| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateVictor Blake, Web Application Security Assessment EngineerStreet Address
EMAIL AVAILABLEPHONE NUMBER AVAILABLE26 years of experience engineering, procuring, maintaining, functionality testing, vulnerability scanning, penetration testing, & performing event data analysis on communications network infrastructures for DoD, VA, & CSPs.PREVIOUS SECURITY CLEARANCE:Top Secret: (SSBI, Expired: Mar 2019)EDUCATION:M.S. IT Management; Touro University, (Summa Cum Laude) Jun04 B.S. Business Administration; Abilene Christian University, May 98 A.A.S Instructor of Technology; Air Force Community College; May 95 A.A.S Computer Systems Technology; Air Force Community College; May 92 Cisco Certified Network Professional (CCNP); 2006Microsoft Certified Systems Engineer (MCSE); 2003Comptia Security + CertificationTest & Evaluation, Level I CertificationSystems Engineering Level I CertificationProgram Management Level I CertificationCertified Information Systems Security Professional (CISSP); Jan 2018 Information Technology Infrastructure Library (ITIL) Foundations Certified; Sep 2015 Penetration Testing and Ethical Hacking 8 Nov 2018 Demonstrated experience in the following areas:Training:FedRAMP training courses completed: Introduction to FedRAMP FedRAMP System Security Plan (SSP) Required Documents (200-A) (Mandatory for CSPs) Security Assessment Plan (SAP) (200-B) (Mandatory for 3PAQs) Security Assessment Report (SAR) (200-C) (Mandatory for 3PAQs) Review & Approve Process (201-A)Penetration Testing with MetasploitVTC Certified Ethical Hacker WorkshopKali Linux Operating Systems Built for HackingFedora 21 Linux of the FutureSecurity Standards Council (SSC) Payment Card Industry (PCI) Essentials Cyberspace DefenseGTRI Splunk for Operational EfficiencyGTRI Splunk Security BootcampSplunk Bootcamp for SecurityBit9 + Carbon Black Advanced Threat Protection for Endpoints & Servers Cisco Next Generation Intrusion Protection System-x (NGIPS-x) VMware Data Center VirtualizationAdvanced Microsoft Excel 2010Advanced Automation with McAfee ePolicy Orchestrator (ePO) Tag Guidance: FIPS-PHONE NUMBER AVAILABLE, NIST-30/37/39/53/53A/82/115/137, FedRAMP-200-A/B/C, 201-A, PCI DSSNetwork Experience: Cisco IOS, routing, switching, & security products to include: Host-based & Network- based IPS/IDS; server administration to include: 2000/2008R2/2012R2/VMs; McAfee ePO, VPN, BGP Infrastructure Security Testing: SCAP, Kali Linux, Metasploit, vulnerability scanning, manual vulnerability assessments, penetration testing, incident response, & system security configuration CURRENT ASSIGNMENT:Web Application Security Assessment Engineer, SAIC, Arlington, VA, from 10-1-23 to 2-2-24(Contract Expired)o Perform security assessments against web applications for vulnerabilities, security misconfigurations, and compliance-related concerns o Utilize a variety of industry standard security tools to conduct manual-based security assessmentso Utilize a variety of industry standard security tools to conduct automated scans against web applicationso Review new vulnerabilities as they are published and develop impact assessments o Determine risk from vulnerabilities based on availability of exploit and potential loss of information and IT services capabilitieso Produce periodic trending and impact reportso Generate detailed reports (automated and manual) based on results from assessments and have the ability to explain in detail to customers o Develop new testing programso Maintain thorough knowledge and understanding of the Open Web Application Security Project (OWASP) top 10o Manage and maintain Government owned virtual platforms (VM), operating systems, and applicationsWeb Application Security Assessment Engineer, Halfaker and Associates, Arlington, VA, from 10/25/2018-10-1-23o Perform security assessments against web applications for vulnerabilities, security misconfigurations, and compliance-related concerns o Utilize a variety of industry standard security tools to conduct manual-based security assessmentso Utilize a variety of industry standard security tools to conduct automated scans against web applicationso Review new vulnerabilities as they are published and develop impact assessments o Determine risk from vulnerabilities based on availability of exploit and potential loss of information and IT services capabilitieso Produce periodic trending and impact reportso Generate detailed reports (automated and manual) based on results from assessments and have the ability to explain in detail to customers o