| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
St Paul, MNCell: PHONE NUMBER AVAILABLE EMAIL AVAILABLESkill SummaryTechnology audit, information security engineering 9 years of experienceCloud (Azure )-10 years of experienceCloud AWS- 4 years of experienceCybersecurity processes and concepts- 6 years of experienceAuditing, compliance, and/or risk management with Data Privacy laws, rules and regulations such as NIST, GDPR, SOX and PCI- 6 years of experienceSummaryOverall 10years+ of experience in security process framework implementation and assessment, I am a self-driven Information Security professional with a proven track record in Risk management, governance, compliance process development, and Security engineering. My expertise in Risk management, security engineering, and Threat Modeling, combined with my ability to collaborate across teams, makes me an ideal candidate for roles requiring strategic security initiatives and adherence to information protection frameworks.Areas of Expertise:Risk Management Professional GDPR Threat VisualizationSecurity Architecture Identity Management PCI EngineeringPASTA-NIST-ISO 27001 Tenable Data visualization professionalEnterprise Security SME Security Automation Cyber Security InvestigationsEDUCATION & CERTIFICATIONSA+ CertifiedMCP Microsoft Certified ProfessionalSQL CertifiedProfessional ExperienceClient-Mier IT solutions New Hope MNRole-Security ArchitectDuration-April-2023-Febuary 2024Developed threat models and diagrams to visualize potential attack vectors and inform risk mitigation strategies.Experienced in ingesting, processing, and storing diverse data types, including structured, semi-structured, and unstructured data, within a data lake environment.Perform threat modeling reviews throughout the software development lifecycle to ensure ongoing security improvements.Provide recommendations for security controls and countermeasures to address identified threats and mitigate risks effectively.Strong understanding of data governance principles and practices, including data quality management, security, privacy, and compliance within the context of data lakes.Communicate technical concepts and findings effectively to both technical and non-technical stakeholders.Participate in security architecture reviews and provide input on security design decisions.Contribute to the development and enhancement of threat modeling tools and frameworks to streamline the analysis process.Strong problem-solving skills in troubleshooting data lake issues, optimizing data workflows, and resolving performance bottlenecks to ensure reliable and efficient data operations.Successfully migrated legacy security posture to cloud-based Azure Security Center and Protection for States multi-cloud environments.Client-State Of Florida Fort LauderdaleRole-Security ArchitectDuration-Feb 2022- March 2023Led the creation of a multi-site vulnerability management program, enhancing business security initiatives.Implemented SOAR tools and tokenization technologies, improving security operations and governance documentation.Migrated Legacy security posture to cloud based Azure Security Center and Protection for States multi-cloud environments.Led process inquiries, walkthroughs, and procedure reviews to support the development of Policies and procedures.Assessed control language and business line procedures to ensure alignment with regulatory requirements and organizational objectives.Conducted control testing through observation and analysis of evidence to ensure compliance with cybersecurity processes and industry standards.Developed comprehensive test scripts covering validation activities for Cloud, Cyber Security, and Information Technology general controls.Proficient in utilizing the PASTA (Process for Attack Simulation and Threat Analysis) methodology for comprehensive threat modeling and risk assessment in information security.Facilitated test result discussions with business line management, identifying exceptions and recommending corrective actions.Client- Kaiser Permanente Colorado Springs ColRole- Security Automation Architect BiomedDuration-10-02-2021-1-1-2022Successfully completed IaC project using Terraform Ansible and Azure to improve infrastructure Efficiency.Identified and filled gaps in security automation, contributing to the development of smart AI based response scenarios.Facilitated test result discussions with business line management and risk partners, identifying exceptions and recommending corrective actions.Developed and implemented cybersecurity policies and procedures aligned with NIST CSF guidelines.Collaborated with Control Owners, Risk Analysts, and subject matter experts to define evidence and populations for testing.Selected test samples based on internal program methodology and documented rationale for sample selection.Implemented a comprehensive risk management framework aligned with ISO/IEC 27001 standards, enhancing organizational security.Client- Essentia Healthcare Duluth MNRole- Biomed Security ArchitectDuration-2/5/2021-7/08/2021Implemented a comprehensive vulnerability management program for IOT and medical devices.Collaborated with medical device vendors to mitigate risks and secure upgrades or replacements.Presented automation process improvement proposals to reduce the risk of control failure and enhance operational efficiency.Conducted peer reviews of completed testing to ensure accuracy and compliance with internal policies and industry regulations.Facilitated training sessions to raise awareness and promote adherence to ISO/IEC 27001 policies and procedures.Developed and maintained ISMS documentation in accordance with ISO/IEC 27001 standards.Led integration efforts between SaaS applications and existing software systems, facilitating seamless data flow and enhancing cross-functional collaboration across departments.Developed risk models and scenarios to simulate potential cyber incidents and