Lead HBSS Administrator (SME) Resume Example

Served as an IT Specialist/Information Systems Security Officer (ISSO) for the AFN-BC. Ensured the confidentiality, integrity, system security and availability of the network and provided network administration support to the Non-secure Internet Protocol Router Network (NIPRNET).
• Tracked, monitored and controlled the network to ensure AFN-BC's information systems' reliability and accessibility. Ensured interfaces were constantly patched and in compliance to defend against unauthorized access to system devices. Developed policies, procedures and standard operating procedures to ensure 100% uptime for all system devices. Ensured vulnerability risk assessments, systems security evaluations, audits and reviews were constantly monitored.
• Accessed the Enterprise Mission Assurance Support Service (eMASS) system to ensure AFN-BC's infrastructure was in compliance in order to obtain certification and accreditation for authority to operate (ATO). Maintained currency of applicable Information Assurance (IA) policies and regulations as relates to ATO accreditation. Prepared for and passed a successful Cyber Command Readiness Inspection (CCRI) in 2016.
• Experience in CCRI Penetration Testing (Pen-Test/Pen-Tester) using DoD Cyber Command SCAP vulnerability scanner, and Tenable Nessus scanner. Pen-test experience includes a Cybersecurity Assessment (CSA) application.
• SIEM Management: Past experience includes administering a McAfee SIEM, Splunk, and Symantec LEM (Log Event Manager/SYSLOG). Daily duties included being responsible for engineering support, maintenance, and sustainment of log collection and analytic applications in ensuring log collection was performed on all data center systems. Served as the application SME; lead, investigated and diagnosed, workaround enactment, root cause analysis and resolution for all incidents and problems. Was responsible for delivering the capabilities needed through these tools to meet DoD Cyber Command Security and operational requirements, creating alerts, dashboards, and reports based on the analysis of log data. Was responsible for recommending and executing architectural changes to the application deployment, applying vendor recommended security patches and updates, remediating security vulnerabilities, and hardening of the application to meet DoD security baseline security and compliance standards. Was responsible for maintaining the InfoSec documentation for the product suite and any and all Standard Operating Procedures (SOPs) and PPG (Policies, Procedures, Guidelines) documentation developed for the application.
• PPG (Policies, Procedures, Guidelines) / Standard Operating Procedures (SOP) Management: Responsible for creating and implementing the DoD's policies, procedures, and guidelines for implementing logical access controls, conducting software inventories, implementing information security management, and monitoring and detecting data ex-filtration and other Cyber threats. Assessed whether DoD Components followed the logical access control policies, procedures, and practices. PPGs and SOPs drafted by me covered the entire network spectrum from network firewall down to workstation.
• Security Frameworks: Experience with NIST 800-53 Rev. 4 and DoD Risk Management Framework (RMF). Experience with these frameworks defined a standard set of activities and a management process to certify and accredit DOD information systems before implementation and every three years thereafter. Experience included standards for assessment and authorization, risk assessment, risk management, and dynamic continuous monitoring practices.
• Evaluated abilities of units equipped with a system to support assigned missions in the operational environment, which included threats to defend against cyber-attacks, detection of possible network intrusions, and reaction to those threats.
• Successful penetration tests completed. Responsible pen-test assessment for multiple systems; infrastructure hardware/software; users; operators; maintainers; defenders; training; and Tactics, Techniques, and Procedures (TTPs).
• Responsible for the capabilities to Protect, Detect, React, and Restore.
• Pen-tests consisted of a Cooperative Vulnerability and Penetration Assessment and an Adversarial Assessment, both which were performed in the operational environment.
• Implement DISA-mandated TASKORDS and FRAGORDS to ensure system security policies are in compliance. Ensured network and systems designs stayed current with rigorous compliance with IT security policies to ensure facilitating system accreditation packages are current. Gathered, analyzed and preserved evidence used in prosecuting computer crimes during breach of network information, integrity and availability. Applied security principles, concepts and methods. Provided written and oral communications and recommendations for best course of action to senior management when determining impact on assessment of security events. Implemented corrective actions when necessary.
• DoD Assured Compliance Assessment Solution (ACAS) Administrator. Installed and managed security reporting tools to monitor network resource changes. Led the installation of the AFN-BC's new ACAS system. Provided, updated, and secured network diagrams and documentation. Input and managed the ACAS network vulnerability scanner to ensure 100% compliance with Joint Task Force-Global Network Operations (JTF-GNO) standards and policies. Worked closely in keeping senior management informed of all Category findings and vulnerabilities via the status of ACAS.
