Responsibilities:

• As a lead SIEM engineer, I take charge of overseeing professional service engagements and managing service provider (MSP) customers, working collaboratively with a team of engineers.
• Implementing configuration management using Ansible to streamline and automate processes.
• Set up and maintain Elasticsearch clusters as well as Swimlane clusters for seamless operations.
• Configuring Fleet and Elastic agent policies with both standard and custom integrations to optimize operations.
• Deploy machine learning jobs with the objective of detecting anomalies.
• Ensuring compliance and security standards by applying STIGS to Swimlane and Elasticsearch platforms.
• Evaluating and enhancing the performance and security of customers’ Elasticsearch environments by providing expert guidance.
• Employing Docker for containerization and establishing immutable pipelines for enhanced efficiency.
• Configure PagerDuty for multiple teams and workflows to ensure smooth incident management.
• Develop custom solutions using AWS SNS, SQS, and Lambda functions to address specific requirements.
• Create and maintain comprehensive documentation of security configurations, procedures, and incidents.
• Facilitate and lead Scrum meetings for the SIEM team while collaborating closely with project managers to prioritize and incorporate tasks into the backlog.

Responsibilities:

• Directed the Cybersecurity Program and Risk Management that includes the Risk Management Framework (RFM) supporting multiple entities in a global division.
• Team Lead for the division’s Incident Response Team. As the lead, I am responsible for coordinating with multiple departments bring an incident to closure. Provide written and verbal briefings and presentations to business leaders about incidents.
• Directed IT governance for the division that aligns with HII, compliance frameworks (e.g., ISO 9001, ISO 20000, and NIST SP 800-171), and contractual requirements (e.g., DFARS 252.204-7012) to align with business objectives. Advise senior leadership on governance, risk management, and regulatory compliance requirements.
• Develop a division-wide Vulnerability Management Program. My team developed governance and processes to reduce the number of vulnerabilities across the division. The program requires interfacing with multiple business units, application owners, and stakeholders to remediate vulnerabilities.
• Lead the implementation of Multi-Factor Authentication across the various organization in the division. Managed the initial distribution and developing procedures for continued distribution for future users. My team distributed to CONUS and OCONUS users in than more 70 locations.

Responsibilities:

• Developed, implemented, and maintained Business Continuity and Disaster Recovery Policies and Procedures.
• Managed process and acted in the lead role for Computer Incident Response Team (CIRT). Perform forensics on compromised machines and networks, malware analysis and reporting relating to security incidents.
• Install, maintain, and manage security technologies including FireEye NX, Carbon Black Enterprise Response, Carbon Black Enterprise Protection (Bit9), Splunk, Elastic, Logstash, Kabana, Encase, Nessus, and Suricata.
• Recommended preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy.
• Configure and Administer BMC Footprints to support our ISO 20000 requirements
• Developed and maintain corporate information security and privacy policies.
• Prepare Information System Security Plans, Protection Profiles (SSPs and MSSPs). Interface with the Defense Security Service (DSS) concerning Security Plan approvals for handling, safeguarding, transmitting, receiving, and generating classified information.
• Manage COMSEC material and accounts.

Responsibilities:

• Prepare Information System Security Plans, Protection Profiles (SSPs and MSSPs). Interface with the Defense Security Service (DSS) concerning Security Plan approvals for handling, safeguarding, transmitting, receiving, and generating classified information.
• Manage COMSEC material and accounts.
• Designed, develop requirements, development, debug many internal systems to integrate different business systems. (Websites, Restful APIs, and Services)
• Install, support, and operate many business systems including Microsoft SharePoint, Microsoft SQL, Deltek (Costpoint, Budget, and Planning, Govwin, Time and Expense), Privia, Team Foundation Server and GitHub Enterprise.
• Install, support, and operate cybersecurity technologies including FireEye NX, Carbon Black Enterprise Response, Carbon Black Enterprise Protection (Bit9), Snort, Cuckoo Sandbox, and Splunk (dashboards, reports, custom search commands).
• Provide support and recommendations to HIPAA security assessment and audit. Draft documentation support to ISO 9000, ISO 20000.

Responsibilities:

• Developed custom dynamic web applications to meet customer’s requirements.