Cyber Security Engineer

Professional Summary

• Application Security Assessment Investigation

• Assistant Certification and Accreditation Security Advisor

• Proficient in Windows/Linux - OS - Server environment(s)

• Level 1/2 Troubleshooting client/servers

• Tier III Professional support

Technical Summary

· Server hardware, Software analysis, HW/SW troubleshooting

· Intermediate networking proficient

· MS Active Directory

· Windows Operating Systems – Windows 2008/2003/2000/2012 servers, Windows 7/Vista/XP workstations, UNIX\Linux, eMass, TCL\REXX

· Databases: My SQL, Access, SQL Server 2000\2012; Oracle up to current release (11g) and other ODBC

· Software: Proxy, TCP/IP, VMware, SQL Server C#VB.NET, ASP.NET, ADO.NET, WEBSERVICES, AJAXSILVER

LIGHT, Palo Alto, CISCO Firewalls, routers and switches; TCP-IP (v4/v6) protocol Checkpoint Firewall; Citrix (SaaS), Microsoft Platform Security, Virtual Machine Technology, MS Windows 7, Server, Vista and XP; TrackIt; Microsoft Office Suite 2007; Photoshop; SharePoint; Symantec and Bomgar, SCCM, GoToMyPC, RSA Tokens, Remedy Ticketing System, Lotus Notes, Guardian Edge, Juniper, WebEx. Security Sandbox application, Footprint Ticketing system, Wire Shark, Nessus, Web Inspect, AppScan, RSA Archer 6.4 RabbitMQ, AWS, Azure, Google Cloud, Netsparker, AppDetective, Qualys, Okta, Tokenization systems, CyberArk, Chromium, CarbonBlack, Trellix, Cortext XSOAR

Professional Experience

Census Bureau (May 2016 to Current) Cyber Security Engineer

· Utilize Nessus, Nmap, OWSAP 10, Crowdstrike, Windows Defender, Tanium, Qualys, Burp Suit IBM Appscan and Web Inspect to scan all ports, access points, devices, software and Servers.

· Demonstrated ability to discover and exploit 0day vulnerabilities in modern webbrowsers

· Detect incident response with monitoring, alerting logs, network traffic and endpoint behavior

· Responsible for incident response containment eradicating vulnerabilities and recovering effected systems

· Utilize Splunk and ArcSight to centralized collection, storage, and analysis of security logs.

· Identifying patterns and potential security incidents from analyzed logs utilizing Splunk and ArcSight tools.

· Utilize Splunk and ArcSight threat intelligence feeds to identify and prioritize potential threats.

· Generating reports on security posture, incidents, and trends utilizing Splunk and ArcSight platforms.

· Utilize Swimlane and SolarWinds to orchestrate workflows and automations for repetitive and security incident response processes.

· Automating tasks like evidence collection, containment procedures, Swimlane, and alert escalation utilizing

Swimlane and solar winds.

· Configuring and managing FortiGate firewalls for network security.

· Creating and managing firewall policies and rules.

· Implementing intrusion prevention and detection systems (IPS/IDS)

· Configuring and managing FortiSandbox for threat intelligence and sandboxing.

· Implementing web application firewalls (WAF) using FortiWeb.

·

· Setting up Palo Alto security policies, managing firewall rules, and ensuring the correct segmentation of the network.

· Preventing Palo Alto services to block malware, exploits, and command-and-control traffic. This involves

regular updates and monitoring of signature-based defenses.

· Automating repetitive security tasks and incident response workflows using Cortex XSOAR (Security Orchestration, Automation, and Response).

· Building playbooks for automated responses to incidents such as malware infections or databreaches.

Integrating Palo Alto with other SIEM tools for comprehensive threat management. Monitoring logs and alerts via Palo Alto Panorama, which provides centralized management for multiple firewalls.

· Ensuring logs from Palo Alto firewalls and security tools are fed into a Security Information and Event

Management (SIEM) system for real-time analysis.

