous network traffic in real time without promoting operational issues for the network and the end users.
Able to setup custom Bro (Zeek) monitors and install multiple sensors across different systems to (copy and monitor) network traffic to identify potential malicious traffic prior to it impacting our current environment.
Brief senior leadership on HBSS strategies and operational issues.
Perform backup and audits of privilege users.
Deploy HBSS products via McAfee ePO and SCCM.
Apply recommended patches to HBSS servers.
Responsible for DARPA’s overall McAfee HBSS products:
McAfee Application Control
oDeployed and modified the McAfee application control product within the agency.
oDeveloped a baseline of authorized software with the emphasis on GTI reputation to serve as software validation.
oScavenged for potential known bad MD5 hashes within our environment and actioned against these files to block execution.
VirusScan Enterprise
oResponsible for ensure each managed devices has VSE installed and is currently configure to perform scanning.
oResponsible for ensure exclusions are current, documented, and applied to only needed devices.
oActively acting on any malware related event that may traverse through the network and was not properly deleted.
oFor systems that are flagged with potential malware, I would perform a full-scan, research the McAfee DAT definition that would mitigate this malware, pull reports regarding to our network’s overall risk to this particular vulnerability and brief senior leadership on findings and recommendation.
oActively ensure that the latest DAT is downloaded to our repository and that managed assets have received this update to promote maximum protection.
oEnsuring that the latest VSE patches and hotfixes are downloaded and applied to manage devices.
Policy Auditor
oAfter consulting with government personnel, established an acceptable baseline of scanning time in which managed assets are properly scanned.
oEstablished file integrity baselines on managed assets in which I would utilize in instances where I would need to compare a current image of an asset to the original baseline of that asset.
oResponsible for downloading and importing the latest policy auditor benchmarks to capture latest vulnerabilities.
oBrief senior leadership on findings to introduces associated risk and if need be, submit a waiver request.
oResponsible for downloading and applying the latest Policy Auditor product version and associated hotfixes.
Data Loss Prevention
oSuccessfully upgraded environment from DLP version 9 to version 10.
oRecreated the DLP policy with exclusion made for authorized devices while blocking and reporting on all violations.
oEstablished a request process in which customers could formally request for exclusion of a device.
oUpon authorization of new device, I would personally receive the devices and develop a custom exception for a particular user, group of users, or for the entire agency.
oResponsible for reviewing the agency’s DLP Incident Manager and report findings or potential violations to senior leadership for situational awareness.
oResponsible for ensuring that the DLP product was properly patched, and the most recent hotfixes were applied to mitigate any potential vulnerabilities.
oProvided recommendations to senior leadership regarding DLP capabilities and potential ways of leveraging the product to promote further security to the network.
oProvided DLP engineering support to both Windows and MAC operating systems.
Host Intrusion Prevention
oTested existing and implemented custom HIPS IPS signatures.
oTested and applied product updates, patches and hotfixes.
oMonitored threat log events for notable attempted violations against HIPS IPS rules.
oCreated custom HIPS policies that would allow for different capabilities for numerous environments.
oPerformed and maintained HIPS STIGS updates in accordance to DoD mandated policies and procedures.
oModified and created restricted HIPS firewall policies in an effort to restrict unauthorized traffic to and from managed devices and server at the determination of assets defined responsibilities.
oResearched proposed new programs and determined the ports and protocols that would be required for proper functionality within our network.
Lead SOC Analyst
March 2015 – March 2016
US Courts, Washington D.C
Apex Systems
Primarily responsible for all SOC related incidents for the night shift.
Utilized tools such as ArcSight, Splunk, Bro, and FireEye, to analyze events.
Provided daily briefs to senior leadership regarding nightly results.
Established trending events reports for leadership and learned lessons
Provided training on USCOURTS SOC tools.
Performed blocks on suspicious domains.
Reviewed and inspected suspicious emails
Sr. Cyber Incident Responder
January 2014 – September 2014
DISA, Ft. Meade
Northrop Grumman
Serving as the DISA Command Center Tool Subject Matter Expert (SME) for Enterprise Email Security Gateway (EEMSG).
Enforced and applied DCC policies enforcing Personal Identifiable Information and provided guidance to DoD agencies.
