SUMMARY:

Responsible and experienced IT Security (CISSP) Professional with more than 15 years of experience in supporting and administration of the Information Systems and Information Assurance. Proven ability to be a strong professional with the sound knowledge of the new technologies and advance applications.

PROFESSIONAL EXPERIENCE:

Information Security/Courion Systems Engineer

Confidential

Responsibilities:

• Workflows, configuration, targets, and macros creation, and modifications.
• ARMS (Lights Out Provisioning implementation and configurations.
• Install, configured, and managed Courion Access Management Software modules, Password Reset, PMM, Account Courier, Password Courier, Access Account Suite, Role Courier, Compliance Courier, trigger, alarm, workflows, connectors, etc
• Strong skills in Software - based testing (including unit testing, automation, performance testing), using one or more of the following tools:
• Server virtualization
• MS SQL Server, Scripting in Perl, Python, C#, JavaScript, ASP / ASP.NET / ASP.NET AJAX, Power Shell 3.0
• Implemented SQL SSIS for IAM Courion's environment. Write SQL related procedures (SSI's Pkg.) and instructions for the operations team.
• Configure Workflows for provisioning account and password resets, to complex AD Tree, using VBS, and Powershell (3.0).

Information Security/Forensics

Confidential

Responsibilities:

• Information Security Engineer penetration tester and web application terster.
• Performed audits utilizing various methodologies and frameworks, including, COBIT, COSO, ITIL and PCI-DSS.
• Performed penetration and web application tests using standard testing methodologies sush as OWASP, OSSTMM, ISSAF, NIST, and PCI-DSS 3.1.
• Cyber attacks identification, monitoring, implementation of cyber attacks prevention, and alerts security controls.
• Implement and manage Security Event logging and monitoring platforms such as SEIM, IBM QRadar, and TripWired.
• Implement and manage intrusion detection and prevention platforms such as TripWire, Snort, and others.
• Reverse Engineering Malware analysis with REMnux Distribution and FireEye
• Toolkist such as Netexpose, NMAP, Metasploit, Kali distribution environment, FireEye, Nessus, DNS zone transfers, Nikto, Hydra, Ettercap, CryptCat, VNC,Remnux, Tails, Bokken, MalwareCrawler, Caprturebat, Procmon, Regshot, Exeinfo PE, CExe, and Obsidium.
• Untraditional Threat Modeling methodologies, grey to dark hacking perspectives.

Information Security Expert

Confidential, Tampa / St. Petersburg, FL Area

Responsibilities:

• Information Security Engineer support, implement security controls, policies, risk management, incident reports, change controls, disaster recovery, and software development security methodologies and controls.
• Performed auditing for SOX, EIPA, PCI-DSS, HIPAA, FFIE, and Penetration tests.
• Certified CISSP, CEH, Sec+, PCI-QSA, PCIP standard certifications.
• Expertise and utilization of tools such as Nessus, Netexpose, NMAP, Metasploit, Kali distribution environment, FireEye, Symantec, McAfee, Cisco (ASA, Routers, Switches), and Fortinet
• Performed Level 1 Merchant PCI assessments, for large corporate restaurants chain, health providers, banking, retail, and service providers.
• Fully bilingual English/Spanish.

Confidential

Information Security Auditor

Responsibilities:

• Performed Penetration test Network, and Web Application layers, based on PCI-DSS methodology standards.
• Assessments SDLC security control, methodologies, and change control policies, for Level 1 Merchant in the restaurant/food corporate retail industry.
• Determine how to approach remediation efforts; could be based on CVSS score, change impact risk, resource and system owner availability, or complexity of remediation.
• Determine remediation strategy and work with systems and applications owners on how to implement proposed changes.
• Document false positives and discuss efforts and approaches with external QSA
• Performed web based and network based vulnerabilities exploitations, for security controls technologies such as Cisco (SAS, Switches, Routers), Fortinet, Symantec AV, OS’s (Linux, MS, Unix), DB’s (Oracle, MSSQL, MySQL), NAC, DLP, IPS/IDS, SEIM, VPN, Application layer (Java, Jscript, IIS, Apache, Tomcat Webservices, etc..)
• Experience coordinating efforts across different stake holders and/or business units.
• Ability to interpret, communicate, and execute technical remediation tasks

Confidential

PCI-DSS Consultant contractor

Responsibilities:

