Technologies: Cloud Architecture Design, Security Engineering, Configuration Management, Risk Assessments, Infrastructure as Code (IaC), Visualizing Log Data, Project Management, Governance & Compliance, Information Assurance, Virtualization, Task Automation, Network Security, Azure DevOps, PowerShell, Kubernetes, Bridgecrew, Twistlock, Veracode, PostgreSQL, Azure SQL, Storage accounts, Application gateway, NSGs, Azure firewall rules, Monitoring, alerting, NIST 800-53 controls, Splunk, Azure Sentinel, Fortify SCA, WebInspect, Azure Security Center, Nessus

Industries: Government, Cloud-based solutions, Managed Service Providers, Information Technology (IT) infrastructure

EXPERIENCE

Redacted Company SENIOR CLOUD ENGINEER (Remote) 2021 – Current

• Created and managed Azure resources with infrastructure as code using Terraform
• Migrated client workloads from on-prem to Azure using Microsoft Cloud Adoption Framework
• Worked with CI/CD based application development methodology using Azure DevOps & PowerShell
• Worked with development teams to migrate applications to Kubernetes
• Worked with developers to create helm charts and deployment pipelines
• Built DevSecOps into the release pipeline using tools like Bridgecrew, Twistlock, and Veracode
• Supported hybrid cloud/on-prem environments and the required interconnections
• Agile project management with scrum and kanban
• Created terraform modules for multiple scenarios like environment creation, PostgreSQL/Azure SQL databases, storage accounts, application gateway, NSGs, Azure firewall rules, and monitoring/alerting
• Conducted environment assessment of USAF wargaming and education systems deployed in Azure and provided and implemented recommendations for a more secure operational environment
• Provided mentoring and guidance for mid and junior level staff, offering feedback targeted at individual development

Chainbridge Technologies INFRASTRUCTURE SECURITY ANALYST Vienna, Virginia (Remote) 2018 – 2021

• Managed and supported Azure infrastructure in US Gov and Commercial tenants
• Managed multiple Azure network interconnections including S2S VPN, Cisco CSR, ExpressRoute, and DHS RTIC Azure applications
• Developed best practices baseline config for infrastructure architecture in Azure
• Supported multiple Azure-based applications with medium and high level ATO control requirements
• Translated compliance requirements into actionable technical remediation plans using NIST 800-53 controls
• Used Splunk & Azure Sentinel (LAW) for log aggregation, worked with parsing field data, transforms, reports, and dashboards/workbooks
• Created methodology for FEMA SOC to ingest logs from Azure into Splunk
• Maintained vuln management program with Fortify SCA, WebInspect, Azure Security Center, and Nessus
• Automated the application of IT configuration settings to comply with STIG requirements
• Designed and implemented advanced functions of Azure AD Premium including security, governance, and compliance
• Maintained configuration state of IaaS VMs using DSC, used PowerShell scripts to enforce/audit state for other Azure resources
• Automated tasks within Azure and Windows ecosystems using PowerShell
• Supported developers with Azure DevOps pipeline creation and management, pushed towards DevSecOps
• Interacted with government contacts including DHS OneNet, FEMA SOC, FEMA SMEs, and ISSOs
• Assisted Small Business Administration with migration of Atlassian ecosystem (Jira, Confluence, Bitbucket/Bamboo) into Azure
• Migrated internal IT environment to cloud-based server infrastructure and client endpoint management
• Conducted risk assessment of in-house developed software and corporate IT environment
• Created internal policies and procedures needed for compliance and adherence to best practices

Netsmart Technologies SENIOR SYSTEMS ENGINEER Leawood, Kansas (Remote) 2014 – 2021