Lead DCC joint conference and responded to customer exception request in regards to EEMSG.
Research and investigated trending spear-phishing attempts and provided mitigation techniques accordingly.
Monitored ArcSight and investigated trending malware events.
Researched and provided countermeasure actions against malicious domains.
Served as lead case reviewer for Personal Identifiable Information (PII) incidents.
Performed IP blocks for suspicious domains.
Utilized Cisco’s IronPort and established threshold settings based on DCC policies.
Provided threat recommendations and mitigation options for DCC leadership to review and authorize for action.
Facilitated the migration of Enterprise Email Security Gateway (EEMSG) for DISA, DoD wide.
Network Analyst
April 2013 – December 2013
DISA, Ft. Meade
ManTech Int.
Served in a 24x7 watch operations center as a Network Assurance watch officer.
Provided and drafted web content filtering (WCF) signatures.
Monitored and produced inbound and outbound communication to a wide range of DoD customers.
Assisted the DCC to coordinate NetOps events to include incident handling, communications, documentation, video teleconferences, and coordination of tasking within the DCC and external organizations using DCC Tactics, Techniques, and Procedures (TTP). Coordinate/synchronize information provided by DNCs, ESCs and USCYBERCOM of unauthorized anomalous or malicious activity attack and notify relevant personnel/ organizations.
Assist DCC in the development and standardization of operating procedures for the DCC, DNCs, and ESCs. Ultimate decision authority for approval and issuance of operating procedures remains with the Government.
Monitored the health and welfare, and security of the DISA managed sensors using Government furnished monitoring tools.
Provided daily briefs to senior leadership on current events.
INGEST reports to assist in developing trends and patterns of network attacks.
Lead HBSS Administrator
September 2012 – April 2013
Department of Treasury, Washington D.C
Criterion Systems
Reason for leaving: Loss of contract
Deployed McAfee HBSS Products (HIPs, Policy Auditor, Asset Baseline Monitor, VirusScan, and Data Loss Prevention) to systems on two different networks.
Provided leadership with security recommendations.
Investigated Cross Domain Violations and provided spillage cleanup procedures.
Tested and configured McAfee HBSS products in accordance to DISA standards.
Implemented DISA Security Technical Implementation Guide (STIGs), to bring the Department of Treasury within required guidelines while hardening the network.
Attended monthly HBSS meetings with the community to discuss best practice methods with other agencies with the common goal of improving security postures.
Downloaded, tested, and applied required patches to servers and software updates.
Briefed leadership on HBSS capabilities, current status, and future goals.
Created, modified and HBSS user accounts and provided users with training on the tools capabilities.
HBSS Analyst / Information Assurance
September 2010 – April 2013
USCYBERCOM, Ft. Meade, MD
Secure Mission Solutions / National Security Partners
Reason for leaving: Loss of contract
Provided countermeasure support to the DOD via ePolicy 4.5 and HBSS.
Create custom exclusion within HBSS
Maintain and implement STIGs within DISA standards
Familiarity with HIPS firewall exclusions.
Established, maintained, and audit user HBSS accounts.
Maintained and provided query and compliancy levels via morning reports.
Manage ArcSight 4.0 and compliancy with the DOD’s Standards.
Monitored new virus, malware and intrusion detection on 2 enclaves.
Research Cross Domain Violations (CDV) in accordance with DOD’s standards.
30 plus months of JOC floor 24/7 watch standings experience.
HBSS Lead Administrator / Exchange Server Administrator
March 2007 – September 2010
FBI Contract
Mantech Int.
Reason for leaving: Loss of contract
Manage Exchange Server support, maintenance, and upgrades for FBI. Offer user support and answer questions, troubleshoot and offer recommendations to management to streamline business resources.
Served on a 4 person technical team that supports Exchange Server operations on a 247 schedule for over 2000 users.
Responsible for maintaining the media library to retrieve data when end users lose information for restoration purposes.
Validate system compliance by developing system architecture, defining internal and external interface requirements as well as data exchanges within Exchange Server.
Served as senior staff member to monitor and administrate McAfee ePolicy Orchestrator 4.0 for two enclaves to ensure security is not at risk for department. Review compliance and communicate concerns to upper management. Support Enterprise-wide Anti-Virus operations by updating virus definitions, applying patches and installing agents for McAfee ePolicy Orchestrator.
