Resume

Sign in

Information Security Champion

Location:
Redwood City, California, United States
Salary:
175000
Posted:
August 27, 2019

Contact this candidate

Resume:

_Comet

Mobile: 650-***-****

Email:acrp7v@r.postjobfree.com

Summary:

Working as part of a team dedicated to improving product software and systems, using my expertise to improve coding practices and operational security.

Over 25 years’ experience with computer security.

Over 20 years’ experience in software quality assurance.

Over 20 years’ experience in systems administration, including Web server administration.

Skills:

Security Assessment Tools

I am familiar with OWASP guidelines, and Mitre's CWE list, and the use of many security and debugging tools to find and address design and coding security vulnerabilities.

nmap, netcat, Achilles web proxy, MetaSploit Framework, Wireshark (Ethereal) network sniffer, tools from SysInternals and Foundstone, and many others.

ZoneAlarm Extreme Security Suite, Check Point Endpoint Security

McAfee SiteAdvisor and Windows Security Suites

QA Tools

I have experience automating QA scripts and creating detailed bug reports, including analysis of system and application dumps.

Load Runner, Win Runner, X runner

Bugzilla, Clear Quest

Languages

I have written production code and documented secure coding standards for the following languages. I easily learn new languages, and can achieve fluency in two weeks of self-study.

Python

Java

C, C++

Shell scripts (C, Bourne, Bash, DOS, PowerShell)

HTML, CSS, JavaScript/JScript/ECMA script

PL/SQL

DCL

Pascal

Fortran

Operating Systems

Windows (32-bit and 64-bit), including Windows 7, Windows 8, 8.1, and Windows 10

Android (2.2 [Froyo] through 5.1 [Lollipop])

Linux (RedHat and SuSE), SPLAT (Check Point secure Linux)

Unix (HP-UX, Solaris)

OpenVMS

Education:

San Jose State University

Fields of study: Mathematics, Humanities (honors)

Dates attended: 1981 – 1987

Technical Training Courses

Agile Development

Ultimate Hacking: Windows Security

SANS Advanced Incident Handling and Hacker Exploits

Win Runner/Load Runner/Test Director

Sun Solaris 2.x Systems Administration

Accessing Internet Resources

Shell Programming on UNIX

Stratus VOS System Administration

Migrating HLL Applications to OpenVMS AXP

Amdahl Mastering Basic MVS & VM

Accelerated Oracle

GLOBALFOUNDRIES, Santa Clara, CA Oct 2017 – Mar 2019

Senior Information Security Engineer

Develop security roadmap for existing, new, and evolving applications

Assess security risks to the corporation's systems, networks, and information, and propose process improvements.

Research and document the latest vulnerabilities and threats affecting the company.

Assist team in analysis of forensic artefacts.

Provide technical leadership and oversight of cloud hosted infrastructure

Symphony Communication Services, LLC Palo Alto, California Oct 2015 – Feb 2017

Ethical Hacker

Conducted security tests using automated tools, ad-hoc tools, and manual testing.

Conducted penetration testing against different technological domains including, but not limited to, web applications, web services, iOS and Android devices, Mac OS and Windows computers, virtualized environments in the cloud.

Assisted in implementation of static source code analysis tools for languages including Java, and JavaScript.

Assessed and calculated risk based on vulnerabilities and exposures discovered during independent testing and also those reported via external assessors and security researchers.

Provided input on security controls, including compliance with cryptographic export controls, U.S./EU Privacy Shield, and Service Organization Control (SOC) level 1 and level 2.

Created required information security documentation and completed requests in accordance with requirements.

Escalated to appropriate management, and provided timely, relevant updates and periodic reports as needed.

Security Champion and QA Team Lead Santa Clara, California April 2010 – June 2015

McAfee/Intel Security

Lead a team of engineers using Agile methodology, testing applications on Windows, Android, database and web platforms (Linux), including source code analysis, code reviews for HTML, CSS, JavaScript, Java, C++, LUA, Python, and shell scripts.

Designed threat models for antimalware products, and implemented Secure Development Lifecycle, maintaining team's document repository.