estimate their financial impact.Led the integration of Secure SSO DUO with SML and CyberArk, fortifying security management.Client- Cygnus Corporate (Remote) Bloomington MNRole- Security ArchitectDuration-10-2-2019-5-20-2020Matured corporate security posture through the implementation of Beyond Trust and CyberArk.Led the integration of Secure SSO DUO with SML and CyberArk, enhancing security management.Conducted comprehensive assessments using NIST CSF core functions to identify gaps and prioritize improvements.Regularly reviewed and updated security controls based on evolving NIST CSF recommendations and industry best practices.Spearheaded SaaS software maintenance and Security update processes, ensuring optimal performance and compliance while minimizing downtime and operational disruptions for end-users.Documented testing results in Archer platform, maintaining comprehensive records for audit and compliance purposes.Selected test samples based on internal program methodology and documented rationale for sample selection.Led process inquiries, walkthroughs, and procedure reviews to support the development of QA test work papers.Conducted comprehensive assessments using NIST CSF core functions, identifying gaps and prioritizing improvements.Developed and deployed infrastructure into Microsoft Azure and AWS, optimizing operational efficiency.Researched and recommended security-related tools and controls, aligning with business needs and compliance requirements.Client-Bluestem Eden Prairie MNDuration-8-21-2018-CurrentSecurity ArchitectLead day to day activities securing critical parts of business infrastructure PCI,RH-ISAC, ISO 27001Worked day to day agent-upgrade issues involving insight scanners in AWS and on premisesLead regular information security assessments and vulnerability scans to meet regulatory requirements and maintain a strong security posture using Rapid7 Insight VM and Tenable products.Assisted in the development and deployment of our Infrastructure into Microsoft Azure and AWS.Researched and recommended security related tools and controls to align with business needs (Mimecast)Troubleshooting issues with missed heartbeats, FIM, duplicate guid issues within LogRhythmLed cross-functional teams in aligning security initiatives with NIST CSF framework to achieve compliance objectives.Creating Alerts, Dashboards, and maintaining 13 months of historical log data across multiple business.Lead investigations into possible breach or compromise situations with LogRhythm and SplunkCreated Smart responses and automation tools to deal with continuing changing environment. (Worker Nodes) Citrix VDI.Worked day to day investigations of alerts in Azure security center.Worked to secure CD/CI agile environment adjusting to constantly changing directives and company vision.Updates job knowledge by participating in educational opportunities reading professional publications maintaining personal networks and participating in professional organizations.Used tools like umbrella to visualize VPN activity and security posture across businesses.Collaborated with stakeholders to ensure alignment of security initiatives with CIS Controls best practices.Experience with Continuous integration and Continuous Delivery (CI/CD) practices, GIT code Repository, Jenkins AutAutomated Kubernetes DeploymentsClient-Best Buy Corporate Head Quarters Edina MNDuration-6/17 8/17Role-Security EngineerEnsures authorized access by investigating improper access; revoking access; reporting violations; monitoring information requests by new programming; recommending improvements.Architect/Design a new SSO infrastructure for external access using the Ping Identity components.Experience in both SAML based and Agent Based configurations in PingFederate.Experienced in defining application scopes and objectives, and identifying critical assets for analysis.Establishes system controls by developing framework for controls and levels of access recommending improvements.Performs vulnerability testing, risk analyses, and security assessments Investigates intrusion incidents, conducts forensic investigations and mounts incident responses.Delivers technical reports and formal papers on test findings.Responsible for analyzing the information security environment and assisting with the development of security measures to safeguard information against accidental or unauthorized modification, destruction, or disclosure.Creating polices and play books for security posture.Created and maintained ISMS documentation in accordance with ISO/IEC 27001 standards, ensuring adherence to policies.Client-Mier IT Solutions New Hope MNDuration-12/16 5/17Role-Security SMEInterpreted ISO 9001 controls and reviewed SLA agreements with vendors and recommended changes in policy or procedures to managementConduct related security assessments and recommendations using frameworks such as CIS, NIST, ISO27001, PCI/DSS and similar privacy and security frameworks.Consulted on various projects and initiatives regarding security best practices, risk mitigation, compliance obligation, and policy or process implementation.Proficient in decomposing applications into smaller components to identify vulnerabilities and potential attack vectors.Mentored Staff and partners on Security best practices and policy and approach.Implemented tools like Aegis and NetIQ IDM to control privileged access to critical systems and PIM Data and to automate operational process to protect from potential RisksConducted risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and mitigation needs.PCI/DSS scanning and remediation.Define vision and roadmap to clients security needs and design solutions that fit clients needsWeb applications penetration testingSkilled in creating architectural profiles to delineate system components, data flows, and trust boundariesClient-Entrust Datacard Chanhassen MNDuration-12/15 9/16Role-Sr. Security Integration EngineerResearched and