SUMMARY

• Focused career in System Vulnerability Scanning, Remediation, Application Support, and System Administration, for the last 10 years. Worked extensively with IBM P/Z/X series integrated with Linux or AIX OS.
• Also I have remarkable production and QA support experience. Experience troubleshooting DNS, Network and TCP/IP issues.
• Performed Server and application infrastructure maintenance. Scanning tools experience Nessus, Qualys, Imperva. Proficient in working with developers and programmers to troubleshoot SQL, Perl, and Java scripts.
• Excellent problem analysis and solving skills on Websphere, Db2, MQ etc. Profound ability to write and speak concisely and effectively. Proven ability to work independently and in a team environment.

TECHNICAL SKILLS

Environment: s & OS: Linux (Red Hat) (Oracle Linux), AIX, HP - UX, SUN Solaris 7,8,9, and 10, Windows 10, 2008 Server, 2012 Server, Java (JVM), IIS, VMWARE (CLOUD)

Applications: IBM Websphere Console and MQ,DB2, MQ, MYSQL/TSQL 2005, FTP Filezilla, VPN (Cisco Secure, Juniper SSL)

Leadership: Remotely trained 10+ team in Pune, India to handle Level 1 Application Support duties. Took the Lead in directing Vulnerability Management Program and Remediations.

Programming (Support): C, C++, SQL, Java, .ksh, Perl, Fortran

Hardware: IBM AS/400, SUN Enterprise 3500, Intel based servers, Cisco, HP, SUN Ultrasparc, Sun Blade

Misc Experience: Putty, Disaster Recovery, SAM, DNS/BIND, SENDMAIL SSH, NIS, NFS, DHCP,TCP/IP, FTP, SSL, Routing, Network Security, Active Directory, LDAP, Samba Winbind, Solar Winds

Security Tools: Qualys, Nessus, Rapid7, Tenable

Certifications: Qualys Certified Specialist

PROFESSIONAL EXPERIENCE

Vulnerability Management Specialist

Confidential - Atlanta, GA

Responsibilities:

• Conduct vulnerability scans, assess risk, and provide actionable remediation guidance.
• Work cross-functionally with other Divisions within IT and review and report on the likelihood and impact of vulnerabilities and associated remediation action plans.
• Work together with key stakeholders within the IT department including directors, developers, project managers, network engineers, develop, system administrators, and security operations.
• Translate highly technical content into language that is understandable for personnel in various departments.
• Developed a repository of common findings and remediation guidance, and quickly assess the real-world risk of discovered findings from regularly conducting vulnerability scans.
• Operationalize regular vulnerability scans, track, report metrics, and common themes in discovered vulnerabilities.
• Spot recurring vulnerabilities and summarize in non-technical terms the risks to the City of Seattle, CISO, Department Client Service Directors, IT Engineering & Operations leadership, and IT Applications management.
• Carried out remediation across multiple systems AIX, Linux, Red Hat, Centos, Windows 10, Widows Server, Sun Solaris.

Business Systems Consultant and PM

Confidential - Atlanta, GA

Responsibilities:

• Acts as a liaison between EIT and business partner organizations by planning, conducting, and directing the analysis of highly complex business problems to be solved via technical solutions.
• Vulnerability operations workflow coordination and support
• Continuous improvement discussion coordination and documentation
• Work with business and development team members to analyze and refine business requirements to a greater level of detail
• Acts as an internal consultant within technology and business groups by using process definition/improvement to re-engineer technical processes for greater efficiencies.
• Prepares specifications for system changes.
• Escalate issues and concerns as appropriate
• Build and share subject matter expertise
• Exception analysis - reviewing individual exceptions to understand & categorize into common reasons for the exceptions, then review the overall population of exceptions for trends, takeaways
• Engage in process optimization work to continuously improve vulnerability-related processes. Serve as SME on existing vulnerability process (once up to speed) as well as facilitation, coordination, documentation resource
• Emergency vulnerability support: meeting coordination, consolidating updates into status reporting (PowerPoint slides, Excel-based data), tracking action items, conducting follow-up on open tasks
• Participate in vulnerability governance process definition and the process execution efforts

