SUMMARY:

• A highly skilled and dedicated SECURITY SYSTEMS PROFESSIONAL who established and formalized a global vulnerability assessment program within the Company to discover common security vulnerabilities in the technologies among international regions.
• Skilled and Motivated systems security professional - led the efforts to perform vulnerability assessments in collaboration with the business units and regions in order to obtain stakeholder approval and define the type of assessments required.
• Managed security efforts with service providers by defining requirements, service level agreements, schedules on security initiatives and overseeing the engagements.
• Regularly communicate with the business units on security matters - including executive level management - and provide reports on the state of security, manner in which vulnerabilities can impact the Company, security trending reports and recommendations for mitigation strategies.
• Expertise in conducting security analysis - performing web and network vulnerability analysis, assessments of system security configurations and intelligence gathering - to assure proper security practices are in place.
• Bilingual, English and Spanish.

TECHNICAL SKILLS:

Software Applications: Rapid 7 Nexpose, Qualys, IBM AppScan Standard, Nessus, Nmap, Kali Linux, Splunk, Log Logic, AirTight (WLAN monitoring), Symantec SEP 11, Secureworks, PGP, File Shredder, FTK Imager, Wireshark, MS Office Suite, Lotus Notes, MS Visio.

Platforms/Operating Systems: Windows XP/7/2008 Server R2, Linux (Redhat, CentOS, Ubuntu, Debian)

Networking: Common networking protocols

PROFESSIONAL EXPERIENCE:

Confidential, Jersey City, New Jersey

Senior Information Security Analyst

Responsibilities:

• Promoted to Senior Information Security Analyst in June 2011 and successfully managed the Information Security department in the absence of the ISO (Information Security Officer), allowing the Company to maintain its security posture and provide required security services.
• Formalized the Company's first vulnerability assessment program, allowing security assessments on its technology environment to discover potential security flaws that could lead to security breaches and impact security services.
• Researched and implemented security tools, providing the opportunity to remedy vulnerabilities before being exploited.
• Successfully performed periodic vulnerability assessments on 500+ network hosts and 25+ Web applications across the global regions. Numerous security vulnerabilities were discovered and remedied before being exploited, as well as saving the costs of a security breach if the particular vulnerabilities had been exploited.
• Developed security assessment trending reports which reveal the security status of the Company’s technology environment; determined the necessary requirements for improvements.
• Manage security projects with IT staff members and business groups to define requirements and track the progress of the tasks required to be done.
• Documented a list of security configuration benchmarks that were approved by stakeholders and applied to server configurations to improve the security of the assets being used to perform business services and minimize risks that could be introduced into the technology environment.
• Detect security incidents, perform investigations in order to contain the incident, prevent further damage and costs that would be incurred by the incident.
• Analyzed security incidents, detecting patterns in the technology environment to confirm the incident, discovered security flaws that could have led to the incident and developed lessons learned documentation to avoid reoccurrence.

Confidential

Information Security Analyst

Responsibilities:

• Managed and configured security devices, such as Symantec Management Console, Secureworks, AirTight portal and Sourcefire, used to provide monitoring to detect security events as well as contain and investigate those events to minimize the impact.
• Created workstation security configuration document to enable the IT staff to apply required security settings and minimize the risks that could be introduced to the end user business environment.
• Successfully migrated security devices to a new datacenter co-location which allowed for security services being provided to continue without disruption.
• Assisted the Information Security Officer (ISO) in a security investigation, enabling the required evidence to be acquired from workstations that were targeted for investigation.
• Built the initial security awareness server which provided the Company the ability to educate and train staff members on security best practices that needed to be applied to daily work routines.
• Coordinated with the team to push forward security awareness initiatives across the business to have all Company staff members take the within the required time frame.
• Reviewed systems’ security configurations as compared to industry standard benchmarks and Company standards, to ensure that appropriate security best practices were being applied before being implemented to production.
• Provided security best practices recommendations to groups and business units for application to business processes that dealt with integrating services with partners, third party vendors and/or processing services.
• Drove the required PCI initiatives forward by communicating with business groups on the security initiatives that needed to be implemented and organizing the execution of those initiatives.

Confidential

Senior Technical Support Analyst

Responsibilities:

• Successfully implemented a global Symantec antivirus management console to update the outdated antivirus environment which had no central management console. Completed the project within the six month deadline.
• With the implementation of the antivirus console, the Company fulfilled one of the requirements for PCI DSS (Payment Card Industry Data Security Standard) compliance.
• Managed and administered the Symantec Endpoint Management Console used to monitor systems, track malware infections, set up automatic alerts for malware infections to allow for quick response, keep Symantec policies up to date, maintain log information and generate reports.
• Assisted in upgrading the LANDesk Management Suite which provided the distribution of monthly application security updates, software fixes and upgrades to the most recent version. Completed the project within the two month deadline.
• Upgraded the Symantec antivirus client, deployed Windows XP Service Pack 3 and post security updates on 500+ user-end workstations which served to improve end user environment security. Completed within the two month deadline.
• Provided end user support, troubleshooting and problem resolution related to operating system issues, network connectivity, applications, internet connectivity, VPN connectivity, printers, faxes and handheld devices such as Blackberrys.
• Traveled to Company remote sites to maintain and troubleshoot computer related issues. Performed asset management to track Company IT equipment.

Confidential

Lead Technical Support Analyst

Responsibilities:

• Managed the technical support department within the corporate office supporting 100+ users, which included executive members and sales teams, allowing the company to maintain and improve productivity within the end user environment.
• Troubleshot and resolved end user problems relating to operating system issues, network connectivity, applications, internet connectivity, VPN connectivity, printers, faxes and handheld devices such as Blackberrys.
• Supported the network group by working with third party vendor to receive and install equipment, as well as troubleshooting network and other issues for offsite personnel.
• Assisted IT administrators in racking servers.