• Experience in security assessment for end clients and experience in IT Audits or Information security consulting
• Knowledge and working experience on compliance/regulations/standards: PCI DSS, HIPAA, SOX, and FFIE
• Certification as Qualified Security Assessor (QSA) by the Payment Card Industry Security Standards Council (PCI SCC), CEH, CISSP, and Sec+.
• Strong ethics and understanding of ethics in business and information security
• Excellent oral and written communication skills
• Performed and documented Penetration tests (Network/Application), Internal/External Scans, and Social Engineering.
• Conduct detailed data security assessments including applications, servers, databases, and other network components and associated processes against the compliance, regulations and standards to identify areas of non-compliance
• Work as a team member on large assessment engagements.
• Perform security consultation projects to assist a wide variety of customers that accept and process payments,
• Create, implements, and enhance testing procedures and methodologies
• Implement PCI Security program, policies, security controls, and procedure.
• Analyzed present business process, IT Process, IT infrastructure, policies and procedures against security standards, and best security practices.
• Evaluate systems and environments to assess security exposures, risk analysis, incident response, and disaster recovery plans. Including POS systems, POI encryption systems, and Key Encryption management solutions.

Confidential

Tester contractor

Responsibilities:

• Strong ethics and understanding of ethics in business and information security
• Excellent oral and written communication skills
• Perfoemd Penetration tests (Network/Application), Internal/External Scans, and Social Engineering for PCI engagement Level 1 Merchant in the restaurant/food corporate retail industry.
• Strong organizational skills, senior security audit practices, Penetration tools Nessus, Metasploit, NMAP, Netexpose, and FireEye.
• Conduct detailed data security assessments including applications, servers, databases, and other network components and associated processes against the compliance, regulations and standards to identify areas of non-compliance.
• Work as a team member on large assessment engagements.
• Perform security consultation projects to assist a wide variety of customers that accept and process payments
• Help enhance testing procedures and methodologies
• Receive technical training in security testing and vulnerability analysis tools
• Evaluate systems and environments to assess security exposures, risk analysis, incident response, and disaster recovery plans.

Confidential, Coral Springs, FL

Information Security Consultant

Responsibilities:

• Experience in PCI assessment for end clients and experience in IT Audits or Information security consulting for all merchants levels on medical, restaurant, retail, telecommunications, banking/finance markets and service providers.
• Performed compliance/regulations/standards: PCI DSS, HIPAA, SOX, and FFIE.
• Certification as Qualified Security Assessor (QSA) by the Payment Card Industry Security Standards Council (PCI SCC)
• Strong ethics and understanding of ethics in business and information security
• Excellent oral and written communication skills
• Technical knowledge and understanding for audit of MS Windows and *NIX systems
• Strong organizational skills, senior security audit practices.
• Travel up to 75% for US and International customers
• Conduct detailed data security assessments including applications, servers, databases, and other network components and associated processes against the PCI DSS standards to identify areas of non-compliance.
• Work as a team member on large assessment engagements.
• Perform security consultation projects to assist a wide variety of customers that accept and process payments
• Help enhance testing procedures and methodologies
• Receive technical training in security testing and vulnerability analysis tools
• Evaluate systems and environments to assess security exposures
• Performed Information Security technical research and provide training services to customers
• Other security-related consulting projects that may be assigned according to skills
• Exposure to top experts in the payments field
• Ongoing professional development and training program

Confidential, Hagerstown, MD

Sr. Courion System Engineer

Responsibilities:

• Highly motivated Sr. Software Engineer who is an expert in performance testing and automation.
• Detail oriented with strong organizational skills and able to work independently on multiple tasks under minimal supervision.
• The able to focus on the entire software system under development, applying solid analytical and problem solving skills to develop creative and thorough tests. 5-9 years of experience in testing commercial, enterprise software
• Expert experience on technologies (Cisco(ASA,Routers,Switches), Apache, Tomcat, IOS, Android, Weblogic, IIS, .NET, iOS, SQL Server).
• Install, configured, and managed Courion Access Management Software modules, Password Reset, PMM, Account Courier, Password Courier, Access Account Suite, Role Courier, Compliance Courier, trigger, alarm, workflows, connectors, etc
• Strong skills in Software-based testing (including unit testing, automation, performance testing), using one or more of the following tools:
• Server virtualization
• MS SQL Server, Scripting in Perl, Python, C#, JavaScript, ASP / ASP.NET / ASP.NET AJAX, Power Shell 3.0, iOS software development.
• Implemented SQL SSIS for IAM Courion's environment. Write SQL related procedures (SSI's Pkg.) and instructions for the operations team.
• Configure Workflows for provisioning account and password resets, to complex AD Tree, using VBS, and Powershell (3.0).
• Experience working for a software vendor, Customer-facing experience either in engineering or technical support

