Accomplished Application Solution/Security Management with in - depth experience designing and managing critical applications, systems and teams in the financial and manufacturing industries. My Strengths include data and risk management, strategic planning, process re-engineering and improvement, change and performance management, and critical infrastructure design, development and implementation. Outstanding ability to tackle difficult, vaguely stated problems and create solutions that in corporate measurable process improvement.
- Technology Architecture, Implementation and Operations
- Innovative Solutions - Technology and Process
- Cloud Security on Virtualization , Containers , CI & CD
- DevOps via Agile Methodologies & Automation Tools
- Change Management - Organization and Technical
- Identity and Access Management
- Business Process Analysis and Mapping
- Managed File Transfer ( MFT ) Design and Deployment
- Disaster Recovery Planning & Execution
- Firewall and Network Management
- Process Re-engineering and Improvement
- Digital Brand and Intellectual Property Management
- Project management - Planning and Delivery
- Vendor Negotiations and Partnerships
- High Performance Computing ( HPC ) Management
- Technical Product Support, Documentation,
Confidential, New York, NY
Enterprise Security Solution Architect, VP - Enterprise Technology & Risk
- Managed endpoint security engineering team and being responsible for overall team leadership, negotiating annual retainers, profit margin, resource management, management of project managers, quality of service, and ensuring work meets agency standards and client objectives. Work with global colleagues to provide globally consistent processes and solutions.
- Strong infrastructure security skills including IDS/IPS, firewall, SIEM, server and OS hardening, malware detection, physical security, transport and at-rest encryption on file systems, DB, and other data persistence mechanisms. Knowledge of supporting technology, tools and controls such as Symantec SEP/ATP/DCS/SEE/DLP, Symantec Cloud Security, Tanium, Avecto, FireEye Endpoint Security, Encase etc.
- Represent the teams and contribute to the firm’s Defense in Depth project; focusing on Host Controls capabilities required for Ring Architect implementation to avoid, detect, mitigate or minimize security risks or impacts to the corresponding assets.
- Participate in deep architectural buildout to ensure solutions are designed for successful deployment, security, cost effectiveness and high availability in the Cloud Initiative and Defense in Depth projects.
- Work with BUs and Design Authorities to determine the needs in the area of cyber risk predictive analytics for Host Controls, Cyber Analytics, Digital Forensics and Data Protection, develop business cases to allow the executives to in corporate in the area of Predictive Analytics into the firm’s Security Strategies. Work with business partners, design authority and SMEs to determine how predictive analytics can be integrated into their products and solve their business problems.
- Contribute to and support the Corporate Enterprise Cloud strategy, standards and best practices associated with all aspects Cloud offerings; mainly focusing on Compute Security Controls capabilities required for Cloud Enablement on both hybrid IaaS and O365.
- Collaborate and support engineers, architects, and teams in implementing a comprehensive cloud and application security program with a focus on DevOps and Cloud environments. Leverage DevOps tools to build, harden, maintain and instrument a comprehensive cloud-based security orchestration platform to be consumed in product CI/CD pipelines. Engineer and Architect automated security and compliance services which support DevOps processes and other Cloud environments.
- Be the go to person for the endpoint security controls capabilities in cloud architecture and ensure that all cloud solutions follow security and compliance controls. Engineer and provide guidance, and direction in the design, develop and implement automated solutions, based on a set of standards and processes.
- Review and write code, which are used to support infrastructure as code, work with mutable and immutable environments, and build the supporting automated toolsets necessary to support the secure continuous delivery pipeline.
- Experience in documenting security controls for DevOps and Cloud environments using industry standard guidelines such as Center for Internet Security (CIS), Cloud Security Alliance (CSA) in conjunction with business requirements.
- Experience implementing PCI, ISO, NIST, NIST CSF, CCM, MITRE ATT&CK, and CIS / SAN Critical Controls.
- Integrate security practices across the continuous delivery pipeline to provide a comprehensive automated cloud and application security solution from the epic definition, development, test and deploy of CB applications within our data center and Amazon.
