Sacramento, California, United States
Career IT professional with 20 years industry experience seeking opportunities for continued grown in Information Security and related management functions. I have multiple years of experience in Security Operations, Engineering, and GRC. To demonstrate, and provide reasonable assurance of, knowledge and skill I maintain several certifications that include rigorous performance-based questions and continuing education requirements.
Under general direction of the VP of Product Security and Vulnerability Management perform the following tasks: Security Architecture Review, Information Security Policy Review, Threat Modeling, Information Security Consultation, Process Management, Policy Compliance, Vulnerability Management, Approval of Cloud Infrastructure Requests, and Presentations on security related topics. This position requires verbal/written communication with management and technical staff. Security Architecture Review: Review application technical specification documents to determine compliance with BR policies, standards, and guidelines. Provide actionable feedback to application developers to ensure appropriate security features are built into new applications and changes to existing applications maintain compliance. IS Policy Review: Review IS Policies to ensure continued compliance with all appropriate industry regulations (including but not limited to PCI-DSS, HIPAA, GDPR, and CCPA) are aligned with IS best practices, and conform to the company's vision statement. Threat Modeling: Work with application development teams, including management and technical resources, to develop comprehensive threat models for new and existing applications. Provide highly target feedback to ensure security controls can be prioritized and implemented. Cloud Infrastructure: Review infrastructure requests to ensure appropriate controls and services are used and provide detailed technical feedback as needed. When appropriate, communicate directly with technical staff to determine project requirements, service compatibility issues, and refer teams to our exception management process as needed.
Information Technology Specialist II - Enterprise Information Security Engineer Agency Security Operations Center covering 21 state entities with 25,000+ users. Security Monitoring and Threat Hunting service owner: Create and maintain security monitoring use cases. Assist the SEIM administrator in implementing the most complex use cases to ensure related correlation searches meet the monitoring objectives. Perform all duties of the vendor provided SEIM administrator in a backup capacity. Incident Response: Provide technical guidance to relevant IT personnel to aid in mitigation and remediation of security incidents GRC/Documentation: Write and develop Security Operations Center Charter and develop all required service, process, and procedure documentation. Project Management: Work with all appropriate stakeholders including the Agency Information Officer, CIOs, ISOs, and technical staff from in scope entities within CNRA to ensure buy-in for security services and the related implementation plan. When necessary participate in and conduct meetings, presentations, and technical discussions. IT Service Management: Direct the development of a custom ServiceNow application to provide security incident notifications for the Security Monitoring service. Security Monitoring and Threat Hunting Mentoring: Mentor Security Analysts of all levels through regular lunch and/or work time meetings to discuss security related topics impacting state entities, training and educational opportunities, and career opportunities.
Information Technology Specialist I Range C This position is part of the Cyber security Protection and Response unit and is in direct support of the Security Operations Center covering 6,000 users. Under direction of the IT Manager I, and direct supervision of the IT Supervisor II, act as Technical Lead and Senior SOC Analyst for the Graveyard shift. Tier 2 Security Monitoring: Analyze and respond to correlated security events Spam and Phishing Analysis: Review messages email identified security controls to remediate any threats Wireless (Wi-Fi) Security: Detection of rogue/potentially malicious devices and APs Tier 1 Review: Primary escalation point for potential incidents Incident Response: Initiate IR for identified events and communicate with Supervisors, Managers, and Executives utilizing established procedures for High Risk, Urgent, or Early Warning events. Document the analysis leading to incident declaration and subsequent IR activities. Performs (non-security incident response for issues with end-user impact. Data Loss Prevention: Analyze events from DLP controls to determine potential incidents or identify training opportunities. Vulnerability Management/Continuous Assessment: Identify and detect known vulnerabilities and communicate prioritized results to technical staff for remediation. Analyze and distribute newly disclosed vulnerability information from threat intelligence sources. Technical Security Controls Maintenance: Perform technical system administration tasks regularly for multiple security systems, to ensure proper maintenance and operation. Administration and configuration of IPS, Firewalls, Wireless Controllers, and other technical controls as needed. Threat Hunting Document and improve existing processes and procedures Regularly participate in CPR unit leadership meetings Assist in hiring, onboarding, and training IT Associates for Swing and Graveyard shifts Assist in developing customized training plans for SOC Analysts (IT Associates)