Develop new testing programso Maintain thorough knowledge and understanding of the Open Web Application Security Project (OWASP) top 10o Manage and maintain Government owned virtual platforms (VM), operating systems, and applicationsWeb Application Security Assessment Engineer, ASM Research, Fairfax, VA, from 3/2016- 10/25/2018o Support the development of technical security safeguards to protect information systems from intentional (unauthorized) or accidental (inadvertent) access or destruction o Work with Web development, network administration, and corporate security teams, to actively identify, & analyze risks & develop plans that drive security improvements for the projectso Serve as a liaison between development teams & stakeholders to understand & formulate security requirements for projectso Define, maintain, and enforce application security best practices o Explain and demonstrate vulnerabilities to application owners, and provide recommendations for mitigationo Conduct and coordinate vulnerability assessments of software application under development o Identify additional application security related tools, conduct tool analysis, & provide recommendationso Perform & conduct penetration tests and manual/automated code reviews o Train developers & other relevant team members on Secure Code Development, as well as other security protocols as needed, and the WASA process o Perform security assessments against mobile applications for vulnerabilities, security misconfigurations, and compliance-related concerns o Strong understanding and experience with the OWASP Mobile Security Testing Guide o Utilize a variety of industry standard security tools to conduct manual-based security assessmentso Utilize a variety of industry standard security tools to conduct automated scans against web applicationso Review new vulnerabilities as they are published and develop impact assessments o Determine risk from vulnerabilities based on availability of exploits and potential loss of information and IT service capabilitieso Produce trending and impact reportso Generate reports based on results from assessments and have the ability to explain in detail to customerso Develop of new testing programso Management and maintenance of backend systems hardware and software o Thorough knowledge of the Open Web Application Security Project (OWASP) top 10 o Administration of existing and future infrastructure including system maintenance and managementSenior Security Engineer, Agensys Corporation, San Antonio, TX, from 2/2016-3/2016 (contract) Develop Manual Hardening Procedures for Federal and DoD Customers Contract Descriptiono The SA STIG Engineer:Performed a full STIG assessment through documentation, identify and document the audit findings on the physical and virtual servers, switches and storage in a standard EMC report format, and completed and delivered the STIG assessment documentation. The SA resource in this case provided assessment and documentation for the following storage components of the Vblock.* Cisco UCS 5180 Blade Chassis* Cisco UCS B420 and associated software* Cisco UCS B200 and associated software* Cisco UCS 6296 and associated software* EMC VNX7600 and associated software* EMC VNXe3200 and associated software* EMC PowerPath VE* Cisco Nexus 9396PX* Cisco 9504 and associated software* Cisco MDS 9148 and associated software* Cisco MDS 9706 and associated software* Cisco Nexus 3048* VMware VDS* Cisco UCS B220 and associated software* VMware vCenter - EMC ESRS and associated software Senior Security Analyst, U.S. Department of Veterans Affairs, from April 2015 to May 2015(contract) Developed & maintained A&A security artifacts, such as security plans, contingency plans, risk assessments, privacy impact assessments, incident response plans, configuration checklists, & interconnection security agreements Continually monitored change orders for information that can be used to update documentation & assess security controls for annual FISMA self-assessment testing through interview, documentation review, & review scan results Provided information assurance policy guidance to both internal & external customers & act as interface with customer to provide audit support for both internal & external audits & reviews, knowledge of service support systems such as Service Desk Manager (SDM) Advised project managers to minimize security vulnerabilities & risk assessment for assigned applications within the Austin Information & Technology Center Understanding of Information Technology equipment & telecom equipment including but