Performed penetration tests, writing UNIX shell scripts for production and automation, and once I even patched buggy Python code for a time-critical deployment.

Kept up-to-date on security issues, attending Black Hat and DefCon conventions, and reading Android and Windows systems internals books.

Tested the SiteAdvisor web reputation product, including performing C and Java API tests, advising developers on POSIX compliance features supported in NTFS, and also avoidance of SQL injection and Cross-site Scripting (CSS) issues with Unicode.

Zone Labs/Check Point Software Technologies Ltd San Francisco, California March 2004 – March 2009

Security QA

Managed QA team for consumer and enterprise security products. Under my mentoring, two direct reports were promoted to team lead, and the automation group's performance was greatly improved.

Orchestrated changes in the Belarus development center to integrate with global QA, focusing on development QA testing and reporting. Attended various management classes including: Leadership, Managing change, Holding Effective Meetings, and Time Management.

Assisted major Fortune 500 customers on-site with rollout of installations and upgrades of an enterprise firewall suite, channelling feedback to the development team for product improvements.

Performed functional, design, and performance QA of consumer and enterprise security products. This included full disk encryption, network firewall, antivirus, anti-spyware, browser virtualization and anti-phishing features.

Received award for completing Common Criteria (CC EAL4+) evaluation under budget and seven months ahead of schedule. This was a matter of critical importance for the company, to be in compliance with U.S. Government directives.

Maintained security knowledge through Foundstone’s Ultimate Hacking training and attendance of DefCon and Black Hat briefings. Created and presented internal training both locally and internationally for QA, IT, and Development staff on various topics including: format string exploits, cross-site scripting (XSS), Unicode and local code page handling, file scanning evasion, and XML and database injection.

Oracle Corporation Redwood City, California October 1991 – August 2003

Sr. Security Analyst, QA Specialist, Developer, Sr. Technical Support Analyst

Co-authored secure coding standards for Java, C, PL/SQL, and various operating systems, ensuring that Oracle’s software had state-of-the-art security, training developers and Webmasters.

Wrote external security alerts, and coordinated responses to external researchers. Evangelized security as part of cross-organizational team. Lead Birds-of-a-Feather discussion on tiger team penetration testing, for SANS Black Hat symposia.

Performed design audits and penetration tests to assess security risks of both internal production systems and software products, with stop-ship authority when any severe vulnerabilities were discovered. Coordinated work of Y2K team.

Designed and implemented Oracle's first corporate Support Web site, porting CERN Webserver C code to OS/2.

Performed on-site bug remediation, including source code analysis of customer applications. Authored and presented white paper on database backup and recovery at DECUS Symposia.

Processed customer support for all Oracle products on all supported platforms, including installation, performance, and troubleshooting, handling of down production databases during off-hour and weekend support calls for all global customers.

Adaptec Corporation Milpitas, California August 1990 – May 1991

Systems Administrator

Supported VMS and FORTRAN applications, installing PROMIS and COGNOS Powerhouse.

Maintained MicroVAX 3800 and DECserver 200 machines in production environment.

Independent Security Consultant

Analysed forensic data after a security incident, reconstructing the attack.

Recommending changes in IT, HR, and physical security policies.

Performed data recovery.

KLA Instruments Corporation Sunnyvale, California June 1988 – August 1990

Systems Manager

Managed DECnet and Local Area VAXcluster.

Performed backups, tuning, and software updates on MicroVAX, VAXstation, and VAX 11-780 computers.

Evaluated, purchased, and installed hardware and software for engineering environment, including rewiring VAX 11-780 backplane for CPU acceleration.

Developed real-time reminder facility, spelling checker, multi-window character-based system for multitasking, and automated backup script.

General Electric, Nuclear Energy Division San Jose, California January 1986 – May 1988

Senior Systems Operator

Advised programmers on VMS run-time library, RMS, system services and utility usage and optimization.

Performed swing shift operation and management of VAX 8600, VAX 8500, VAX 11/785 and MicroVAXen.

Developed tools using C, DCL, Fortran, Pascal, and VAXTPU.



Contact this candidate