Resume

Sign in

Information Security Engineer

Location:
Markham, Ontario, Canada
Posted:
April 25, 2019

Contact this candidate

Resume:

PAUL DANIEL GOTTER, CISSP

Cell: 647-***-****

Email: ac87hr@r.postjobfree.com

CAREER HIGHLIGHTS

** *****: IT Security (Controls, Audits, Risk Assessment & Remediation), Unix/Linux Architecture (Physical/Virtual/Cloud)

12 years: Team & Project Leadership; Staff Management & Mentoring, Project Leadership & Vendor Management

CERTIFICATIONS

ISC2 CISSP (Certified Information Systems Security Professional)

Data Management Institute Certified Data Protection Specialist

EMC Converged Infrastructure Certification

IBM Power 8 Technical Sales Certification (Scale-out & Enterprise)

SUSE SUSE Sales Specialist Certification (Enterprise Linux & SUSE Manager)

SKILLS SUMMARY

SIEM, Compliance & Governance Tools Splunk, SolarWinds, Qualys, Tripwire, Symantec ESM, Collibra

Network Tools & Penetration Testing Kali Linux, MetaSpoit, Nmap, Wireshark, Snort, Tripwire, John

Operating Systems Windows 7,10, Solaris 11.4, AIX 7.2, RHEL 7.5, SUSE 15, Ubuntu 18.04 HP-UX 11.3

Virtualization / Hypervisors VMware, KVM &IBM PowerKVM, Oracle VM, Solaris Zones & LDOMs

PROFESSIONAL EXPERIENCE

July 2018 to April 2019 Scotiabank

Senior Information Security Governance Specialist (Team Lead)

Team lead (3 people) managing Scotiabank Global Information Security Governance Framework documents (Policies, Standard, Procedures & Directives), in accordance with internal Standards & in response to internal auditor, regional rules, legislation & regulators (GDPR, PIPEDA, OSFI, etc.)

Defining new & reassessing existing security controls & compliance status (via use of scan tools) for IT Infrastructure, Information Management (IM) & Data Governance based on industry best practices, regional, regulatory requirements as well as industry standard frameworks including: SOX, ISO 27001/27002, COBIT, PCI DSS 3.2.1, NIST & CIS

Control Standards created include: Encryption, Identity & Access Management (IAM), DR Site & Execution Standards, Security Event Logging (syslog), Data Loss Prevention (DLP), Cloud Hosted Container Security (AWS), Apache HTTP Server, MS SQL Server, OS Platform Security Standards for Windows 2016, RHEL 7, Ubuntu 16.04 & Solaris 11

Bi-weekly consultation with VPs & Global CISO, followed by publication of Governance documents Bank-wide

Relationship building with LOBs across the bank via communication & education on upcoming Governance standards

Creation of Scotia Global Information Security awareness education course material (IT Governance Best Practices)

July 2017 to July 2018 Bank of Montreal

Senior Security Consultant – Platform Engineering

Leading resource for security alert remediation, risk assessment & technical control creation for Solaris 10 & 11& Redhat 7 Linux IT Infrastructure, aligned to Bank standards, industry frameworks & benchmarks including: CIS & PCI DSS

Business Analysis, communication & consultation with LOBs across the Bank for scheduling of security alert remediation changes, in accordance with internal policies & ITIL best practices

Vendor management for Oracle & architectural consultant for Solaris servers + Oracle Operations Center

Security alert remediation & false-positive analysis for IT Infrastructure via Qualys SIEM tool & writing Korn shell scripts

Creation & documentation of standards for: System hardening, OS patching, Controls for privileged Identity & Access Management (IAM), Information Management (IM) as well as technical controls for Unix/Linux OS, SSH, SFTP, TCP/IP networking, middleware: IBM and Apache HTTP, Websphere J2EE Application server, Oracle database

Project deliverable && ticket tracking in ServiceNow & JIRA, project document creation in MS PowerPoint & Visio

Instruction and mentoring of staff on Cyber Security, Unix system design & problem resolution

February 2016 to June 2017 TD Bank

Architecture Consultant II

Senior resource for use-case analysis and implementation of automation of routine Unix/Linux remediation tasks using HP tools including HPSA, HPOO as well as Unix Korn shell scripting, with data analysis via Tableau & MS Excel

Business analysis of incident log statistics, monthly management summary reporting, ServiceNow ticket management

Vendor management for Oracle & architectural consultant for Oracle Operations Center (automation & monitoring)

August 2014 to February 2016 Blair Technology Solutions Inc.

Technical Consultant – Security & Unix Systems (Team Lead)

Team lead (4 people) managing Unix/Linux Infrastructure, security auditing (PCI, ISO, SOX frameworks), TRA & risk mitigation via creation of compensating controls for IT Infrastructure (business processes, OS & Applications)

Creation of security program road-maps & education on OWASP Top 10 risks, for clients in differing sectors & lines of business (financial, manufacturing, legal & retail)

SIEM tool setup (Splunk & SolarWinds), penetration & vulnerability assessments (via Unix shell scripting, Kali Linux, Metasploit, Snort, TCPdump, WireShark, John), Firewall & network risk assessments, finding reviews with management

Creation of best practices for clients dealing with: Security in Agile development processes, DR & BCM Tests, ITIL-based Change Control Planning, Virtualization, & Cloud hosted applications (SOC 2 & 3 report review practice consultation)

Relationship building & vendor management (budgeting, invoicing & partner program management) for IBM, Oracle & SuSE Linux/Novell

Creation & documentation of system hardening, OS patching, controls for privileged identity & access management (IAM), Information Management (IM) as well as technical controls for Unix/Linux OS, SSH, SFTP, TCP/IP networking, middleware: IBM and Apache HTTP, Websphere J2EE Application server, Oracle database security hardening

March 2012 to July 2014 RBC (via HP Canada)

Senior Unix Solutions Engineer (Project Lead)

Lead consultant for server consolidation & growth forecasting for Solaris, AIX & Linux in Data Centre relocation project

Interviews with LOB SMEs and Management for app utilization profiling & growth projections for upcoming 5 years

Business analysis & data correlation for CPU/memory/network & SAN data collected via Cacti & Unix Korn shell scripts

Creation of summary documents & management review of project status via MS Word, Excel, Visio & PowerPoint

January 2009 to March 2012 TD Bank

Sr. Security Compliance Engineer

Senior resource for security risk assessment, auditing & alert remediation for Unix/Linux IT Infrastructure; aligned to PCI DSS & ISO 17799 Frameworks with control documentation, project summary & presentations to management

Security control creation, documentation, log monitoring & reporting via SIEM tools: Symantec Enterprise Security Manager for over 3000 Solaris 10, AIX 7.1, RHEL 6 & SUSE 11 Linux, HP-UX 11i servers in USA & Canada

Communications & change control coordination with LOBs for alert remediation on Solaris, AIX, HP-UX, SUSE & RHEL

Review of SMTP, HTTP, SSL, SSH, DNS, NTP, NFS, LDAP, syslog, Korn shells scripts, use vi & network security configuration

Solaris, AIX, HP-UX, Redhat & SUSE Gold Image Creation, Privileged IAM & auditing via SUDO, CyberArk & eTrust

September 2006 to December 2008 AGF Investment Inc.

Senior Unix & Linux Systems Engineer (Team Lead)

December 2002 to November 2006 Canadian Depository for Securities (CDS)

Senior Unix Systems Consultant (Project Lead)

April 1995 to November 2002 Secure Computing Corporation (Borderware Firewall)

Firewall Escalation Support (Team Lead)

REFERENCES

Available on request.



Contact this candidate