Confidential, Sunrise, FL

Information Security Engineer

Responsibilities:

• Responsible for maintaining the IAM Security domain with an SQL & application infrastructure Courion's cloud environment. Monitor and optimize all application and database operations.§ Assist with customer implementations (database adds, migrations).
• Programming MS Visual Studio 2005/2008 C#/Java/VB/Java Scripts/VB Scripts/ Shell/Perl PowerShell 3.0 Scripting for software integration with system provisioning environments. Administration, monitor, and troubleshoot: Unix (AIX) / Windows Sever ( 2008 - 200 3) OS / clustering / AD IIS SQL clustering / mirroring / backup restore issues, IOS, Android, IIS, Apache, Tomcat, WebLogic.
• Install, configured, and managed Courion Access Management Software modules, Password Reset, PMM, Account Courier, Password Courier, Access Account Suite, Role Courier, Compliance Courier, trigger, alarm, workflows, connectors, etc
• Test SQL environment patches and (SSIS) service packs for delivery into Courion's cloud environment. Write SQL related procedures (SSI's Pkg.) and instructions for the operations team.

Confidential, Fort Lauderdale, FL

System Engineer

Responsibilities:

• Responsible for the build, architect, and install servers, network appliances, telecommunication and video equipments. Design, install, and configure server for different operating systems platforms and configurations.
• Install, configures and deploy MS Windows servers 2008, 2008R2 (32/64bit), MS SQL 2008, IIS, MS Windows Hyper-V, Linux Red Hat and CentOS.
• Configure, install, and deploy flash base appliance for video network equipment.
• Design video network, integration, conversion, and integration of different international standards of broadband and digital video technologies.
• Implement digital rich media solutions over IP multicast, unicast architecture. Implement, design, and install windows web services and WFC architecture.
• Prepare documentation, SOP's, infrastructure, network, and power consumption analysis.
• Configuration Control Support, ensuring configuration changes have been recorded, assessed, authorized, prioritized, planned, tested, implemented, documented and reviewed in a standardized controlled manner
• Configuration management and architecture designs for server's center rooms on different electrical global standards and hybrid video technologies for video interactive solutions.

Confidential, Hato Rey, PR

Sr. Systems Engineer

Responsibilities:

• Design network architecture (DMZ's) for project development, and integrate then with Bank infrastructure. Implement Firewall rules and configured ACL's for infrastructure department, and server vulnerability/penetration scans.
• Information Security Software developer audit and tester for Mobile application development project.
• Provide Software Development for ASG(Mobius) using shell/batch/Perl scripting, and technologies such as, XML, T&PL-SQL, Java ADF, J Dev, C++, Crystal Reports and .NET Visual Studio VB/C#/F#.
• Provided software development solutions, and for operations team in the financial market sector. Performed systems and database management analysis, an system configurations, on Microsoft, Cisco ASA/ NAC-Switches/UCS
• Project Management duties such as, project metrics, Project Time Line, Project Resources, Project Scope and Project Plan Documentation.
• Installed, integrated, configured, and support Apache, Tomcat, Weblogic, FOP, Enterprise Content Management software suites such as Alfresco, ASG Mobius, IBM OnDemand.
• Strategic security initiatives and develop security initiatives, emergency measures and security policies, with procedures..
• Implemented, integrated and maintained automated document management systems ASG/Mobius ViewDirect, DocumentDirect, IP Suite.
• Provided software development solutions, and for operations team in the financial market sector. Performed systems and database management analysis, an system configurations, on Microsoft, IBM MVS, and FreeBSD.
• Configuration Control Support, ensuring configuration changes have been recorded, assessed, authorized, prioritized, planned, tested, implemented, documented and reviewed in a standardized controlled manner
• Application development integration with hybrid technology such as mainframe, legacy telecomm appliances, MS Windows 2003/2008 Server, SAN (IBM, Hitachi, Centera), Crystal Reports, Active Directory, MS SQL 2005/2008 Servers, Virtual Box/VMware, ESX Virtual Center,, IBM Z Series, ASG Mobius ViewDirect/Document Direct, and Terminal Server.

