Sign in

Information Security Engineer

Baguio, Benguet, Philippines
March 20, 2020

Contact this candidate


“Diligence and hardworking is the key to success”

MyTown Amsterdam – 359 Panay St. Brgy. Pitugo, Makati City

Mobile no. +639********* Email:

Nationality: Filipino Civil Status: Single

Date of Birth: November 4, 1978 Height: 5’8

Place of Birth: Manila Weight: 165 lbs.

Certified Information System Security Officer – Mile2 Cybersecurity

Certification # 645900 Exam Taken: March 4, 2017

Information Technology Infrastructure Library 4 Foundation

Certification # GR671056344AT Exam Taken: September 06, 2019


Bachelor of Science and Computer Science



Project 8, Quezon City


Talipapa, Novaliches, Quezon City

July 15, 2019 – Present Trends and Technologies, Inc

Cyberthreat Hunter

Job Description:

Review asset discovered and vulnerability assessment data.

Explore ways to identify stealthy threats that may have found their way inside the network/system, without detection, using the latest threat intelligence.

Conduct penetration test on production system to validate resiliency and identify areas of weakness to fix.

Proactively collect, assess and communicate information security related intelligence to reduce the risk exposure and to prepare potential security threats.

Review the Security architecture and provide Threat Modeling for new established system from different client.

Conduct Secure coding and manual review for other clients.

July 16, 2018 – November 16, 2018 Teletech Holdings, Inc.

Senior Information Security Engineer

Job Description:

Comprehend and enforce applicable laws, regulation, and compliance relating to IT Security and Privacy, liaising closely with Legal.

Evaluate security needs and recommend cost effective mitigating controls.

Work directly with IT staff to implement processes and procedures to cost-effectively protect information systems assets from intentional or inadvertent modification, disclosure.

Ensure data privacy for our clients’ customer data and our own intellectual property and other confidential data.

Liaise with IT and compliance staff to ensure audit preparedness

Oversee and assist in the configuration and administration functions for specific security tools.

Assist Risk Management with fraud detection, documentation, and prevention.

Oversee a training program for personnel with significant responsibilities to keep them current with the emerging threat landscape that is present within the corporate environment

Develop, maintain and oversee information security policies, procedures and control techniques to address all applicable security and compliance requirements

Collaborate with and advise a security operations program that through automated and continuous monitoring that can detect, contain, and mitigate incidents that could compromise sensitive data, or impair information systems

Engage in the mentoring of security operations engineers and operational staff on security concepts and techniques

July 31, 2017 – July 11, 2018 AIG Shared Services Philippines, Inc.

Security and Compliance Sr. Tech. Analyst

IT Security Analyst (5)

Job Description:

Provide security assessments on the following: 3rd Party Vendor Security Assessment (EAS/SAQ) Software Security Assessment (SSA) Application Scanning Request (APPSCAN, Veracode, Burp Suite) Exception Request (EX-REQ).

Perform and Review IT Security Risk assessments.

Perform audits of IT systems and/or related operational process controls including analysis and reporting.

Implements processes and methods for auditing and addressing non-compliance to technology and security standards.

Assess the current operation and security controls, including policies, procedures, and organization and make recommendations for improvement.

Conduct Secure Coding and Input Validation: ASP.NET, Java, XML, HTML5/CSS, C# (Visual Studio)

Manage the team and the team deliverables. Ensure to meet the business partners service level of agreement, help address the issues and escalations.

Ensure timely generation and submission of reports (daily, weekly, monthly and quarterly)

Generate report and communicate the findings and recommendations to stakeholders.

Recommend security policy changes and enhancements based on lessons learned, observations and key documents obtained as part of the assessments to Senior IT Security Risk Analyst.

Coordinate with Stakeholders and 3rd party Vendors Requirements

Conduct DAST/SAST for Cloud and On-premises Infrastructure.

Coordinate with the assesse/auditee teams for resolution per findings

Deliver assessments with highest quality and following key risk appetites from different internal business units and across multiple geographical areas with different regulatory requirements.

Deliver assessments on time and on budget, without compromising the quality of the assessments

Escalation of potential project risks/challenges to Information Security Lead FINANCIAL

Shearwater Health, Inc.

August 01, 2016 – August 01, 2017 Formerly HCCA Health Connection (Philippines)

Information Security Engineer – II

Job Description:

• Detect, assess, investigate and resolve security incidents.

• Administer Security tools and technologies.

• Evaluate, recommended and deploy security tools and technologies.

• Collect and analyze system / application security logs.

• Responds to the security incident; perform forensic activities and root cause analysis.

• Ensuring implementation and compliance to the company's information security policies, associated regulations and standards.

• Work with IT Operations team to reduce risk to information asset by implementing controls e.g. encryption, network segmentation, access controls, and patch and vulnerability management.