- Create and maintain of DevOps and Cloud security standards by creating templates and patterns for ease of use and increase the productivity of the security program
- Knowledge of current and emerging DevOps and Cloud security trends & working knowledge of AWS or Azure Cloud technologies, Active Directory, Authentication/Authorization protocols, SSO technologies, build automation and CI/CD pipelines.
- Plan, organize, and control multiple responsibilities to achieve project objectives; technically guide projects through to completion. Ensure deliverables are completed within target timeframes and are consistently of high-quality.
- Have an in-depth architectural understanding of AWS/Azure/GCP and are familiar with cloud native design patterns and DevOps principles (Infrastructure as Code).
- Maintain security infrastructure, providing stability by following and using the tools, policies, processes and procedures available. Identifying and documenting the key drivers for changes to baseline data protection strategy, including business nvironment/needs, threats, and operational efficiency/usability issues.
- Develop proposals specifying the products, the IT resources required, and the architecture and the level of effort required to implement he proposed solution.
- Active participation the firm’s innovation project on Machines learning and Cloud initiatives; support the ideation, technical development, and launch of innovative product.
- Partner with development and operations teams to develop practical automation solutions and custom modules. Troubleshoot automation issues and find practical solutions that move projects forward in a timely manner.
Confidential, New York, NY
Senior Security Engineer, AVP - Cyber Security Unit, Information Security
- Designing, engineering, planning, implementing, and 24x7x365 supporting security solutions globally. Manage multiple projects and infrastructure across platforms such as networks, firewalls, proxies, DLPs, and/or other security technologies.
- Provide in-depth technical expertise of authentication methods and technologies with a primary focus on MFA (multi-factor authentication), Identity Federation, SSO, RBAC, segregation of duties solutions & Active Directory/LDAP integration.
- Provide technical input in development of Authentication and Authorization standards and processes; assist with the development of methodologies to resolve key management issues that arise from the use of public and/or private encryption techniques.
- Design, implement and support a centralized authentication security system; recommend and implement best practices for operational monitoring and capacity planning of all secure authentication systems and products.
- Working with clients to develop Identity and Access Management strategies, architectures, and implementation plans.
- Design, Implementation and support RSA Business Continuity Management (BCM) by providing an automated approach to business continuity and disaster recovery planning.
- Designing, re-engineering, planning, implementing Cisco Secure ACS migration from 4.X to 5.X; Support the application and support TACACS+ and RADIUS use cases.
- Defined data categorization standard to be used on the DLP project; generate expressive business cases of data leakage, malicious attack, and security violations for correlation rules and alerts; demonstration why the DLP + data categorization will help to address the issues and to lower the potential business impact.
- Provides and integrates subject matter expertise in the monitoring of health, performance, logging, and capacity for currently supported firewall (i.e. Fortinet, Juniper Netscreen, and Juniper SRX, Checkpoint), IPS and WAF (i.e. FortiWeb) technologies as well as quickly learn any new firewall/IDS technology introduced into the firm.
- Working with Infrastructure Risk Management team to research the current cyber attacker exploits, identities, and method and to use that intelligence to know the unknown and to prepare our environment being able to handle any emerging threat and to mitigate the risk to the firm’s acceptable level in a timely fashion.
- Develop, implement and maintain enterprise-wide security strategy and improve information security posture; Ensure information technology compliance with all industry, federal, and company policies; Research, evaluate, recommend, and plan implementation of software or hardware devices that will yield a stronger company security posture; Oversee patch management procedures to include routine security patches, Malware, and Antivirus solutions.
- Designed and built the CSU management portal to allow for monitoring the operation on a continuous basis by gathering selective monitoring evidences (such as who, when, from where, to where, frequency and what) through customized agent or scripts on system reliability while normal processing takes place. The implementation provided a method to continuously monitor benchmark and improve the IT control environment and control framework to meet organization objectives. The raw data (logs and other security-related data) also sent to the firm’s Security Incident and Event Monitoring (SIEM) systems for analysis.