Confidential, San Juan, PR

Systems Engineer / IT Consultant

Responsibilities:

• Responsible for the project management, supervise project team, ensure direction, coordination client & vendors executive & technical staff, ensure project compliance with FDIC information security, ITL standards and Banking compliances.
• Design network architecture (DMZ's) for project development, and integrate then with Bank infrastructure. Provide communication liaison between executive and technical teams.
• Software Development Life Cycle methodologies, software testing including mobile applications.
• Line, Project Resources, Project Scope and Project Plan Documentation.
• Implemented, integrated and maintained automated document management systems (ASG Mobius) using shell/batch/Perl scripting, and technologies such as, VXML, XML, ORACLE, Android, IOS, T-SQL, Crystal Reports and .NET. Provided software development solutions, and for operations team in the financial market sector.
• Performed systems and database management analysis, an system configurations, on Microsoft, IBM MVS, and FreeBSD.
• Application development integration with hybrid technology such as mainframe, legacy telecomm appliances, MS Windows 2003/2008 Server, GIS ESRI Server Administrator, Crystal Reports, Active Directory, MS SQL 2005/2008 Servers, Virtual Box/VMware, ESX Virtual Center,, IBM Z Series, ASG/Mobius ViewDirect/DocumentDirect/IP Suite, and Terminal Server.
• Implemented SNMP / TeMIP architecture solution utilizing, integrating proprietary traps, open source tools, and API's.

Confidential, Carolina, PR

Network Engineer/ IT Manager

Responsibilities:

• Manage all IT infrastructure, maintain operations support for all IT resources such as MS Windows Sever 2003, Domain Controller, Exchange Server, MS File server, Linux, Cisco ASA Firewalls/Router 1800, OSPF, BGP, DS3, T1, Frame Relay,VoIP Avaya IP4XX series and Voxeo-CTI/IVR, AdTran Total Access 9xx series.
• Database Administration for Oracle & Sybase SQL servers, and Phone management application on Access Database application.
• Execute on the flash information reports using Crytal Reports 11, T-SQL programming.
• Performed daily backup, PC support, and troubleshooting.
• Design, engineer, maintain, support and implement infrastructure for digital communications, securing, ensuring protection, hardening, performance and integrity for all systems.
• Maintain up to date patches, updates, technologies and strategies of data security and network technologies.

Confidential, Hato Rey, PR

Technical & Scientific Business Consultant

Responsibilities:

• Provide IT and technical consulting services to universities, small business, and corporations on the implemente new inventions to business applications.
• Compose Busines Plan, Marketing Studies, Market Penetration Analisys, Sale Projections, Financial Reports, and Development Stage Startegies.
• Research for funding for the development stage of inventions via federal government, or any other sources. Help to prepared package for convention financial institutions. Teach owners inventor the corporate world for to manage their new inventions. Project Management, for sciencetific and technical SBIR/STIR innovations projects. Provided definition for technical requirements, functional requirements, quality control, information security and confidentiality controls.

Confidential, Fort Shafter, HI

Systems/Network Administrator

Responsibilities:

• Provide system administration and technical help desk support to all the computer software, hardware, telephone, and video conference technologies.
• Administer, maintain, implement, configure, and troubleshoot technologies such as Microsoft 2003 Adv server, Siteminder, Active Directory, UNIX/Linux Servers Administration, Outlook server, IIS 6.0, Share Point, WUS(SUS), ArcGIS, ServerGIS, Blackberry MS, Oracle 8i/9i, Nortel IVR, Sun Sparc Unix, Linux RedHat, Sun One LDAP, SME, Check Point Firewalls, Norton Antivirus Server, PolyComm VTC, Blackberry Units, MS XP Pro, MS Office 2003, HP Printers, IBM Blade Center, Cisco, ASA/ CLI, Dell Servers/ Stations, LAN seven layers, DNS, TCP/IP, and many other commercial/ military applications.
• Working under minimum supervision, on a military secure environment, with secret clearance classification.

Confidential, Honolulu, HI

IT System Administrator / Net Eng

Responsibilities:

• Responsible for infrastructure support and information technology resources.
• Enhance and document standard operation procedures for the telecommunication and IT infrastructure.
• IT infrastructure Install and support Microsoft network infrastructure with operating systems such as MS Windows 2003/2000/ Servers, and Windows XP
• Troubleshoot and maintain Cisco ASA/Router/Switched for Ethernet networks running TCP/IP and NetBIOS protocols, LDAP.
• Provide support for Microsoft Domai, and Active Directory services and resources within the network
• Implanted, maintained, support application services such as MS Exchange, MS IIS 5.0, MS SQL 2000, Siteminder, Macromedia Cold Fusion Server, ServerGIS, Siteminder, WebLogic, XML, Linux Postfix Mail server, Nagio, Big Brother, and RRDTool network monitor applications. Install, tests, and troubleshoot hardware and software products MS Office, ArcGIS, and others.
• Writing specific production scripts using perl and ksh in a Solaris environment and modules using Java or Visual Basic.
• Development of applications that provide application control, monitoring, and conduct performance analysis of the DSL NMS platform.