Keep in touch with meI'm using Intch to connect with new people. Use this link to open chat with me via Intch app
Work Background
Raytheon contracted to US DHS Cybersecurity and Infrastructure Security Agency (CISA)Sr. Cybersecurity Threat Hunt Forensics Engineer
Apr. 2022Virginia, United States* Provide action in response to identified and analyses anomalous network activity, through client’s IPS or firewall or captured network traffic such as Palo Alto and Cisco vendors for industrial control systems (ICS), OT networks, SCADA networks, Federal agencies, host attacks, network security,. Assesses network topology and device configurations identifying critical security concerns, reviewing security policies and providing security best industry or federal practice recommendations and regulations. Working with Mitre ATT&CK framework with the analysis of the exploits and in the incident handling.
*Developing AWS Cloud breach scenarios using cloud penetration testing tools such as Caldera and PACU to do enumeration, emulation and scanning, user privilege escalation attacks, and are being used to create attack playbooks. These cyber-attack exercises are tested with and without a defense setup of Cloudtrail, Container scanning, GuardDuty, DevSecOps patterns, Terraform, AWS Shield, Snyk IaC scanning, AWS Web applications firewall (WAF) setup to see the results in Cloudwatch logs and OpenSearch. Cross-functional leadership and collaboration, Crowdstrike EDR and management of incidents and Threat Hunting, advance malware prevention and detection, cloud security management.
*Using AWS Clod infrastructure management orchestration tools such as CloudFormation for infrastructure resources and AWS Elastic Kubernetes Service (EKS) for application deployment. Mentor team members, team leadership, Give presentations on the AWS security and general services to technical groups such as security engineers, executive technical mangers, and stakeholders.
*Proactive Threat Hunting, remote and onsite incident response operations, using host and network-based cybersecurity analysis capabilities involving Splunk, ingesting data and transforming it with pipeline automation, evaluating security controls to see if match up to Zero Trust Maturity Model (ZTMM) & NIST 800-207.
VenatôreSenior Cyber Security Consultant
Mar. 2020 - Sep. 2021Stuttgart, Baden-Württemberg, Germany* Configuring and troubleshooting the Palo Alto and Cisco firewalls for senior-level auditing of the firewall rulesets and settings, incident responses, access policies, delivering reports to management. * Implementing and designing a new security products, Varonis Datadvantage and Data Privilege, into an enterprise environment working with different departments such as system and network administrators, storage engineers and managers to create reports to assist them in their fields, and discover possible incident events. The software has the abilities of audit trails for Active Directory, automate security tasks data protection tasks, dashboard monitoring, showing exposed or stale data. Project leadership and management, working with different teams in project managment and technical knowledge of their proejcts. * Developing cloud security Azure architecture following DISA standards and setting up a test lab for application developers in the Azure cloud. Reviewing cloud architecture documentation and poliices.
* Ensuring systems are DISA STIG complaint with settings and patch updates. Also audit systems with Nessus scanner to search for vulnerabilities and patch levels of systems and review files with SCAP.
Devis contracted to Dept. of StateSr. Cybersecurity Consultant
Jul. 2018 - Mar. 2020Virginia, United States*Configuring and troubleshooting the Palo Alto firewall for URL filtering, VPN networks, senior-level auditing of the firewall rule sets and settings, incident responses, access policies, configuring dashboards in Splunk for Palo Alto networks, delivering reports to management. Integrate dynamic external list, advance security designs.
*Configure and Optimize the Splunk installation and roll out new features and additions to the present installation. Performed a complete upgrade of the Splunk Enterprise installation from a windows environment to Unix, creating new indexes, heavy forwarders, ingesting new server logs and creating dashboard applets in Splunk to improve incident reporting and creating compliance reports. Integrating in-house application logging to with Splunk to provide more detailed logging capability for the supporting teams to troubleshoot and report on this enterprise critical application.
*Working with Security and System Engineer teams to improve network security with vulnerability management providing cross team collabration with Rapid7 Nexpose and HP WebInspect Fortify, following up on Fireeye HX, incident response findings, and network architecture.
*Developing cloud security architecture as the agency migrates over to GovCloud, involving Azure and AWS services, security controls such as AWS Inspector, Macie, Cloudtrail, GuardDuty, AWS Shield, Systems Manager, and applications that need to be migrated to a cloud environment.
*Perform vulnerability assessments and audits, network security scans using tools such as Rapid7 Nexpose and HP WebInspect, antivirus solutions, and Fireeye security software. Providing leadership to the System engineers to bring the systems into compliance and in the remediation process for a secure posture status of the systems. Preparing for a NIST(800-53) audit of security controls using Splunk, Jira, Confluence in an Agile Sprint manner.
Infotree Service Inc.Sr. Network Security Engineer
May. 2017 - Feb. 2018Bethesda, MDInfotree Service Inc. contracted to Leidos and National Institute of Health *Acting as the SME for Palo Alto firewalls, configure and troubleshoot security policies and URL filtering on the Palo Alto Network Firewalls for a major federal agency. As well as high availability configuration, Panorama, SSL decryption, threat prevention policies, wildfire inspection were implemented as well. Virus protection, vulnerability and malware inspection and protection with the Palo Alto firewalls were also created and used in the enterprise sized network for a national federal agency.
*Configuration of the Cisco ASA firewalls and Firepower, and Sourcefire that involve access control lists to allow or to deny users from certain networks or systems for certain applications or ports. These issues are delivered through a ticketing system, as working in conjunction with Splunk and Elastic Syslog servers, and packet capture tools like Wireshark.
*IT audit function such as preparing documentation for a near future audit on a federal level as well as ensure the required security controls are in place and being utilized.*
AtosSr. Network Security Consultant
Dec. 2016 - Mar. 2017remote locations* Analysis IDS/IPS sensors to ensure the policies and settings are in compliance with the clients’ proposed goals. Gathering technical information from network and security teams as well as convey information to managers for different clients nationwide.
* Create client reports to present to management on audit’s findings, explain any technical subjects in the report to engineers and management. * Perform fine tuning of IDS/IPS fine tuning of signatures in a change control type of process.
Intch is a Professional Networking App for the Future of WorkSee more people like Sam on Intch
300k+ people
130+ countries
AI matching
Get Intch if you'd like to
488114 people
24
Data Scientist Intern @ Newell Brands
16
Program Manager @ DISH Network
18
Senior Software Engineer @ EarnIn
68757 people
18
Senior Software Engineer @ EarnIn
42
Senior Mining Engineer @ Riot blockchain
21
Technical Support Engineer - L2 @ Axis Communications / 2N