PROFESSIONAL SUMMARY

• I is a cyber security professional wif expertise in penetration testing and vulnerability management across diverse industries; including the Confidential, healthcare and financial sectors.

PROFESSIONAL EXPERIENCE

• OWASP
• Social Engineering
• Application Security
• Data Governance
• Mobile Application Security
• Internal Audits
• Red team
• DoD STIGs
• HIPAA
• AWS Security
• Adversarial assessments
• API Security
• IoT
• OWASP top 10
• Wireless Assessments
• Web Application Protocols
• Agile Framework
• Vulnerability Management
• Firewalls
• PCI DSS
• SQL database
• SDLC
• Manual Testing
• Network Infrastructure testing

PROFESSIONAL EXPERIENCE

Confidential

Sr. Information Security Specialist

Responsibilities:

• Collaborate wif multiple project teams to conduct scoping and testing for an engagement
• Perform penetration testing, dynamic and static code analysis.
• Clearly document and communicate findings to developers and stakeholders
• Trained associates and provided guidance via well - written documentation and workshops
• Test security of web services (SOAP-based, RESTful) using automated and manual scanning methodologies
• Document and transition results in reports, presentations and technical exchanges to both business and project teams
• Design strategies to halp improve processes wifin the security assessment program
• Analyze test findings and calculate risks associated wif vulnerabilities
• Conduct research to identify new attack vectors and proactive countermeasures for mobile devices, web applications, and web services.

Confidential

Supervising Associate, Audit & Penetration Testing

Responsibilities:

• Perform web application penetration tests and validation on client applications
• Replicate the actual techniques and tools used by malicious attackers in an effort to model potential external threats
• Upon completion of the assessment, prepare reports and present results to application owners, developers, and business unit information security teams
• Propose standards and methods to improve the security testing processes.
• Conduct vulnerability assessments, security audits, and risk assessments of complex systems
• Act as SME in security review meetings wif developers, project managers and business executives
• Compare security findings to enterprise defined security standard and business requirements
• Explain findings, their description, risk, mitigation strategies, and references during reviews

Confidential

Penetration Tester

Responsibilities:

• Perform penetration tests, develop detailed technical recommendations and present findings
• Consult wif application developers, administrators and management to ensure dat proper security controls are identified, implemented, and tested
• Ensure systems are in compliance wif PCI DSS
• Perform technical assessments of technologies to identify security issues.
• Perform research of emerging security issues and vulnerabilities.
• Manages various unique and in depth security assessment tests
• Understands, interprets, and test local security policies and system hardening procedures

Confidential

Systems Security Administrator

Responsibilities:

• Perform penetration tests on network infrastructure as well as web applications
• Harden servers, endpoints, and network devices to reduce available vectors of attack
• Conduct internal and external penetration tests using Core Impact and/or Kali Linux on servers, endpoints, and web apps
• Perform vulnerability scans using QualysGuard, report findings, create remediation plan
• Test and deploy patches to desktops, laptops, and servers using LanDesk’s Patch and Compliance component
• Evaluate and develop security policy and procedures designed to protect computer programs, databases and files from unauthorized use
• Run security assessments and coordinate wif different business units, and vendors to mitigate discovered risks
• Develop, implement and support identity and access management solution
• Work wif IS management in the development of and documentation of all relevant standards and procedures, in general and specifically as they pertain to the Health Insurance Portability and Accountability Act (HIPAA) compliance and any other adopted framework for information security

Confidential

System Administrator

Responsibilities:

• Analyze security logs for anomalies, non security events, and targeted attacks
• Perform internal audit ensuring applications, operating systems, and network security are in compliant wif security policies
• Perform network vulnerability assessments, create reports, and remediate all findings
• Prepare information systems for Confidential Information Assurance Certification and Accreditation Process
• Use SCCM to deploy Windows 7 image to 2000+ workstations and notebooks
• Manage antivirus and antispyware protection systems, verifying definitions are up to date
• Built System Center Configuration Manager (SCOM) in order to monitor all servers wifin network, providing detailed reports and alerts on performance, connectivity, and maintenance issues
• Create and deploy product update packages using Microsoft System Center Configuration Manager (SCCM)
• Create and maintain SQL Server 2008 databases to provide reports, data integrity, and optimal performance
• Maintain COOP site for disaster recovery including multiple SAN servers and tape backup library
• Administer and implement DoD PKI/CAC environment
• Keep accurate and up-to-date documentation of incidents, findings, access controls of privileged and non-privileged users, and network configuration changes