We provide IT Staff Augmentation Services!

Senior Security Advisor Resume

0/5 (Submit Your Rating)

Chicago, IL

SUMMARY

  • Passionate Application Security professional with experience encompassing Application Security and IT audit process reviews.
  • Extensive background in Application Security Vulnerability and Remediation Management.
  • Experienced in applying regulatory compliance such as SDLC, COBIT, PCI DSS, and SOX to internal controls and best practices.

TECHNICAL SKILLS

Application Security: OWASP top 10, IBM - AppScan, Veracode, BurpSuite, HP Web-Inspect, Fortify 360, Qualys, DevOps

Information Security: ISO27001, NIST, SOX & PCI DSS, BCP / DR. IT Auditing

Platforms: Windows 7/10, Windows Server 2008/2012, Linux

PROFESSIONAL EXPERIENCE

Confidential - Chicago, IL

Senior Security Advisor

Responsibilities:

  • Information Security Advisor for Confidential ’s acquisition of Confidential ’s Transportation & Finance Business
  • Provide Information security requirements advice and counsel to project teams and the Business ensuring alignment to IS processes and standards
  • Work with SMEs on large and complex supplier arrangements to ensure security risks in a Supplier / 3rd party relationship are identified, assessed and reported
  • Work with business to identify appropriate controls to mitigate the identified risks
  • Conduct web application security assessments identify vulnerabilities and escalate accordingly
  • Identify and triage security incidents such as Malware, Phishing and Web Attacks
  • Provide Information security subject matter expertise on various projects and issues

Confidential - Chicago, IL

Information Security Engineer

Responsibilities:

  • Conducted application assessments (AppScan Standard & Enterprise, BurpSuite, and HP Web Inspect)
  • Conducted research pertaining to the latest security threats
  • Worked with LOBs and provided technical guidance by communicating risks and remediation strategies
  • Tracked vulnerability remediation work required to meet regulatory, industry compliance guidelines which include PCI, GLBA, and internal standards
  • Helped maintain Appscan Enterprise High Volume Scanning process
  • Identified risk to Confidential Customers by conducting Internet assessment using RISK IQ
  • Strong understanding of common application security issues including OWASP top 10, SANS 25
  • Tracked and reported on application and network related vulnerabilities (identified through penetration tests and application code reviews)
  • Educated and mentored new associates on our Global Information Security team
  • Worked with interns to facilitate their career & professional development in conjunction with management

Confidential - Lincolnshire, IL

IT Security Analyst

Responsibilities:

  • Lead an offshore team of 12 security analysts
  • Deployed Remediation life-cycle to ensure end-to-end tracking of vulnerabilities (discovery to remediation)
  • Developed timeframes to ensure timely remediation of identified vulnerabilities based on severity ratings.
  • Responsible for generating vulnerability reports
  • Conducted security assessments with team on web applications and Kiosk applications
  • Developed, deployed and maintained remediation processes and vulnerability tracking methodology

Confidential - Chicago, IL

Enterprise Risk Services - Consultant

Responsibilities:

  • Performed test of controls, design, and operating effectiveness of controls
  • Performed SOX 404 Audit of IT General Controls, Application Controls
  • Performed risk assessment, and reviewed to ensure compliance with SOX regulations and standards
  • Interviewed client IT staff for resolution of previously identified audit violations or security weaknesses
  • Tested user provisioning, password configuration, logical access, logging, SOD for UNIX, Windows, AS/400
  • Assessed and reviewed current technology infrastructure to identify key risks areas, and ensure adequate level of control are in place to address those risks
  • Concluded findings and recommendations for risk reduction and policy compliance
  • Responsible for training and mentoring new associates in the team

Confidential - New York

Responsibilities:

  • Reviewed inventory specific States’ foreclosure documents such as the first legal action, note, assignment, certificate of sale, financial documents.
  • Reviewed Confidential underwriters’ mortgage income and debt calculations
  • Trained new employees on how to navigate and use the JPMC computer applications.
  • Prepared proposals, presentations, workshops and seminars.

Confidential - Chicago, IL

Application Security Analyst

Responsibilities:

  • Strong understanding of common application security issues including OWASP top 10.
  • Assisted with implementation of security standards and guidelines.
  • Led dynamic scan tasks on all global web applications.
  • Employed both manual and automated methods to conduct security assessments against Web Applications
  • Reviewed change management system to identify any security discrepancies.
  • Coordinated scan times with application development teams.
  • Host meetings as part of the SDLC to hand-off vulnerabilities to the development team.
  • Partnered with Application Development Team to ensure smooth automated vulnerability scans.
  • Assisted IBM Tech Support with a variety of App-Scan Enterprise issues
  • Performed validation to remove false positives from delivered reports
  • Experience with finding common web site security vulnerabilities (OWASP Top 10 vulnerabilities)
  • Experience with penetration testing Confidential the use of vulnerability scanners, manual application review (application logic, hidden parameters, insecure implementations)
  • Experience with various open source and commercial security tools (IBM AppScan Enterprise and Standard Edition, Fortify360, Nessus, HP Web Inspect).
  • Extensive experience with High-Volume Scanning through IBM AppScan Enterprise and McAfee Secure/ Hackersafe.

Confidential - Chicago, IL

System Analyst

Responsibilities:

  • Utilized performance and monitoring tools such as Wireshark, Spiceworks, & Belarc to optimize network, N-Map for port scanning.
  • Implemented network security including removal of high risk network vulnerabilities to prevent attacks such as DoS and Virus Infections.
  • Set-up and maintained Windows-based network, Active Directory, Sonicwall firewall, proxy server, and drafted group policies.
  • Partner with Security Architects and provide security subject matter expertise in reviewing the architecture of the key business unit programs during design phase.
  • Ensured availability of business network, firewall, and scheduling preventative maintenance and back-up verification.
  • Assisted with Business Contingency Plan, reviewed Disaster Recovery Plan.

Confidential - Schaumburg, IL

System Administrator

Responsibilities:

  • Provided support on LAN including: Cisco 3600 Routers, 2950 Switches, and Hubs.
  • Managed client infrastructure utilizing Active Directory and DNS, DCHP.
  • Maintained VMware ESX Server, & Exchange Server 2003.
  • Configured redundancy using RAID on HP servers.
  • Installed, configured, and troubleshot local/network printers.
  • Upgraded and installed Symantec Backup Exec 11d.
  • Installed/configured HP MSL tape library (LTO-4).
  • Collaborated in recovery of company’s phone system with service engineer.
  • Researched and updated IT department infrastructure.
  • Upgraded switch to facilitate system functionality

Confidential - Mountain View, CA

IT/Help Desk - Intern

Responsibilities:

  • Over saw network configuration and management, performed security maintenance.
  • Supported Dell PowerEdge Servers, desktops/laptops, printers, and Xerox machines.
  • Applied updates/patches on workstations and hosts via WSUS.
  • Managed users via Active Directory, performed back-ups, and tested routers/switches.

We'd love your feedback!