· Using Prisma Cloud to secure cloud environments, ensuring compliance, and managing risks across multi- cloud infrastructures.

· Implementing virtual firewalls (VM-Series) in cloud environments such as AWS, Azure, or Google Cloud to

secure cloud workloads.

· Configured and deployed Palo Alto Strata Next-Generation Firewalls (NGFWs) to secure network traffic and enforce security policies, Application-ID and Content-ID: Implement and manage App-ID for identifying applications, and Content-ID for controlling access to files and data across networks.

· Rule Optimization: Regularly review and optimize firewall policies to ensure efficient traffic flow and reduce

the attack surface.

· Managing VPN and remote access solutions.

· Defining and managing workflows for various security incidents utilizing Swimlane and SolarWinds.

· Executing pre-defined playbooks containing automated actions for different incident scenarios utilizing Swimlane and SolarWinds platforms.

· Generating reports on incident response activities and identifying trends utilizing Swimlane and SolarWinds.

· Incident responsibility for office 365 email Security Data Protection\Governance, threat detection, monitoring and reporting, Cyber Intelligence, Threat Hunting and Vulnerability Management

· Configuring and managing Cisco firewalls (ASA, FTD) for network protection.

· Implementing intrusion prevention systems (IPS) and intrusion detection systems (IDS).

· Managing VPN and remote access solutions.

· Configuring network access control (NAC) to enforce securitypolicies.

· Configured and maintained Tenable/Nessus vulnerability management solutions, including Tenable.io and Tenable.sc

· Utilized Regular Expressions (Regex) for reporting vulnerabilities, endpoint detection alerts notifications,

parsing and analyzing security logs from various sources, including firewalls, intrusion detection systems (IDS), and endpoint detection and response (EDR) solutions. Developed custom Regex patterns to identify suspicious activity within log data, such as malware indicators of compromise (IOCs), unauthorized access attempts, and potential data breaches. Leveraged Regex in conjunction with SIEM tools (like Microsoft Sentinel) to automate log analysis and generate security alerts for efficient threat detection. Contributed to the development of Regex-based rules for network traffic filtering and anomaly detection within network security appliances.

· Proficient in writing Regex patterns for log parsing, data extraction, and manipulation withinsecurity

automation scripts (e.g., Python, PowerShell). Integrated Regex with security orchestration, automation, and response (SOAR) platforms to automate security incident response workflows. Utilized Regex for threat intelligence processing, normalizing indicators of compromise (IOCs) and enriching security data for improved threat detection. Developed Regex-based scripts for user activity monitoring (UAM) to identify potential insider threats or unauthorized access attempts.

· Designed and implemented scanning policies, schedules, and targets to ensure comprehensive coverage of

organizational assets. Analyze scan results and prioritize vulnerabilities based on risk assessment, collaborating with relevant teams for remediation. Managed user accounts, roles, and permissions within the Tenable environment, ensuring proper access control.

· Developed and maintained Python scripts to automate tasks and streamline workflows across various

domains, including system administration, data processing, and software development Competency with debuggers and IDA Pro

· Ensured FISMA information in eMASS and Compliance Tab information.

· Fluent in C/C++ and at least one of: Intel, ARM, or MIPS assembly code

· Supported the Census cyber risk management chain(SCCRM)

· Hands on experience with Encryption/cryptographic technologies that support the development, documentation, and maintenance of data protection standards within the Census organization.

· Research, assess, and make recommendations regarding encryption technologies and configuration, as well as how to integrate, implement, test, deploy and support within the framework of an Agile SAFE environment.

· Monitor COTS products and Source tools and products for new security vulnerabilities or patches and firewalls.

· Evaluate security solutions to ensure they meet security requirements for processing classified information in eMASS

· Technical writing & Research, edit, and proofread technical documentations, including user manuals, installation guides, API documentation, release notes, and knowledge base articles. Created diagrams, screenshots, illustrations, and other visual aids to enhance the clarity and effectiveness of technical documentation and collaborating with developers, engineers, management, 3rd party vendors and receiving feedback from stakeholders and end-users to improve documentation practices and templates.

