SUMMARY

• Threat Management and Data Protection: Tenable, Nessus, Security Center, Qualys, nCircle, Solarwinds, Extensive research skills, AD Toolkit, Exporter Pro, Active Directory, Group Policy Manager
• Outline, create or remediate, monitor and enforce security baselines, policies and procedures in accordance with government and internal guidelines.
• Document and oversee authentication and authorization processes on the network and applications.
• Active Directory remediation - Analyze and remediate Active Directory human IDs, non-human IDs, users and groups to meet internal information security, RBAC and user provisioning guidelines halping to strengthen Identity and Access Management.
• Incident Response engagements with teams throughout the organizations.
• Server Patching - Determine current and reoccurring vulnerabilities on servers. Put a new server patching process in place to lower the number of monthly vulnerabilities found on the network.
• Network vulnerability identification, research, analysis, remediation, monitoring and root cause of new and repeating vulnerabilities.
• 3rd Party and internal security risk assessments in a diverse environment, documenting discrepancies.
• Risk Management and Regulatory Compliance audit experience, including internal control testing for financial, operational and compliance process and separation of duties.
• Periodic testing of high risk applications and databases to ensure compliance with internal, SOX and GLBA regulations.

PROFESSIONAL EXPERIENCE

Confidential, Cleveland, Ohio

Information Security

Responsibilities:

• Project Management - Teaching employees and their managers better time management, organization and teamwork. Showing the cost savings to having an organized system of completing tasks.
• Analyze, Recommend and implement solutions to halp enhance the company internal systems speed and reliability while increasing employee productivity, and securing of the systems.
• Enhance file sharing within the teams by using cloud storage to increase ease of the ability for remote employees to collaborate on shared projects.
• Build the vulnerability scanning, analysis and remediation process using Solarwinds, Tenable, Nessus and Security Center. dis process was put in place to maintain a regular process of scanning, analysis and remediation of network vulnerabilities for the client on customer facing and internal servers. Work with the server and network teams to eliminate vulnerabilities in a short period of time, or accept their Risk.
• Analysis of the desktop security within the corporation and building a process of wat steps need to be taken in order to secure them from internal and external security issues.
• Analysis of remote login and building a process of wat steps need to be taken to secure the laptops and employee personal devices.
• Build a process of securing developer data.
• Research and present options within the mobile solutions application (Microsoft Intune) to ensure the corporate information is separate from the employee’s personal information and not allow it to transfer between personal and business.
• Security policy and procedure document remediation and creation.

Confidential, Cleveland, Ohio

Information Security Analyst

Responsibilities:

• Implement Data gathering and Remediation steps to identify developer access levels. Partner with the Lines of Business to remediate the users with inappropriate access and align them with corporate, OCC and GLBA guidelines.
• Routine access control and security baseline testing of the following Platforms: Windows, SAN, Unix, Sybase, Oracle, Tivoli Access Manager, Software Configuration Load Management, Webmethods, Websphere, DB2 Z/OS, Active Directory/Kerberos authentication/authorization.
• Work with CA team to continuously monitor and update configurations and policies.
• Daily monitoring, analyzing and remediation of network vulnerabilities. Identify vulnerabilities in the network in regards to the server and applications on the servers. Such as Missing security patches, network security baseline configurations or access controls. Determine best approach to resolve vulnerability with patching, code changes or access changes.
• Work with engineering teams before, during and after the setup of Azure cloud applications and services to ensure guidelines and security policies are being followed.
• Evaluate access control design effectiveness, operating effectiveness to identify gaps and weaknesses.
• Participate in annual business compliance and operational assessments to ensure appropriate and consistent testing needs exist for each line of business, platform and database. Consult with business units regarding compliance risks, internal controls, and issues as related to SOX.
• Identify and monitor compliance violations, internal control weaknesses on the platforms, databases, Active Directory and LDAP, providing sufficient and timely reporting to management.
• Work with the network support teams to ensure their Authentication/Authorization processes meet guidelines and that their is separation of duty in granting the access.
• Partner with the business unit to establish and set priorities, and develop solutions to resolve control gaps and weaknesses identified as issues during internal and external, audit reviews.
• Partner with appropriate teams during incident management meetings. Review, document and report root cause findings.
• Recommend efficient and effective processes for managing risk. Formulate appropriate testing procedures to evaluate those controls, along with their testing requirements and frequency.
• Work with Change Management and Configuration Management on any network changes and ensure the process is following the set guidelines.
• Lead various sub-tasks and/or projects to drive progress. Such projects include: Developer Access, Server patching, Active Directory Management of Windows groups with Escalated Privileges.
• Liaison to the business unit when introducing new applications to the environment. Partner with the business unit to formulate proper controls to setup, monitor and maintain proper access to their application.