- Provide technical authority and documentation of technical and operational procedures, and guidance to peers and the operation support. Documents engineering standards and makes recommendations to key leadership for all network security capabilities.
- Initiates new or revised departmental procedures, programs and initiatives. Works closely with peers and the operation support to identify gaps in, and provide s as necessary.
- Actively participate in the day-to-day technical tasks as well as participate in the monthly on-call rotation.
- Manage, develop, and evaluate performance, coach and mentor, and provide career development guidance for staff.
- Provides recommendations on architectural changes and design enhancements to the infrastructure to improve reliably and performance, reduce cost, and anticipate company growth and new initiatives.
Confidential, Mount Laurel, NJ
Data Warehousing Infrastructure Engineer
- Lead the development and implementation of the migration strategy and convert the existing hundreds source data-feeds / workflows to TD’s strategy TIBCO MFT solution; complete the migration project in the pre-approved windows and minimized the potential production impacts and managed the mitigated risk to an acceptable level over the whole project lifecycle.
- Work as part of a team assessing the data security and compliance of Basel/Lending data warehouse against a variety of regulatory standards including Basel II/III, PCI-DSS, Canadian and U.S. regulatory requirements, and industry standards regarding operational risk management.
- Serve as the technical lead to coordinate the system administration, change management, and configuration management of two large data warehouse environments and ensure compliance with corporate policies (i.e. change management, IT security standards, release management, incident management). The data warehouse environments are comprised of over 80 servers running Windows, HP-UX, and SUSE Linux, and Oracle. Responsibilities include planning and coordinating of changes implemented into the various environments from development and test through DR and production; prepare and implement the necessary information security policies, standards, procedures and guidelines as well as efforts to promote awareness to all stakeholders.
- Write and document all support and design specifications with various infrastructure support teams including system administrators, DBAs, SAN and networking teams to build, upgrade, maintain and support multiple data warehouse environments.
- Oversight of global team activities to ensure operating procedures compliance for scheduled tasks to ensure a crosscheck of duties.
Confidential, East Hanover, NJ
Application Service Manager (Modeling & Simulation) HPC (Consultant)
- Performed security-auditing assessment against supported environment and applications to ensure system operations adhere to applicable FDA GxP and FDA 21 CFR Part 11 compliance regulations; oversee the performance of periodic risk assessments that identify current and future security vulnerabilities, determine the level of risk that management has current accepted, and identify the nest ways to reduce information security risks.
- Supported business liaison to ensure solutions and resolutions are aligned with business objectives and to maintain customer expectations by adhering to agreed priorities. Monitor service quality and put proactive measures in place to improve it.
- Partner with business users to develop and execute effective and ongoing process to document all company processes and changes to processes as needed.
- Performed internal application security assessments as assigned; monitored for compliance with regulatory agency requirements.
- Oversees the day-to-day operations and assures that all assigned tasks in compliance with Confidential SOP's and applicable regulatory guidelines; Maintained Standard Operating Procedures (SOPs) and work instructions for day-to-day procedures so that operation functions can be efficiently and effectively executed.
- Acted as Application Manager, supporting IT projects maintenance activities for the Modeling & Simulation global line function. Actively identify incidents and as necessary manage the incident resolution process to provide service recovery and manage client communications and expectations in respect to incident resolution; Supported application life cycle management of existing applications and executing projects sponsored by the business line functions.
- Recommended application changes to system owner due to technical/technology reasons. Ensured that application specific information/data is always up to date and ensure that technical problems are resolved in a timely (SLA) and cost-effective manner.
Confidential, Jersey City, NJ
VP of Technology Infrastructure, Critical Infrastructure Engineering
- Provided managers and staffs with high-level strategic direction and a clear understanding of objectives and goals and recommended preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy; performed and created procedures for system security audits, penetration-tests, and vulnerability assessments; and managed process and acted in the lead role for computer security incident response team.
