SUMMARY

• Security Information and Event Management (SIEM) RSA Envision, Symantec SOC
• Identity and Access Management (IAM) RSA Aveska
• Bring your own device (BYOD) Bluecoat Proxy SG/AV
• Vulnerability and Threat Management Life Cycle, MacAfee Foundstone, IBM AppScan, Digital Defense Threat Management, GFI Languard
• Perimeter Defenses, Intrusion Prevention and Detection Systems (IPS/IDS), IBM Proventia GXS, Checkpoint NGX 7 UTM - 1
• Access Control for network devices, Cisco TACACS+
• Dual Factor Authentication, Symantec VIP, RSA SecureID
• Data Loss Prevention (DLP), Symantec DLP Platform, Endpoint Protection
• Secure File Transfer, Accellion Secure Messaging
• Data Segmentation, Trend Micro Deep Security
• Malware Defenses, Symantec Endpoint Protection
• Web Content Management, Bluecoat Proxy SG/AV, Web Sense
• Security Awareness

TECHNICAL SKILLS

• Web Application Security - Experience protecting against web services security vulnerabilities including OWASP Top Ten Risks such as Cross-
• Site scripting XSS, Cross-Site Request Forgery, CSRF, SQL Injection; Encryption techniques, DoS attacks, XML and APIs
• TrendMicro Deep Security, RSA Envision, RSA Aveska, IBM Proventia IPS/IDS,Cisco Snort IPS/IDS, Manage Engine AD Manager, Accellion, PGP Desktop, PGP E-mail, Symantec DLP, AS/400 Security, Power Lock, DDI Vulnerability Manager, MacAfee Foundstone Vulnerability, IBM AppScan, burp suite, webscarab, angry scanner, Manager, OWASP vulnerability standards, Bluecoat ProxySG/AV, Websense, Microsoft Baseline Analyzer (MSBA), Shavlik,, Wireshark Network Analyzer, CISCO TACACS+
• Active Directory management users, groups, and policy management, internetworking with DNS, DHCP, TCP/IP, Microsoft SharePoint 2005,, Microsoft Office 2010, Microsoft Visio 2010, Microsoft Project 2010, Microsoft Exchange 2010, Citrix Metaframe 4.0,VMWare Server Management and Workstation,IBM WebSphere Application server 6.1, AS/400 Security Operations, Windows 2000/2003 2008 Servers, Internetworking with Microsoft TCP/IP and DNS,, Windows 7, Linux Ubuntu and Fedora
• SQL Server 2000/2005 Administration, SQL- Transact programmer, Idera SQL diagnostic manager 4.5, Orion Solarwinds enterprise network performance monitor 8.0, Spotlight for windows, ECLIPSE platform,
• Microsoft System management server 2, Client Support/Site Management, Cisco CCNA Certification semester I, II, Novell NetWare 5 Administration, IPrism - Internet Firewall and content filtering router, Polycom Enterprise Video Conferencing, Paradox alarm system management, Symantec Antivirus Endpoint Protection, Enterasys Net sight network Management Software
• ASP.NET Programming, VB.Net, JavaScript, XML, HTML, IIS Management, Apache Web Services, ISAPI filters

PROFESSIONAL EXPERIENCE

Confidential

Senior Global Information Security Analyst

Responsibilities:

• Reviewed the development, testing, and implementation of security plans, products, and control techniques
• Responsible for managing Information Security projects driven by regulatory requirements such as Sarbanes-Oxley (SOX), Payment Card Information (PCI), Data Loss Prevention, work in multiple security projects related to privilege access, encryption for data protection, Perimeter Security, Vulnerability Management and assessment, Web Content Management, Network Segmentation and Security Incident and Event Management.
• Collaborate with key stakeholders to validate and verify audit findings, control deficiencies and remediation plans. Create and manage implementation plans with well-defined and measurable milestones; track and report progress to senior management.
• Participate in cross-functional project teams along with individuals from IT Infrastructure, Enterprise Architecture and Application Development to design and implement security solutions as prioritized by management.
• Design, implement and maintain comprehensive information security solutions to meet business requirements.
• Collaborate with other information security personnel, located around the globe, to define and implement global standards, solutions and best practices.
• Develop policies, standards, procedures, guidelines and baselines for the global Information Security program elements and enforce they are carried out and follow according to the company security policies.
• Remain current on relevant security regulations, laws and technologies in an effort to manage solutions as required. Conduct assessments of existing security operational.
• Assist the team in the management of security events and technical forensic investigation efforts on a global level. Develop and contribute to information security metrics and reporting to depict strengths and opportunities.
• Execute security tasks-business as usual (BAUs) according to regulatory requirements, monthly, quarterly and yearly activities related to application scans, network vulnerability scans, assessments, coordinate with infrastructure-network team, application development teams for remediation

