SUMMARY:

• I have around 10+ experience in IT and over 6 years of experience in systems security, since 2012 working as a Security consultant / engineer and pen tester involved in different projects performing penetration testing (black box, gray box and white box) and vulnerability assessment / management / analyst using OWASP and EC - Council methodologies.
• As an IT professional I have 8 plus years of experience working with open source tools like w3af, arachni, vega, nexpose, metasploit, and non-free tools like core impact, immunity canvas, cenzic, acunetix, qualys, nessus, and so-on.
• In addition, I have experience trying manual web security pen testing with proxies like burpsuite and ZAProxy, also with technology solutions that helps me to participate in projects regarded with implementation like CyberArk, FireEye, among others, deployment and development, security infrastructure, security architecture, cloud security, tool selection, skill roadmap and development, and Linux environment and architecture solutions.
• I have been involved in new technologies evaluations, implementations and help on project management and development and solution designing. Moreover, I have participation in projects that require analyze and find ways to improve or automating tasks. My professional career includes banking, financial companies, telecommunication industry and services.
• Experience applying information technologies, services, automation, monitoring of services, servers maintenance, vulnerability assessment, vulnerability management, security risk analyst, penetration testing, Data recovery, third level security support, server monitoring, procedure enhancements, IT Research, forensic analysis, Business analyst, troubleshooting, solution innovation, creative, experience team leading to build solutions from scratch.
• Experience with Linux, Solaris, Windows.
• Performing security assessments on Internet-facing applications.
• Performing penetration tests across public networks.
• Performing Implementation security Infrastructure.
• Managing People to implement ISO 27000.
• Managing People to implement technologies/architectures like Cisco, FireEye, AlienVault, Splunk.
• Key person buying technologies on a group of people.
• Key person evaluating tools before buy.
• Performing assessments of physical security using social engineering.
• Performing security projects assisting client’s implementations on security controls.
• Virtualization platforms vmware, knowledge on C programming, Bash scripting, Python.
• Collaborate with solution experts to develop and deploy secure solutions.

TECHNICAL SKILLS:

Lang. Knowledge: SQL, HTML, C, Python, bash, JavaScript.

Databases: MySQL.

Operating Systems: Windows, Linux, Darwin, Solaris.

Front end tools: gparted, R-studio, Sleuth kit, Wireshark, FireEye, Remedy, .

Framework: Metasploit, Dradis, CoreImpact, Immunity Canvas, acunetix, Cenzic.

Methodologies: osint, owasp, itil, ec-council.

Reporting Tools: Dradis

Others: FireEye, Splunk, Armitage,/CobaltStrike, Nagios, Untangle, Acunetix, Nessus, Cenzic, Kali Linux, W3af, CyberArk, Cisco ASA

PROFESSIONAL EXPERIENCE:

Confidential, NYC, New York

ITS Vulnerability & Risk Analyst.

Responsibilities:

• Prioritize patch management on vulnerabilities.
• Creating dashboards to follow the progress for patching.
• Suggesting tools for vulnerability assessment open source tools and licensed.
• Performed research vulnerability management.
• Tasks Automation using Bash and Python.
• Propose improve initiatives.
• Analyze tasks and propose automation on repetitive tasks.
• Improving vulnerability management and analysis.
• Using Nmap to scan network and verifying some footprints
• Python for file processing automation
• Improving Qualys scanning tuning options and improving input
• Virtualizing with vmware creating secure environments for PoC’s pruposes

Environment: MS Office Suite, Linux, Python scripting, Vmware, PowerShell, Qualys, Nmap, Hping.

Confidential

Information Security Engineer

Responsibilities:

• Worked on ISO27000 implementation
• Create the documents to follow the progress of ISO27000 implementation.
• Performed penetration testing with open source tools and licensed.
• Performed Nessus vulnerability assessment.
• Performing web vulnerability assessment with Acunetix.
• Developed code using Python, Bash scripting.
• Performing infrastructure and NOC auditories for compliance.
• Performed periodical security assessments and reporting any disclosure.
• Involved in reviews and tests to new acquired equipment.
• Mounting vulnerable infrastructure for testing and demonstration purposes.

Environment: MS Office Suite, Linux, Nessus, acunetix, shell scripting, Vmware, ISO 27000.

Confidential, Seattle, Washington

Security Consultant Sr.

Responsibilities:

• Worked in all phases deploying security appliances around the world and move to production, testing and troubleshooting.
• Create the documents detailing configurations, and collaborate with providers to solve communication issues.
• Performed penetration testing with open source tools and licensed.
• Performed vulnerability assessment on internal and external infrastructure.
• Developed code using Python, Bash scripting.
• Low level troubleshooting with wireshark and tcpdump.
• Performed periodical security assessments and report any disclosure.
• Involved in reviews and tests to new equipment.
• Involved in CyberArk and FireEye implementation.
• Performing web vulnerability scanning with Cenzic (interactive and automated).
• Performing nessus network scanning.
• Using Kali linux tools for pentesting and vulnerability assessment to old and new infrastructure.

Environment: FireEye, MS Office Suite, Linux, shell scripting, Nessus, Cenzic, Kali Linux, Paros Proxy, Wireshark, Vmware, Cisco ISE, CyberArk

Confidential

Penetration Tester/Security Consultant Sr.

Responsibilities:

• Performed penetration testing with open source tools and licensed.
• Performed vulnerability assessment on internal and external infrastructure.
• Performed Internal testing of infrastructure to disclose security issues on client infrastructure.
• Perform Social Engineering tests on employees to get information.
• Web Vulnerability scanning with BurpSuite Pro, W3af, Arachni, sqlmap on different productive environments.
• Using sqlmap and BurpSuite to verify findings and discard false positives.
• Using Metasploit, and Armitage for network scanning and exploitation.
• Using wireshark for traffic sniff and sole some network issues.

