We provide IT Staff Augmentation Services!

Vice President Resume

5.00/5 (Submit Your Rating)

SUMMARY:

  • Highly skilled Penetration Tester and Security Engineer offering vast knowledge of network and web application security.
  • OWASP Chapter Leader for Houston, TX
  • Strong understanding of PCI - DSS 2.0/3.0, Confidential 800-53 Rev.4, OWASP Testing Guide v4, Penetration Testing Execution Standard (PTES), and OSSTMM 3.0
  • Proficient in Python, PHP, and Ruby which I use to automate tasks to reduce human error and increase productivity.
  • Expert in vulnerability scanning using various tools including IBM AppScan, Qualys, Nexpose, Nessus, Core Impact, and Acunetix.
  • Network Security: Both Red and Blue Team Exposure
  • Blue Team: Intrusion Detection & Analysis.
  • Red Team: Advanced web application testing using the latest tools and methodologies.
  • Mastered the art of producing high-quality, contextually relevant penetration reports and remediation plans.
  • Former Confidential, honorably discharged after 8 years of service
  • Worked with the news industry as an expert in field of cyber security, Target Breach - KTRH 1

TECHNICAL SKILLS, TOOLS, & METHODS:

Web Application Security: Expert on WAFs; Web Servers, Web Standards, Latest Web Technologies

Web Application Testing Skills: All current attack vectors documented in the OWASP Testing Guide v4.0

Web Pentesting Tools: A Web Browser & Burp Suite Pro (always), W3af; sqlmap; Nikto; OpenVAS; Mantra; SamuraiWTF (always ready)

Network Exploitation: NMAP; netcat; Metasploit/SET; Scapy; Nessus

Programming: PHP; Ruby on Rails; Python; Bash

Intrusion Detection: tcpdump; Berkeley Packet Filters; ngrep; Snort; Wireshark

Linux Distros: Fedora & Debian (Daily); Custom Built Kali Image

EXPERIENCE:

Vice President

Confidential

Responsibilities:

  • Joined a team of world class security experts who conduct application security assessments/penetration tests of the our internal/external web, mobile, & web service applications leveraging both manual techniques as well as automated tools, in order to uncover and report security vulnerabilities that exist.
  • Knowledgeable with business risks associated to common security vulnerabilities.
  • Effectively communicate security vulnerabilities to application developers and/or senior managers who may have little to no experience with application security vulnerabilities.
  • Ability to work independently in a very large-scale, enterprise setting.

Sr. pentester & Security Engineer

Confidential

Responsibilities:

  • Conducted assessment on the Confidential Corporation systems utilizing Confidential 800-53 Rev.4, OWASP Testing Guide v4, Penetration Testing Execution Standard (PTES), and OSSTMM 3.0
  • Developed custom tools using PowerShell and Python to perform security checks in addition to operational tasks.
  • Performed risk assessments to ensure corporate compliance
  • Performed manual testing of web application security
  • Developed and maintained our internal Red Team methodology
  • Create written reports, detailing my assessment findings and recommendations
  • Trained in-house developers on secure coding practices and making security part of their SDLC

Web Security Specialist

Confidential

Responsibilities:

  • Performed penetration tests against our development WAFs while working closely with the development team, resulting in a successful security focused SDLC
  • Security analysis and research.
  • Managed a 24/7/365 state of the art Security Operations Center.
  • Linux Administration of over 2000 appliances running various distributions including CentOS and OpenBSD.
  • Precision tuning and configuration of WAFs
  • Management of over 300 Web Application Firewalls.
  • Use Python & Bash daily to automate administration, health checks, and data aggregation.
  • Developed an internal, web-based eLearning platform from the ground up.

Network Security Analyst

Confidential

Responsibilities:

  • Identified cyber-threats by reading, interpreting and analyzing network traffic in real-time.
  • Configured and monitored intrusion detection systems.
  • Monitored global NIDS, Firewall and log correlation tools for potential threats.
  • Initiated escalation procedure to counteract potential threats and vulnerabilities.
  • Provided Incident remediation and prevention documentation.
  • Documented and conformed to processes related to security monitoring.
  • Provided performance metrics as necessary.
  • Provided customer service that exceeds our customer’s expectations.
  • Implemented and managed Splunk infrastructure.
  • Processed Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS/IPS)
  • Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
  • Operated in a 24x7 state-of-the-art Security Operations Center.
  • Low-Level Packet Analysis.
  • Tune Global NIDS, Firewalls, and Log Correlation Triggers.
  • Incident Response Handling.

Penetration Tester

Confidential

Responsibilities:

  • Found security vulnerabilities in target systems, networks, and applications in order to help enterprises improve their security.
  • Provided crucial insights into the most pressing issues and suggests how to prioritize security resources.
  • Conduct penetration tests using Linux based security distributions (Kali, BackTrack, Pentoo, BackBox, MyOwn)
Penetration Tester

Confidential

Responsibilities:

  • Honorable Discharge
  • Secret Security Clearance (inactive)
  • Recipient of the Air Force Achievement Medal for restoring the internet, phone, and 911 services in New Orleans following Hurricane Katrina.
  • Identify potential threats and manage resolution of security violations
  • Enforce national, DoD and Air Force security policies and directives

We'd love your feedback!