- Analyze, design, and implement security strategies that describe controls, organization, and infrastructure to manage information security-related concerns. Led security architect implementation; collaborate with engineering teams to drive the product roadmaps for security tools, by providing security requirements that help to map security controls / patterns to product features.
- Worked with multiple project teams, providing guidance and direction to various technical teams involving infrastructure items such as network and operating systems. Assessed threats, risks, and vulnerabilities from emerging security issues and provide technical leadership to the group for the security enhancement.
- Led and executed all phases of software application projects (analysis, design, programming, deployment, and documentation) including resolving issues and ensuring successful deployment, and acted as a technical resource to other team members for difficult architecture and development problems.
- Collected client requirements, defined project specifications, outlined the project scope, managed resources, developed project plans and stayed within budget and predetermined time frames.
- Experienced for budget, project plans, managing resources and full lifecycle of System Development Life-Cycle (SDLC) management utilizing the DMAIC process. Adopted the firm’s new project and portfolio management tool Clarity to provide management the ability to demonstrate business value and manage costs across the broader organization.
- Partner with program managers to develop plans with timelines related to improving processes as needed including the potential use of systems and automation. Ensure that process improvements are not just looking at today’s needs but the future as well in our growing company.
- Proficient in OOAD (Object-Oriented Analysis and Design), SDLC (Software Development Life Cycle), Agile software development, Secure Architecture design, Business Analysis practices, and TOGAF 9 and ITIL v3 Framework.
- Drove the firm’s managed file transfer (MFT) strategy by adhering to internal/external guidelines, policies, procedures, specifications, and regulatory requirements. Worked with senior management and project stockholders to define common set of best practices and policies and assisted management with identifying and resolving regulatory issues both within the business unit and across multiple units.
- Ran the firm’s digital brand management service for brand and domain portfolio management and domain name security to eliminate confusing and fraudulent use of digital brand and to protect brand equity, web traffic, revenue, reputation from unauthorized channels, counterfeit and other online threats.
- Worked with software vendors, and consultants to discuss details of assigned programming tasks and project future direction.
- Achieved hosting capacity and planned roadmaps for a 5-year hosting expansion plan. Accomplished use-case planning, managed implementation, executed on boarding flow and developed marketing strategies to support product launches; evaluated, compared and effected risk management, service level, strategic planning, BCP, QA/QC and issue documentation and resolution; and concluded audit/vulnerability reviews, fulfilled remedial action plans, implemented controls, and achieved risk mitigation progress for all supported product suites.
- Assisted regulatory, auditors and business unit management with regulatory exams and inquiries for all supported applications.
- Participated incidents review meetings by identifying root cause of the incidents, determining an approved solution/workaround, applying the resolution and monitoring of the resolution process. In addition, maintained incident management records, progress open incident management reviews and their associated actions and analysis of issues for future process improvement.
- Created and delivered customized to operations based on performance metrics and competencies. Ensure that all operational risk and control issues/gaps are clearly documented; develop and implement remediation plans to mitigate the risk.
- Initiated, designed, vendor evaluation and implemented the next generation of GS Managed File Transfer (MFT) solution. The new platform reduced data exchange security risks and management burden by replacing disparate and expensive legacy mechanisms such as leased lines or VPN tunnels with Internet connection, automated and streamline applications and processes requiring secure file transfer across trading partner community, and provided better reporting tools to provide transaction transparency and completeness to allow data flow fully integrated with business workflow. The application is mainly based on the commercial off the shelf (COTS) vendor solutions, Axway Secure Transport, with heavy GS customization code.
- The MFT solution provide a way to securely distributing data by protecting data at rest via encryption and data in motion via use secure protocols (such as SFTP, FTPS and HTTPS) for the transfer; the implementation has been widely adopted by the firm used to prevent individual business units storing the sensitive data on some kind of media (i.e. USB or portable devices) and transporting it out of the company or sending it by E-Mail, web, IM, P2P to the outside to fulfill the firm’s Data Loss Prevention (DLP) policy. Additionally, the Symantec Antivirus (SAV) suite has been fully integrated with all inbound and outbound workflows to provide on-demand scanning and server protection.
