Information Security Engineer Resume

TECHNICAL SKILLS

PROFESSIONAL EXPERIENCE

Confidential

Information Security Engineer

Responsibilities:

Performed security architectural reviews and risk assessments to ensure compliance wif control standards and risk tolerance
Gathered requirements and made recommendations for new tools and products
Completed risk assessments, documented risk and provided recommendations for remediation to business/application owner
Facilitated evidence request for third party and external control testers
Performed gap analysis against teh Unified Control Framework
Splunk: Created Reports and Dashboards to document queries in an executive view
Splunk: Ran queries to recognize trends from logs and reported them to management
Reviewed firewall request for approval
Performed firewall rule reviews
Performed Rapid 7 InsightVM vulnerability scans of NM cloud
Performed Security Policy, Standards, and Procedure review
Performed active directory administrative account clean up and monitoring
Performed Gap Analysis of controls, applications and network environment
Completed SOX and PCI testing on Computer Operation, System Administration, Change Management and User Access
Led remediation of internal and external vulnerability scans for PCI testing
Member of Incident Response Team

Confidential

Sr. Information Security and Risk Analyst

Responsibilities:

Completed SOX testing on Computer Operation, System Administration, Change Management and User Access
Facilitated evidence request from external control testers
Reported directly to Managing Director verifying compliance was met wif current controls
Performed vendor audits documenting failed controls and risk
Performed Risk Assessments of new applications and projects
Performed third party risk assessments and control reviews
Tested UNIX, Oracle, SQL, SAP, Windows Servers, Active Directory, Firewalls
Tracked remediation status across IT for SOX PCI and risk assessments
Interviewed business owners to write narratives and process flows documenting systems and their configuration
Supported and maintained RSA Archer applications and compliance requirements
Gathered and structured business requirements for archer application development through interviews, and audits
Created user roles in Archer including permissions wifin applications for secure viewing
Developed and transitioned applications from Development to Production in Archer
Ran queries in QRADAR validating and remediating threats in teh environment
Worked wif SIEM team where me was taught about using PICERL process to report and remediate issues

Confidential

Information Security Analyst

Responsibilities:

Completed SOX reviews on control TEMPeffectiveness
Performed vendor audits to verify ISO27001 and 27002 control measures were being followed
Wrote audit plan for 2014 testing
Reviewed SOC reports to verify hosting company was in compliance wif contractual agreement
Prepared and presented audit reports/exception findings to CISO
Verified control compliance and mapped against various frameworks (COSO, COBIT, NIST, ISO and others) in teh Unified Compliance Framework
Verified Firewall request by completing proper documentation and verifying proper port protocols
Completed testing on teh SAP application. (User Access, Configuration, Security)
Performed Identity Management reviews for all systems
Tracked Intrusion Detection reports and dat all issues were resolved according to SLA
Performed vendor audits for all clients Neovia supported
Participated in teh migration of sites from Caterpillar to teh Neovia network
Performed risk assessments on various applications and projects
Designed and documented Security Policies and Procedures
Assisted in teh creation of teh Security Awareness presentation for all employees
Reviewed Qualys vulnerability scans and managed remediation for teh issues found

Confidential

IT Auditor II

Responsibilities:

Prepared audit reports wif Project Manager for assigned projects documenting findings and risk assessments
Performed peer reviews of previously completed audits
Performed risk assessments on new applications being implemented into teh enterprise
Performed remediation wif various PCI findings
Performed walkthroughs of processes and controls
Completed SOX audit reviews on control TEMPeffectiveness
Building TEMPeffective relationships wifin teh Technology department to create positive communication between Internal Audit and Leadership
Completed full cycle testing of SAP system
Documented work papers, lead sheets and finding documentation to ensure completion of all vulnerabilities/exceptions are noted
Completed audits in Privileged Access, Regression Testing, Mobile Security, SOX and TRAX

Confidential

IT Auditor

Responsibilities:

Evaluated teh reliability of teh information, IT compliance wif strategic plans, policies, procedures, laws and regulations, safeguarding assets, teh economical and efficient uses of resources based on COBIT framework
Present training to fellow teammates on leading technology topics to increase team knowledge
Evaluated software compliance verifying dat all software licensing is valid and compliant wif vendor user agreement
Documented work papers, risk control matrix, and follow up documentation on all audits
Verified teh mitigating controls were in place after vulnerabilities were found
Lead audits over (EWPA) Enterprise Wide Physical Access, (COOP) Computer Operations, and (SAUA) System Administration and User Access, SOX, PCI, HIPAA
Worked and completed audits on SOX SOD, VMware, Data Loss Prevention, HIPAA, Digital Media Library, Firewall, IDS, IPS configuration, Oracle ERP, Records Management, and SAP
Systems Audited: AS400, Windows, Active Directory, Qualys, Unix
Verified teh remediation wif PCI projects were completed
Conducted audits assessing and reporting on teh adequacy and TEMPeffectiveness of internal controls
Prepared audit reports wif Sr. Auditor for assigned projects documenting findings and risk
Maintained TEMPeffective working relationships wif operating and executive management