Security Engineer
Resume:
Simone M. Abel
Brooklyn, New York 11236
Mobile: 1-917-***-****
******@*********.***
TECHNICAL QUALIFICATIONS
Certifications
CISSP
SCNP-Security Countermeasure Network Professional
CNA-Certified Novell Administrator
Network Engineering certificate
ITIL-Foundation Certificate in IT Management
Security +
MCP
Hardware installation, configuration and maintenance:
IBM, Compaq, Dell, Blade, Appliances
Software installation/configuration:
Windows 2003, 2008, 2012, SQL Server-2008, 2012, Linux RedHat 9.x &
Suse, Novell 6x, Lotus Notes for Domino Server, XP, Windows 7, Zenworks,
IIS, Symantec Endpoint Protection, Symantec Mail Security for Dominos,
Symantec Brightmail SMTP -Mail Security 8380 Gateways, Symantec DLP 12.x
Trend Micro HTTP Interscan Web Security Gateway Suites, Ziplip SMTP Secure
Mail Gateways, Wireshark, Qualys VM Scanner and GFI Languard
WORK EXPERIENCE
Weill Cornell Medical College, New, New York
03/2014- Present
Security Engineer/consultant
. Responsible for product evaluation, engineering, development,
implementation and support of Security solutions. Such as: Symantec
DLP, Identity Finder DLP, SEP and SIEM(ArcSight/Splunk) and incident
handling/triage. Additionally, responsible for defining, developing
and maintaining hardware installation, configuration, integration and
maintenance.
. Information security monitoring and responding to potential security
threats at WCMC.
. Ensures applicable information security design considerations
are appropriately inclusive within all new and existing computing
environments.
. Reviews/validates enterprise and departmental applications to
ensure HIPAA compliance.
. Provides engineering support to Security Operations.
. Performs other related duties as assigned.
North Shore Long Island Jewish, Melville, New York
05/2013- 3/2014
Lead Security Engineer
. Leads and guides the activities and staff engaged in
designing, integrating, implementing, validating and documenting the
enterprise information systems and applications. Such as: Symantec
DLP, SIEM, Forescout, Nessus, etc..
. Ensures applicable information security design considerations
are appropriately inclusive within all new and existing computing
environments.
. Leads the composition and document life-cycle maintenance
of application/system specific security hardening guidelines.
. Reviews/validates enterprise and departmental applications to
ensure HIPAA compliance.
. Provides regulatory and best practice framework for security
operational execution.
. Provides engineering support to Security Operations.
. Recommends and implements documentation standards, policies
and procedures for enterprise security environments.
. Prepares recommendations for security enhancements and upgrades.
. Maintains standards, risk assessments, documentation and procedures
related to security for the Information Services Production,
Business Continuity, and Disaster Recovery environments.
AIG, New York, New York
12/2012- 05/2013
Security Consultant
. McAfee Data leakage protection incident management support
. McAfee antivirus incident management
. Symantec Data Leakage Protection testing
. Security Risk Analysis for HRIT
o Manage ongoing high-level risk assessments of external vendors and
pr-existing systems
o Initiatives security risk assessment questionnaires, supporting
artifacts, review risk rating, and oversee Penetration testing
o Conduct IT assurance assessments over project implementations,
developing a gap analysis and providing security requirements to
mitigate identified risks using practical cost effective controls
o Schedule and execute periodic in-depth and risk-based assessments of
existing systems
o Track efforts to remediate vulnerabilities, implement compensating
controls, or document risk acceptances against identified
vulnerabilities and/or control risks
o Understanding of security risk exposures and how vulnerabilities can
be transfer into a business risk
o Work with PM in communicating flaws in systems, document and
communicate control deficiencies identified during assessment
Time Warner Corp, New York, New York
04/2011-12/2012
Senior IT Compliance Analyst
. Symantec Endpoint Protection implementation, configuration, monitoring
and remediation of virus/worms
. Symantec DLP implementation, support and incident management
. Qualys implementation, support and vulnerability remediation
. Managing of security incident response lifecycles that include alerting,
triaging, responding, reporting, coordinating, and communicating with
internal and external stakeholders
. Lead IT Security efforts to assess existing systems:
o Manage ongoing high-level risk assessments of existing systems
o Initiatives security risk assessment questionnaires, review
applications risk rating, and oversee Penetration testing
o Schedule and execute periodic in-depth and risk-based assessments of
existing systems
o Track efforts to remediate vulnerabilities, implement compensating
controls, or document risk acceptances against identified
vulnerabilities and/or control risks
o Understanding of security risk exposures and how vulnerabilities can
be transfer into a business risk
o Work with business administrators as well as IT professionals in
communicating flaws in systems, document and communicate control
deficiencies identified during assessment
. Understand and tactically execute information security and technology
compliance goals.
. Perform quarterly SOX self-assessment testing for IT General Computer
Controls to ensure compliance-related tasks and activities are completed
in a timely manner.
