Security Project
Resume:
Julio Axel Colunga Guzmán
Security Analyst/ Security Risk Analyst/ Security Architecture/ PenTester
Certified Ethical Hacker
EAD /TN Visa
Phone +52 1-55-100-**-***
e-mail: ac31ai@r.postjobfree.com
I have around 6 years of experience in systems security, and since 2012 working as a pentester, security consultant and security Engineer, involved with different projects performing penetration testing (black box, gray box and white box) and vulnerability assessment using OWASP and EC-Council methodologies, IT professional with +8 years of experience working with open source tools like w3af, arachni, vega, nexpose, metasploit, and non-free tools like core impact, immunity canvas, cenzic, acunetix, nessus, and so on. In addition, I have experience trying manual web security pentesting with proxies like burpsuite and ZAProxy, also with technology solutions that helps me to participate in projects regarded with implementation, deployment and development, security infrastructure, security architecture, cloud security, tool selection, skill roadmap and development, and linux environment and architecture solutions. I have been involved in new technologies evaluations, implementations and help on project management and development and solution designing. Moreover I have participation in projects that require analyze and find ways to improve or automating tasks. My professional career includes banking, financial companies, telecommunication industry and services.
SUMMARY
Experience applying information technologies, services, automation, monitoring of services, servers maintenance, vulnerability assessment, vulnerability management, security risk analyst, penetration testing, Data recovery, third level security support, server monitoring, procedure enhancements, IT Research, forensic analysis, Business analyst, troubleshooting, solution innovation, creative, experience team leading to build solutions from scratch.
Experience with Linux, Solaris, Windows.
Performing security assessments on Internet-facing applications.
Performing penetration tests across public networks.
Performing Implementation security Infrastructure.
Managing People to implement ISO 27000.
Managing People to implement technologies/architectures like Cisco, FireEye, AlienVault, Splunk.
Key person buying technologies on a group of people.
Key person evaluating tools before buy.
Performing assessments of physical security using social engineering.
Performing security projects assisting client’s implementations on security controls.
Virtualization platforms vmware, knowledge on C programming, Bash scripting, Python.
Collaborate with solution experts to develop and deploy secure solutions.
EDUCATION
Bachelor Degree on Computer Engineering, Universidad del Valle de Mexico 2004-2008
Certifications
Certified Ethical Hacker, EC-Council
ITIL Foundations.
Lang. Knowledge:
SQL, HTML, C, Python, bash, JavaScript.
Databases:
MySQL.
Operating Systems:
Windows, Linux, Darwin, Solaris.
Front end tools:
gparted, R-studio, Sleuth kit, Wireshark, FireEye, Remedy, .
Framework:
Metasploit, Dradis, CoreImpact, Immunity Canvas, acunetix, Cenzic.
Methodologies:
osint, owasp, itil, ec-council.
Reporting Tools:
Dradis
Others:
FireEye, Splunk, Armitage,/CobaltStrike, Nagios, Untangle, Acunetix, Nessus, Cenzic, Kali Linux, W3af, CyberArk
Cisco ASA,
PROFESSIONAL EXPERIENCE
OliverWyman – Mexico City.
May 2017 –Aug 2017
Position: ITS Vulnerability & Risk Analyst.
Project: OliverWyman.
Prioritize patch management on vulnerabilities.
Creating dashboards to follow the progress for patching.
Suggesting tools for vulnerability assessment open source tools and licensed.
Performed research vulnerability management.
Tasks Automation using Bash and Python.
Propose improve initiatives.
Analyze tasks and propose automation on repetitive tasks.
Improving vulnerability management and analysis.
Environment: MS Office Suite, Linux, Python scripting, Vmware, PowerShell, Nmap, Hping.
Maftec Consulting – Mexico City.
November 2016 – February 2017
Position: Informatic Security Engineer (Vulnerability Management).
Project: TotalPlay.
Worked on ISO27000 implementation
Create the documents to follow the progress of ISO27000 implementation.
Performed penetration testing with open source tools and licensed.
Performed vulnerability assessment on internal and external infrastructure.
Developed code using Python, Bash scripting.
Performing infrastructure and NOC auditories for compliance.
Performed periodical security assessments and reporting any disclosure.
Involved in reviews and tests to new acquired equipment.
Environment: MS Office Suite, Linux, shell scripting, Vmware, ISO 27000.
TATA, Washington - Queretaro Mex.
June 2014 – December 2015
Position: Security Consultant Sr.
Project: InterAmerican Development Bank (security infrastructure and special projects)
Worked in all phases deploying security appliances around the world and move to production, testing and troubleshooting.
Create the documents detailing configurations, and collaborate with providers to solve communication issues.
Performed penetration testing with open source tools and licensed.
Performed vulnerability assessment on internal and external infrastructure.
Developed code using Python, Bash scripting.
Low level troubleshooting with wireshark and tcpdump.
Performed periodical security assessments and report any disclosure.
Involved in reviews and tests to new equipment.
Environment: FireEye, MS Office Suite, Linux, shell scripting, Nessus, Cenzic, Kali Linux, Paros Proxy, Wireshark, Vmware, Cisco ISE, CyberArk
S21SEC – Mexico D.F.
December 2014 – January 2015
Position: Penetration Tester/Security Consultant Sr. (external Project)
Project: Banobras.
Performed penetration testing with open source tools and licensed.
Performed vulnerability assessment on internal and external infrastructure.
