Warren White

Apollo Beach, Fl *****

Phone: (***) 452- 8822 ad3f4l@r.postjobfree.com

linkedin.com/in/warren-white-010

SUMMARY

Sr. Application Security Engineer with 8 years of security-focused experience who is passionate about learning, mentoring, and problem-solving. A creative problem solver who is autonomous and collaborative when securing application workflows. to. A strong collaborator with peers and cross-team support with a drive to complete projects on time using best practices. Well-versed in identifying, defining, requirements, and authoring policies. Experience developing and maintaining cloud-native software solutions using Infrastructure as Code like Terraform, CloudFormation, and others.

EDUCATION

Saint Leo University

M.S., Cybersecurity December 2016

B.A., Psychology August 2013

Certifications

AWS Cloud Solutions Architect Anticipated Mar 2024

CORE COMPETENCIES

Working knowledge of Python, JavaScript, Terraform, CloudFormation, IaC, web GUI development

SME for AWS Cloud Security, Vulnerability Management, Audit Compliance, Git Security

Strong Knowledge: Software Development, CI/CD pipelines, SDLC, OWASP Top 10, threat modeling

Focus: Vulnerability Management, Automation, Cloud Posture Management, Infrastructure as Code

Tools: AWS Cloud Native Tools, Microsoft Sentinel, Forta, Armor, Oracle Cloud

Excellent skills: Written, verbal, collaborative, work individually, receptive to feedback

Knowledgeable: SCA (Software Composite Analysis), SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and aggregation of vulnerability findings

PROJECTS

Used IaC microservices with CloudFormation, Terraform, and Step Functions to automate security

Worked within Agile-driven product teams to automate tasks within the role

Used Python to parse vulnerability reports to automate reports and make sense of data

Reviewed static analysis of source code with developers for vulnerabilities weekly

Created and managed internal security policies, standard operating procedures, and runbooks

Developed and delivered status reports, metrics, KPIs to business leaders and stakeholders

Identified areas of risk within the business infrastructure with business leaders, stakeholders

Lead security-focused meetings, articulating the value of security investments

PROFESSIONAL EXPERIENCE

Sr. Cloud Operations Security Engineer - Automation

2nd Watch

10/2021 to 12/2023

Led Agile Scrum meetings for planning, risk identification, driving tasks to completion, solutioning, estimating times

Led Application Security meetings for code review, recommending solutions, reviewed with multiple teams

Developed Python automation scripts using Visual Studio that creates an Excel file from a csv, to interpret and make sense of large sets of data, and sign into API’s

Used IaC to implement cloud-native and external tools to automate tasks and build environments

Worked with clients databases: Oracle, MySQL, PostreSQL, Redis, Elastisearc, MySQL, MongoDB

Python libraries: Numpy, Pandas, Matplotlib, Boto3, Regular Expressions

Designed, wrote, executed, and recorded manual test cases

Able to translate complex designs to make them easy to understand for non-technical stakeholders.

Oversee the design and implementation of security measures for client cloud environments

Created and implemented policies, procedures, knowledgebases, internal documentation

Project managed client’s cloud posture to follow security recommendations from tools utilized

Used forward thinking for proactive security and scaling measures within cloud environments for clients

Sr. Cloud Security Operations Engineer

CrossBorder Solutions

11/2020 to 08/2021

Ran Agile SCRUM meetings to gather requirements, prioritizing tasks, risk identification, drive tasks to completion, propose solutions, and estimating time-frames.

Led Application security meetings to implement new initiatives and evaluate current code

Used IaC to implement cloud security tools within the environment and managed alerts

Developed scheduled vulnerability remediation plans, and audit programs from remediations

Created and implemented policies, procedures, knowledgebases, and an internal audit program

Worked closely with development teams to ensure security best practices were maintained

Assisted sales teams by furthering knowledge of our security posture and related questions

Continually promoting a strong security-first mindset, establishing and maintaining a culture of security awareness and education among employees

Cyber Security Incident Response Engineer

Hays

02/2020 to 12/2020

Utilized Splunk to traverse proxy logs in response to internal user incidents reported by SIEM tools

Participated in Agile SCRUM meetings with product owners

Used OSINT tools to research suspicious links, emails, IP addresses, and user activity

Ensured compliance for HIPAA, SOX, PCI, and related security legalities

Utilized Azure Entra ID (AD), Symantec, FireEye, Splunk, Exchange, CyberArk, Proofpoint, AWS Services, CloudTrail

Worked collaboratively with other departments on application security initiatives

Quarantined and investigated user assets for malware, virus, suspicious activity

Kept up to date with the latest industry knowledge and news to maintain and improve SOPs

Created and maintained security policies, guidelines, and plans to promote security best practices

Educated end users on proper techniques to look into phishing emails and avoiding suspicious links

Infrastructure / Security Engineer

Targit

06/2019 to 01/2020

Participated in Agile SCRUM meetings with product development teams

Worked with multiple databases: Oracle, MySql, PostgreSQL, MongoDB, Redis

Parsed logs and code for testing and solutioning with Targit SaaP product owner teams

Reviewed client tickets for Targit SaaP, collected logs, relayed information to development teams

Implement, plan, maintain, and upgrade internal infrastructure security measures using IaC

Logged into client environments using secure VPN processes to install, maintain, fix, or record issues with Targit SaaP.

Created, and utilized PowerShell scripts for account automation and Windows Server administration

Administration and maintenance of the internal server, firewalls, network, and web services

Deployed third-party anti-malware software for endpoint scanning

Worked within Windows, Linux, AWS, Azure, on-prem

Security Analyst

Taylor Morrison

10/2017 to 05/2019

Reviewed and tested Taylor Morrison SaaP and code to review end user bug reports

Managed Access Control for the organization’s internal users and third-party vendors using IaC

In charge of network architecture, firewalls, proxies, access points, gateways, load balancers

Worked collaboratively with multiple teams to drive tasks to completion

Performed investigations and recommended corrective actions for security incidents

Developed documentation for best practice, policy, procedures, and tutorial knowledge base

Escalated incidents to different teams for further investigation

Created onboarding and cleaning automation scripts using PowerShell

Technical Support Specialist

KnowBe4

04/2017 to 10/2017

Reviewed client reported bug reports, testing, and escalating to software engineers

Worked on pre-defined policy changes and assisted with security processes and programs

Performed mentoring, walkthroughs, webinars, presentations, and tutorials for security awareness

Troubleshooted and emailed clients, analyzed anti-virus software, firewalls, proprietary software

Configured SSO/SAML, Virtual Machines, test environments, Active Directories, browser plugins

Monitored, and maintained knowledge of global security threats, vulnerabilities, and countermeasures

Intake Specialist

North Tampa Behavioral Health

09/2013 to 04/2017

Analyzed, assessed, and triaged clients to formulate treatment plans while maintaining HIPAA

Maintained scheduled appointments, excelled in time management, improved workflows

Prepared detailed summaries and reports with an interpretation of analytical data

Spoke with clients over the phone from inbound calls and conducted cold calls

Remained calm in high-stress situations with consistent effective communication

Instrumental in developing intake policy, processes, procedures, and operational improvements

Contact this candidate