• Proactively manage and mitigate threats to information security and vulnerabilities of information system, to prevent loss of confidentiality, integrity and availability of information asset.

• Contribute to the development and delivery of training and awareness on information security and data protection.

• Investigation and respond appropriately to the third-party vulnerability.

• Monitor industry trends and threat landscape and recommended.

June 22, 2015 – April 15, 2016 Accenture, Incorporated

Level -9 Team Lead (Security and Risk) – Infrastructure Security

List of the Client Projects

Security Team Lead – Compliance and Business Continuity – Client Data Protection

CIO – Global Information Security

Roll-in November 4, 2015 – April 15, 2016

Job Description:

Creates and/or provides inputs to yearly assessment plan

Monitors and ensures completion of assessments as specified in the plan

Conducts internal assessments on information security and other related standards/frameworks

Prepares assessment reports and reviews others’ assessment reports for completeness, accuracy and compliance of Information Systems (IS) Auditing Guidelines

Reviews the adequacy of action plans

Handles complex and non-standard (ad hoc) assessments and other security-related services

Provides inputs in the resolution of assessment issues/concerns

Leads the assessment analysis on common security gaps and root causes

Recommends solutions in security-related issues based on the result of assessment analysis

Provides regular updates to the Assessment Lead on status of the assessment and escalate issues for proper disposition and action

Provides guidance to junior assessor to ensure that there is appropriate understanding of the standards and/or framework that is being followed in the delivery center

Provides support to junior assessors on the analysis of findings/security gaps and action plans

Provides support in building the skills of assessors

Identifies areas for improvement on the processes and tools used by the team

Supports the design, implementation, operation and maintenance of the Information Security Management System based on the ISO/IEC 27000 series standards, including certification against ISO/IEC 27001 where applicable

NECDL – RUN – Infrastructure Services

Infrastructure Lead – Managed Security Operation

July 3, 2015 – October 30, 2015

- Managing client's Cloud infrastructure through Monitoring, Incident Management, Change Management,

- Generate reports for Weekly Security Status, Infrastracture Healtcheck

- Monitor and Investigate the Security Alerts and escalate to the 3rd Party Solution

- Patching deployment for security related issues.

- Review and generate reports for monthly vulnerability scanning by the 3rd party and plan the appropriate action regards to patching, hardening or any Security Related issue.

- Review the Adding and Deleting LDAP account integrated in the following applications:

Jboss, RedHAT Servers, OpenCMS, Quartz Mgr, Splunk, etc.


-Platform used RED HAT LINUX, OpenLDAP 2.3.43, JXplorer, AIDE Audit implementation

-Knowledgeable in Monitoring: Splunk

-Change Management and Patch Management

March 10, 2014 – March 31, 2015 Emerio Philippines Incorporated

(Hewlett – Packard Philippines, Inc.)

Senior Information Security Analyst

Job Description:

Ensure knowledge and implementation of security policies and standards

Ensure awareness of Security fundamentals for all employees in the Delivery Center.

Conduct Security Risk Assessment using vulnerability assessment tools and penetration testing

Handle policy deviations through standard risk assessment/Exception to Policy process.

Facilitate security audits and review, track mitigation within the organization until Resolution, Analyze vulnerability scan reports

Work delegation and managing Junior Information Security.

Conduct coaching for Junior Information Security

Other Task :

Anti-Virus Support (End Point Threat Management)

Manage End Point Security environments and deliver services using End point Security tools (McAfee EPO, EPTM, HIPS, BIT9)

Maintain and manage changes in running environments

Prevent incidents or, when they occur, work on and resolve complex incidents

Provide 2nd and/or 3rd line support, including monitoring, reporting, tool administration. This is most often done without direct interaction with the end-users.

Maintain a clear documentation of processes and procedures. In delivery, follow the agreed processes

October 29, 2012 – December 30, 2013 Primover Consultancy, Inc.

Globe Telecom, Inc.

IT – Security Analyst (Security Risk Assessment)

Job Description:

Acts as security consultant for project team to ensure that projects are aligned and in compliance with Companies Information Security policies, standards and procedures (such as ISO 27001, PCI-DSS, etc.).

Provide data security design input, consulting, review and mitigations.

Develop a basic understanding of the information to ensure that proper controls are implemented

Assists project teams handling development or rollout of IT systems in identifying and addressing information security risks prior to implementation and reviewing project documents and Network topology and business process in conformance with secured environment.

Ensures security requirements are properly communicated, embedded in project delivery and SDLC process and update the Team on latest security news and cybercrime law both local & abroad.

Monitors vulnerability and software updates from vendors, industry sources and conduct vulnerability/threats research and mitigations.