Performed Internal testing of infrastructure to disclose security issues on client infrastructure.
Perform Social Engineering tests on employees to get information.
Environment: MS Office Suite, sqlmap, shell scripting, Social Engineering Toolkit, Kali Linux, BurpSuite, Wireshark, Vmware, Cisco, Armitage.
Unifin, Mexico D.F.
February 2014 - March 2014
Position: Penetration tester/Security Consultant Sr. (external Project)
Project: Penetration Testing.
Performed penetration testing with open source tools and licensed.
Performed vulnerability assessment on internal and external infrastructure.
Performed Internal testing of infrastructure to disclose security breaches.
Perform Social Engineering tests on employees to get confidential information.
Performed periodical security assessments and report any disclosure.
Involved in reviews and tests to new equipment.
Environment: MS Office, Kali linux, Acunetix, Nessus, sqlmap, w3af, CoreImpact, Vmware, rubberDucky.
TELCEL (Radio Movil Dipsa), Mexico D.F.
July 2013 - Feb 2014
Position: Systems Analyst (Unix)
Project: Charging Control Node (CCN)
Worked in all phases of reception, integration and move to production, analysis, architecture knowledge, testing and troubleshooting.
Created the documents to integrate with some platforms through remedy tool, design test scripts to automate tasks, and collaborate with providers to solve communication troubles.
Troubleshooting management, coordinate involved areas to solve any kind of issues.
Worked with users to make business process improvements, gather requirements.
Ability to translate all the technical requirements for non-technical users.
Developed code using Python, Bash scripting.
Low level troubleshooting with wireshark and tcpdump.
Performed security assessments and report any disclosure.
Involved in code reviews and new tests to new equipment.
Created and responsible on babysitting situations.
Environment: MS Office Suite, Linux, shell scripting, Remedy, Nmap, Python.
Lego Lock, MEXICO D.F
May 2012 – Dec 2012
Position: Security Consultant Sr
Project: Wanda Movil, Hipotecaria Casa Mexicana
Performed penetration testing with open source tools and licensed.
Performed vulnerability assessment on internal and external infrastructure.
Coordinated and developed business impact analysis, disaster recovery plan.
Advised clients about best practices to security assurance.
Security documents management.
Performed some demo to clients about open source advantages.
Worked with linux, windows, apache, iis, and SunOS.
Worked with business users to extract and deploy the production data successfully from the current system.
Environment: MS Office Suite, prezi, vmware, proxmox, Kali Linux, Windows 7, acunetix, apache, iis 7, Cisco.
Bestel, Mexico, D.F.
November 2011 - April 2012
Position: Security Consultant Sr.
Project: Security Operation Center (SOC)
Worked in all phases of reception, the IT equipment and move to production, analysze architecture and select the best configuration.
Create documents to soc administration.
Migrate to production clients and take over security administration.
Worked with users to make business process improvements, gather requirements.
Ability to translate all the technical requirements for non technical users.
Develop code using Python, Bash scripting.
Deploy and monitoring Linux servers.
Install, configuration and hardening of linux equipments.
Manage Mysql database to correlate logs.
build testing lab and integrate oracle database for testing.
Work with web servers on productive architecture.
Project management at start of the project and advice about technical and security decisions.
Environment: Linux, shell scripting, Asa firewall, Network Access control, core impact, acunetix, ceznic, metasploit, cisco asa firewall, Nagios, Cisco ASA.
NASOFT, MEXICO D.F
November 2010 - Nov 2011
Position: Unix consultant
Project: Banamex - Citi Group (migration)
Performed scripts to automate system information gathering.
Enumerated *nix like systems and services running on.
Migrated configured and virtualized from Mexico to George Town through SSH.
Worked with key par, and other password managers to generate root passwords.
Worked with linux, windows, apache, iis, and SunOS, HPUX, AIX, Linux, Tomcat, Application server.
Worked with business users to extract and deploy the production data successfully from the current system.
Worked with web servers and services migrating and virtualizes them.
Worked with databases like Mysql, oracle, local and productive.
Responsible to coordinate the migration and functionality assurance.
Environment: MS Office Suite, Solaris, HPUX, AIX, Linux, Windows 7, Tectia ssh, key par, Web Logic, Apache, Tomcat, iis, SSL certificates, Oracle, Mysql, Sql Server, Tibco.
Qindel Group, SPAIN - MEXICO D.F
January 2010 - September 2010
Position: Linux Consultant Jr
Project: BBVA Bancomer
Performed software evaluation for document performance.
Installed new technologies to improve vdi system on cashiers
Responsible to research for new patches, improvements and better ways to made the work.
Responsible to advice client about best ways to integrate other systems to the vdi solution.
Performed some demo to clients about VDI solution (called QVD).
Evolved support for platform, this was making research to continuous improvement.
Worked with linux, apache, bash scripts, Kiwi, mysql, pxe, proxmox, kvm, qvd.
Environment: Vmware, proxmox, Linux, apache, kiwi, qvd, Ldap, nfs, kvm.
IBM, MEXICO D.F
September 2009 - December 2009
Position: IT Consultant
Project: Security Health Check
Performed software evaluation.
Collected information about contracts to update or preserve logs, AV s, patches, etc.
Analyzed situations and collect evidence to preserve each service contracted by clients.
Performed monthly each evaluation and information collected.
Automated collect process.
Reduced time from 1 month to 15 seconds with automate tool.
Environment: Linux, AIX, shell scripting, IBM tools.
Contact this candidate