• Familiar with deploying, configuring, maintaining and troubleshooting Splunk 6.x in a Windows/Linux environment
• Operation and performance monitoring of collected McAfee SIEM and Symantec LEM information.
• Analysis, design, configuration, implementation, documentation and operation of McAfee SIEM and associated appliances (to include Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), Advanced Correlation Engine (ACE)).
• Identified and integrated internal and external data sources, performed analysis of data trends, created queries and maintained SIEM dashboards.
• Responsible for SIEM security design review and recommendations, technical data gathering, security and policy review and configuration, security device implementation planning, configuration and implementation of security products and technical quality assurance.
• Engineered and administered support to SIEM/Splunk environment to include indexes, indexers, deployment servers, and forwarders.
• Lead technical troubleshooting efforts for DoD environments to identify and eliminate network or security configuration issues for SIEM data collection.
• Host Based Security System (HBSS) Administrator. Solely responsible for deploying the HBSS and its connection to the DISA NIPR SQL Staging Server for content upload. Managed the Vulnerability Management System (VMS) for security issues and report their status. Ensured HBSS security settings on both the server and client workstations using McAfee Data Loss Prevention (DLP) and McAfee Host Intrusion Prevention Service (IPS/IDS) secure and in compliance with DoD Security Technical Implementation Guides (STIG). Identified vulnerabilities on network servers and client workstations and provided solutions to fix vulnerabilities. Worked closely with Help Desk personnel to ensure security on all client workstations. Uses current backup software and technology for systems operation, including scheduling, backup, disaster recovery and system resource management.
• Palo Alto Firewall system administrator. Configured and installed AFN-BC's new Palo Alto Firewall. Monitored and administered in ensuring network performance was at peak performance. Upgraded and updated network products based on vendor specifications using guidance from DoD secure industry associations. Implemented security packages and application updates across multiple operating system platforms using tools like McAfee's Host Based Security System (HBSS). Developed standards and criteria for assessing server performance in ensuring confidentiality, integrity and availability using HBSS. Worked with the Security Content Automation Protocol (SCAP) tool using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation (e.g., FISMA compliance) in conjunction with the National Vulnerability Database (NVD) government content repository. Investigated, responded to, collected evidence and reported security incidents to Senior Network Manager and senior management. Ensured network servers were compliant with current IA policies.
• Configured the AFN-BC's first disk-to-cloud based backup system ensuring important data was always protected. Recommended equipment upgrades and replacements for obsolete equipment. Ensured information availability to clients and customers by managing and administering off-site tape storage program using Unitrends Backup software. Tested and applied vendor patches and updates over the network to client workstations and network servers using manual techniques and BMC FootPrints Patch software.
• Understanding of network and McAfee Data Loss Prevention (DLP) endpoint security tools and integrated it into the SIEM to provide a cohesive view of network incidents and security.
• Implemented Symantec Data Loss Prevention Three Tier Installation for DoD enterprise, and integration of DLP with Exchange 2003 Server, Microsoft TMG, McAfee SIEM.
• Performed first-level triage, analysis, mitigation, response of routine security incidents, threats, and vulnerabilities., postmortem analysis with lessons learned.
• Provided assistance to the Help Desk, Program Development and DIMOC-Records Center teams providing technical assistance, systems security guidance, training, and problem determination. Assessed customer needs and provided quality customer service to clients and customers. Resolved client and customer needs for fast and quick efficiency to meet client/customer expectations.
• Troubleshot and determined hardware and software failures. Provided recommendations for replacing defective devices attached to the network and make configuration changes to the network when hardware and software failures occur. Recommended solutions to network failures which decrease system performance. Captured data loss on the network for forensic analysis during periods of decreased performance. Evaluated and recommended selection of new systems.
• Comprehensive knowledge of TCP/IP network protocol, Dynamic Host Control Protocol (DHCP), Windows Internet Name Server (WINS), Domain Name Service (DNS), Simple Mail Transfer Protocol (SMTP), Blackberry Exchange Server (BES) and Windows Server Administration. Performed system administration duties and responsible for installation, administration and maintenance in support of the Active Directory architecture and its support functions. System Administrator for Windows and UNIX servers, worked closely with the Senior Network Manager.