SUMMARY:

• Over 10 years of experience in Cyber Security, Software Development and Networking.

TECHNICAL SKILLS:

Technical Skill Set Applications/Tools: Symantec Endpoint Protection (SEP), McAfee - EPO, Symatec DLP, SSL VPN, Tripwire, JuniperNSM, WebSense, ArcSight, RSA Security Console, Iron Mail, Solar Winds, Nessus.

Security Tools/Technologies: Paros, Nmap, BMC BladeLogic, Carbon Black, Nessus, Rapid7 Nexpose, Symantec Vontu, BeyondTrust PAM, DBProtect, e-DMZ Password Auto Repository (PAR), Varonis, AppDetect, AppRador, JHijack, Metasploit Pro, ZED attack proxy, Wireshark, WebScarab, Amazon Web Services (AWS) and MS Azure Cloud security.

Dynamic and Static Security tools: IBM AppScan Enterprise (ASE), Standard & Source editions, HP WebInspect, Fortify SCA, QualysGuard, BurpSuite Pro, SQLMAP

Networking Skills: Palo Alto, Juniper, Cisco, IDS, IPS, Incident Response, ICMP, NAT, FTP, RDP, Subnetting, TCP, IP addressing, ARP, DNS, VPN, STP, VLAN

Operating Systems: Windows server 2008R2, Windows 2012 R2, Red Hat Linux, Kali Linux

WORK EXPERIENCE:

Confidential, St Petersburg, FL

Lead Security Engineer

Responsibilities:

• Develop security requirements for both infrastructure and applications (web and mobile) and worked with Infrastructure engineering, application development, DBAs, SysAdmin teams and made sure the requirements are incorporated into the systems during the design and architecture phase of the delivery life cycle.
• Configure/tune IDS appliance for false/positive alerts. Update signatures for Tipping Point IPS as needed.
• Conduct Penetration Testing, DAST, SAST and manual ethical hacking for web applications using IBM AppScan, HP WebInspect, HP Fortify, Checkmark, BurpSuitePro.
• Analyze monthly IDS/IPS log data for trends, patterns, anomalies, and distribution of attack type, etc.. Provide monthly analysis of IDS events.
• Perform security assessments to ensure compliance to firm’s security standards (i.e., OWASP Top 10, SANS25). Specifically, security testing has been performed to identify XML External Entity (XXE), Cross-Site Scripting, ClickJacking, Session Management/Hijacking, and SQL Injection related attacks within the code.
• Work with global security teams performing application and IT infrastructure security assessments.
• Enforce policy and provide recommendations to system owners, management and staff personnel.
• Provide oversight for all computer security incidents. Review auto generated DLP/IDS/IPS reports and research payload, attack characteristics and event source details.
• Implement Security Group Policies for Elastic Compute Cloud (EC2) instances within AWS. Develop AWS Service Roles to protect Identity Provider access.
• Configure Gemalto ProtectDB to enable column level encryption for securing confidential customer data.
• Participate in the implementation of Virtual Private Cloud (VPC). Implement multiple layers of security, including security groups, network access control lists, to control access to Amazon EC2 instances in each subnet.
• Develop threat modeling framework (STRIDE) for critical applications to identify potential threats during the design phase of applications.
• Correlate attack patterns at the perimeter, the internal network, database systems, and web applications using various tools: Carbon Black, LogRhythm, HP ArcSight SIEM, PaloAlto, Imperva, BlueCoat, and manual log reviews.
• Design and develop information security architecture, cryptography, security assurance, threat modeling, IT risk assessments, SSO, and risk remediation activities.
• Develop system authorization documentation as determined by NIST 800, OWASP, SANS, OpenSAMM, PCI-DSS guidelines and procedures.
• Implement Network Security Groups (NSG) to control network traffic to various MS Azure network resources. Created NSG rules (inbound and outbound) and prioritized the rules based on the requirements. Associated NSGs to VMs, NICs, and subnets based on the deployment model.
• Implementation of Cloud Access Security Broker (CASB) for enterprise application infrastructure.
• Penetration testing of mobile (iOS and Android) applications.
• Conduct Risk and Vulnerability Assessments and Operational Threat Assessments using automated vulnerability scans and penetration tests.
• Performed the API security testing of web services including SOAP, REST, and JSON/XML.
• Conduct Gap Analysis and Remediation by identifying areas where automated cyber tools do not exist and creating solutions to fill the void.
• Experience in implementing Security Incident and Event Management System (SIEM) using HP ArcSight, Splunk.
• Administer cryptography, public and private key management (PKI) and implemented dual keys to address segregation of duties issue between DBAs and security admins.
• Enforce policy and provide recommendations to system owners, management and staff personnel. Also provide oversight for all computer security incidents.
• Perform Vulnerability assessments utilizing Nexpose vulnerability scanner.
• Monitor information systems for alarms and conditions to prevent, detect and manage cyber-attacks and other IT security incidents.