· Creating risks from identified security vulnerabilities and providing expert recommendations on mitigations and remediation’s at a timely manner.

· Overlooking software and hardware architectures for security implementations, assessing and reporting risks on the RSA archer and Splunk dashboard designs.

· Coordinated with the Information Security team, play a key role in the identification, assessment, prioritization and remediation processes of cyber security risks and vulnerabilities.

· Integrating software & devices utilizing Okta

· Okta API configuration and installation process & maintenance

· Troubleshooting okta issues including SSO and other integration Cloud services such as Azure & AWS and oracle products and collecting remediation processes for the project

· Deploy and manage Azure automation tools such as Azure CLI, PowerShell, Azure Terraform.

· Managed Cloud Computing SRG, Azure PIM, Identity and Access Management

· Operating and implementing Defender for Cloud, Azure Policy, and Regulatory Compliance such as IL5 and NIST 800-53 Rev 5.

· Maintaining and patching Okta platform

· performed tasks like system configura5on, so7ware installa5on, and data management, crea5ng user accounts and managing ac5ve directory. Scheduling scripts to specific intervals. U5lize shell scrip5ng in Unix Linux by administra5ng configuring managing Remote management ssh automa5on.

· Utilized Windows Deployment Services, Microsoft Deployment Toolkit and Windows Autopilot to automate installations and configurations of Windows on multiple machines including vm machines.

· Creating and rotating cloud encryption keys for Cloud systems AWS and Azure.

· Implemented Microsoft Azure solutions using Azure Active Directory, Azure Automation, Azure Log Analytics and other Azure PaaS offerings

· Monitored and configured Azure Networks, including Virtual Networks, Network Security Groups Traffic

Manager, Network Monitor, Load Balancers and User Defined Routing

· Provisioned user accounts and role-based policies for access to Azure services, Azure Identity Management services

· Creating and managing infrastructure using various AWS cloud services Creating automation scriptsfor

provisioning, decommissioning, deploying services, andpatching

· Working with AWS support to escalate the problems to find the product limitation solutions

· Developed and maintained documentation for plain ID, creating and implementing Maintaining access control policies and roles Using plain ID within cloud environment AWS, Azure, Google Cloud.

· Build robust, high performing, user-facing web applications in Python.

· Utilize Python to Write reusable, testable, and efficient code Design and implementation of low-latency, high- availability, and performant applications.

· Provisioned, installation/configuration, operation, and maintenance of Amazon Web Services (AWS) systems,

servers, VMs, security, software, encryption, hardware, and related infrastructure

· Setup, configure, and maintain hosted environments such as Microsoft Azure and Amazon Web Services.

· Offered guidance in application migration from on-prem data center to AWS Cloud with related AWS cloud services Cloud Integration & APIs, Cloud Migration, Cloud Infrastructure & Engineering, and Cloud Managed Services.

· Google cloud platform performed design, development, implementation, and maintenance of custom system

software. Work within the infrastructure team building and supporting Terraform scripts which are used to automate the creation of infrastructure within the Google Cloud Platform

· Planned, Configured, Deployed and Operate a cloud solution using Google Cloud services

· Automating the build and configuration of IaaS based solutions in Google Cloud Platform

· Help clients see the transformational capabilities of Cloud as an opportunity for business enablement and competitive advantage

· Responsible for managing the mainframe hardware configuration, and installing, customizing, and maintaining

the mainframe operating system.

· Responsible for presenting cost estimates for the mainframe solution implementation process and ongoing production support of the solution

· Accountable for the accuracy, process, integrity, quality and stewardship of client mainframe infrastructure

solutions.