Information Security Consultant and PM

Confidential - Burbank, CA

Responsibilities:

• Qualys scanning and architecture: Have a full deployment of Qualys for scanning external/internal and the cloud.
• Help enable BU’s to do self-service scanning and look at their architecture to ensure they’re capturing all the IP’s and live hosts
• Tenable Security Center - Have a 30k annual enterprise license. Have multiple nessus scanners deployed but not talking back the Security Center. The intent is to double check the scans of Qualys to ensure nothing is missed.
• Aggregate VM reports. Help with coding/scripting to aggregate the data coming from both platforms into a single dashboard to report on VM program across the BU’s.
• Conduct Security Assessments Preparations of new and existing Confidential applications and services.
• Conduct Vendor Reviews.
• Help to build a new Vulnerability Management Program
• Helped to build a secure fast track process for Security Assessments and Penetration Test Requests.

Information Security and Vulnerability Management

Confidential - Columbus, GA

Responsibilities:

• Work to build and maintain a security sensitive mindset within the company culture. Provides leadership to the development and implementation of security architecture, standards, procedures and guidelines for multiple platforms in diverse system environments. Ensures that security concerns are addressed and mitigated and that are appropriate standards are defined and published. Identify core application dependencies on highly diverse environments
• Drives the evaluation, testing and implementation of emerging technologies, information systems security issues.
• Presents proposed security enhancements to management for approval, funding and implementation.
• Update Asset Database and locate server owners for remediation purposes
• Perform security assessments and review networking initiatives for security compliance. Prepare status reports and "informational" metrics on security matters; develop security risk analysis scenarios and response procedures.
• Help server owners to remediate their vulnerabilities as needed.
• Serve as a resource regarding the security of data networks and centralized data frameworks, to include coordinating activities with the business unit, users and external networks.
• Robust operational knowledge of the TCP/IP stack, network protocols, network topology and architecture, Windows and Unix operating systems, system logs events, anti-virus technologies, authentication systems (AD, LDAP, RADIUS, RACF), DNS, DHCP, SNMP, NetFlow, IP and application development processes/lifecycles .
• Provide input into the design, implementation, and maintenance of the information security architecture. Analyze, review, and determine the technical requirements necessary to mitigate the security risk for Information Technology needs, plans, and initiatives.
• Implement and maintain required security tools. Investigate information security violations; monitor and communicate technical vulnerabilities.
• Recognize and identify potential areas where existing security policies and procedures require change, or where new ones need to be developed. Conduct risk assessments and security briefings; advise management of critical issues.

Vulnerability Management Specialist

Confidential - Atlanta, GA

Responsibilities:

• Implement software deployments and patching vulnerabilities
• Identify core application dependencies on highly diverse environments
• Generate detailed technical analysis of findings as well as analysis consumable by non-technical audiences.
• Update Asset Database and locate server owners for remediation purposes
• Find work flow system to replace Sharepoint
• Help server owners to remediate their vulnerabilities as needed.
• Supported the delivery of solutions that protect information resources against unauthorized disclosure, modification or loss.
• Assess the security posture of applications and infrastructure using a variety of assessment tools and methodologies.
• Provide security subject matter expertise.
• Ensured that project objectives are delivered on time and meet stakeholder expectations for quality.
• Provided consistent follow through with the Business Manager and IT Project manager on issues/concerns to ensure appropriate visibility and escalation where needed.

Vulnerability Coordinator

Confidential - Cumberland, RI

Responsibilities:

• Coach, teach, and Mentor other analysts enhancing their proficiency.
• Perform technical security testing analysis either both overtly and covertly to verify the effectiveness of controls.
• Generate detailed technical analysis of findings as well as analysis consumable by non-technical audiences.
• Supported the delivery of solutions that protect information resources against unauthorized disclosure, modification or loss.
• Assess the security posture of applications and infrastructure using a variety of assessment tools and methodologies.
• Provide security subject matter expertise.
• Ensured that project objectives are delivered on time and meet stakeholder expectations for quality.
• Provided consistent follow through with the Business Manager and IT Project manager on issues/concerns to ensure appropriate visibility and escalation where needed.