PROFESSIONAL SUMMARY:

Sophisticated and creative InfoSec specialist and Software Developer seeking a dynamic position with a company or organization that will utilize and further enhance my knowledge of IT or offer advancement opportunities. Accustomed to working with multi - cultural clients and staff while communicating and writing proficient English, Spanish and Russian.

TECHNICAL SKILLS:

Pentesting Distros: Kali Linux 2018.3, Santoku, Linux Blackarch, Wifislax, Parrot OS.

Cybersecurity tools: Metasploit, Armitage, Burp Suite, Vega, Maltego, Faraday, SqlMap, BbqSQL, nmap and Sparta among others.

IAM (Identity management): CA IDM, CA SiteMinder, Avatiar, Oracle Identity OID, Oracle Virtual Directory OVD, AD Domain Controller, Azure AD.

Endpoint Cyber Security and SIEM: ELK, McAffee AV, Gemalto, Secure File Storage, Splunk SEC, FireEye, FTU (file tokenization utility) / Liaison-Protect, Symantec MSS.

Cyber security frameworks and compliance: PCI DSS, HIPAA, ISO 27001/27002 , CIS, NIST, COBIT, SOX, GDPR

Network: Vormetric, FTU (File Tokenization Utility) Tripwire (File Integrity Monitoring), McAfee AV, ELK, Tokenization (NETS Service).

Languages: Java, Python, Perl, C#, C++, HTML 5, JS, CSS, XML, PHP, MATLAB, R.

BI Tools: Confidential cognos BI, Targit BI, Necto, Information Builders BI tools.

Databases: Crystal reports, Oracle RDBMS (6.x - 12c), MySQL (3.23 - 5..6), MS SQL Server 2018, NoSQL, MariaDB, PostgreSQL, MySQL, SQL, SQL PLUS, Pro*C, PL/SQL. Web application servers and integrations with CMS Confidential Websphere v8.5 Ubuntu server, MS SQL and MS Server integrations. Confidential Bluemix(app development cloud service), LAMP and XAMPP servers with Tomcat on Apache and integration on various CMS including MS SharePoint, Wordpress, Drupal and Kentico CMS. Maven2.x integration on Eclipse, Integrating GIT on Ubuntu server 14.04 and 12.04 and hardware virtualization (devices and servers).

Operating Systems: Linux, UNIX, Windows 95-10, iOS, OSX, Android and Cisco IOS.

Tools: MS Office, SQL Server Management Studio, Microsoft Project, Altova, Visual Studio.NET, DeuterIDE, Nuxeo Dev suite

WORK EXPERIENCE:

Confidential

Software developer and cyber security developer

Responsibilities:

• System analysis/design and Full stack web development for Business intelligence tools and integration with databases and content management systems, Confidential cognos BI, Nuxeo suite,Pega7,Targit BI, Necto, Information Builders BI tools, work flow management and BI tools such Qlik sense, Qlik sense cloud, K2 and other data visualization management tools integrating better solutions in data warehousing and big data. Such integration includes BI and Data visualization solutions together with Oracle PL/SQL, MySQL and other SQL variants.
• Advanced software and mobile app (Android SDK and swift for iOS) development in multiple frameworks and coding in the .Net framework, Dreamweaver, Drupal, Ms SharePoint, ASP.Net MVC, VBA, VB scripts, C#, Visual C#, PHPLib, PHP 4 and 5, CakePHP and JavaScript, Winforms for linQ, Perl, Python for mobile, web and desktop applications including Web and CMS development and design.
• Knowledge of SVN and WAMP, LAMP and APACHE servers as well as network and web application security and pentesting.
• Software development and automation.