· Familiarity with Cloud and NIST Security practices

· Experience with Jira and Confluence

· Utilize DLP security policies and using systematic DLP event analysis

· Maintained DLP Policies/Rules and associated events which support compliance to Census environment policies

· Developed data protection strategies, architectures and implementation plans

· Analyze security requirements and relate them to appropriate security controls

· Provided guidance to and assists in training less experienced IT Security Specialists

· Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives. Provides technical support in the development, testing and operation of firewalls, intrusion detection systems, and enterprise anti-virus and software deployment tools.

· Migrated IBM Appscan from 8x to 11x

· Utilize IBM Security Appscan for web application vulnerability scanning

· Applications in the Census environment.

· Install, Troubleshoot, Monitor ASP.NET Web Applications.

· Utilize PowerShell, SCCM for scripting, patching, Application Testing and Imaging Windows OS, 7 & 10 machines.

· Monitored, Configured, Scan/Patch Network TCP/IP, DNS, Telnet and DHCP.

· Managed/Secured and Scanned devices, software, Web applications following NIST 800-53 protocol & FIPS 140-2

· Worked with system owners to create Authority to Operate (ATO) packages, review artifacts for compliance,

and map those artifacts to the appropriate NIST 800-53 controls, specifically, Control Correlation Identifiers (CCIs)

· Maintained continuous Approval To Operate (ATO) for customer built and maintained applications supporting the Census so it can carry out its mission of supporting innovative population data research

· Use eMass for ATO readiness and Continuous Monitoring.

· Implemented, Maintained, Identify managed, audits, baseline identification, and preparation and control of documentation for software projects

· Provided Support for Security Configuration Standard Baseline implementation and Development using CIS

Benchmarks standards.

· Monitored and Patched new security configuration baseline documents with Systems and application updates within the configuration settings

· Possessing in-depth knowledge of the Risk Management Framework and Assessments andanalyzing

vulnerabilities

· Familiar with the requirements for implementation of, required policies, directives, and guidance for certification and accreditation towards Risk Management Framework.

· Auditing and documenting systems using DISA auditing tools, Assured Compliance Assessment Solution

(ACAS), DISA STIG, and SCAP tools.

· Working remotely and assisting the SOC team, Distribution team and outsource companies with mitigation and remediation.

· Audit and validate configurations of network devices based on DISA STIGs

· Utilize RSA Archer platform 5.5 to 6.9 version

· Experience with business analysis and technical implementation of GRC tools, RSA Archer

· Continuous Diagnosis & Mitigation (DEFEND/CDM) RSA Archer specialist with Census Bureau

· Continuous Diagnosis & Mitigation (CDM) RSA Archer specialist for the Department of Homeland Security for the census work relations.

· Expertise in implementation, customizations and integrations of eGRC RSA Archer 5.5 and 6.x version

upgrades

· Develop and maintained a formalized GRC framework, utilizing standards based controls aligned to business.

· Administrated Archer Data Feeds, questionnaires, calculated fields, work flow, reports, dashboards, I- views,

Packaging.

· Assess, prioritize and update existing IT security policies and standards to reflect the GRC framework.

· Participate supporting RSA Archer version upgrades

· Developed and Administrated ECGS platform within Archer application.

· Managed, configured, account creation and supported CDM Dashboard within eGRC Archer platform

· Configured, management RSA Archer data feeds

· Managed, Configured of 3rd party applications datafeeds

· Develop, configured & managed interface/Templates within eGRC Archer application.

· Designed and developed reports of dashboard and iView’s

· Developed, managed Archer data feed management and reporting

· Created, Deleted Archer PO&MS records for users within Archer

· Gave read/write permissions to PO&MS within RSA Archer

· Installed, test and deployed new applications in Archer

· Defining access roles and record permissions within Archer based on the departments

· Provide support of Splunk integration and deployment, configuration and maintenance

· Integration of data feeds (logs) into Splunk.

· Conducts complex security architecture analysis to evaluate and mitigate issues. Develops policies and procedures for securing the system infrastructure and applications.