• Architected client virtual environments including on-prem VMware/Hyper-V, Azure, and AWS for an MSP
• Migrated client onsite IT functionality into hybrid and cloud-only solutions
• Migrated client environments from on-prem Exchange/SharePoint/SMB shares to O365 solutions
• Created and maintained best practices hardening baseline documents for Active Directory, Azure, O365, Windows servers/workstations, and network infrastructure devices
• Implemented Active Directory hardening across multiple client organizations including; user password hygiene, disabling obsolete protocols like SMBv1/LLMNR/NetBIOS/TLS 1.0, enforcing security settings through GPO/Intune, deploying LAPS, UNC path hardening etc.
• Implemented and managed multiple IDS/SIEM solutions: Firepower, AlienVault, SEM, and SO
• Built ELK stack with dashboards for top 20 critical control for centralizing and visualizing device logs
• Installed and managed network equipment such as firewalls, routers, switches, web filters, VPN from multiple vendors – Cisco, Barracuda, FortiNet, Juniper, Meraki, HP, Ubiquiti, Lightspeed
• Configured O365 protections with 3rd party tools or Microsoft Defender for Office 365
• Worked primarily project-based, acted as L3 support for escalations, some dedicated client environments
• Created PowerShell scripts to automate tasks and act as a force multiplier for other Engineers, Sys Admins, and L1/L2 support; this includes user MACD, O365 tenant config, AD security assessment
• Used Python to create network config management scripts using netmiko/paramiko ssh libraries; it provided a free method for non-profits to backup network device configs and issue batch commands
• Built audit jobs using PowerShell to integrate AD hardening validation with NCentral RMM
• Collected and graphed system metrics to have a data-based approach to optimizing and managing IT systems
• Assisted on-site support with workstation deployment using Intune/Autopilot, SCCM, and WDS
• Part of incident response team and created the response procedures for different types of incidents
• Developed risk assessment solution based on NIST SP800-53 & SP800-66 security controls
• Conducted annual risk assessments for Netsmart clients including; technical data gathering, interviews, compiling the report, and discussing the findings with the organization’s executive leadership
• Created vulnerability management programs for clients using Nessus Professional scans and a python script to clean-up reporting
• Assisted with policy and procedure creation to meet compliance requirements at client organizations
• Worked with client organizations to establish and/or enhance security awareness and training programs

University of Michigan – School of Public Health DATA SECURITY ANALYST, INTERMEDIATE Ann Arbor, Michigan 2008 – 2014

• Installed and managed VM infrastructure environment that runs school Windows and Linux servers
• Conducted risk assessments using University RECON methodology (NIST SP800-53)
• Supported a hybrid environment of Windows, Linux, and OS X
• Created scripts to automate program updates, manage computers, and provide reporting
• Designed and implemented security monitoring infrastructure using open source tools
• Managed school network infrastructure devices including routers, switches, IDS, and CheckPoint firewall
• Monitored and analyzed network traffic for signs of malicious activity
• Developed security-related policies and procedures based on best practices and applicable regulations

Travelers Insurance SR. INFORMATION SYSTEMS CONSULTANT Southfield, Michigan 2000 – 2008

Project Experience

• Designed, implemented, and troubleshooted IT infrastructure and security for over 20 years
• Conducted environment assessment of government wargaming and education systems deployed in Azure and provided and implemented recommendations for a more secure operational environment
• Created and managed Azure resources with infrastructure as code using Terraform
• Migrated client workloads from on-prem to Azure using Microsoft Cloud Adoption Framework
• Worked with developers to migrate applications to Kubernetes and created helm charts and deployment pipelines
• Built DevSecOps into the release pipeline using tools like Bridgecrew, Twistlock, and Veracode
• Maintained vuln management program with Fortify SCA, WebInspect, Azure Security Center, and Nessus
• Created internal policies and procedures needed for compliance and adherence to best practices
• Architected client virtual environments including on-prem VMware/Hyper-V, Azure, and AWS for a managed service provider (MSP)
• Migrated client onsite IT functionality into hybrid and cloud-only solutions
• Migrated client environments from on-prem Exchange/SharePoint/SMB shares to O365 solutions
• Built ELK stack with dashboards for top 20 critical control for centralizing and visualizing device logs
• Installed and managed network equipment such as firewalls, routers, switches, web filters, VPN from multiple vendors – Cisco, Barracuda, FortiNet, Juniper, Meraki, HP, Ubiquiti, Lightspeed
• Configured O365 protections with 3rd party tools or Microsoft Defender for Office 365.