SUMMARY

• Seeking web application security, network security, or related InfoSec engineering opportunities.
• Nine years of professional InfoSec experience; seven in web app defense (blue team).
• Experience protecting real - world, complex full-stack web app deployments.
• Curiosity and drive to understand and help solve some of today's most vexing InfoSec challenges.
• Strong belief in maintaining a large toolbox of languages, frameworks, and applications to solve real world problems appropriately.
• Years of experience in foundational fields tangential to InfoSec; Systems Administration, Network Administration and Engineering.
• Certified Information Systems Security Professional (CISSP) since 2010.
• Values continuing education (continuous learning') to address a rapidly evolving threat landscape.

PROFESSIONAL EXPERIENCE

Information Security Engineer

Confidential, Phoenix, AZ

Responsibilities:

• Performed ISE role as subject matter expert on Web Application Firewall appliance (WAF, Imperva SecureSphere) as implemented in front of public, customer facing web applications and sites.
• Charged with developing, implementing, and maintaining web attack signatures for monitoring and blocking of existing, zero-day, vendor/public disclosure (CVE) vulnerabilities with web-vector attacks dat may impact teh organization.
• Tasked with routine review of web security events; assess for false-positives and confirmation of any exploits; provide intelligence and guidance to production support and developer teams to better protect web applications.
• Responsible for WAF operation, web app stand-up, implementation as well as any required troubleshooting and root-cause diagnosis when performance, operation, or security issues arise.
• Architecture support and custom software engineering of security and security reporting tools in order to augment WAF capabilities and better assist teams in teh analyzing and alerting of web security events.
• Knowledge ranging from at least familiarity to intimate understanding of all dat makes up a complex web stack; from backend databases, to J2EE web app frameworks and middleware, to web servers, proxies, commercial load balancers (F5) and indeed, web protocols and web clients themselves.

Environment:

• Regular expressions, Python +requests, JavaScript +jQuery, bash, cURL, openssl, Wireshark/tcpdump, HTTP, TLS/SSL
• Imperva SecureSphere WAF, Splunk queries +API, Tealeaf, RHEL, postgresql, sqlite, httpd, nginx, Chrome +DevTools, syslog
• Pcap analysis / packet and TLS/HTTP request/response dissection, web attack signature development, CVE and related research and analysis, fraud detection, web automation defense

Information Systems Security Engineer

Confidential, Boise, ID

Responsibilities:

• Responsible for architecture, implementation, and operation of inline WAF and IPS for public facing e-commerce website.
• Charged with protecting customers and corporations sensitive data from web attacks; leveraged expert noledge of web protocols to identify OWASP Top-10 and other web-vector risks in order to mitigate attacks.
• Helped implement PCI Data Security Standards with Level 2 Merchant requirements.
• Implemented and managed security appliances such as Imperva WAF, ArcSight SIEM, and custom solutions designed to block, log and alert on potential security issues.
• Implemented web apps on inline WAF, conducted internal web vulnerability scanning, managed IPS, and implemented countermeasures until such time dat web apps were fully patched or teh vulnerability was otherwise mitigated.
• Worked side-by-side with developers, infrastructure, and operations in an DevOps / Agile environment to research, recommend, implement, and manage complex security solutions.

Environment:

• F5 LTM/ASM +iRules, Imperva WAF, HP TippingPoint IPS, JunOS, Zabbix, syslog, git
• PHP, Oracle DB, regex, Python, bash, Debian (and derivatives) Linux, Rapid7 Nexpose / Metasploit
• PCI compliance, application scanning and remediation, review of web security events

Information Assurance Security Engineer

Confidential, Sierra Vista, AZ

Responsibilities:

• Conducted IA security assessments and certifications for teh Dept of teh Confidential . Duties included pen testing, discovery, and analysis of vulnerable / non-compliant systems in order to provide recommendations per DoD / DISA / NIST guidelines. Some tools used included Nmap +scripts, Nessus, AppScan, Acunetix, Qualys and others. dis was a cleared position, (DoD Secret).
• As a part of NOC team, responsible for IP space management and allocation, (DNS, DHCP), monitored network health, name service security, assisted in design and deployment of solutions, administered mixed environment servers and appliances; network traffic and application profiling. Some tools used include SolarWinds, HP OpenView, Cacti, Infoblox, BIND, RHEL, Apache httpd, C lang, Java, NetScout PM.

Network Engineer

Confidential, Tucson, AZ

Responsibilities:

• Implemented and managed network, servers, and services for hosted, custom developed online financial accounting product. Some technologies used include Cisco IOS / PIX fw, iptables/netfilter, Windows Server, Terminal Services, Exchange; SNMP, MRTG; desktop support, IPSec VPN, SSH; networking / server (hardware+software) provisioning, configuration and hardening.
• Administered mixed environment of servers, services, networking equipment, telecom, workstations, printers, cabling, and more. Duties included managing IP/ethernet routing and switching; Cisco IOS, Avaya BCM (PBX), MacOS, Solaris, Windows Server +Desktop; print & file services.