We provide IT Staff Augmentation Services!

Sr. Security Consultant & Advisory Resume

Sacramento, CA

SUMMARY

  • Using my 19 years of Technology and Cyber Security Consulting, I Specialized in Enterprise Business, Security and GRC Compliance Strategic Alignments & Mission Critical Technology Security Operational Support.
  • Extensive Experience Managing Cyber Security Projects from new products and technology evaluation, planning and deployment to upgrading or doing acquisition and technologies merging planning with an acquired enterprise, to all the way to performing detail security risk and compliance assessment for Infrastructures, Databases, Web and Cloud Applications and GRC Planning, Managing and Monitoring to align Enterprise Information Security Across All the Platforms within Enterprise.
  • My Expertise plan, deploy and implement robust security and compliance controls protecting any size of organization from undesirable and unexpected cyber - attacks to be hack-proof and hack-resilient - with Zero impact of business mission critical operations.
  • Expertise in evaluating, reporting and aligning over 4000 Security Configuration Compliance Controls all major platforms including Window, Linux, Unix, Oracle, SQL, Cisco, Vmware, DB2, & Exchange to build a Rock-Solid & Compliance Enterprise minimizing internal and external cyber security threats. .

TECHNICAL SKILLS

  • SOX 404, HIPAA, PCI-DSS, Readiness Expert
  • Symantec Control Compliance Suite 11 Planning, Deployment & Assessment eGRC Compliance & Risk Analysis using MetricStream & RSA Archer
  • Enterprise Infrastructure Security Risk Assessment Audits
  • Enterprise Infrastructure IT Strategic Planning
  • Open Web Application Security Project (OWASP) Top 10 Vulnerabilities Detection
  • Web Application SDLC Secure Development, Code Review and Pen Testing
  • Web Application Vulnerabilities Mitigation / Management
  • IT Infrastructure Network Vulnerabilities Mitigation / Management
  • Enterprise Systems (Mission-Critical Servers) Vulnerabilities Mitigation / Management
  • Cyber Security Threats Modeling Planning, Development and Case Testing
  • 3rd Party Independent Audits and Risk Assessment,
  • Regulatory Compliance Readiness & Preparation
  • Application Security Assessment & Audits
  • Network Security Assessment and Audits
  • System Security Assessment and Audits
  • Database Security Assessment and Audits
  • Enterprise Infrastructure IT Strategic Planning
  • Technical Writing and Authoring Technical Program, Procedures and Plans
  • Authoring and Development of IT Security Policy, Procedures, Standards and Guidelines
  • Business Continuity Planning Development & Testing
  • Disaster Recovery Planning Development & Testing
  • Incident Handling Planning Development & Testing
  • Crisis Management Planning Development and Testing
  • Security Policies Mapping, Cross Check and Identify Security Controls IT Governance Framework Development (Security Polices, Procedure, Standards, and Guidelines, Best Practice and Awareness Program)
  • Database Protection and Encryption Planning / Integration and Deployment
  • Security Systems Administration / Support
  • Vulnerability Management
  • Wireless Network Security Audits (802.11a,b and g)
  • High Level Data Encryption / Cryptography
  • Development IT Security Policies, Standards, & Guidelines
  • IT Security Penetration Testing
  • Technical Writing & Document Development
  • Network / Host Based IDS Administration / Monitoring
  • SIEM Log Management
  • Windows Vista/ 2003/2008 Server Administration & Support
  • IT Business Impact Analysis (BIA) Audit
  • VMWare ESX Server Systems Designing, Planning & Support
  • IT Security Project Management
  • Develop Security Awareness Training Programs Specific to Business Units
  • Technology and Security Products Evaluations / Testing
  • Active Directory (AD) Infrastructure Planning (FSMO Rules, GPOs, OUs, Group Policies)
  • Internal IT Workflow / Change Control Planning and Audits

PROFESSIONAL EXPERIENCE

Confidential, Sacramento, CA

Sr. Security Consultant & Advisory

Responsibilities:

