Senior Security Advisor Resume
Chicago, IL
SUMMARY
- Passionate Application Security professional with experience encompassing Application Security and IT audit process reviews.
- Extensive background in Application Security Vulnerability and Remediation Management.
- Experienced in applying regulatory compliance such as SDLC, COBIT, PCI DSS, and SOX to internal controls and best practices.
TECHNICAL SKILLS
Application Security: OWASP top 10, IBM - AppScan, Veracode, BurpSuite, HP Web-Inspect, Fortify 360, Qualys, DevOps
Information Security: ISO27001, NIST, SOX & PCI DSS, BCP / DR. IT Auditing
Platforms: Windows 7/10, Windows Server 2008/2012, Linux
PROFESSIONAL EXPERIENCE
Confidential - Chicago, IL
Senior Security Advisor
Responsibilities:
- Information Security Advisor for Confidential ’s acquisition of Confidential ’s Transportation & Finance Business
- Provide Information security requirements advice and counsel to project teams and the Business ensuring alignment to IS processes and standards
- Work with SMEs on large and complex supplier arrangements to ensure security risks in a Supplier / 3rd party relationship are identified, assessed and reported
- Work with business to identify appropriate controls to mitigate the identified risks
- Conduct web application security assessments identify vulnerabilities and escalate accordingly
- Identify and triage security incidents such as Malware, Phishing and Web Attacks
- Provide Information security subject matter expertise on various projects and issues
Confidential - Chicago, IL
Information Security Engineer
Responsibilities:
- Conducted application assessments (AppScan Standard & Enterprise, BurpSuite, and HP Web Inspect)
- Conducted research pertaining to the latest security threats
- Worked with LOBs and provided technical guidance by communicating risks and remediation strategies
- Tracked vulnerability remediation work required to meet regulatory, industry compliance guidelines which include PCI, GLBA, and internal standards
- Helped maintain Appscan Enterprise High Volume Scanning process
- Identified risk to Confidential Customers by conducting Internet assessment using RISK IQ
- Strong understanding of common application security issues including OWASP top 10, SANS 25
- Tracked and reported on application and network related vulnerabilities (identified through penetration tests and application code reviews)
- Educated and mentored new associates on our Global Information Security team
- Worked with interns to facilitate their career & professional development in conjunction with management
Confidential - Lincolnshire, IL
IT Security Analyst
Responsibilities:
- Lead an offshore team of 12 security analysts
- Deployed Remediation life-cycle to ensure end-to-end tracking of vulnerabilities (discovery to remediation)
- Developed timeframes to ensure timely remediation of identified vulnerabilities based on severity ratings.
- Responsible for generating vulnerability reports
- Conducted security assessments with team on web applications and Kiosk applications
- Developed, deployed and maintained remediation processes and vulnerability tracking methodology
Confidential - Chicago, IL
Enterprise Risk Services - Consultant
Responsibilities:
- Performed test of controls, design, and operating effectiveness of controls
- Performed SOX 404 Audit of IT General Controls, Application Controls
- Performed risk assessment, and reviewed to ensure compliance with SOX regulations and standards
- Interviewed client IT staff for resolution of previously identified audit violations or security weaknesses
- Tested user provisioning, password configuration, logical access, logging, SOD for UNIX, Windows, AS/400
- Assessed and reviewed current technology infrastructure to identify key risks areas, and ensure adequate level of control are in place to address those risks
- Concluded findings and recommendations for risk reduction and policy compliance
- Responsible for training and mentoring new associates in the team
Confidential - New York
Responsibilities:
- Reviewed inventory specific States’ foreclosure documents such as the first legal action, note, assignment, certificate of sale, financial documents.
- Reviewed Confidential underwriters’ mortgage income and debt calculations
- Trained new employees on how to navigate and use the JPMC computer applications.
- Prepared proposals, presentations, workshops and seminars.
Confidential - Chicago, IL
Application Security Analyst
Responsibilities:
- Strong understanding of common application security issues including OWASP top 10.
- Assisted with implementation of security standards and guidelines.
- Led dynamic scan tasks on all global web applications.
- Employed both manual and automated methods to conduct security assessments against Web Applications
- Reviewed change management system to identify any security discrepancies.
- Coordinated scan times with application development teams.
- Host meetings as part of the SDLC to hand-off vulnerabilities to the development team.
- Partnered with Application Development Team to ensure smooth automated vulnerability scans.
- Assisted IBM Tech Support with a variety of App-Scan Enterprise issues
- Performed validation to remove false positives from delivered reports
- Experience with finding common web site security vulnerabilities (OWASP Top 10 vulnerabilities)
- Experience with penetration testing Confidential the use of vulnerability scanners, manual application review (application logic, hidden parameters, insecure implementations)
- Experience with various open source and commercial security tools (IBM AppScan Enterprise and Standard Edition, Fortify360, Nessus, HP Web Inspect).
- Extensive experience with High-Volume Scanning through IBM AppScan Enterprise and McAfee Secure/ Hackersafe.
Confidential - Chicago, IL
System Analyst
Responsibilities:
- Utilized performance and monitoring tools such as Wireshark, Spiceworks, & Belarc to optimize network, N-Map for port scanning.
- Implemented network security including removal of high risk network vulnerabilities to prevent attacks such as DoS and Virus Infections.
- Set-up and maintained Windows-based network, Active Directory, Sonicwall firewall, proxy server, and drafted group policies.
- Partner with Security Architects and provide security subject matter expertise in reviewing the architecture of the key business unit programs during design phase.
- Ensured availability of business network, firewall, and scheduling preventative maintenance and back-up verification.
- Assisted with Business Contingency Plan, reviewed Disaster Recovery Plan.
Confidential - Schaumburg, IL
System Administrator
Responsibilities:
- Provided support on LAN including: Cisco 3600 Routers, 2950 Switches, and Hubs.
- Managed client infrastructure utilizing Active Directory and DNS, DCHP.
- Maintained VMware ESX Server, & Exchange Server 2003.
- Configured redundancy using RAID on HP servers.
- Installed, configured, and troubleshot local/network printers.
- Upgraded and installed Symantec Backup Exec 11d.
- Installed/configured HP MSL tape library (LTO-4).
- Collaborated in recovery of company’s phone system with service engineer.
- Researched and updated IT department infrastructure.
- Upgraded switch to facilitate system functionality
Confidential - Mountain View, CA
IT/Help Desk - Intern
Responsibilities:
- Over saw network configuration and management, performed security maintenance.
- Supported Dell PowerEdge Servers, desktops/laptops, printers, and Xerox machines.
- Applied updates/patches on workstations and hosts via WSUS.
- Managed users via Active Directory, performed back-ups, and tested routers/switches.