- Developed real-time security application to stop serious distributed denial of service (DDoS) attack against the Internet facing access points. The program monitors the access gateway for suspicious activity and reacts appropriately to aggressive attackers by blocking their access via various firewalling tools such as iptables.
- Re-engineering the firm’s Autoproxy infrastructure for the Web Security Enhancement project. The main tasks are securing IPS/IDS implementation in virtualized network, prevent DMZ U-Tune traffic by implemented the dynamic network mapping, simplified the autoproxy script for operation, and supporting regional Autoproxy instance to eliminate the single point of failure (SPF). The solution has been rollout to the heterogeneous computing systems (on both *NIX and Windows platforms) globally.
- Served as the technical lead to project firm’s web proxy auto-config (PAC) application design and development, product delivery and interfacing with practice management applications. The solution allowed the firm monitors network traffics for suspicious activity and takes appropriate action against the cyber criminal such as circumventing DNS pinning for XSS or other threads. New design fully integrated with Bluecoat BCAAA agents to provide Single Sign On (SSO) on the ProxySG.
- Acted as DMZ subject matter expert (SME) developing the governance, technical leadership and direction necessary for the design and implementation of infrastructure, including industry best practices; Participated the DMZ application design reviews, peer code reviews and software acceptance test activities on weekly basis to ensure quality of deliverables.
- Responsible for managing CIE projects’ BCP activities including design of business continuity program, design of BCP framework, BCP project management, drafting emergency response procedures and crisis management plans; Conducted Internal BCP audits to ensure compliance to the firm’s BCP policies and procedures; facilitated a site failure disaster recovery exercise for supported mission critical infrastructure and core services.
- Acted as the subject matter expert (SME) input on the security aspects for the architecture design activities on Cloakware Credential Vault and Kerberos enhancement projects. This included unifying framework and reusable services that implement policy, standards, and risk management decisions to build confidentiality, integrity, and availability services for the design.
- Performed the technology initiatives on GS Public Key Infrastructure (PKI) proof of concept (POC) and rollout to production. The implementation is mainly based on Microsoft Windows Server 2003 core technologies.
- Acted as the Tier-3 engineering support; worked with development/testing/operations teams to facilitate knowledge transfers and provided in-depth technical support in order to develop and deliver a high-quality solution in a timely fashion and ensured application has been implemented and evolved to meet today’s fast-paced and ever-changing business environment.
- Served as the team’s primary MySQL and Oracle DBA for optimizing database’s performance and troubleshooting.
Senior System Analyst
- Led the UNIX kernel team to achieve the Solaris 8/10 and Red Hat Enterprise Linux (RHEL 3/4/5) kernels hardening for both DMZ (secure) and non-DMZ (non-secure) OS releases by configuring operating system with minimal features enabled and remove unneeded services to ensure the hardened image complained with GS Platform Security Policy.
- Built and supported Solaris Jumpstart and Linux Kickstart infrastructure to automate Solaris and Linux operating system builds.
- Developed and maintained security architecture for IT infrastructure and developed technical requirements to assure security of company technology, including networks, operating systems, mobile technology, storage devices, middleware, and other infrastructure components. Also, drafted enterprise security standards and guidelines for system configuration.
- Created and documented standards for Solaris and Red Hat Enterprise Linux (RHEL) installs. This included base operating systems, system security, and system management utilities. Accomplished the road mapping the Unix environment to take advantage of current assets and future direction in attempt to keep down TCO and to achieve better resource utilization.
- Architected and built automated tools and technologies to deliver a robust self-service Linux server infrastructure for global deployment and defined standards and practices for Linux Native Multipathing and SAN performance enhancement strategies.