Confidential, San Juan, PR

Responsibilities:

• Coding and offensive tooling of python, perl, powershell and other languages to build ssh botnets, mass compromising ftp, SFTP, SSH, replicating conficker and writing exploits. Forensic investigations, geolocating individuals, recovering deleted items, recovering artifacts from the windows registry, examining metadata in documents, images and examining mobile devices and applications. geolocate ip addresses from captures, investigate popular DDoS tool kits, discover decoy scans, analyze botnet traffic, and foil IDS and IPS.
• Pentesting and scanning for WiFi and Bluetooth devices, sniff, parse wireless traffic, id hidden wifi networks, id malicious wireless kits in use, stalk Bluetooth radios and exploit other bt vulnerabilities.
• Scrape the web for information, anonymous browsing via python,working with dev api’s, footprinting and scraping websites, popular social media and creating spear phising emails.
• Antivirus and IDS,IPS evasion techniques. Building malware with Python for the purpose of evading antivirus systems and other Endpoint security appliances.
• As a software developer, the skills reinforced are those related to researching, designing and writing new software programs. In general perspective it involved testing new programs, fault finding, evaluating and developing software that make computers and hardware work, whereas products that suffer from incompatibility today were managed and modified to work in their integrated platforms. Some of the job experiences involved monitoring security and penetration testing for critical systems (e.g., e-mail servers, database servers, web servers, SCADA servers and CMS) Making changes to highly sensitive computer security controls to ensure appropriate system administrative actions (investigating and reporting noted irregularities).
• Capturing and defining the security test requirements.
• Planning, research, and design robust security architecture test strategy for any IT project.
• Perform vulnerability testing, risk analysis, and security assessments.
• Research security standards, security systems and authentication protocols with the Client.
• Apply testing methodologies and tools to complex applications for finding weaknesses and security vulnerabilities early in the SDLC process.
• Understanding of Application security principles, risks, attacks, OWASP security guidelines and best practices to perform SAST - Static Application Security Testing, DAST - Dynamic Application Security Testing and IAST - Interactive Application Security Testing.
• Develop test requirements for Web Applications Security Testing for all releases using automated tools and manual testing.
• Design test plans for DAST, OWASP Top 10 Most Critical Web Application Security Risks, public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures.
• Proficiency in Applications Security testing tools like Acunetix Web Vulnerability Scanner /Burp Suite / Fortify Web Inspect, Nessus, Nmap and other open source tools.
• Define, implement and maintain Corporate or Enterprise security policies and procedures
• Oversee security awareness programs and educational efforts
• Respond immediately to security-related incidents and provide a thorough post-event analysis.
• Defining possible entry points and attack vectors to systems, such as: files, sockets, hypertext transfer protocol (HTTP) requests, named pipes, pluggable activities, protocol handlers, malicious server responses and so on.
• Analyzing potential threats and risk analysis based on the vectors and entry points defined. Details of threats and the methods to analyze them.
• Dynamic Application Security Testing (DAST)
• Static Application Security Testing (SAST)
• Interactive Application Security Testing (IAST)
• Web Application Penetration Testing
• Product Security Testing
• Cloud Application Security Testing
• Web Services Security Testing
• Security Code Review
• Network Security Assessment
• Security Testing Tools: Burp Suite, Metasploit, Armitage, InsightIDR, Splunk enterprise, Tamper Data, Live http Headers, HP Fortify, Vera Code, OWASP Top 10, N-Stealth, Hailstorm, Paros, SANS Top 20, Acunetix, Nessus
• WINS,DNS, and DHCP, Network troubleshooting
• Remote access methods
• Backup and disaster recovery methodologies
• Patch management technologies and processes

Confidential, Oshkosh, Wisconsin

Field Application Engineer

Responsibilities:

• Experienced in different SCADA/HMI applications.
• Experienced in different techniques of communication with field devices and PLCs.
• Experienced in management and access to historical data, in particular relational databases.
• Knowledge of procedural languages, include but not limited to VB.NET, C#, Python.
• Experience in debugging techniques and code management
• Capacity to manage product code traceability techniques
• Capacity to work part as a team and have interpersonal communication skills.
• Working with several international customers and provide solutions and technical support to their different SCADA/HMI projects(Americas, Europe, Asia, Middle East.)
• Creative and flexible, able to work under pressure to meet tight deadlines
• Cybersecurity research for articles in the Progea magazine and CSIA about Cyber attacks in vulnerable critical infrastructure, industrial automation and field devices.