not limited to software, servers, mainframes, enterprise backup systems, enterprise storage, applications, products & services, & switches Provided knowledge of VA 6500 Directive/Handbook & other VA guidance on information security, skills in developing mitigation strategy for identified weaknesses & providing guidance to interpret relationship of National Institute of Standards & Technology (NIST) Special Publication (SP) 800-53 security controls to identified weaknesses Utilized experience conducting Threat & Risk assessments & Vulnerability Assessments of IT systems Trained less experience personnel on developing & implementing Information Security policies & procedures Conducted system security evaluations, audits, & reviews Cyber Security Consultant, Kratos Defense & Security Solutions, San Antonio, TX. from 6/2015- 2/2016 (contract) Served on an Air Force major command level team of information security professionals in the enforcement of security policies, procedures, & ePolicy Orchestrator/STIG compliance for a variety of commercial & government activities worldwide Oversaw the development & coordination of System Security Authorization Agreements Performed threat vulnerability assessments; provide security test & evaluation reports Provided technical vulnerability research in the evaluation of system applications & services Developed C-level reports regarding areas of network & end-point system security concerns Consulted in all areas of cyber security, including physical security, administrative security, personnel security, computer security, operations security, & industrial security Cyber Security Consultant, Abacus Solutions Group, San Antonio, TX. from 3/2015-3/2015(contract) Provided subject matter expertise to acquisitions & security documentation related to Risk Management Framework (RMF) implementation Authored & maintained cyber security & Security Management Plans, Information Support Plans, Program Protection Plans (PPPs), Security Risk Analyses, Security Vulnerability & Countermeasure Analysis, Security Concepts of Operations, Operational Security (OPSEC) Plans, & other system/network security related documents Performed network & end-point reconnaissance & developed the AF KMI Penetration Test Data Management & Analysis Plan (DMAP) & Test PlanEglin Radar Network Systems Engineer II, Cyber Security Engineer, Penetration Tester, & Incident Response Consultant, Jacobs Technology, Colorado Springs, CO. from 7/2009-3/2013 & 7/2014- 2/2015 (contract) Lead 9-person system engineering team on $200M communications network development project utilizing Microsoft 2008 R2 & 2012 R2 operating systems with VMware & vSphere technology Administered McAfee ePolicy Orchestrator (ePO) for weekly policy, antivirus updates, application deployment, & malware monitoring Performed SCAP Compliance Checker assessments of systems & hardened systems to ensure compliance Provided STIG Viewer findings report to government with proposed solutions to remediate or eradicate vulnerabilities Provided Change Control Board (CCB) change recommendations to the Department of Defense(DoD) Enterprise-wide Information Assurance (IA) & Computer Network Defense (CND) Solutions Steering Group (ESSG) Developed Information System Security Plan, Continuity of Operations, Privacy Impact Assessment, Penetration Test DMAP, Test Plan & Business Impact Analysis documents; briefed leadership to gain buy-in for system development & test strategies Administered Cisco NGIPS-x ASA-x router & end-point Advanced Malware Solution Intrusion Protection Systems (IPS) Developed Penetration Test Rules of Engagement; led the execution of all phases of test Served as Splunk Enterprise Application administrator & trained site administrators on how to accomplish data correlation & real-time threat monitoring o Performed incident forensics & reported test findings to organization leadership Military Satellite Communications (MILSATCOM) Cyber Security Consultant & Penetration Tester, Leidos, Colorado Springs, CO. from 3/2013-7/2014 (contract) Performed MILSATCOM systems security compliance configurations, functionality & penetration testingo Developed MILSATCOM Systems Penetration Test DMAP & Test PlanBriefed leadership on test scope & objectiveso Briefed network & system threats & vulnerabilities requiring mitigation o Obtained leadership Approval to Connect & Approval to Operate Performed required vulnerability updates on Unix mainframe systems & subsystems o Trained administrators on required processes to update & perform regression testing on client