* Primary duties include ensuring security systems (SIEM, IDS, EDR, email security, etc) are working optimally, serving as the senior incident response coordinator, working with teams across the enterprise to identify and reduce security risk and promote compliance with industry standards, deploying new tools and technologies, and providing technical leadership in promoting security awareness and compliance across the organization* Responsible for developing and maintaining secure configuration standards and developing and documenting incident response procedures and runbooks for alerts from different platforms, including Microsoft Defender platforms and internal intrusion detection. Additionally providing training and guidance to junior team members on threat detection and response.* Implemented a vulnerability management program - worked with stakeholders to develop VM policy and standards, deployed scanners, coordinated credentialed scanning, and developed processes for documenting and tracking the remediation of vulnerabilities. Additionally coordinated external penetration testing for PCI audits and other external security assessments, evaluated vulnerability findings, and coordinated with internal teams on remediation efforts.* Deployed a SIEM – evaluated competing products, deployed Qradar and Qflow, integrated logs from a large variety of security sources including custom internal sources, customized and tuned rule logic for offenses and alerts, and created queries to support investigation and troubleshooting of our environments.

* As a member of TDA’s Security Engineering team, I focused on working with stakeholders identify risk and secure their O365 and Slack deployments, performing a proof-of-concept and evaluation of Vulnerability Management/Policy Compliance tools, evaluating CASB solutions, and creating a platform for standardizing security hardware and software deployment documentation and training teammates on using it

* Built an incident response program and served as senior incident response lead, deployed advanced endpoint protection technologies and developed incident response procedures, deployed a SIEM, identified gaps in BCBSNE’s network and system architecture and worked with stakeholders to reduce risk, coordinated external penetration testing and audit, and supported the daily operations, maintenance, and troubleshooting of BCBSNE’s entire security infrastructure (firewalls, proxy/SSL interception, SIEM, DLP, email security, endpoint detection and response, and vulnerability scanning) * Planned and implemented the migration of the web content filter from Bluecoat to Check Point - this involved multiple teams and reworking our outbound traffic flow entirely. Designed the new architecture, performed POCs of multiple solutions and wrote a white paper with recommendations, deployed new firewalls to support the additional workload and SSL interception, migrated and tested rulesets, and performed cutovers gradually to minimize risk and user disruption.* Additional responsibilities included evaluating proposed infrastructure changes for security concerns and collaborating with other teams on risk mitigation, maintaining security policies and procedures, working with teams across the organization to ensure compliance with security policies (including HIPAA compliance), assisting with penetration testing and internal threat hunting, training junior team members, and troubleshooting outages and other operational issues

* As RaceTrac’s first Security Engineer, I was responsible for partnering with internal teams to perform risk and gap analysis to assist RaceTrac with quantifying and prioritizing risk across the organization, this included defining security requirements and policies and working with stakeholders to make sure that they were in compliance * Monitored security devices for intrusions and anomalous behavior and created procedures for handling incidents while leading the incident response team* Performed vulnerability scans and analysis and worked with software and networking/infrastructure teams on remediation plans, as well as coordinating external penetration testing and PCI audits* Additional duties included providing user education and awareness training, evaluating new and existing technologies and recommending items for purchase as well as managing vendor relationships, and assisting with audits and achieving and maintaining PCI compliance as well as compliance with other standards

Network Security Admin II December 2011 – September 2012Served as a Senior IA technical and subject matter expert (SME) in security and systems administration for the Defense Contract Management Agency (DCMA), primarily responsible for hardening servers and workstations according to DISA STIGS, managing and maintaining networking and security equipment, performing vulnerability scan analysis and remediation, monitoring security systems for intrusions and anomalous behavior, providing domain administration and host-based security support, and external audit support Security Systems Engineer - Team Lead February 2010 – December 2011As the Information Assurance/Computer Network Defense Team Lead for the DCMA Network Operations and Security Center (NOSC), I was responsible for coordinating threat response with USCYBERCOM and other DoD components, developing and implementing incident response policies and procedures, leading the incident response process, providing root cause analysis post-incident, performing maintenance on security systems (firewalls, IDS, host-based security, data loss prevention devices, and anti-virus), vulnerability compliance scanning and remediation, performing internal penetration testing and reporting, and forensic analysis

* Responsible for defining, implementing, and maintaining Information Security policies and performing day to day security operations, including implementing firewall, proxy server, web content filter, and intrusion prevention system changes, providing risk analysis in partnership with other internal teams, maintaining the enterprise’s configuration compliance manager, investigating policy violations and security incidents and providing root cause analysis, and assisting with and performing security audits related to HIPAA and SOX

Information Assurance EngineerDecember 2005 – July 2006• Served as the chief security engineer for the Integrated Strategic Planning and Analysis Network Architecture and Integration team• Created and maintained security accreditation documentation, performed risk analysis, evaluated security requirements for test and integration, and performed system test and evaluationInformation Assurance Engineer October 2005 – December 2005• Responsible for implementing the STIG for Unix/Linux systemsInformation Assurance Engineer September 2004 – September 2005• Performed network defense engineering on USSTRATCOM’s Network Defense Team (STRAT-ND), an NSA-certified CND-SP• Duties included engaging in network security analysis, detecting and responding to intrusion attempts, providing threat and vulnerability analysis and assessments, completing daily and weekly reports, detecting and preventing computer viruses, performing security audits, modifying firewall and perimeter router policies, forensic analysis, and responding to and assisting in the handling of security incidents and investigationsInformation Operations Engineer October 2003 – August 2004• Certified in Rapid Response Cyber Forensics (RRCF) - a 40 hour training course designed to create practitioners with experience in digital evidence collection and analysis, forensic procedures, and live response. Assisted in teaching basic RRCF course upon completion of certification. • Duties included providing up-to-date security technology information to JFHQ-IO staff, assisting in the computer network defense planning processLead Security EngineerSeptember 2002 – September 2003• Served as Lead Security Engineer for the Command and Control Modernization (C2M) group• Prepared, delivered, and maintained security documentation for new and existing systems, as well as gathering requirements for new acquisitions

• Prepared and presented an assessment analyzing current USSTRATCOM Information Assurance (IA) policies• Assisted in the rewiring and re-configuration of the Systems Integration Lab, as well as documenting the system architecture and topology and assisting with the creation of certification and accreditation documentation

• Responsible for examining the Intrusion Detection System and firewall logs and reporting any suspicious activity, performing audits, and doing vulnerability assessments and white papers

• Performed maintenance on the company’s propriety insurance software system (MS-DOS, Visual Basic, and COBOL).