· Develops complex technical and programmatic assessments, evaluates engineering and integration initiatives

and provides complex technical support to assess security policies.

· Created vulnerability risk assessments for in house, COTS and 3rd party applications.

· Utilize Wireshark, Nessus to Pentest and analyze the network and software’s.

· Utilize penetration testing tools and frameworks to automate and streamline testing processes, including Metasploit, Nmap, Burp Suite, and custom scripts.

· Conduct comprehensive penetration tests on computer systems, networks, and applications toidentify

security vulnerabilities and weaknesses.

· Document and report findings from penetration tests, including detailed descriptions of vulnerabilities, their potential impact, and recommended remediation steps.

· Review code prior to deployment for new applications & upgrades to current applications to for security and

quality assurance of new code.

· Familiar with Risk Management Framework (RMF), ACAS and eMASS.

· Utilize McAfee ePolicy/End Point Protection Suite administration including virus protection, HIDS/HIPS, firewall, encryption and other workstation security technologies.

· Address known exploits using the Host Intrusion Prevention System (HIPS) also, configured, monitored,

installed and updated the application as well.

· Denied/Approved Software applications after testing the software for vulnerabilities and malware.

· Manage and monitor ticketing system ensuring tickets are completed in a timely manner

· Manage system backup Manage email, spam, and virus protection Administer servers, desktop computers, printers, routers, switches, firewalls, phones, personal digital assistants, smartphones, software deployment, security updates and patches.

· Monitor network usage and security; undertake routine preventative measures to

ensure networksecurity.

· resolve technical problems with LANs, WANs, network segments, internet, intranet and other data communication systems; ensure network connectivity is on par with technical considerations Install, modify, and repair server / computer hardware (cables, hubs, routers, wireless adaptors.) and software.

· Manage and maintain VMware virtual server environment and client environment

· Manage and maintain the SAN/NAS (NetApp) storage systems

· Manage and maintain Active Directory, User Accounts, Group Accounts, Computer Accounts, DHCP DNS and Domain Controllers.

· Application of eMASS for authorizing official, risk reviewer, program reviewer, and user rep view only.

· Manage and maintain the Microsoft System Center Configuration Manager (SCCM) for server updates as well as for client updates and automated builds and deployments.

· Ensure the proper execution of regular systembackups

· Manage, maintain and patch Windows/Linux server operating systems and the applications running on those servers.

· Remain up-to-date on security concerns and implement solutions as necessary

· Oversee and manage the Office 365 based email solution.

· Utilize O365 Security Configuration, Set up multi-factor authentication, Raise the level of protection against malware in mail, Protect against phishing attacks with ATP Safe Links, Protect your email from phishing attacks, Raise the level of protection against malware in mail & Use dedicated admin accounts.

· Create eMASS to RMF relationships and compile eMASS data metrics.

· Evaluate emerging forensic technologies and conduct forensic examination of High Priority Digital Media

· Recovered information from computers and storage devices to recover data like documents, photos, and e- mails from computer hard drives and other data storage devices that have been deleted, damaged, or otherwise manipulated

· Used forensic tools and investigative methods to find specific electronic data, including Internet use history,

word processing documents, images, and other files

· Assist with asset validation and credibility assessments by providing baseline assessments of digital media and cellular telephones

Library of Congress (January 2011 to May 2016) Cyber Security Engineer

· Develop Archer data feed management and reporting

· Managing O&M activities of Archer

· Recommending and developing processes and use cases to be implemented by Archer

· Developing and maintaining appropriate documentation around Archer deployment(s)

· Providing Archer design and architecture support

· Remediate Audits, Compliance Management, and policies, Risk, Threats, and Federal Assessment by Utilizing RSA Archer Solutions.

· Corporate objectives, Control standards and baselines using Policy Management within RSA archersolutions.

· Report audit results, manage audit resources, Plan and execute audit engagements, Managed the audit plan and Audit universe within the RSA Archer solution.

