Warren White
Apollo Beach, Fl *****
Phone: (***) 452- 8822 ad3f4l@r.postjobfree.com
linkedin.com/in/warren-white-010
SUMMARY
Sr. Application Security Engineer with 8 years of security-focused experience who is passionate about learning, mentoring, and problem-solving. A creative problem solver who is autonomous and collaborative when securing application workflows. to. A strong collaborator with peers and cross-team support with a drive to complete projects on time using best practices. Well-versed in identifying, defining, requirements, and authoring policies. Experience developing and maintaining cloud-native software solutions using Infrastructure as Code like Terraform, CloudFormation, and others.
EDUCATION
Saint Leo University
M.S., Cybersecurity December 2016
B.A., Psychology August 2013
Certifications
AWS Cloud Solutions Architect Anticipated Mar 2024
CORE COMPETENCIES
Working knowledge of Python, JavaScript, Terraform, CloudFormation, IaC, web GUI development
SME for AWS Cloud Security, Vulnerability Management, Audit Compliance, Git Security
Strong Knowledge: Software Development, CI/CD pipelines, SDLC, OWASP Top 10, threat modeling
Focus: Vulnerability Management, Automation, Cloud Posture Management, Infrastructure as Code
Tools: AWS Cloud Native Tools, Microsoft Sentinel, Forta, Armor, Oracle Cloud
Excellent skills: Written, verbal, collaborative, work individually, receptive to feedback
Knowledgeable: SCA (Software Composite Analysis), SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and aggregation of vulnerability findings
PROJECTS
Used IaC microservices with CloudFormation, Terraform, and Step Functions to automate security
Worked within Agile-driven product teams to automate tasks within the role
Used Python to parse vulnerability reports to automate reports and make sense of data
Reviewed static analysis of source code with developers for vulnerabilities weekly
Created and managed internal security policies, standard operating procedures, and runbooks
Developed and delivered status reports, metrics, KPIs to business leaders and stakeholders
Identified areas of risk within the business infrastructure with business leaders, stakeholders
Lead security-focused meetings, articulating the value of security investments
PROFESSIONAL EXPERIENCE
Sr. Cloud Operations Security Engineer - Automation
2nd Watch
10/2021 to 12/2023
Led Agile Scrum meetings for planning, risk identification, driving tasks to completion, solutioning, estimating times
Led Application Security meetings for code review, recommending solutions, reviewed with multiple teams
Developed Python automation scripts using Visual Studio that creates an Excel file from a csv, to interpret and make sense of large sets of data, and sign into API’s
Used IaC to implement cloud-native and external tools to automate tasks and build environments
Worked with clients databases: Oracle, MySQL, PostreSQL, Redis, Elastisearc, MySQL, MongoDB
Python libraries: Numpy, Pandas, Matplotlib, Boto3, Regular Expressions
Designed, wrote, executed, and recorded manual test cases
Able to translate complex designs to make them easy to understand for non-technical stakeholders.
Oversee the design and implementation of security measures for client cloud environments
Created and implemented policies, procedures, knowledgebases, internal documentation
Project managed client’s cloud posture to follow security recommendations from tools utilized
Used forward thinking for proactive security and scaling measures within cloud environments for clients
Sr. Cloud Security Operations Engineer
CrossBorder Solutions
11/2020 to 08/2021
Ran Agile SCRUM meetings to gather requirements, prioritizing tasks, risk identification, drive tasks to completion, propose solutions, and estimating time-frames.
Led Application security meetings to implement new initiatives and evaluate current code
Used IaC to implement cloud security tools within the environment and managed alerts
Developed scheduled vulnerability remediation plans, and audit programs from remediations
Created and implemented policies, procedures, knowledgebases, and an internal audit program
Worked closely with development teams to ensure security best practices were maintained
Assisted sales teams by furthering knowledge of our security posture and related questions
Continually promoting a strong security-first mindset, establishing and maintaining a culture of security awareness and education among employees
Cyber Security Incident Response Engineer
Hays
02/2020 to 12/2020
Utilized Splunk to traverse proxy logs in response to internal user incidents reported by SIEM tools
Participated in Agile SCRUM meetings with product owners
Used OSINT tools to research suspicious links, emails, IP addresses, and user activity
Ensured compliance for HIPAA, SOX, PCI, and related security legalities
Utilized Azure Entra ID (AD), Symantec, FireEye, Splunk, Exchange, CyberArk, Proofpoint, AWS Services, CloudTrail
Worked collaboratively with other departments on application security initiatives
Quarantined and investigated user assets for malware, virus, suspicious activity
Kept up to date with the latest industry knowledge and news to maintain and improve SOPs
Created and maintained security policies, guidelines, and plans to promote security best practices
Educated end users on proper techniques to look into phishing emails and avoiding suspicious links
Infrastructure / Security Engineer
Targit
06/2019 to 01/2020
Participated in Agile SCRUM meetings with product development teams
Worked with multiple databases: Oracle, MySql, PostgreSQL, MongoDB, Redis
Parsed logs and code for testing and solutioning with Targit SaaP product owner teams
Reviewed client tickets for Targit SaaP, collected logs, relayed information to development teams
Implement, plan, maintain, and upgrade internal infrastructure security measures using IaC
Logged into client environments using secure VPN processes to install, maintain, fix, or record issues with Targit SaaP.
Created, and utilized PowerShell scripts for account automation and Windows Server administration
Administration and maintenance of the internal server, firewalls, network, and web services
Deployed third-party anti-malware software for endpoint scanning
Worked within Windows, Linux, AWS, Azure, on-prem
Security Analyst
Taylor Morrison
10/2017 to 05/2019
Reviewed and tested Taylor Morrison SaaP and code to review end user bug reports
Managed Access Control for the organization’s internal users and third-party vendors using IaC
In charge of network architecture, firewalls, proxies, access points, gateways, load balancers
Worked collaboratively with multiple teams to drive tasks to completion
Performed investigations and recommended corrective actions for security incidents
Developed documentation for best practice, policy, procedures, and tutorial knowledge base
Escalated incidents to different teams for further investigation
Created onboarding and cleaning automation scripts using PowerShell
Technical Support Specialist
KnowBe4
04/2017 to 10/2017
Reviewed client reported bug reports, testing, and escalating to software engineers
Worked on pre-defined policy changes and assisted with security processes and programs
Performed mentoring, walkthroughs, webinars, presentations, and tutorials for security awareness
Troubleshooted and emailed clients, analyzed anti-virus software, firewalls, proprietary software
Configured SSO/SAML, Virtual Machines, test environments, Active Directories, browser plugins
Monitored, and maintained knowledge of global security threats, vulnerabilities, and countermeasures
Intake Specialist
North Tampa Behavioral Health
09/2013 to 04/2017
Analyzed, assessed, and triaged clients to formulate treatment plans while maintaining HIPAA
Maintained scheduled appointments, excelled in time management, improved workflows
Prepared detailed summaries and reports with an interpretation of analytical data
Spoke with clients over the phone from inbound calls and conducted cold calls
Remained calm in high-stress situations with consistent effective communication
Instrumental in developing intake policy, processes, procedures, and operational improvements