  • Project Scope / Achievements: IT Infrastructure and Vendor and Home Grown Healthcare Applications Security Risk Assessments & Security Advisory and plan and deploy new security cutting edge technologies and software based security and compliance driven security solutions and products.
  • Managing, monitoring and protecting UC Davis, UC Davis Campus and Confidential (Hospital) life, business and mission critical assets, IT Infrastructure and application from Cyber security threats.
  • Lead, Planned & Deployed New Security Solutions that includes upgrades, systems and application integration, and new technology evaluation and security assessments. RSA Authentication Manager 7.1 to 8.1 Migration & Imprivata Health Care Application Integration, Forescoute CounterACT- Network Access Control (Planning, Integration, Implementation, Configuration and Testing. Perform Departmental Security Risk Assessment for Security Controls and Privacy using NIST 800-53 framework and eGRC implementation using MetricStream.
  • Responsible and performing web application penetration to identify OWASP Top 10 security threats using IBM App Scan, HP Webnspect, Accunetix, and Burb suite
  • Responsible and perforating vulnerability testing Enterprise Infrastructures threats in relate to network, systems, database, and mobile devices using Qualys Guard Scanner, Nessus Scanner, GFI Scanner and McAfee Vulnerability Scanner for Enterprise environment
  • Re-testing to validating proper threats removal from the identified
  • Vulnerability Scanning, Performed Web Application Vulnerability Scanning using IBM - AppScan - Standard Application, Managed and monitoring the Damballa Fail-Safe End Point Security appliance for addressing end point security threats like viruses, worm.
  • Managed and monitoring IBM QRadar SIEM for addressing enterprise security network traffic monitoring and resolve network security troubleshooting. Managed and monitoring HP Tipping Point security systems for addressing enterprise network security threats like worm, botnet, DoS, DDOS.
  • Reviewing and Approving Firewall Change Requests / And Follow up for any additional information for justification and clarification. Prepare Security Exceptions where necessary for CISO discussion and approval. Managed IronKey Imation online systems for Mobile USB Drive data security and accounts and devices managements, worked as Security Advisory to support other units. Performed detail IT Security Evaluation & Risk Assessments. Senior Security Advisory to support other business units, where security participation is required, and investigated, troubleshooting and resolved security incidents.
  • Provide expert ITSGRC security advisory and security technologies and security educational awareness training program to medical professionals and other staff members to transforming a straight medical professional mindset to security-driven medical professional mindset to protect UDC patient electronic health care information from unauthorized access, misuse and/or unauthorized disclosure.
  • Pre and post security products deployment detail risk and performance evaluation for their new security technologies and security application-based audit and compliance solutions. Develop new security project business and technology security standards requirements.
  • Work closely with CIO, CISO, CTO, and all key business and technical stakeholders and healthcare C-level executives, recommending, and implementing new cutting edge security solutions to protect all UCD IT technology Infrastructure, applications and sensitive and critical vital patient data.

Confidential, Los Angeles, CA

Sr. Security Consultant

Responsibilities:

  • Assess and qualify IT vendors, their security and privacy practices to determine and document risks and mitigation controls as applicable to the scope of contracted services and SOW’s.
  • Lead and Manage vendor life cycle security risk assessment processes using RSA Archer eGRC Application that includes vendor entity management, IT Infrastructure assessments, Application Security Assessment, Security Incidents, and Creating, Processing Security Risks Acceptance (SRA’s) requests for any non-compliance vendor security standards. Proficient using HP Project and Portfolio Management (PPM) software application.
  • Actively and closely directly working with CIO, CTO, VPs, Directors, Business Owners, Data owners, technical team providing security advisory, technical security interpretation, security controls and compliance cross mapping, work on IT Infra and Web Application remediation’s initiatives and planning and closures. Working as Security advisory with IG Advisory Group Security Liaison between various business units and business partners and vendors related to Security assessments, risk, compliance and mitigation initiatives while managing other security projects role and responsibilities’.
  • Evaluate the design and effectiveness of policies, applied controls for processes, systems, networks, and applications in accordance with laws, regulations, and internal policies, procedures and standards (such as ISO 27001, CIS, NIST etc.)
  • Support Project teams in defining and documenting Information Security system requirements during IT system design, development, and implementation.
  • Proficient in applying technical documentation skills to the creation of work instructions, directives, policies and procedures. Participate and contribute to the development and improvement of the security assessment program and related processes and procedures and large Infra and apps migration.
  • Responsible and performing web application penetration to identify OWASP Top 10 security threats using IBM App Scan, HP Webnspect, Accunetix, and Burb suite
  • Responsible and perforating vulnerability testing Enterprise Infrastructures threats in relate to network, systems, database, and mobile devices using Qualys Guard Scanner, Nessus Scanner, GFI Scanner and McAfee Vulnerability Scanner for Enterprise environment

Hire Now