SUMMARY:

• I am a diverse IT professional blending 8 years of Cyber security with a fusion of other expertise spanning over 24 years in various corporate, small business and private sector environments. Using ingenuity, team collaboration and other resources at hand, I view each IT task as a chess match and enjoy a healthy challenge.

TECHNICAL SKILLS:

Effective in Python, C, Bash/Korn PHP, C, Yii, HTML, JavaScript and Python

In: depth understanding of vulnerability/exploit scanners including: SAINT and Rapid 7 Nexpose Suite

Experienced with web application security testing tools such as SAINT, OWASP ZAP and Burp Suite.

Comfortable with Cryptography to include Symmetric, Asymmetric encryption (PKI), Hashing, Ciphers and etc

Working knowledge of OWASP 2 web application security risks

Fully literate in various Linux (CentOS, Ubuntu, Red - hat, Fedora, Suse, Debian, FreeBSD, Solaris) and Microsoft distributions

Proficiency using MYSQL/Maria DB and POSTGres databases

Proactive research and tracking of the latest vulnerabilities, evolving exploits and techniques.

Development of vulnerability check signatures and remediation content for SAINT scanner

Literate in various network monitoring utilities including, CA Solar Winds, EtherApe, NETQOS, Application Advantage, Network Generals, tcpdump and Wireshark

Working knowledge of Imperva/Fastly WAF s, F5 ADC, FireEye IDS, Carbon Black Endpoint Security, ForcePoint Url Filtering, and Palo Alto NGFW

Literate using Thycotic Secret Server Premium Edition Password Management Suite

Comfortable with Containers to include LXC and Docker

Adept in various cloud environments including AWS, MS Azure and Google Cloud Platform

Proficient in various network technologies including WLAN,VOIP, VPN,Switching, Routing

Fluent in Spanish

PROFESSIONAL EXPERIENCE:

Total Wine and More Security Engineer

Confidential

• Re-design/upgrade existing Rapid7 Nexpose enterprise vulnerability scanner deployment in expanding its vulnerability scanning coverage touching all assets
• Writing comprehensive reports including assessment-based findings, outcomes and remediation direction in protecting company assets
• Reliant Linux Redbox firewall management overseeing 190+ Firewalls across all TWM stores throughout the USA
• Management of Mandiant Fireeye IDS’s (9450, 7400 and 4400) to include maintenance (FEOS upgrades) and monitoring security incidents (NX/IDS)
• Assistance in monitoring security events of Fastly WAF using open source Graylog passing security findings to the appropriate system owners
• Scrutinize Rackspace managed Imperva Secure Sphere WAF and Alert Logic IDS security incidents
• Management of Palo Alto M-300 VM next gen firewalls
• Design/architect security initiatives for each DevOP pipeline POC to include vendor assessments of SAST products: SonarCube, Veracode, Fortify, Checkmark. DAST: Rapid 7 AppSpider, IBM App Scan, HP Web Inspect, OWASP Zap and Burp Suite
• Management of the security Google Cloud Platform project to include compute engines for various tools such as Kali Linux, OWASP Zap and etc
• Monitor various security events in the MS Azure Security Center
• Participation in the evaluation of the Azure Advanced Threat Protection
• Feature testing of OWASP ZAP to include Docker ZAP API scanning (OPENAPI),Baseline and Python ZAP API client for POC
• Administration of Secret Server Password Management Vault residing in Ms Azure

SAINT Corporation Lead Product Support Engineer

• Comprehensive investigation of client vulnerability scanning internal/external assessments dissecting various scenarios using reports, log files, network traces, configuration files, network diagrams or duplication of the condition managing cases until resolved.
• In-depth analysis of client penetration testing scan outcome, post-exploitation and social engineer tools facilitating a better understanding of vulnerability existence, risk quantification and security posture against informational assets.
• Guidance in the configuration and usage of a diverse set of vulnerability/penetration/compliance/configuration policies, exploit tools and vulnerability-specific exploits.
• Assist QSA in SAINT’s ASV service work performing disputed results analysis of customer quarterly PCI scan data submitted via WebSAINT(SaaS) customer portal managing the client through the ASV attestation process
• Assist clients in remediation efforts providing guidance towards a resolution .
• Support SAINT’s ASV AOC service performing disputed results analysis of customer quarterly PCI scan data submitted via WebSAINT(SaaS) customer portal managing the client through the ASV attestation process.
• Responsible for assistance in configuration, installation and implementation of SAINT's security suite, SAINTCloud(SaaS) and turn-key appliances.
• Configuration assistance of product with IBM Qradar SIEM, Cisco ISE (Asset Quarantine) and Cisco Firesight (risk data correlation).
• Mentoring and training of newly hired engineers acclimating them with the entire SAINT product line and support procedures.

SAINT Corporation Lead QA/DevOPS Engineer

• Debian/Ubuntu LXC container image administration, creation and maintenance of build scripts for testing environment.
• Unit and regression testing of various aspects of SAINT unconventional Agile development/release cycle performing root cause analysis and documenting defects as needed in Redmine tracking system.
• Acceptance (Alpha and Beta) testing working in collaboration with prospected customers in meeting delivery requirements
• Smoke exploratory testing in identification and debugging of software defects
• Daily automated/manual pre-release/post-release application testing using Selenium WebDriver/IDE and standard installations.
• Daily REST API (HTTP, GET, POST, PUT & DELETE) functionality testing of entire product.
• Development of assorted testing/build scripts as needed using Selenium WebDriver/IDE written in Python and BASH.
• Assist DevOPs team in annual recertification of SAINT as an ASV (PCI Approved Scanning Vendor) overseeing scanning operation using various tools.
• Testing software on various distributions (Ubuntu, Debian, CentOS, Redhat, Fedora, SuSe, Kali, Mac) and virtual environments (VMWare Suite, Oracle VirtualBox) to ensure compatibility.
• Oversee backup operations of mission-critical Linux infrastructure, websites and various development servers using Linux shell scripts.
• Integration testing IBM Qradar SIEM, Cisco ISE (Asset Quarantine) and Cisco Firesight (risk data correlation) and Splunk.
• Mentoring and training of junior/newly hired QA engineers with companies QA process.

SAINT Corporation Lead Pre-Sales Engineer

• Designing, developing and delivering product presentations, demos and evaluations directed at current or prospective customers in Spanish/English.
• Providing pre-sales engineering assistance with design, configuration and implementation of the various SAINT products.
• Continuing post-sales engineering support and training on the core functionality of the product, establishing and cultivating ongoing business relationships with customers and business partners to facilitate additional business opportunities.
• Delivering recommendations on solutions on customer requirements that result in the closing of new sales.
• Reviewing reseller technical documents such as RFP's, RFI's and proposals recommending changes as needed for prospective customers.

SAINT Corporation Junior Developer/Vulnerability/Exploitation Research

• Regular integration of Microsoft Patch Tuesday vulnerability checks, CVE associations and tutorial content written in C/HTML submitted using CVS version control repository.
• Periodic 5 < CVSS score vulnerability research, engineering non-intrusive test methods and assimilation of checks into product.
• Proactive exploitation research, exploitation tool research and integration into product.
• Daily research on improving unauthenticated/authenticated testing methods bring greater value to our customerstion, Pending CSSLP