We provide IT Staff Augmentation Services!

Systems Technician Resume Profile

CaliforniA

SUMMARY: I am a motivated information security professional and researcher with over 10 years of professional security experience. Throughout my career, working in federal government, consulting and retail, I have gained experience with application security, security architecture design, vulnerability management, risk assessments and penetration testing. I am proficient in security frameworks and regulations as PCI, SOX, GLBA, HIPAA, COBIT and NIST. I am a motivated and passionate professional seeking an information security position with professional growth opportunities.

WORK EXPERIENCE:

confidential

  • Lead Penetration Tester of the National Incident Response Team
  • Active U.S. Government Security Clearance
  • Act as a national security subject matter expert t all 12 Federal Reserve Banks and the United States Treasury
  • Manage and conduct vulnerability assessments, penetration tests and risk assessments for the Federal Reserve System and United States Treasury
  • Manage all client-related aspects of engagements including communicating risks and solutions through presentations and reports
  • Create threat models and use them t develop plans for assessment and testing
  • Participate on various Federal Reserve System workgroups analyzing new technology risks and designing new security solutions
  • Present new security solutions t senior executives
  • Develop whitepapers regarding latest security topics and share findings with the team
  • Lead team members in vulnerability analysis, testing techniques, career paths and hiring
  • Identify and implement improvements t processes and methodologies

confidential

Application Security Consultant, Contract

  • Performed and managed GLBA, SOX, and PCI application risk assessments and penetration tests:
  • Assessed applications against compliance requirements, determined threat vectors and quantified risk
  • Performed manual testing for common vulnerabilities such as SQL Injections, Cross-Site Scripting and other OWASP top ten vulnerabilities
  • Assessed application design and architecture for potential security flaws Worked with development teams on proper remediation strategies
  • oProvided risk ratings and rolled up reports for upper management
  • Consulted on the strategic direction of application security within the enterprise:
  • Provided technical leadership and analysis t application owners t ensure security best practices and regulation compliance occur during design, development and
  • implementation stages
  • Created internal security service offering methodologies penetration testing, application security assessment
  • Determined best approach for embedding security int all phases of the SDLC
  • Created and maintained security policy and position papers:
  • Wrote document outlining secure coding guidelines and secure code inspection for developers
  • Proposed security solutions, advised developers on necessary steps t bring applications int compliance and resolved security audit findings
  • Wrote security design documents on technologies and their secure implementation encryption, web services

confidential

Information Security Technical Analyst

  • Performed application assessments, penetration tests and code reviews for pre and post production environments
  • Performed root cause analysis t correlate multiple technical vulnerabilities int non-technical, management terms
  • Tracked identified vulnerabilities t assure resolution
  • Developed and executed enterprise security controls IDS, ESM, Internet Filtering, and Vulnerability Management systems
  • Implemented application firewall and managed WAF rules for enterprise e-commerce applications
  • Assisted in annual PCI and SOX audits
  • Developed and implemented security checks t the software development life cycle
  • Developed secure coding awareness and practices through presentations and learning groups
  • Participated in system design reviews t ensure security
  • Administered and enforced corporate security policies and procedures based on COBIT and ITIL
  • Advised in security software and hardware evaluations and acquisitions
  • Implemented Tw Factor Authentication for corporate remote access
  • Implemented corporate PKI
  • Configured and managed inline spam filtering appliances
  • Implemented a load balanced, fully redundant internet proxy clusters that serve 1200 stores and 5000 corporate office users
  • Participated in Security Privacy board and Enterprise Architecture board

confidential

Information Systems Technician

  • Supported corporate network, hardware and software
  • Tested security patches before implementation
  • Provided incident response for security related events
  • Developed and secured corporate images
  • Projects: Participated in incident security response team, helped lock down corporate desktop with group policy and automated desktop build process

SYSTEMS PROFICIENCY:

  • Training/Certifications: A , ACSA, Visa PCI training, Senspost Ethical Hacking, Foundstone Web App. Security, Blackhat, Defcon, CanSecWest, SANS Advanced Exploit Development
  • Operating Systems: Windows, AIX, Solaris, Red Hat, Debian, Gentoo, OS X, iOS
  • Languages: C , Visual Basic, HTML, Java, Java Script, SQL, ASP.NET, PHP, Perl, Python
  • Software: Nessus, Nmap, Snort, Nikto, Netcat, Webinspect, AppScan, Burp, SQLmap, Nipper, Core Impact, Metasploit, Canvas, Kismet, Scapy, Hashcat, IDA Pro, WireShark, Ettercap, Ollydbg, Immunity Debugger

IACRB

  • Certified Expert Penetration Tester CEPT - 2008
  • Certified Application Security Specialist CASS - 2008

Hire Now