· Completed ASA’s “Application Security Assessments” for LOC.

· Identify and mitigate security business and system risks

· Identify, Manage, and develop Plan of Actions and Milestones (POA&M) and mitigation strategies for potential vulnerabilities.

· Assist with firewall policies and network configuration support for firewalls (Fortinet, Cisco ASA) Engineering and configuration support for network router and switches (Cisco) * Provide engineering guidance and process ownership for VPN technologies, including user remote access and business to business connectivity.

· Managed NIST security frameworks ensuring their successful execution and ongoing compliance.

· Collaborate with the LOC Federal project team to support security assessments (Security Assessment and Authorization [SA&A] and Certification and Accreditation [C&A] activities) and audit

· Experience interfacing with customers regarding IA policies and practices

· Create Security Assessments by Communicating and escalating compliance and risk issues to the appropriate customer representative and level of management.

· Provide expert level consultation regards contractual system security obligations, frameworks, control requirements.

· Lead development and maintenance of information security risk assessments designed to evaluate inherent risks, controls, and residual risks for the LOC and key vendors. Monitor the operating effectiveness of key security controls and evaluate results relative to risk assessment.

· Utilize vulnerability assessment tools such as: McAfee Security Management tools, Big Fix, Archer and custom PowerShell

· Performed testing, Virus Scan for requested/updated software for Windows XP, 7, Vista and Mac on Windows Server 2003/2008 and Linux Operating Systems.

· Created vulnerability risk assessments for in house, COTS and 3rd party applications.

· Utilize Wireshark, Nessus to Pen-test and analyze the network and software’s.

· Utilize McAfee ePolicy/End Point Protection Suite administration including virus protection, HIDS/HIPS, firewall, encryption, and other workstation security technologies.

· Address known exploits using the Host Intrusion Prevention System (HIPS) also, configured, monitored, installed, and updated the application as well.

· Received notification in Footprints ticketing system for requested software.

· Test web applications for security vulnerabilities using AppScan Tool.

· Analyze and assess vulnerabilities in the infrastructure (software, hardware, networks), investigates available tools and countermeasures to remedy the detected vulnerabilities, and recommends solutions and best practices.

· Utilize Nessus, Wireshark for vulnerability scanning tool

· Ran patches/updated in house, COTS, 3rd partyapplications

· Tests for compliance with security policies and procedures.

· Investigates and utilizes new technologies and processes to enhance security capabilities and implement improvements

· Scans for, identifies and assesses vulnerabilities in IT systems including computers, networks, software systems, information systems, and applications software.

· Utilize security software, including tools for monitoring, traffic analysis, intrusion detection, virus/spyware/malware detection, anti-virus software, and so on.

· Utilize Sandbox Application to execute files and URLs in a controlled environment and monitor the behavior of applications and operating systems for suspicious activities.

· Created, Modified, and Updated Security Hardening Guide, Denied software list and Risk Assessments on the shared drive network.

· Validate existing system security authorization packages – including SSPs, configuration management plans, and contingency plans – for compliance against NIST Special Publication 800-53 (Revisions 2, 3, & 4)

· Develop technical test case strategies and procedures for a wide variety of operating systems, database environments, and applications to ensure that they adhere to National Institute of Standards and Technology (NIST), Federal Information Security Management Act (FISMA), Federal Information Processing Standards (FIPS), and Department of Education security policies and requirements.

·  Approved applications for RSA tokens and disseminate, add users to catalog ensuring placement in correct security domain, collected tokens from termination, removed users in database, Maintained database token request, distribution and maintained inventory of unassigned tokens.

· Troubleshoot hardware, software issues throughout the Loc

· Supported 2,000 users on site, phone, remote and walk-ins with helpdesk, Desktop issues throughout the Loc.

· Resolved helpdesk tickets utilizing remedy ticketing system

·  Reset and revoke PKI certs for digital encryption, distributed secured authorization code to users, Maintained digital database PKI request.