Seattle, Washington, United States
As a senior member of a small security team I am responsible for developing the risk and vulnerability management programs, mentoring junior members of the security team and evangelizing Information Security within the organization. My daily responsibilities include: Review of multiple Splunk dashboards Review of reported phishing and spam emails Improvement to the vulnerability management program Improvement to the compliance program
Designed and implemented an information security risk management program for our enterprise that includes conducting risk assessments, working with risk owners to plan and document risk remediation activities, and report on the progress to senior leadership. Designed and worked on the implementation team to upgrade our centralized security audit logging and alerting solution as part of an improvement strategy for our incident response program. Designed DevSecOps model focused on increasing application development velocity while introducing enhanced static and dynamic security testing as an integrated process of the build and deploy cycle and empowering the developer with security awareness and knowledge. Worked with AWS cloud security tools including cloudtrail, VPC flow logging, Guard Duty, Amazon inspector, and Macie as part of a cloud security architecture and strategy for building secure workloads in the cloud.
I designed and implemented file integrity management software on approx 300 linux servers. Designed and implemented a log management solution to capture security centric audit logs from approx 300 servers, network devices and security devices. Designed and implemented an intrusion prevention system for a large production network that included a PCI component. I wrote policy and procedures to enforce and implement a working information security management system in our production environment.
Participated in a team that wrote policy and procedure and all required documentation to achieve ISO 27001 certification for our entire company. I worked with other technical resources to design and implement a production wide information security management system that allowed our company to become ISO 27001 certified. Participated in risk assessment and risk management activities to identify risks and develop remediation plans to lower risk.