Perform Data Transfers for security deliverables from high to low and low to high to avoid any data leaks. Coordinate Data Spill investigations and relay information into open cases for agents to review. Investigate where the leak begins and perform data scrubs to ensure integrity.
Responsible for technical documentation regarding disaster recovery, problems with drivers, upgrades, etc. Present this information to upper management for review.
Create, reset and maintain accounts for Scion via Active Directory for over 6000 accounts.
Responsible for migrations of data from regarding email accounts using Microsoft Exchange Server when data needs to be transferred from one server to another.
Install and troubleshoot media access control software and policies. (Sanctuary Device Control)
Enterprise-wide Anti-Virus operations by updating virus definitions, applying patches and installing agents for McAfee ePolicy Orchestrator.
Image and configure workstations for classified network.
Provide QA regarding call assistance to the Bureau’s Personnel.
Submitted and Tracked trouble calls using Peregrine Service Center.
Served as an assistant manager for a team of 9 personnel and assigned and monitor trouble tickets using Service Center.
Provide Desktop support to over 20,000 customers.
Installed and tested new software for the Window’s 2000 and XP Operations System.
Deployed McAfee products VirusScan Enterprise, Policy Auditor, Host Intrusion Prevention, and Device Control Module/Data Loss Prevention.
Lead Installation Technician
August 2006- March 2007
Mantech Int.
FBI Contract
Reason for Leaving: Internal promotion
Managed network user accounts and passwords in Active Directory.
Setup and troubleshot user accounts within MS Exchange Server for large Enterprise Network.
Received, troubleshot and triaged trouble tickets supporting a 28,000 user network.
Supported users in adding and removing network resources. (printers, file servers, etc)
Provide desktop support for Windows 2000 Professional, Windows XP and various Mainframe applications.
Remote into user’s systems using User Tools (NetOp Remote Control).
Submit and Track trouble calls using Peregrine Service Center and Remedy.
Desktop Support, Tier 2
January 2006 – August 2006
Department of Health and Human Services
Computer Management Systems
Washington D.C
Responsible for immediate trouble call assistance for the entire staff of the United States Department of Health & Human Services while maintaining excellent customer service skills.
Primarily responsible for re-imaging Dell, HP, Micron, and Gateway computers and laptops, installing and repairing.
Established an organized inventory of computer parts and equipment, and order replacement parts and computers to replenish our stock.
Successfully assisted in the migration of over 1200 government employees from exchange mail servers in a 2 week process.
Information Technologist Administrator
September 2001 -August 2005
United States Navy. USS Essex (LHD2)
Sasebo Japan
Responsible for ordering computers, computer parts, and printers while establishing a log book and maintaining a monthly budget from June 2002 through July 2005.
Performed Server PMS, monitoring, auditing, and troubleshooting necessary to allow a consistent inbound and outbound message traffic flow for our Microsoft Exchange Server.
Maintained Media Accountability and configured backups on Microsoft Exchange 2000 Classified and Unclassified Servers.
Managed installations of new applications, printers, and scanners to the USS Essex’s crew.
Maintained the ships NTCSSII Server with Unix Operating System. A mission essential server, in which the crew orders critical aviation parts, submits repair requests, and tracks ships spending and keeps a precise record of the ship’s crew qualifications.
Served as an immediate trouble call technician for Windows NT and Windows 2000 workstations, printers, scanners, end-user internet and email issues, account problems via trouble call database, walk-ins, and phone calls for a crew of 1,200 personnel.
Documented man hours used to complete the task, parts and/or software needed to complete the task, date of submission, date of completion, and customer satisfaction report all to be entered in the trouble call database.
TRAINING
McAfee ePO System Administrator Course
January 2010
Learning Tree Ballston VA
System Center Configuration Manager 2007 Training (SCCM)
October 2009
Arlington, VA
Install, configure, deploy and leverage SCCM 2007 throughout Windows enterprise
Implement SCCM sites
Enable client agent settings for optimal performance
Customize sites, establish system roles and designate discovery methods
Distribute applications, operations systems and security updates
Run queries, initiate remote control and troubleshoot sites
Contact this candidate