recommended security solutions to various financial institutions across the United StatesEvaluated service providers and payment applications for their AOC, AOV, and implementation guides, tokenization, and their service providers.Creating risk assessment reports to minimize exposure and researched tools/solutions.Prepared researched tools and systems for presentations to potential clients.Conduct comprehensive system security evaluations, audits and reviews. Providing reports and recommendations on the hardening of endpoints on the network and tool research.Developed and recommended appropriate mitigation countermeasures to aid in preventing intrusions in information systems.Hands-on experience in full lifecycle of ISO27001 framework, SOC2 Audit and remediationUsed tools like CloudNeeti to maintain compliance for cloud-based SaaS Cardwizard and Key management instance.Created forms to On-board companies, On-board external/tertiary users profile using PingFederate 8.0.3Executes the PCI Data Security Standards PCI assessments for all controls, including communication of key milestones, gap remediation consulting/tracking, and guidance on compensating controls.Worked on multi-factor Authentication integrations like RSA PingID and Yubikey and engaging in the usage of other protocols like OAuth.Set up Pingaccess to backend apps to work alongside PingFederate for seamless integration.Used tools like rapid7 insight VM for vulnerability scanning.Client-Accenture Minneapolis MNDuration-4/15 10/15Role-Security DEVOPSWorked in Agile and Waterfall Methodologies supporting large Java/J2EEDeveloped and recommended appropriate mitigation countermeasures to aid in preventing intrusions in information systems.Conducts systems security evaluations, audits, and proof of concepts.Reviewed system security plans and assessed security events to determine business impact and implements corrective actions to ensure the addition of information security/information assurance policies, principles, and practices in the execution of IT services under TOGAF controls.Identified the existing services that need redesign to make them part of SOA/ESB service layerExperience in setting up SSO Environment for PingFederate, and Ping Access. [PF as Auth server and PA as Resource server protecting API]Supported RSA integrations and configurations and daily operations like adding user disabling user token assignment.knowledge in WebSphere Service Registry and Repository for manipulating the data like storing and managing.Schwans Client Marshal MNDuration-1/15 4/15Role-Sr. Security EngineerManaged pen-testing team performing vulnerability assessments and working with the Security Operations Center to identify gaps in security processes as well as vulnerabilities within the infrastructure.Migrated Ping federation from 7.1.3 to 7.2, major challenge was to update the standard templates and styles used by Client.Identified systems and categorize its C.I.A using FIPS 199 and NIST SP 800-60.Operation of SPLUNK ES including the creation of correlation, notables and alerting rulesHands on Experience in Service Oriented Architecture (SOA)Implemented SSO using PingFederate 6.0.3 and PingFederate 7.1 R3 for many vendors' hosted applications.Provided POC for NetIQ IDM, App Manager and AegisUsed tools like RSA Archer, Tenable Security Center to monitor compliance.Integrated with third party application using SAML 2.0 protocol, OAuth and managed both IDP and SP connections using PingFederate.Client-UnitedHealth Group Maple Grove MNDuration-1/14 12/14Role-Security Engineer/Project ManagerImplement design and configure Elastic Search and Splunk as needed for government agencies. And internal business units.Designed and implemented Elastic search instance for local and remote Government clientsthroughout the US.Review and fine-tuned current security processes as directed.Worked to process interpret CVE alerts pertaining to DSS PCI compliance.Client-Northrup Grumman Eagan MNDuration-2/14 9/14Role-Security EngineerDesign custom TAs for Splunk log file correlation with PCI-DSS compliance constraints.Used tools like nexus retina and system center in real-time for compliance baseline.Used regex tools for parsing log files into Splunk.Implemented Elastic Search for integration with Hadoop and SplunkUtilized IDS alerts and host system logs to identify, analyze, and report events that occurred within the network.Hands on Experience in Jboss and WebSphere Monitoring and hardening.Client-Target Corporation Minneapolis MNDuration-10/13 5/14Role-Security EngineerScanning Code with QualysUse of tools, such as Splunk and NetIQ app manager for application and data analysisUpgraded Cisco Catalyst to Juniper switches as needed for upgrade projectImplemented procedure to regularly update network devices with updates from vulnerability assortments.Client-DRC Data Recognition Corporation Plymouth MNDuration- 1/13 9/13Role-Security Engineer/Data Public Trust ClearanceDeveloped security Standards for Company with multi control constraints ISO 27001, Nist and Diacap/Fisma.Implemented Scanning procedures using Retina- Nessus and Ip360.Performed DoD Information Assurance Certification and Accreditation Process (DIACAP) of mission critical systems as well as support vulnerability scans of enterprise to ensure compliance of IAVA and security configurations.Updated from RSA DLP To Archer Lead team of three from proof of concept to production coming in 23% under budget.Collaborated and teamed with a wide variety of stakeholders and partners and U.S. Government agencies to detect and prevent adversarial activity within DoD networks.Developed and recommended appropriate mitigation countermeasures to aid in preventing intrusions in information systems.Set up new office construction with technology needs.Set up servers using WDS to push out desktops as needed.Packaged applications as needed.Set up and configured VPN for remote use for management. |
