We provide IT Staff Augmentation Services!

Senior Security/threat Intelligence Engineer Resume

2.00/5 (Submit Your Rating)

Austin, TX

SUMMARY

  • Detail - oriented, highly skilled, and multifaceted professional, offering more than 18 years of experience and skills in threat and vulnerability management, information security analysis, information security architecture, information security policy design, risk assessment, security incident response, and security solution implementation and administration.
  • Skilled at designing and implementing cyber security solutions for global petroleum, government and financial organizations that consistently reduce security costs while elevating the security status of the environment.
  • Accomplished history with working with various private, public, government, business and IT organizations in countries around the globe to facilitate security architecture in order to further enhance the security stance of the company.
  • Adept at security policies, developing solutions, assessing environments, and interpreting standards that constantly pass the security and regulatory audits.
  • Successful in initiating six separate security programs which passed all third-party audits and all established laws and regulations.
  • Comprehensive background in developing and implementing strategic technology and security road maps aligned with the needs of the business to deliver exceptional security and privacy solutions.
  • Knowledgeable of penetration testing, vulnerability assessment, threat hunting, and security program development.
  • Expert at implementing network security, SIEM tools, new concepts, identity management, new security technologies, securing cloud architecture, and new security controls as well as in developing innovative security controls and processes that meet business and executive requirements in order to protect information.

TECHNICAL SKILLS

Security Solutions: Nexpose | Metasploit | NitroSIEM/McAfee ESM | Fireeye | Nessus | Tipping Point | Splunk | Websense | Airwatch MDM | Arcsight | Cyberark | Cisco Umbrella |Open DNS| Cisco Firepower | RSA Envision Encase |RSA Netwitness | Beyond Trust | Logrythm |Alert Logic |Cylance | Prism | Sourcefire or FirePower IPS | Cisco Ironport | Barracuda Spam Devices | Data Loss Prevention (DLP) | Snort | Various NAC. IDS/IPS, HIDS, and SIEM solutions

Others: ICS | SCADA | Cisco network devices | SASS | Microsoft Windows | UNIX and Linux | SQL | Oracle | IIS | Apache | Python | NMap | ZMap |Masscan| Qualys | PKI Infrastructure and digital certificates | AWS | Azure | Bit 9 | Backtrack/Kali | McAfee | Symantec | Kaspersky | Lumension

Protocols: TCP/IP | UDP | HTTP | HTTPS | SSL | FTP | TFTP | Telnet | SNMP | ICMP | SSH | DNS | DHCP LDAP | WINS | NAT | SMTP | POP | IPSec | IMAP | SSL/IPSEC VPN | DNSSEC | iSCSI | PAT | NetBIOS | BACnet

PROFESSIONAL EXPERIENCE

Senior Security/Threat Intelligence Engineer

Confidential, Austin, TX

Responsibilities:

  • Responsible for developing the Threat Intelligence and Vulnerability Management program for the Confidential Federal Network. This included the risk assessment of vulnerabilities coupled with threat intelligence related to the Confidential Federal Network environment to proactively mitigate threats
  • Delivered guidance and implementation of the production FireEye, Nexpose, Metasploit and McAfee ESM environments that addressed deficiencies in the original implementation
  • Responsible for the administration of the FireEye, Nexpose, RSA Netwitness and McAfee ESM environment’s
  • Responsible for securing the tools and DFN environment by implementing NIST 800-171 and PCI compliance controls.
  • Contribute information from the FireEyes, Nexpose, and McAfee ESM for incident response purposes and participated in incident response activities and provide reports to upper management from those tools
  • Responsible for the day to day Threat and Vulnerability Management and Threat Intelligence activities
  • Administration and monitoring of the FireEye environment, which contained a CMS and 9 mail and web appliances.
  • Administration and monitoring of the Nexpose onsite/cloud, RSA Netwitness and McAfee ESM environment
  • Investigation and correlation of events in the environment for IOCs

Primary Global Threat and Vulnerability Engineer

Confidential

Responsibilities:

