Professional Documents
Culture Documents
Corporate Technic 3
Corporate Technic 3
SECURITY CLEARANCE
• DOD Top Secret Clearance SCI Poly (09/2021)
• DOD Secret Security Clearance
• Public Trust
CERTIFICATIONS
• Splunk Enterprise Certified Architect (Est. Completion Feb 2020)
• Splunk Enterprise Certified Admin (Sep 2019)
• Splunk Certified Admin 6.3 (Oct 2016)
• Splunk Certified Power User (March 2016)
• Security + Certified (30 July 2009)
Work History:
Feb 2019 to Present Critical Incident Response Manager , Federal Bureau of Investigations, Washington DC,
The contractor shall assist the government in developing a comprehensive FBI-wide cyber incident response strategy
and plan. The strategy and plan shall comply with DOJ and ODNI cyber incident response requirements. The
contractor shall include FBI specific refinements/enhancements to the Threat Vector Taxonomy identified by US-
CERT and NIST 800-61 Revision 2 in the strategy and plan. The contractor shall interact with technical and non-
technical personnel across the FBI involved with all aspects of cyber incident response processes in order to complete
this task
Sep 2017 Thru Jan 2019 Cybersecurity Tier II Analyst, Department Of Energy, Las Vegas, Nv
• Perform the monitoring, analysis, correlation and reporting of cybersecurity issues
• Provide guidance and recommendations for new tools based on changes in threats, architecture, technological
advances, or organization mission
• Implementation of new tools and modifications to architecture; updates, maintenance, and monitoring of cyber
security tools
• Analyze changes, events, and other potential incidents for risk to the environment; event analysis, incident
determination, and incident management.
• Network traffic analysis, firewall functionality, log analysis
• Experience with Security Incident and Event Management tools, Log Management and Correlation tools, and
Antivirus/anti-malware tools
Sep 2016 thru Sep 2017 Security Engineer, Incident Response, TSA/DHS, Bossier City, La
• Security Engineer for Transportation Security Administration
• Troubleshoot and remedy various technical issues dealing with McAfee Sidewinders and Cisco ASA firewalls
• Administers Norton Secure Endpoint Protection antivirus while protecting/recovering critical data
• Coordinates/creates RFC request to update changes on Cisco ASA and McAfee Sidewinder firewalls
• Utilize BMC Remedy IT Service management tool for tracking, monitoring, updating customer IT issues
• Provides network content filtering using McAfee Web washers and Microsoft ISA
• Utilize Arcsight/SourceFire to monitor and troubleshoot network security related issues
• Monitors Solarwinds and provides technical expertise on various security subjects for TSA network
• Administers Site Protector, monitors for Security Events
• Utilize Microsoft Antigen and Forefront to update and block malicious emails
• Establish and manage Logger user/group controls, specify global login, password, resource authorization and
authentication settings, alerts and notification policies
• Configure event source devices/device groups, event Receivers, Forwarders, Destinations, supporting security
authentication settings, and optional connector management facilities.
July 2015 thru Augus 2016, Senior Cloud Security Engineer, NASA, Washington DC
• Responsible for providing technical guidance for the security of general support systems and major applications.
• Provides guidance to partners and customers in helping them understand AWS cloud services and how security
compliance is achieved while operating in a public cloud environment.
• Ensure complete security measures for business practices within the design, network integration/implementation,
and system and application level security
• Performs security control assessment in using FedRamp guidance and conduct independent scans of the network
• Develops and maintains the Plan of Action and Milestones and supports remediation activities.
• Manage and maintain applications and systems security posture deployed to AWS.
• Experience using and configuring the Distributed Management Console (DMC).
• Develop reliable, efficient queries that will feed custom alert, dashboards and reports in Splunk
• Maintain a close partnership with Splunk on feature requests, upgrade planning, and product roadmap alignment
• Optimizes system operation and resource utilization, and performs system capacity planning/analysis while
maintaining the security posture.
• Leveraged the full utility of Splunk technology in order to monitor cyber security, protect IT infrastructure, and
enable rapid containment and resolution of IT security incidents.
• Troubleshoot Splunk server problems and issues, set-up log indexing utilizing universal forwarders
• Monitor Splunk infrastructure for capacity planning and optimization
• Developed incident management processes, playbooks and stakeholder communication mechanisms for the HQ
Security Operations Center.
• Detected security incidents via network and host monitoring utilizing Splunk Enterprise/Trend Micro Deep
Security Agent. Determined their severity and impact, conducted threat analysis as required with various logs
network and system forensic investigation techniques.
• Architected Imperva Web Application Firewalls for AWS hosted on the internet supporting mission critical
operations. Tasks include SecureSphere configuration, AWS ELB deployments, AWS CloudFormation creation
and updates, and AWS Route 53 changes
Nov 2014 Thru May 2015 Security Analyst, Security Operations Center, Hergavec Group, Las Vegas NV,
• Utilizes McAfee SIEM/ESM to analyze/locate and mitigate malicious activities across network
• Effectively coordinates Computer Security Incident Handling process
• Monitors McAfee NSM/IPS, and FireEye for malicious inbound traffic.
• Utilizes CounterACT Forescout Network Access Control for swift network host access removal
• Administers CA ticketing system to create/track and close all security related incidents
• Monitor Imperva DAM/WAF for database intrusions
• Participate in root cause analysis of critical events for improving preventative and reactive processes
• Responsible for reporting, escalating, and remediating anomalous events based on the established protocol
• Performs day-to-day security log review and analysis in adherence with MICS, SOX, and PCI requirements,
July 2012 thru May 2014 Security Engineer, Incident Response, TSA/DHS, Crystal City VA,
• Security Engineer for Transportation Security Administration
• Troubleshoot and remedy various technical issues dealing with McAfee Sidewinders and Cisco ASA firewalls
• Administers Norton Secure Endpoint Protection antivirus while protecting/recovering critical data
• Coordinates/creates RFC request to update changes on Cisco ASA and McAfee Sidewinder firewalls
• Utilize BMC Remedy IT Service management tool for tracking, monitoring, updating customer IT issues
• Provides network content filtering using McAfee Web washers and Microsoft ISA
• Utilize Arcsight/SourceFire to monitor and troubleshoot network security related issues
• Monitors Solarwinds and provides technical expertise on various security subjects for TSA network
• Administers Site Protector, monitors for Security Events
• Utilize Microsoft Antigen and Forefront to update and block malicious emails
• Establish and manage Logger user/group controls, specify global login, password, resource authorization and
authentication settings, alerts and notification policies
• Configure event source devices/device groups, event Receivers, Forwarders, Destinations, supporting security
authentication settings, and optional connector management facilities.
System
Administration — Network + — A+ — Juniper Network Security Manager
Training — CCNA Boot Camp — Security + Certified — GCCS-J Oracle Administration
Highlights: — Database Fundamentals — Taclane Operator — Unix System Administration
--- CompTia Advanced Security Practitioner (CASP) — Certified Ethical Hacker (C|EH)