Profiles search
Details
Education:
b.s. computer science
Experience:
· Used Splunk queries to analyze logs post-penetration testing, identify vulnerabilities, injection attacks, and track log metrics.
· Integrated Splunk with WAFs, IDS, and other security tools to improve detection and response for web application security.
· Conducted security assessments using Burp Suite, identifying and mitigating SQL injection, XSS, CSRF, and other OWASP Top 10 risks.
· Led and participated in computer security incident response activities, conducting technical investigations and post-incident digital forensics to identify causes and recommend future mitigation strategies using Splunk and CrowdStrike.
· Identified security vulnerabilities, performed risk assessments, and evaluated remediation strategies. Utilized Akamai for en-hanced security solutions.
· Used Veracode's analytics to deliver metrics and risk assessments, improving decision-making and risk mitigation.
· Prepared Veracode for static and dynamic code analysis, identifying and fixing vulnerabilities like SQL injection, XSS, insecure configurations.
· Developed and maintained vulnerability scanning and penetration testing tools, ensuring thorough security assessments.
· Implemented an application flaw tracking and remediation system with Tableau, improving issue visibility and resolution.
· Worked with Cybersecurity Risk and Security Operation teams to enhance the security of applications and data.
· Created processes to review and mitigate false positives in vulnerability scans, leading to more accurate findings.
· Developed KRIs and metrics for senior management to provide insights into application security.
· Developed Python scripts and SSRS queries to extract data from databases, improving operational efficiency and information identification.
· Identified and implemented improvements in security processes, tools, and procedures for web applications.
· Developed Bash/Python scripts to automate penetration testing, increasing productivity.
· Reviewed applications for compliance with GLBA, PCI DSS, and FFIEC guidelines, ensuring security and regulatory adherence.
· Conducted DAST and SAST scans with Veracode and NexusIQ, identifying and patching vulnerabilities.
· Used Burp Suite's automated and manual testing to validate and uncover security issues and to intercept and analyze web traffic.
· Utilized CrowdStrike for endpoint detection and response (EDR), incorporating findings from penetration tests into endpoint de-tection methods.
· Integrated Splunk with WAFs, IDS, and other security tools to improve detection and response for web application security.
· Conducted security assessments using Burp Suite, identifying and mitigating SQL injection, XSS, CSRF, and other OWASP Top 10 risks.
· Led and participated in computer security incident response activities, conducting technical investigations and post-incident digital forensics to identify causes and recommend future mitigation strategies using Splunk and CrowdStrike.
· Identified security vulnerabilities, performed risk assessments, and evaluated remediation strategies. Utilized Akamai for en-hanced security solutions.
· Used Veracode's analytics to deliver metrics and risk assessments, improving decision-making and risk mitigation.
· Prepared Veracode for static and dynamic code analysis, identifying and fixing vulnerabilities like SQL injection, XSS, insecure configurations.
· Developed and maintained vulnerability scanning and penetration testing tools, ensuring thorough security assessments.
· Implemented an application flaw tracking and remediation system with Tableau, improving issue visibility and resolution.
· Worked with Cybersecurity Risk and Security Operation teams to enhance the security of applications and data.
· Created processes to review and mitigate false positives in vulnerability scans, leading to more accurate findings.
· Developed KRIs and metrics for senior management to provide insights into application security.
· Developed Python scripts and SSRS queries to extract data from databases, improving operational efficiency and information identification.
· Identified and implemented improvements in security processes, tools, and procedures for web applications.
· Developed Bash/Python scripts to automate penetration testing, increasing productivity.
· Reviewed applications for compliance with GLBA, PCI DSS, and FFIEC guidelines, ensuring security and regulatory adherence.
· Conducted DAST and SAST scans with Veracode and NexusIQ, identifying and patching vulnerabilities.
· Used Burp Suite's automated and manual testing to validate and uncover security issues and to intercept and analyze web traffic.
· Utilized CrowdStrike for endpoint detection and response (EDR), incorporating findings from penetration tests into endpoint de-tection methods.
Skills
Experienced Information Security Engineer with over 5 years of hands-on experience in cybersecurity operations, incident response, and security consulting. Proficient in leveraging advanced security tools and best practices to protect organizational assets, ensure compliance, and mitigate risks. Adept at working in cross-functional teams, providing security solutions, and improving the overall security posture of the enterprise. Skilled in with tools such as Tenable, SEP, Splunk, CrowdStrike, and Akamai, Veracode, NexusIQ, Nessus.
Profile Photo
