SUMMARY

• Vulnerability assessment & Penetration test. Web application penetration testing (DAST Dynamic Application Security Testing), using tools (Burp Suite, IBM AppScan, WebInspect, Acunetix).
• Source code review (SAST: Static Application Security Testing), using tools (Fortify, Checkmarx).
• Network analysis, using tools (Kali Linux, NMAP, Nessus, SolarWinds, WireShark). Governance, Risk and Compliances. ISO 27001, OWASP Top 10, SANS Top 25. Security products.
• Firewall (WatchGuard), WAF, IDS, IPS, NAC, DRM, DLP, Endpoint Security (Symantec). Security protocols. Cryptography, PKI, SSL, TLS, IPsec, VPN, NAT, X.509, CISSP, ISO 27001 auditor, CISA.

TECHNICAL SKILLS

Programming: Python, ASP.NET, C/C++/C#, Java, JavaScript, PHP, HTML5, CSS, Shell script.

IDE: Microsoft Visual Studio, Eclipse.

Network: Switch (Cisco, HP), Access Point, IP PBX (Asterisk VoIP), IP phone.

OS & System software: Windows Server (Active directory, IIS, Exchange), UNIX (Solaris), Linux (Ubuntu, CentOS, Apache), Virtualization (VMware, VirtualBox).

Database: Microsoft SQL Server, Oracle, MySQL, ODBC.

Backup: Veritas Backup Exec.

Cloud Computing: SaaS (Symantec Endpoint Security, Microsoft Office 365).

PROFESSIONAL EXPERIENCE

Security Engineer/Software Developer

Confidential, Los Angeles, CA

Responsibilities:

• Security Engineering. Security products operation. Setting up firewall (WatchGuard) for firewall rules, NAT, and VPN.
• Endpoint security analysis with SaaS of Cloud Computing (Symantec). Vulnerability Assessment & Mitigating Risk. Web application security analysis with Burp Suite. Analyzing open ports of network hosts with scanner (NMAP).
• Configuring cryptography strength on Access Point for wireless security protocols such as WPA.Maintaining IAM (Identity and Access Management) for servers and E - mails. Software Developing.
• Developing intranet website with programming languages (C#, ASP.NET, HTML) and databases (Microsoft SQL Server).

Network Engineer

Confidential, Santa Fe Springs, CA

Responsibilities:

• Configured printer driver and scan setup from printer to computers remotely using TeamViewer.
• Solved network connection problems due to automatically installed driver, wrong network range or network cable problem.
• Solved scan problems due to SMB server disabled on printer machines, or Windows update issues on computers.

IT Help Desk

Confidential, Los Angeles, CA

Responsibilities:

• Installed software on computers. Set up Windows and updates, Offices, Endpoint security (Symantec), JAVA, ERP, domain join, remote desktop and printer drivers.
• Configured Active Directory on Windows server for new employees.

Telecom Engineer

Confidential, Valley, AL, USA

Responsibilities:

• Installed routers/switches (Cisco), access points, IP phones, security cameras, UPSs and network cables on network.

Security Product Engineer

Confidential

Responsibilities:

• Supported the operation of security products for client (Defense Integrated Data Center), such as Firewall, SIEM, Web application firewall, IPS, VPN, NAC, DRM, DLP and Anti-Virus.
• Taught technical staffs of IDC to provide security trends.
• APT attack and Ransomware.

Security Product Developer

Confidential

Responsibilities:

• Planned the features of UTM (Unified Threat Management) including firewall, VPN, IPS, Anti-Virus and Web-Filtering.

Source code vulnerability Analyst

Confidential

Responsibilities:

• Source code (Java, C) review, using tools (Checkmarx).
• Collaborated the documentation of Common Criteria (CC) certification with the researchers of Checkmarx’s headquarter, as sole distributor for Korea.

Security Product Engineer

Confidential

Responsibilities:

• Supported the operation of security products for client (Defense Integrated Data Center), such as Firewall, SIEM, Web application firewall, IPS, VPN, and Anti-Virus.

Security Auditor/Penetration Tester

Confidential

Responsibilities:

• Dynamic web application security testing with tools (Burp Suite, IBM AppScan, WebInspect, Acunetix).
• Network security testing with tools (NMAP, Wireshark).
• Source code vulnerabilities scanning using tools (Fortify Code Analyzer).

Security Compliance Consultant

Confidential

Responsibilities:

• Evaluated operating practices on Seoul’s Cyber Security Assessment System Development project.
• Provided advices on further internal controls and procedures to eliminate potential weaknesses.

Security Auditor

Confidential

Responsibilities:

• Security auditing.
• Dynamic web application security testing with tools (Acunetix, IBM Appscan).
• Vulnerability assessment for network devices with tools (NMAP, Wireshark).

Security Manager

Confidential

Responsibilities:

• Source code (JavaScript) review for web application vulnerabilities, such as Cross Site Scripting.
• Provided advices to clients on further internal controls and procedures to eliminate potential weaknesses.

Security Compliance Consultant

Confidential

Responsibilities:

• Evaluated operating practices on Information security KPI management project, based on PCI DSS and ISO 27001, whether controls and security measures of client are adequate or not.

Security & Programming Instructor

Confidential

Responsibilities:

• Taught threat analysis and penetration testing. Scanning open ports using SolarWinds, Nessus and NMAP.
• Sniffing network packets using TCP Dump. ARP Spoofing using fake tool.
• Taught cryptography, PKI, TCP/IP, SSL, Kerberos and IPSec. Taught C language programming.

Programming Lecturer

Confidential

Responsibilities:

• Taught Visual Basic programming and Microsoft Excel including Hlookup, Vlookup and Pivots.

Security Researcher

Confidential

Responsibilities:

• Provided PKI consulting for e-approval certification service in Korea’s public sector.
• Presented PKI’s technologies (CA, RA, Certificate, CRL, OCSP) to clients.

Cryptography & PKI Consultant

Confidential

Responsibilities:

• Proposal documentation of PKI solutions for secure e-banking for banks and e-trading for securities companies.
• Presented PKI solutions to clients with technologies of cryptography, PKI, Single Sign On, database encryption.

Network Security Consultant

Confidential

Responsibilities:

• Provided the proposal documentation on security products, such as firewall, IDS and vulnerability scanner.
• Presentation on security products and roadmap.