Security Engineering
Resume:
Phone: 646-***-****
Jonathan Jaquez Email: ********@*****.***
Bronx, New York, 10456
Summary
Broad knowledge and 10+ years of experience in ethical hacking, social engineering,
physical security assessments, web and network security, incident analysis and recovery,
risk analysis, Secure Software Development Life Cycle (S-SDLC), PGP, DLP, network and
web penetration testing and vulnerability assessments. I can help a Security Services
Company to penetrate in the Latin America Market, mostly in Dominican Republic, in a
very quick and successful way. In the 2007 one of my projects won a competition and it
was chosen by the MIT (Massachusetts Institute of Technology) and Harvard University
to participate in the MIT E-Lab (Entrepreneurship Lab).
Technical Experience, Languages and Skills
Security technologies: WAF's (Web Application Firewalls), Network Firewalls,
IDS/IPS (Intrusion Detection/Prevention Systems), SSH, SSL, TLS, ftp-proxy, tftp-
proxy, Antivirus, Security Information and Event Manager (SIEM)
Databases: MS-SQL, MySQL, Oracle, Postgresql, Firebird SQL
Standards & Frameworks: PCI DSS, ISO 27001, COBIT, ITIL, SOX, COSO, NIST 800-
53, HIPAA, GLBA, SB1386, FISMA
Methodologies: Open Source Security Testing Methodology Manual (OSSTMM),
Open Web Application Security Project (OWASP)
Security Assessments: Nessus, OpenVAS, NeXpose, Qualys, Metasploit, Nmap,
Backtrack, Immunity CANVAS, MBSA, Netcat, Burp Suite, Paros Proxy, OWASP
ZAP, w3af, Netsparker, Acunetix, Webscarab, Grendel, ProxyStryke, Skipfish,
Wireshark, tcpdump, Aircrack-ng, IBM AppScan, FoundStone, and many more.
Programming: Bash, HTML, PHP, CSS, Javascript, jQuery, C, NASL (Nessus Attack
Scripting Language), NSE (Nmap Scripting Engine)
Code Auditing: ASP.NET, PHP, Java, Visual Basic, C/C++, Javascript
Reverse Engineering: ASP.NET, C/C++, Java and network protocols
Hardening: Web, OS, network and application hardening. I can provide
recommendations for improving configuration standards, based on personal
expertise and industries standards.
Evasion: Firm knowledge of security products and techniques to evade IDS/IPS
(Intrusion Detection/Prevention Systems), Firewall's, Antivirus, WAF's (Web
Application Firewalls), and ACL's (Access Control List).
Anti-SPAM: DomainKeys Identified Mail (DKIM), Sender Policy Framework (SPF),
Sender-ID, Domain-based Message Authentication, Reporting and Conformance
(DMARC), and Author Domain Signing Practices (ADSP).
Operating Systems: Windows NT/2000/XP/VISTA/2003/2008/7, Linux, BSD, Solaris,
HP-UX
Office: Microsoft Word, Powerpoint and Excel
Vulnerability Management: Common Vulnerability Scoring System (CVSS) and
knowledge of Common Weakness Enumeration (CWE)
Languages: Spanish (1st language), English (2nd Language) and Hebrew (Basic)
Employment
Mageni Security Consulting Dominican Republic
Senior Security Consultant 2006-present
Performed onsite and remote security consulting including penetration
testing, application testing, web application security assessment, onsite
internet security assessment, social engineering, wireless assessment, and
IDS/IPS hardware deployment, testing and evasion for the customers.
Performed ethical cracks ("hacks") to assess the vulnerabilities of test, Internet,
and/or Intranet connected systems, networks, and applications.
Found dozens of zero day vulnerabilities in web applications
Generated and present reports on security vulnerabilities to customers.
Assisted to the customers to achieve compliance with standards and
frameworks like ISO 27001, PCI DSS, ITIL, COBIT and SOX
Created, improved and performed threat and vulnerability management
processes for the customers.
Cassandra Networks Dominican Republic
Founder & Chief Research Officer 2003-2006
Performed cutting-edge research on the field of Internet security, routing, high
availability, TCP/IP, and networking
Built a self-defense, self-healing and self-provisioning network device
Chosen by the MIT (Massachusetts Institute of Technology) and Harvard
University to participate in the MIT E-Lab (Entrepreneurship Lab
Passed the first round of approbation of $500,000 USD in venture capital
funding.
Tricom, S.A. Dominican Republic
Security Consultant 2006-2010
Performed onsite and remote security consulting including penetration
testing, application testing, web application security assessment, onsite
internet security assessment, social engineering, wireless assessment, and
IDS/IPS hardware deployment, testing and evasion.
Performed ethical cracks ("hacks") to assess the vulnerabilities of test, Internet,
and/or Intranet connected systems, networks, and applications.
Helped to achieve compliance PCI DSS, COBIT and SOX.
Created and maintained a Incident Response Program and Risk Management
Plan aligned with COBIT.
Square Solutions Dominican Republic
Senior Security Consultant 2003-2006
Performed onsite and remote security consulting including penetration
testing, application testing, web application security assessment, onsite
internet security assessment, social engineering, wireless assessment, and
IDS/IPS hardware deployment
Performed ethical cracks ("hacks") to assess the vulnerabilities of test, Internet,
and/or Intranet connected systems, networks, and applications
Generated and presented reports on security vulnerabilities to both internal
and external customers.
National Financial Group Dominican Republic
I.T. Auditor 2002-2003
Performed onsite and remote security consulting including penetration
testing, application testing, web application security assessment, onsite
internet security assessment, social engineering, wireless assessment, and
IDS/IPS hardware deployment
Performed ethical cracks ("hacks") to assess the vulnerabilities of test, Internet,
and/or Intranet connected systems, networks, and applications
Generated and presented reports on security vulnerabilities to stakeholders.
Education
Undergraduate degree in Computer Systems 2000
O&M University, Dominican Republic.
I.T. Auditor 2003
Teorema, Dominican Republic.
Publications
Cyber crime: Risk, tendencies and impact in Dominican Republic. 2010
Contact this candidate