● Responsible for program security and communication security, review and update Program Protection Implementation Plan and Cybersecurity Strategy and Implementation Plan in accordance to NIST publications, DoD guidelines and instructions to ensure efficient and effective protection of essential program information, technologies and systems, respond to custom comments.
● Validate Information Systems Security Plan, enforce security measures, and ensure proper controls are in place for risk management and compliance.
● Manage and maintain an air-gapped computing environment that consists of Windows servers, CentOS Linux machines, and VMWare ESXi hosts, automate tasks with PowerShell, Python and Bash scripts.
● Review Tenable Nessus scan reports to identify system vulnerabilities, provide remediation in a timely manner, review system audit logs on a weekly basis, and generate proper documentations for annual system audit.
● Lead system/network engineer for a comprehensive IP wireless public safety network that consisted of 400 remote locations, and over 20000 end users, emphasis on security, high availability and redundancy.
● Responsible for design, upgrade, implementation, monitoring, optimization and management of WAN/LAN network infrastructure, switches, routers, Load Balancers, firewalls, IDS/IPS and VPNs,
● Secured network perimeter and enforced security policy by hardening switches, routers and perimeter firewalls, automated tasks with Python scripts.
● Stayed up to date with the latest vulnerabilities, and perform patch management for all networking devices.
● Provided tier 3 escalation support as well as other general WAN/LAN networking/security tasks, troubleshooting issues related to DWDM, L2TP, TCP/IP, GRE, IPsec, VRF, ACLs, OSPF, EIGRP, BGP, DNS, SNMP, NTP, DHCP, RADIUS, TACACS+ and etc., performed packet analysis with WireShark, generated Root Cause Analysis document and provided recommendations.