Confidential

Security Officer and Systems Security Administrator

Responsibilities:

• Manages and oversees the risk assessment process, development of policies, standards, procedures and security threat mitigation processes. Lead security projects and integrates new technologies into the existing network.
• Works with Public/Private Encryption, PKI, IDS/IPS, Hashes, Certificates, digital signatures, E-Mail encryption, patch management
• Manually test applications for security vulnerabilities; leverage automated tools as necessary against OWASP Top 10
• Protect and response to any security event s or incidents according to the security incident response program.
• Protect the financial institution information by ensuring that the all security controls are effective and enforce according to security policies.
• Report directly to the VP/IT Oversee systems and network security.
• Manage authentication, authorization and accountability processes in all application system servers, desktop and network devices including routers, switches, and checkpoint firewalls.
• Analyzed system logs to detect abnormal behaviors or patterns that may lead to possible security threats and avoid possible security breaches.
• Manage security assessments and routines audits in all systems software, operating systems, servers, workstations and network devices by executing vulnerability scans and application scans for detecting possible vulnerabilities and create any necessary remediation plans for mitigating any security weaknesses.
• Review and approve Checkpoint firewall rules, policies, routers configuration changes and Checkpoint VPN access in a routine basis. Monitor network device configuration changes. Document system configuration and create guidelines, backup switches and routers configuration and other system files that may contain security descriptions or access list. Participate in the disaster recovery plans and definitions.
• Grant, update, and delete system access according to Identity Management security policies, validate user access according to job description and manage recertification process.
• Develop and keep the security awareness training program updated, schedule security awareness meetings with all managers and maintain security bulletin boards for creating more security

Confidential

System/Database Administrator

Responsibilities:

• Perform administrative task for TRIZETTO FACETS Enterprise system version 4.31 and 4.51
• Implement upgrades and updates in Facets system in a monthly basis including service packs, change packages, and backups for to all Facets components including databases, fat clients in Citrix servers, application servers, and web services (IBM Web Sphere applications).
• Troubleshoot issues related to Facets system with Facets support.
• Comply with the change control policies of the company related to
• Ensure database performance by planning, developing, managing, and securing databases. Work closely with Senior DBA and development teams. Responsibilities include both database administration and development activities.
• Maintained database performance by developing tuning methodologies.
• Maintains data integrity by establishing standards; monitoring performance.
• Completed platform upgrades and migrations by issuing instructions; monitoring performance; coordinating actions.
• Provided information by collecting, analyzing, and summarizing database performance and trends.
• Database Management, working knowledge of SQL Server 2005, SQL Server Enterprise manager, Microsoft SQL Server Management Studio, SQL Programming, Data transformation services DTS/Jobs, replication services, Clustering services, Database Security, Requirements Analysis, Stored Procedures, Problem Solving, Data Maintenance, Database Performance Tuning, process Improvement, and documentation.
• Documented changes and controls for SOX (Sarbanes and Oxley) audits using COBIT (Change Objective for IT) audits.

Confidential

Database Administrator-Quality assurance

Responsibilities:

• Administer production databases for performance and stability and quality assurance for in house develop applications.
• Direct hands-on experience with ad hoc query programs, automated testing tools, and reporting software.
• Provides information by collecting, analyzing, and summarizing database performance and trends.
• SQL Server Enterprise manager, Microsoft SQL Server Management Studio, SQL Programming, Data transformation services DTS/Jobs, replication services, Clustering services, Database Security, Requirements Analysis, Stored Procedures, Problem Solving, Data Maintenance, Database Performance Tuning, process Improvement, and documentation.
• Test/QA new software to ensure integration into the Bank systems meets functional requirements, system compliance, and technical specifications.
• Get final acceptance from End users before declaring a program or application in production.
• Identify, resolve and report problems with major applications to vendors and Development and Integration Section. Develops and conducts major application training programs, including end users’ needs assessment when required to.
• Import data for use in report software, spreadsheets, graphs, and flow charts. Proven data analysis, data verification, and problem-solving abilities.
• Install in Production status, applications that have met the requirements according to the Developer documentation
• Analyze workflow and operational procedures as they relate to data collection and accuracy and makes recommendation for improvements.
• Develop procedures on the utilization of program products in the Production environment.
• Supports Production section day-to-day tasks
• Occasionally Software and Hardware installation and configuration.