. Perform troubleshooting of information security incidents and information
security problem-solving
. Educate on information security and compliance policies and procedures,
and promote awareness
. Participate in project management processes (e.g., create project charter
and detailed project plans, support project budgeting, manage task
execution, prepare and distribute stakeholder communications, etc.)
. Support existing client, vendor, and IT relationships, and achieve
desirable project results
. Perform unit and integration testing of security components
. Participate in benchmarking, evaluation and selection of new information
security tools and practices by maintaining on-going understanding of
regulations impacting information security and compliance.
Symantec -Daimler, Montvale, NJ
03/2010- 04/2011
Senior Security Solution Consultant
. Incident management - provide direct support to the client in the day-to-
day management and response to security events, vulnerabilities,
and incidents detected within the environment.
. Risk assessment - support the client in risk assessment activities to
address emerging threats, new system deployment, and analysis of existing
systems as necessary with the overall objective of providing quantitative
improvement in the client security posture.
. Symantec Antivirus Protection 11.x configuration, monitoring and
remediation of virus/worms
. Vulnerability management via Qualys- support the client vulnerability
management program to provide insight to emergent vulnerabilities and
recommendations for mitigation appropriate to the client environment.
. Remediation strategies - assist the client in developing remediation
prioritization, strategies and solutions to mitigate identified security
issues.
. Strong knowledge of NIST 800-61 publication and Carnegie Mellon CERT
procedures.
. Strong understanding of multiple Operating Systems (Windows family,
UNIX/Linux, VMWare, etc.).
. Preparing and submitting turnover reports to the next shift.
The Bank of New York Mellon, New York, NY
07/1998- 03/2010
Information Security - Technical Security Consultant II
Information Security experience with evaluating, implementing
and supporting security solutions
through the product life cycle
Enterprise 24 * 7 SMTP and HTTP Web gateway engineered and
support
Trend Micro HTTP Interscan Web Security Suite engineer with
Microsoft SQL 2005 backend DB
Symantec SMTP Mail Security 8260/8380 Gateway engineer with
MySQL backend DB
Zip Lip SMTP Gateway engineer with Microsoft SQL 2005 backend
DB
Symantec Antivirus 11.x implementation, config, supporting,
monitoring, reporting & remediation of virus/worms
Symantec Security Information Manager(SSIM) aka SESA
Administrator
ArcSight - central incident management
Forescout- endpoint management
Vontu Data Leakage Prevention integration with Symantec Mail
Security gateway
Proventia IDS/IPS firewall -monitoring, identifying,
escalating, and reporting security threat events/alerts.
BNYMellon's subsidiaries and business partner integrator
Request for Proposal and statement of work
Metrics report on Security solutions
Implementation of Preventive control/countermeasures to
ensure CIA
Change management and reporting
Auditing
Budgeting
Staying abreast with Security technologies and threats via
RSS feeds, Security vendors, Seminars,
Training institutions and attending courses at the
Universities to ensure counter measures
are in place to ensure CIA.
Supervised/Team lead by providing operational oversight for
System Security team's activities.
Wide Area Network/Lotus Notes administrator
07/1998 -07/2000
. WAN administrator for Novell 6.x and NT domains
. Managing and set up network access for users
. Created and managed containers, file and system access & login scripts
. NDS file system security
. NFS file system security
. Users and Groups account administration
. Global Policy Administration
. Implementing Novell Distributed Print Services (NDPS)
. Using ZEN works to manage workstations
. Using ZEN works to manage applications
. JetAdmin to configure remote printers
. Use RCONJ and RCONSOLE to remotely access the server console
. Create, manage, and provide maintenance support of Lotus Notes accounts
Infinite Technology Group/The Bank of New York, New York, NY
09/1996-07/1998
PC System's Administrator/Help Desk Rep
Coordinator of software and hardware installation, configuration and
upgrades
Coordinator Data Center server connectivity: IP address, server
location
Maintain Data Centers Diagram
Liaison for the Bank of New York with various vendors
Troubleshoot user's software and hardware issues
Formulate work request to various vendors
Troubleshooted hardware and software issues
Pc acquisition and oversee hardware and software purchases
Provided LU's addresses to mainframe administrators
EDUCATION
Pace University: Master Internet-Security and Info Assurance
Grad/2009
Pace University: Network Security and Info. Assurance certificate
2006-2007
New Horizon: Win 2003 Eng, Novell, Security +, SCNP, Pen Tester, CEH
2000-2006
Linux: Linux Engineering training 07-
2005
Loyalist College and Applied Arts & Technology: ITIL certificate
06-2004
The Chubb Institute: Network Engineering certification
Grad-2003
Symantec: Symantec Antivirus certification
06-2000
Novell: Certified Novell Administrator
06-1999
Baruch College: BBA in Information Systems
Grad/1995
Contact this candidate