applications when changing system security baselines Produced/briefed risk assessment & test findings to senior leadership Developed security related documents to coincide with system upgrade requirements o Developed system/network functional test plans, test cards/scenarios, & report templates Planned & led 6 system administrators through threat & vulnerability assessments Assisted the software developers in performing field troubleshooting for software integration issues Provided Initial & Final System Security Functional Analysis reports to leadership Performed STIG assessments on Operating System (OS) & applications software to determine interoperability concerns that contributed to the overall network test threads to include data flows & data mapping Developed operational-level interaction reports across functional teams, customers & users o Developed & briefed STIG compliance documentation & presented findings test reports to software development teamsAFISR System Installation Lead, Air Force Intelligence, Surveillance, & Reconnaissance (AFISR), Japan, from 7/2006-7/2009 (Active Duty Air Force) Performed Network Installation & IA baseline studies/configurations for 78+ National Security Agency(NSA) mobile intelligence mission systemso Performed STIG compliance assessmentso Tracked findings to resolution or mitigation Researched net-centric interoperability concepts/issues; provided strategic ePO security & system interface injects to NSA leadership for 30 relevant intelligence, surveillance & reconnaissance platforms to integrate with Air Force Distributed Common Ground System Network Performed security compliance configuration updates to maintain security baselines on 115+ NSA mission systems, switches & routersSuperintendent, Air Force Operational Test & Evaluation Center (AFOTEC), Colorado Springs, CO., from January 2003 to July 2006 (Active Duty Air Force) Guided 21 space & missile defense programs at Air Force Operational Test (OT) & Evaluation Center(AFOTEC)o Oversaw mission training of 97 testers for OT tactics, techniques & procedures o Ensured Defense Information Systems Agency (DISA) Host Based Security Service (HBSS) policy/guidance compliance for OT related events Built DMAPs & Test Plans for eight next-generation ground-based network security compliance tests Briefed program compliance status to AFOTEC leadership & the Director, OT&E-Pentagon Led compliance tests for DoDs Global Broadcast System (GBS) Internet Protocol (IP) upgrade Authored/executed OT & Penetration Test Plan for the Air Forces new Satellite Command & Control System; 54-person team earned Test Team of the Year Award for 2004 o Attended 4-week CCS-C class to execute test, collected & managed data, coordinated Joint Reliability Maintainability Evaluation Team & Deficiency Review Board meetings; obtained 1st ever approval to fly MILSATCOM satellite using the CCS-C system Co-planned/executed security compliance test plan for Armys Configuration Control Element for satellite payloadsNoncommissioned Officer in Charge, United States Air Forces in Europe (USAFE) Tech Control & USAFE Commanders Network Administration Cell, Germany, from 1/2000-1/2003 (Active Duty Air Force) Managed over 30 DISA router installs in Europe/Southwest Asia--increased reliability over 20% o Maintained Europes largest Defense Information Control Facility o Installed & configured 4,500 long-haul circuits & 21 remote Global Information Grids o Performed router configurations & performed system hardening (compliance) tests o Developed & coordinated security compliance packages for Approval to Connect (ATC), Approval to Test (ATT), & Approval to Operate (ATO) certifications Performed Network- & System-administrator duties for 3500-node USAFE/NATO Commander Local Area Network (LAN)o Administered 4 domain controllers, 18 subnet switches, & 2 gateway routers Researched requirements for Theater Deployable Communications package o Developed/executed security compliance Test Plan & worked findings to resolution o Successfully developed & briefed Approval to Operate package to Authorizing Official o Let DoD communications-computer infrastructure cyber security testing with coalition forces from over 30 allied countriesNetwork Engineer, United States Air Force, from 1/1999-1/2000, Alaska (Active Duty Air Force) Engineered/installed network on Clear AS, Alaska to include installing/configuring all site servers, routers, switches, routers, IPS systems & Cat 5/fiber (12-month project) Performed security compliance testing on all systems & obtained ATC & ATO certifications |
