• Team Lead – Manage day to day operations of a 24/7 SOC• Monitoring application white listing events for potential security incidents and investigations with Bit9 • Direct Day to day administration and O&M of McAfee ePolicy Orchestrator server • Configure and implement policies for McAfee’s Device Control Module• Day to day administration and O&M of Blue Coat ProxySG • Create and Implement filter policies for inbound web traffic for end point Unified Agent• Assist in or Perform incident response utilizing Microsoft O365 Exchange Administration• Assist with incident response and intrusion prevention using event correlation tools such as Splunk Enterprise Security SEIM• Configure agent policy and perform Device Control via CrowdStrike

• Monitoring application white listing events for potential security incidents and investigations with Bit9 • Day to day administration and O&M of McAfee ePolicy Orchestrator server • Configure and implement policies for McAfee’s Device Control Module• Day to day administration and O&M of Blue Coat ProxySG • Create and Implement filter policies for inbound web traffic for end point Proxy solution• Assist in or Perform incident response utilizing Microsoft O365 Exchange Administration• Assist with incident response and intrusion prevention using event correlation tools such as Splunk Enterprise Security SEIM

• Monitoring application white listing events for potential security incidents and investigations with Bit9 • Day to day administration and O&M of McAfee ePolicy Orchestrator server • Configure and implement policies for McAfee’s Device Control Module• Day to day administration and O&M of Blue Coat ProxySG • Create and Implement filter policies for inbound web traffic for end point Proxy solution• Assist in or Perform incident response utilizing Microsoft O365 Exchange Administration• Assist with incident response and intrusion prevention using event correlation tools such as Splunk Enterprise Security SEIM

• Monitor network and supporting systems to detect security compromise events (including intrusions and virus incidents)• Correlate events for early warning, alerting, trends and prevention • Perform initial investigations on suspected intrusions and/or suspicious activities • Analyze event data received from Network Security tools such as SourceFire, Palo Alto, IBM BigFix, SiteProtector and McAfee ePO to eliminate false positives and identify incidents • Provide enterprise-wide network systems and applications systems security log auditing • Inspect, identify and analyze log files such as Network logs, Server/Workstation Logs, SPLUNK logs, network traffic and security events from all network security tools within the VA WAN and Gateway to detect, identify and report anomalous malicious network activity

• Provided technical support with the DoD Information Assurance Certification and Accreditation Process (DIACAP) • Assisted with Mission assurance planning and implementation following DoDI 8500.2 and DODI 8510 • Managed production and failover Web Proxies as well as implemented filter policies for inbound/outbound web traffic for CND purposes • Utilized McAfee endpoint security solutions to implement security policy and prevent data loss • Assisted with McAfee Host Based Security Suite/ePolicy Orchestrator for USCYBERCOM FRAGO 13 and CTO-133 compliancy to include Device Control Module/Data Loss Prevention, Virus Scan Enterprise, Host Intrusion Prevention, and Policy Auditor • Performed data mining, event correlation, log analysis, review of security incidents log data, and correlation of these incidents for incident response or problem management. Some tools used include Blue Coat Proxy/Reporter, McAfee Host Based Security Suite, ArcSight and the MS Threat Management Gateway (TMG) • Assisted with configuring ArcSight logger and SEIM connectors for log data collection, correlation, review and reporting. • Supported customer by actively participating in Information Security Engineering meetings and activities • Provided real-time vulnerability assessments for Information Assurance Vulnerability Alerts, Bulletins, and Technical advisoriesSignificant achievements included standing up the Blue Coat Proxy solution, assisting with the Tenable Nessus implementation and transition to parent agency, was deputy team lead for SecOps, assisted with overall vulnerability posture and the reduction of vulnerabilities by over fifty percent.

Provided Vulnerability Management, Web Proxy Administration, Microsoft Threat Management Gateway Administration, McAfee Host Based Security Suite (Firewall, Host Intrusion Prevention, Data Loss Prevention and Anti-Virus) and Symantec Brightmail Gateway Administrator for the Joint Chief's of Staff.

Provided general Information Assurance support, including Certification and Accreditation (C&A) and Vulnerability Management. Supported the Defense Logistics Agency and its components to integrate and implement the C&A process within the client’s infrastructure. Assist in implementing applicable Security Technical Implementation Guides (STIG) and other technology utilized within the enclave environment. Update and test information technology contingency and incident response plans.

Responsible for the installation, configuration and maintenance of multiple network scanning utilities. Perform weekly IAVA scans to ensure level of agency network compliance. Perform periodic vulnerability assessments of the network. Provide assistance to IA staff ensuring IAVA compliance reporting requirements are met. Maintain network Spyware/Adware detection tools. Perform daily maintenance of Spyware/Adware removal. Assist with patch management and ensure patch management cycle deadlines are met. Use and provide training for the Hercules Vulnerability Management tool. Assisted with BlueCoat Web Proxy servers. Assist with Sidewinder firewall configuration when needed. Provide documentation for continuity of operations book for security team. Provide training to network security team on use of assessment and patch management. Provide new user security awareness training.