Sr. Security Engineer

Responsibilities:

• Perform security assessments for the client-facing apps. The associated IT infrastructure such as database management systems, middleware systems, web services (SOA) were also included in the security assessments.
• Implement Secure Software Development Life Cycle (S-SDLC) processes; developed secure coding practices for web, mobile applications, including database and middleware systems.
• Perform pen testing of both internal and external networks as per PCI-DSS standards. The pen testing scope included O/S (Windows and Linux) and external facing web apps and database servers that store credit card information.
• Implement HP ArcSight ESM including, correlation rules, data-monitors, reports, event annotation stages, case customization, active lists, and pattern discovery.
• Conduct manual source code audits of the client-facing Wyndham brand web and mobile applications, including iOS and Android mobile apps. The key areas of confidential and sensitive data stored on the mobile devices were reviewed and made recommendations to secure customers’ PII and PCI data.
• Conduct pen testing for the Web Services (SOA) used by various partners.
• Deploying a reverse proxy web application firewall to provide infrastructure and website DDoS protection.
• Perform PCI pre-assessment audit for the entire network as well as the related applications in preparation for the annual external PCI compliance audit.
• Review security vulnerability reports for applications and databases, analyzed and worked extensively with the development teams for the implementation of mitigating controls.
• Implement IBM AppScan standard, source editions, HP WebInspect and QualysGuard web application scanners. In addition, the security tools Metasploit and BurpSuite were utilized for manual penetration testing.
• Experience with Identity and Access Management (IAM) and development of user roles and policies for user access management.
• Perform Static and Dynamic Analysis and Security Testing (SAST and DAST) for various applications as per firm’s security standards (i.e., OWASP, SANS 25).
• Conduct workshops and user awareness training on security policies, procedures and baselines.
• Work with software development teams, DB/Unix administrators and solution architects as a subject matter expert related to security compliance with PCI DSS and industry standards.
• Review Architecture Design Documents and Solution overview Documents (SODs) to identify security anomalies in the system architecture and design, and provided recommendations to address data security and privacy concerns.
• Develop security policies and baselines for mobile and web applications. Performed compliance audits to ensure security policies and baselines have been adequately implemented.
• Participate in the implementation of Gemalto product for encrypting customer credit card information using Public Key Infrastructure (PKI).
• Develop correlation rules for Security Incident and Event Management (SIEM) system. Reviewed the solution implemented for “log forwarding” from various network devices to HP ArcSight central logging for alerting and security monitoring.

Security Engineer

Responsibilities:

• Perform the review of a newly implemented Security Incident and Event Management (SIEM) system. Review technical specifications for SIEM, logging and proposed recommendations to improve the overall deployment of the solution.
• Report security findings, recommendations and presented to the business users, executive committee and Compliance departments.
• Work with Internet Engineering team in the design and configuration of BlueCoat Internet proxy. Implemented WebFilter database for URL content Filtering.
• Perform penetration testing for external facing web applications. Security areas covering DMZ architecture, threat modeling, secure coding practices (i.e., OWASP standards) and vulnerability analysis were assessed.
• Develop security audit programs for IT infrastructure supporting business lines to facilitate end-to-end compliance with Global as well as Federal Financial Institutions Examination Council (FFIEC) guidelines and controls.
• Conduct security assessments for various applications supporting Corporate & Investment Banking, Loan, Treasury, Equities and FI businesses. The web application infrastructure such as IBM WebSphere, Apache Tomcat, and IIS web/application servers were reviewed for compliance to firm’s security baselines.
• Manage security assessments for various types of Operating Systems (O/S) used by the firm. The security audits of RedHat Linux, Oracle Solaris, Windows (including Active Directory) and IBM AIX were conducted. Several control enhancements, specifically, on the patch management process, were recommended.
• Execute database management system security audits across all business lines and entities in North America hub. Database servers such as, Oracle, SQL Server and Sybase were reviewed for compliance to global and local security baselines.
• Participate in the integrated security audits for various business lines. Mainly responsible for the review of input/output processing, data security.

Software Developer (Java, J2EE, Python, Oracle)

Responsibilities:

• Developed the GUI of the system using HTML, JSP and client-side validations was done using JavaScript. Built and accessed the database using JDBC for ORACLE 9g.
• Spring Framework in conjunction with JSP and Tag Libraries used in developing user Interface for administrative screens and user interaction screens.
• Developed Session Beans for necessary transactions like fetching the data required, updating the customer information
• Worked on coding of Servlets and EJB communication
• Worked on Maven for getting latest jar files including common-collection.jar, Common-Logging .jar etc. from Apache.
• Developed Servlets to process the requests, transfer the control according to the request to corresponding Session Beans, JSP pages.
• Developed Web logic container security components for adding vendor specific Security Realm to application using JMX.
• Java Servlets and JSP pages were deployed on the Web Logic Application Server for retrieving user information and posting related data.
• Worked on database interaction layer for insertions, updating and retrieval operations of data from oracle database by writing stored procedures.

Environment: Java/J2EE, Spring Framework, JSP, Servlets, JDBC, HTML, CSS, PL/SQL, Oracle 9g, Eclipse Lombez, SQL developer, OC4J application Server, MS-VSS (Version Control).