Post Job Free
Sign in

Security Engineer

Location:
Little Elm, TX, 75068
Posted:
October 25, 2010

Contact this candidate

Resume:

Chris anderson

*** ********* *****, ****** ***, Tx 75068

Objective

Seeking a position in the information security field that will

continually present challenges and foster development of

security skills in an environment that takes a common sense and

responsible approach to security.

Technical Proficiency

Security Specialties

. Penetration testing

. Intrusion detection

. PCI compliance

. Web Application Security ( OWASP )

Operating Systems

. Windows 2000+ / Active Directory

. Linux ( Redhat/Fedora/Ubuntu/Debian )

. OpenBSD

Languages

. C/C++

. Assembly (disassembly of software only)

. Shell scripting (VBScript/WSH/Bash)

. Ruby

. T-SQL

Experience

Fiserv (Billmatrix), Dallas, Tx

April 2007 - Present

Senior Security Analyst

. PCI Compliance - Responsible for technical aspects of PCI compliance

for Billmatrix

. Created various security policies and procedures

. Application security review - reviewed web applications for security

issues and recommended remediations

. Application design - reviewed designs for secure methods of processing

financial transactions.

. Performed network and application-level penetration testing on

internal and external networks.

. Managed vulnerability scanning of 10 class-B networks across 5

geographic locations.

. Secure Coding Practices - Created training on secure web development

practices and trained over 1,000 developers worldwide.

Affiliated Computer Services, Dallas, Tx

June 2006 - January 2007

Security Engineer

. Penetration Testing - Performed penetration tests against ACS internal

corporate networks as well as client internal and external networks.

. Incident Response - Participated in on-call rotation for incidents on

corporate LAN as well as customer networks.

. Internal Audits - Performed audits of systems and processes for

security policy compliance.

. Minor development - Crafted proof of concept for various

vulnerabilities, SQL injection, cross-site scripting, HTTP response

splitting, and payload delivery mechanisms. Also wrote XML transforms

to convert output from vulnerability assessment tools.

Verizon, Grapevine, Tx

April 2000 - June 2006

Lead Network Specialist - Network Operations

. Identity Management - Architected LDAP/Kerberos architecture for

better user password management for production linux and solaris

systems.

. Intrusion Detection - Re-architected existing IDS infrastructure and

implemented 10 systems monitoring 27 external and internal network

segments with customized rule sets and external countermeasures, each

reporting events via SSL VPN tunnel to a central database and analysis

console.

. Incident Response, Investigations, and Forensics - Founded Incident

Response team responsible for responding to security incidents. Also

responsible for post-incident investigation and forensic analysis of

evidence gathered.

. Internal Audits - Performed audits of systems and processes for

security policy compliance.

. Penetration Testing - Performed penetration tests for all aspects of

production infrastructure.

. Security Application Development - Created various tools to aid in

security incidents, including an email trap-and-trace system.

. Security Solution Evaluation - Evaluated various security products for

use by both employees and customers. Included all major web

application vulnerability assessment packages as well as database

security packages, network monitoring, and remote administration

software.

. Proof of Concept - Hand crafted proof of concept for various

categories of vulnerabilities, including buffer overflows, SQL

Injection, Cross-site scripting, and HTTP Response Splitting.

. Application Security Assessment / Source Code Review - Performed over

50 vulnerability assessments for both web applications and internally

developed projects that were non-web based, such as a compiled RADIUS

daemon. Also created policy and procedures for application security

testing, using the OWASP Top Ten as a baseline.

. System Hardening - Created standards for hardent 1000+ server

environment.

Education

B.S. Computer Science (1999)

. Texas A&M-Commerce, Commerce, Tx

Certified Information System Security Professional ( CISSP )

#48371

GIAC Certified Forensics Analyst ( GCFA ) # 0385

GIAC Certified Incident Handler ( GCIH ) # 9099

GIAC Certified Network Penetration Tester ( GPEN ) # 2958

GIAC Certified Web Application Penetration Tester ( GWAPT ) # 1328

. SANS Advisory Board member

. SANS Mentor (Network Penetration Testing)

Microsoft Certified System Engineer ( MCSE 2000 )

Microsoft Certified Database Administrator ( MCDBA 2000 )

Miscellaneous

. Authored an open source utility for offline forensic analysis of

Windows registry hives.

*****@**********.*** . phone: 636-***-****



Contact this candidate