Resume

Sign in

Security Project

Location:
Mexico City, CDMX, Mexico
Posted:
January 14, 2018

Contact this candidate

Julio Axel Colunga Guzmán

Security Analyst/ Security Risk Analyst/ Security Architecture/ PenTester

Certified Ethical Hacker

EAD /TN Visa

Phone +52 1-55-100-**-***

e-mail: ac31ai@r.postjobfree.com

I have around 6 years of experience in systems security, and since 2012 working as a pentester, security consultant and security Engineer, involved with different projects performing penetration testing (black box, gray box and white box) and vulnerability assessment using OWASP and EC-Council methodologies, IT professional with +8 years of experience working with open source tools like w3af, arachni, vega, nexpose, metasploit, and non-free tools like core impact, immunity canvas, cenzic, acunetix, nessus, and so on. In addition, I have experience trying manual web security pentesting with proxies like burpsuite and ZAProxy, also with technology solutions that helps me to participate in projects regarded with implementation, deployment and development, security infrastructure, security architecture, cloud security, tool selection, skill roadmap and development, and linux environment and architecture solutions. I have been involved in new technologies evaluations, implementations and help on project management and development and solution designing. Moreover I have participation in projects that require analyze and find ways to improve or automating tasks. My professional career includes banking, financial companies, telecommunication industry and services.

SUMMARY

Experience applying information technologies, services, automation, monitoring of services, servers maintenance, vulnerability assessment, vulnerability management, security risk analyst, penetration testing, Data recovery, third level security support, server monitoring, procedure enhancements, IT Research, forensic analysis, Business analyst, troubleshooting, solution innovation, creative, experience team leading to build solutions from scratch.

Experience with Linux, Solaris, Windows.

Performing security assessments on Internet-facing applications.

Performing penetration tests across public networks.

Performing Implementation security Infrastructure.

Managing People to implement ISO 27000.

Managing People to implement technologies/architectures like Cisco, FireEye, AlienVault, Splunk.

Key person buying technologies on a group of people.

Key person evaluating tools before buy.

Performing assessments of physical security using social engineering.

Performing security projects assisting client’s implementations on security controls.

Virtualization platforms vmware, knowledge on C programming, Bash scripting, Python.

Collaborate with solution experts to develop and deploy secure solutions.

EDUCATION

Bachelor Degree on Computer Engineering, Universidad del Valle de Mexico 2004-2008

Certifications

Certified Ethical Hacker, EC-Council

ITIL Foundations.

Lang. Knowledge:

SQL, HTML, C, Python, bash, JavaScript.

Databases:

MySQL.

Operating Systems:

Windows, Linux, Darwin, Solaris.

Front end tools:

gparted, R-studio, Sleuth kit, Wireshark, FireEye, Remedy, .

Framework:

Metasploit, Dradis, CoreImpact, Immunity Canvas, acunetix, Cenzic.

Methodologies:

osint, owasp, itil, ec-council.

Reporting Tools:

Dradis

Others:

FireEye, Splunk, Armitage,/CobaltStrike, Nagios, Untangle, Acunetix, Nessus, Cenzic, Kali Linux, W3af, CyberArk

Cisco ASA,

PROFESSIONAL EXPERIENCE

OliverWyman – Mexico City.

May 2017 –Aug 2017

Position: ITS Vulnerability & Risk Analyst.

Project: OliverWyman.

Prioritize patch management on vulnerabilities.

Creating dashboards to follow the progress for patching.

Suggesting tools for vulnerability assessment open source tools and licensed.

Performed research vulnerability management.

Tasks Automation using Bash and Python.

Propose improve initiatives.

Analyze tasks and propose automation on repetitive tasks.

Improving vulnerability management and analysis.

Environment: MS Office Suite, Linux, Python scripting, Vmware, PowerShell, Nmap, Hping.

Maftec Consulting – Mexico City.

November 2016 – February 2017

Position: Informatic Security Engineer (Vulnerability Management).

Project: TotalPlay.

Worked on ISO27000 implementation

Create the documents to follow the progress of ISO27000 implementation.

Performed penetration testing with open source tools and licensed.

Performed vulnerability assessment on internal and external infrastructure.

Developed code using Python, Bash scripting.

Performing infrastructure and NOC auditories for compliance.

Performed periodical security assessments and reporting any disclosure.

Involved in reviews and tests to new acquired equipment.

Environment: MS Office Suite, Linux, shell scripting, Vmware, ISO 27000.

TATA, Washington - Queretaro Mex.

June 2014 – December 2015

Position: Security Consultant Sr.

Project: InterAmerican Development Bank (security infrastructure and special projects)

Worked in all phases deploying security appliances around the world and move to production, testing and troubleshooting.

Create the documents detailing configurations, and collaborate with providers to solve communication issues.

Performed penetration testing with open source tools and licensed.

Performed vulnerability assessment on internal and external infrastructure.

Developed code using Python, Bash scripting.

Low level troubleshooting with wireshark and tcpdump.

Performed periodical security assessments and report any disclosure.

Involved in reviews and tests to new equipment.

Environment: FireEye, MS Office Suite, Linux, shell scripting, Nessus, Cenzic, Kali Linux, Paros Proxy, Wireshark, Vmware, Cisco ISE, CyberArk

S21SEC – Mexico D.F.

December 2014 – January 2015

Position: Penetration Tester/Security Consultant Sr. (external Project)

Project: Banobras.

Performed penetration testing with open source tools and licensed.

Performed vulnerability assessment on internal and external infrastructure.