  • Developed, implemented and administered the Confidential Mobil Global and XTO Energy scanning environment/architecture and Threat and Vulnerability management programs for the internal, AWS, and Azure environments. Emphasis being on accurate information and metrics from internal and external vulnerability scanning and threat detection activities to lessen risk and that meets SOX and PCI compliance standards
  • Responsible for incident management of emerging threats by working with the XTO and Confidential organizations to facilitate remediation efforts through multiple team collaboration and provide feedback and timely updates to executive management on remediation efforts until completion. Review and improve vulnerability risk assessment processes
  • Provide cyber security guidance for vendor risk assessments as related to new and existing cyber security, infrastructure, and facilities products/services. This included vendor and internal cross-disciplinary team collaboration on proper cyber security controls that would be instituted in order to reduce risk to an appropriate level
  • Delivered guidance and implementation of a global Nexpose onsite/cloud scanning solution and Threat and Vulnerability management programs for Confidential and XTO which included threat modeling, vulnerability risk, and remediation prioritization
  • Design architecture for consoles, pooled scan engines, and deployment of new scan engines into separate security zones for Threat and Vulnerability Management activities
  • Create custom scan templates for AS/400, SCADA/ICS, and Telephony assets
  • Administer the XTO Nexpose onsite/cloud scanning environment that includes four consoles and 45 scan engines
  • Primary point of contact for incident response, investigation, and management requiring interaction with various internal organizations, managing remediation efforts, and reporting metrics to Confidential and XTO management.

Information Security Officer

Confidential, Irving, TX

Responsibilities:

  • Design a comprehensive information security program within the given $150,000 budget which involved both internal and advisor/customer security practices and solutions as well as assessment of information security risk in light of executive management's risk tolerance and advisor acceptance
  • Serve as the principal member of the Information Security Steering Committee as well as stakeholder of the Risk Oversight Committee
  • Function as the leading member of the Computer Incident Response Team (CIRT), in charge of investigating the internal and external incidents as well as rendering guidance and root cause analysis to executive leadership
  • Administer the review, validation, redirection, audit, and approval of information security infrastructure at three data centers
  • Organize and facilitate risk mitigation meetings between cross-disciplinary team collaboration as well as oversee and approve physical security systems and strategies at all H.D. Vest Facilities
  • Evaluate and approve security exceptions as well as monitor the environmental compliance with all the employed policies and the execution of due care audits and assessments of vendor contracts for information security concerns
  • Managed Security Operations Center (SOC) that consisted of 15 junior and senior level Information Security Professionals

Principal Cyber Security Engineer

Confidential

Responsibilities:

  • Oversaw the design, testing, and implementation of the cyber security solutions of the AIM physical security systems for 64 nuclear power plants across the Unites States as well as Strategic Reserve, Department of Defense, and Department of Energy sites. This required being responsible for the design, testing, documentation, and implementation of the secure network architecture for AR INC physical security systems, which ranged from $5 - 50 million dollars
  • Spearheaded the preliminary and ongoing sales meetings on how product provides appropriate levels of cyber security and comply with current regulations, while managing budgetary allowances related to each customer or facility
  • Carried out Threat and Vulnerability assessments and audits as well as completed fuzzing, internal vulnerability scans, penetration testing, and interpretation of results for the facilitation and auditing of remediation efforts as well as removal of vulnerabilities. SIEM event tuning led to a typical decrease in false positive alerts by 82%
  • Responsible for driving AR INC initiatives in Information/Operations Warfare, Electronic Warfare, Knowledge management/discovery, Cyber Security Systems Engineering & Integration, and Information Assurance
  • Founding member of the Cyber Security Stakeholders Committee, responsible for coordinating with the senior management regarding cyber security initiatives and insights about the emerging information security business sectors
  • Acted as the primary point of contact for forensic investigations and incident response for AR INC cyber security customers, which included provision of due diligence guidance relating to the incidents.
  • Served as an effective AR INC representative, responsible for meeting with a panel at Johns Hopkins in January 2011 to a group of more than 200 students and small business owners regarding information security

Operations Security Officer

Confidential

Responsibilities:

  • Developed and implemented the information and physical security controls for an environment that processes 750,000 credit report requests daily. These controls were built from the ISO 27002 standard and included installation and troubleshooting of the security tools in the environment such as a SIEM, File Integrity Monitoring, and central log aggregation.
  • Assured compliance with the business and security certifications, auditing requirements, and current state of security infrastructure in creating, implementing, and managing information security program and remediated the software development lifecycle for secure practices
  • Gave a weekly update to management regarding security vulnerabilities, emerging threats, as rendered recommendation on security control solutions within a $100,000 dollar budget that met business and compliance requirements
  • Established and led the Computer Incident Response Team (CIRT) in containing and resolving security incidents along with overseeing forensic investigations and providing root cause analysis conclusion reports to the management
  • Led the validation and testing of business continuity and disaster recovery plans

We'd love your feedback!