Senior System Analyst
- Led engineer responsible for system architecture, configuring, design and code reviews, task allocation, performance tuning, bug triage scheduling, and documenting application deployment strategy. The responsibilities included the infrastructure provision, control and support of the global web hosting infrastructure and 2nd / 3rd line support of the environment, including vendor support escalation, change management, incident management and problem management for all internet - facing ecommerce applications.
- Performed DMZ design and architect definitions (including complex rule NATing to accommodate multi armed DMZ’s) and plan the network security architecture to address processing and security requirements; Configured and supported Tripwire for the file integrity and program change detection facility monitoring the environment to assure system integrity.
- Performed proactive problem management to manage GS business critical real-time (Internet-facing) trading systems as the Tier-2 problem and change management support to analyze the activities and access logs to identify issues and potential problem areas and escalate to Tier-3 engineering support to address the issue and to mitigate the potential impact.
- Deployed and supported complex in-house & 3rd party applications and provided quality assurance with application owners and/or external 3rd party vendors to troubleshoot and resolve problems to meet the agreed SLA.
- Assisted in the development of access-controls, separation of duties, and roles; conducted technical risk evaluation of hardware, software, and installed systems and networks.
- Analyzed recovery strategies for Tier I applications in the DMZ, presented options and made recommendations to management for more cost-effective recovery strategies. Assisted in incident response and recommend corrective actions.
- Led the BCP/DR testing exercises for Tier I applications in the DMZ to validate testing objective, roadmap, plans and procedures.
- Achieved the full scale of penetration test against the Internet facing access points and finalized the DMZ vulnerabilities remediation project, a join venture between Engineering team, Information Security team and Symantec professional service team to address all identified vulnerabilities.
- Served design reviews, peer code reviews and software acceptance test activities to ensure quality of deliverables, set standards on deployment code, test functional specification, monitoring, logging, exception management, and other web hosting services.
- Worked with the central admin team and assisted in the maintenance and support of corporate directory (based on iPlanet/SunONE LDAP directory servers) solutions to the firm, both pre and post implementation. Provided analytical and technical guidance to the team and recommend and/or acts to direct the analysis and solutions required.
- Participated the Firmwide Data Center migration project and aligned DMZ application bundles to the appropriate migration strategy and executed the plan as intended.
- Acted as application architect for the Employee Remote Access project. The program is designed to allow employee access, via a standard web browser, to select office desktop functionality. It is a hardened network application that provides robust security by acting as an intermediary between external users and internal resources. The implementation is mainly based on Citrix Secure Gateway 1.14 (on the Unix platform), Citrix MetaFrame servers and thousands Microsoft Windows Terminal Servers.
Confidential, New York, NY
Security Officer / Senior System Analyst
- Defined company security policy based on business requirements and planed, set up and monitored corporate Internet/intranet Firewalls for daily monitoring and auditing to prevent threads.
- Consulted with stakeholders and senior management team to define business and system requirements for existing and new technology implementations and identify ways to consolidate existing business systems.
- Led the enterprise-wide design, and deployment of the firm’s next generation perimeter for Internet.
- Firewall farm creation and maintenance using Lucent Firewall BRICK.
- Standardized the UNIX system installation to minimize the human factors taking place and provided a reliable disaster recovery plan. Designed, set up and troubleshot 1000+ heterogeneous UNIX servers/workstations ( SUN, DG/UX, and SGI ) corporate-wide. These sites included most of domestic sites and some global offices i.e. London and Tokyo regions.
- Acted as the solution architect to design the new mission critical client/server system, an extended distributed computing model to allow quotes to be distributed between systems. A set of APIs has been defined to allow all existing application (both Unix and Windows) migration plans to be simplified with quick return of investment (ROI).
- Designed disaster recovery plans; service restoration plans and established technical recovery documents.
- Led in the evaluation, testing and installation of systems, services and technologies, which included prototyping hardware, software services, and testing alternative offerings and designs. Conducted an in-depth analysis of markets data systems and provided prototype for the development.