Performed Internal testing of infrastructure to disclose security issues on client infrastructure.

Perform Social Engineering tests on employees to get information.

Environment: MS Office Suite, sqlmap, shell scripting, Social Engineering Toolkit, Kali Linux, BurpSuite, Wireshark, Vmware, Cisco, Armitage.

Unifin, Mexico D.F.

February 2014 - March 2014

Position: Penetration tester/Security Consultant Sr. (external Project)

Project: Penetration Testing.

Performed penetration testing with open source tools and licensed.

Performed vulnerability assessment on internal and external infrastructure.

Performed Internal testing of infrastructure to disclose security breaches.

Perform Social Engineering tests on employees to get confidential information.

Performed periodical security assessments and report any disclosure.

Involved in reviews and tests to new equipment.

Environment: MS Office, Kali linux, Acunetix, Nessus, sqlmap, w3af, CoreImpact, Vmware, rubberDucky.

TELCEL (Radio Movil Dipsa), Mexico D.F.

July 2013 - Feb 2014

Position: Systems Analyst (Unix)

Project: Charging Control Node (CCN)

Worked in all phases of reception, integration and move to production, analysis, architecture knowledge, testing and troubleshooting.

Created the documents to integrate with some platforms through remedy tool, design test scripts to automate tasks, and collaborate with providers to solve communication troubles.

Troubleshooting management, coordinate involved areas to solve any kind of issues.

Worked with users to make business process improvements, gather requirements.

Ability to translate all the technical requirements for non-technical users.

Developed code using Python, Bash scripting.

Low level troubleshooting with wireshark and tcpdump.

Performed security assessments and report any disclosure.

Involved in code reviews and new tests to new equipment.

Created and responsible on babysitting situations.

Environment: MS Office Suite, Linux, shell scripting, Remedy, Nmap, Python.

Lego Lock, MEXICO D.F

May 2012 – Dec 2012

Position: Security Consultant Sr

Project: Wanda Movil, Hipotecaria Casa Mexicana

Performed penetration testing with open source tools and licensed.

Performed vulnerability assessment on internal and external infrastructure.

Coordinated and developed business impact analysis, disaster recovery plan.

Advised clients about best practices to security assurance.

Security documents management.

Performed some demo to clients about open source advantages.

Worked with linux, windows, apache, iis, and SunOS.

Worked with business users to extract and deploy the production data successfully from the current system.

Environment: MS Office Suite, prezi, vmware, proxmox, Kali Linux, Windows 7, acunetix, apache, iis 7, Cisco.

Bestel, Mexico, D.F.

November 2011 - April 2012

Position: Security Consultant Sr.

Project: Security Operation Center (SOC)

Worked in all phases of reception, the IT equipment and move to production, analysze architecture and select the best configuration.

Create documents to soc administration.

Migrate to production clients and take over security administration.

Worked with users to make business process improvements, gather requirements.

Ability to translate all the technical requirements for non technical users.

Develop code using Python, Bash scripting.

Deploy and monitoring Linux servers.

Install, configuration and hardening of linux equipments.

Manage Mysql database to correlate logs.

build testing lab and integrate oracle database for testing.

Work with web servers on productive architecture.

Project management at start of the project and advice about technical and security decisions.

Environment: Linux, shell scripting, Asa firewall, Network Access control, core impact, acunetix, ceznic, metasploit, cisco asa firewall, Nagios, Cisco ASA.

NASOFT, MEXICO D.F

November 2010 - Nov 2011

Position: Unix consultant

Project: Banamex - Citi Group (migration)

Performed scripts to automate system information gathering.

Enumerated *nix like systems and services running on.

Migrated configured and virtualized from Mexico to George Town through SSH.

Worked with key par, and other password managers to generate root passwords.

Worked with linux, windows, apache, iis, and SunOS, HPUX, AIX, Linux, Tomcat, Application server.

Worked with business users to extract and deploy the production data successfully from the current system.

Worked with web servers and services migrating and virtualizes them.

Worked with databases like Mysql, oracle, local and productive.

Responsible to coordinate the migration and functionality assurance.

Environment: MS Office Suite, Solaris, HPUX, AIX, Linux, Windows 7, Tectia ssh, key par, Web Logic, Apache, Tomcat, iis, SSL certificates, Oracle, Mysql, Sql Server, Tibco.

Qindel Group, SPAIN - MEXICO D.F

January 2010 - September 2010

Position: Linux Consultant Jr

Project: BBVA Bancomer

Performed software evaluation for document performance.

Installed new technologies to improve vdi system on cashiers

Responsible to research for new patches, improvements and better ways to made the work.

Responsible to advice client about best ways to integrate other systems to the vdi solution.

Performed some demo to clients about VDI solution (called QVD).

Evolved support for platform, this was making research to continuous improvement.

Worked with linux, apache, bash scripts, Kiwi, mysql, pxe, proxmox, kvm, qvd.

Environment: Vmware, proxmox, Linux, apache, kiwi, qvd, Ldap, nfs, kvm.

IBM, MEXICO D.F

September 2009 - December 2009

Position: IT Consultant

Project: Security Health Check

Performed software evaluation.

Collected information about contracts to update or preserve logs, AV s, patches, etc.

Analyzed situations and collect evidence to preserve each service contracted by clients.

Performed monthly each evaluation and information collected.

Automated collect process.

Reduced time from 1 month to 15 seconds with automate tool.

Environment: Linux, AIX, shell scripting, IBM tools.



Contact this candidate