Environment: MS Office Suite, sqlmap, Qualys, shell scripting, Social Engineering Toolkit, Kali Linux, BurpSuite, Wireshark, Vmware, Cisco, Armitage.

Confidential

Penetration tester/Security Consultant Sr.

Responsibilities:

• Performed penetration testing with open source tools and licensed.
• Performed vulnerability assessment on internal and external infrastructure.
• Performed Internal testing of infrastructure to disclose security breaches.
• Perform Social Engineering tests on employees to get confidential information.
• Performed periodical security assessments and report any disclosure.
• Involved in reviews and tests to new equipment.
• Performing network vulnerability scanning with Nessus and Nexpose.
• Verifying findings with metasploit and CoreImpact frameworks.
• Usb hacking demo with rubber ducky.
• Performing web pentesting and vulnerability assessment with w3af, Acunetix, nmap, sqlmap and zaproxy

Environment: MS Office, Kali linux, Acunetix, Nessus, Nexpose, sqlmap, w3af, zaproxy, CoreImpact, Vmware, rubberDucky.

Confidential

Systems Analyst (Unix)

Responsibilities:

• Worked in all phases of reception, integration and move to production, analysis, architecture knowledge, testing and troubleshooting.
• Created the documents to integrate with some platforms through remedy tool, design test scripts to automate tasks, and collaborate with providers to solve communication troubles.
• Troubleshooting management, coordinate involved areas to solve any kind of issues.
• Worked with users to make business process improvements, gather requirements.
• Ability to translate all the technical requirements for non-technical users.
• Developed code using Python, Bash scripting.
• Low level troubleshooting with wireshark and tcpdump.
• Performed security assessments and report any disclosure.
• Involved in code reviews and new tests to new equipment.
• Created and responsible on babysitting situations.

Environment: MS Office Suite, Linux, shell scripting, Remedy, Nmap, Python.

Confidential

Security Consultant Sr

Responsibilities:

• Performed penetration testing with open source tools and licensed.
• Performed vulnerability assessment on internal and external infrastructure with Kali linux tools.
• Performing Web vulnerability assessment with w3af, arachni builted in Kali and Acunetix
• Using zaproxy and sqlmap on web application pentesting.
• Coordinated and developed business impact analysis, disaster recovery plan.
• Advised clients about best practices to security assurance.
• Security documents management.
• Performed some demo to clients about open source advantages.
• Worked with linux, windows, apache, iis, and SunOS.
• Worked with business users to extract and deploy the production data successfully from the current system.

Environment: MS Office Suite, prezi, vmware, proxmox, Kali Linux, Windows 7, acunetix, apache, iis 7, Cisco.

Confidential

Security Consultant Sr.

Responsibilities:

• Worked in all phases of reception, the IT equipment and move to production analyze architecture and select the best configuration.
• Create documents to soc administration.
• Migrate to production clients and take over security administration.
• Worked with users to make business process improvements, gather requirements.
• Ability to translate all the technical requirements for non technical users.
• Develop code using Python, Bash scripting.
• Deploy and monitoring Linux servers.
• Install, configuration and hardening of linux equipments.
• Manage Mysql database to correlate logs. build testing lab and integrate oracle database for testing.
• Work with web servers on productive architecture.
• Project management at start of the project and advice about technical and security decisions.
• Performing web assessment with acunetix and cenzic.
• Using metasploit and core impact to exploitation pruposes on Nessus and Nexpose findings.

Environment: Linux, shell scripting, Asa firewall, Network Access control, core impact, acunetix, ceznic, metasploit, cisco asa firewall, Nagios, Nexpose, Cisco ASA.

Confidential, NYC, NY

Unix consultant

Responsibilities:

• Performed scripts to automate system information gathering.
• Enumerated *nix like systems and services running on.
• Migrated configured and virtualized from Mexico to George Town through SSH.
• Worked with key par, and other password managers to generate root passwords.
• Worked with linux, windows, apache, iis, and SunOS, HPUX, AIX, Linux, Tomcat, Application server.
• Worked with business users to extract and deploy the production data successfully from the current system.
• Worked with web servers and services migrating and virtualizes them.
• Worked with databases like Mysql, oracle, local and productive.
• Responsible to coordinate the migration and functionality assurance.

Environment: MS Office Suite, Solaris, HPUX, AIX, Linux, Windows 7, Tectia ssh, key par, Web Logic, Apache, Tomcat, iis, SSL certificates, Oracle, Mysql, Sql Server, Tibco.

Confidential

Linux Consultant Jr

Responsibilities:

• Performed software evaluation for document performance.
• Installed new technologies to improve vdi system on cashiers
• Responsible to research for new patches, improvements and better ways to made the work.
• Responsible to advice client about best ways to integrate other systems to the vdi solution.
• Performed some demo to clients about VDI solution (called QVD).
• Evolved support for platform, this was making research to continuous improvement.
• Worked with linux, apache, bash scripts, Kiwi, mysql, pxe, proxmox, kvm, qvd.

Environment: Vmware, proxmox, Linux, apache, kiwi, qvd, Ldap, nfs, kvm.

Confidential

IT Consultant

Responsibilities:

• Performed software evaluation.
• Collected information about contracts to update or preserve logs, AV´s, patches, etc.
• Analyzed situations and collect evidence to preserve each service contracted by clients.
• Performed monthly each evaluation and information collected.
• Automated collect process.
• Reduced time from 1 month to 15 seconds with automate tool.

Environment: Linux, AIX, shell scripting, Confidential tools.