Implement the security measure such as Operating System/DB & Application Hardening Procedure (Windows 2003/2008/2012, Linux (Red Had, CEntOS, Slackware, SuSe etc.) Oracle, MS SQL, MS Exchange Server 2003/2008/2012)

Perform vulnerability Scanning using Vulnerability Scanning tool to address and mitigate the risk found.

May 28, 2012 – October 25, 2012 Affiliated Computer Services, Inc. – A Xerox Company

Information Security Sr. Analyst

Job Description:

Identifies potential information and network security vulnerabilities.

Develops and implements solutions to mitigate risks and enhance system security.

Analyzes and resolves data, application, computer, and network security problems and issues.

Administers security policies to control access to systems.

Provide best practice support services for the systems under management responsibility.

Ensure changes to processes are planned and implemented in a sound low risk manner, without creating end-user issues.

Provide implementation support on approved projects involving data share structure changes.

Follow and observed various compliance standards like SOX, HIPPA, ISO27001 are and how they are intertwined with our job function.

Jan 23, 2012 – March 27, 2012 STEFANINI PHILIPPINES, INC

Windows Server Specialist

Job Description:

Monitor Operations, manage incidents, and perform Level 1 Windows Server Administration tasks

Manage the services on Active Directory top-level domain structure and perform administration on active directory lower-level domain structure

Administer Web server

Administer File server

Administer Print server

Administer Backup software

Follow incident or request management process; perform initial classification and prioritization of tickets; then attempt to resolve or fulfill the incident or request, respectively

Escalate tickets to appropriate resolver groups and progress to closure with users

Inform Knowledge Analyst where Knowledge is not available for incident resolution or request fulfillment

Record accurate details of calls (e.g., user, asset, resolution, user satisfaction information)

Assist Global Service Desk Analysts and Incident Controllers in the management of any issues through to conclusion

Work with Global Service Desk Incident Controllers in processing major incidents, including ticket ownership, escalation, and follow-through to conclusion

Ensure proper escalation of all operational and technical calls within Global Service Desk and Level 2 escalation groups

Perform other related duties as assigned or requested

Collaborating with the IT Directors, Managers of different dealer for implementing new system integration, and upgrading patches.

August 20, 2010 – July 30, 2011 EUROWINDO LTD. Vietnam

IT – Support

Job description:

Installation / troubleshoot/ maintaining /re-image PC client/Server.

Adding user account/ resetting password using Active Directory (Windows Server 2008 R2) and creating group policies for each department/ setup email account using MS Exchange Server 2010.

We setup VPN for the Executive position

Supporting employees with other IT concern and educate the policies and procedure.

Do routing procedure on Router and VLAN connection on switch.

Regular monitoring for its Server Farm and internet connection per site.

Weekly backup for its server role by remote/ onsite.

June 16, 2008 – February 22, 2010 APAC Customer Services, Inc. (CUBAO)

IT – Helpdesk Analyst

Job description:

First contact point for any IT related concerned to all APAC employees and Agents globally via phone, email or onsite.

to meet the SLA target for its IT concerned by the Employees and clients

Carefully observed HIPAA procedures for our HealthCare Client

Supporting the remote connection through at-home agents and VPN connection

Monitoring the Status and the condition of Servers/ Network Devices using ORION, NAGIOS web tools and troubleshoot the possible problems with the Help of Network / Server administrators.

Giving permission or restrict accessing any resources on the file server (Shared folders/SAN storage).

Configuring emails on the Exchange Servers on the PC or Blackberry phones

Create Account, Resetting and unlocking password using Active Directory (Windows 2003/ 2008), Citrix XenApps

Other responsibilities (onsite – job):

oAssisting Desktop Support level 2 to install application (like Citrix, CRM, PBS, and other Client Application), and PC re-imaging, deployment and patch update by remote or site.

o Assisting Telecom regarding configuring extension number on the VOIP (Avaya Phones), and set-up Conferencing Bridge using Avaya Workstation/ PABX.

oAssisting the Network Admin configuring network connection and routing procedure, VLAN configuration based on the requirement by the ISP and other Client.

oAssisting the Systems Administration by deployment of new servers, backup & restore files using TSM application and clustering.

November 19, 2007 – January 10, 2008 MSI – ECS

Product Support Engineer

AutoCAD, Trend Micro anti – virus and Apple Mac/ Trend

Micro/IBM – HP Servers

Job Description

Conduct pre-sale presentation on IT products ( SMB and Enterprises Product ) /Servers / and computers

Do client calls(onsite support) for installation and configuration ( updating patch on all servers)

Answered inquiries about the client need for their setup.

January 8 – October 15, 2007 ACQUIRE ASIA PACIFIC

ADSL – Technical Support

February 22, 2005 – January 8, 2007 LINK2SUPPORT, INC.

(LINKSYS – A Division of Cisco Systems, Inc.)

(Technical Support Representative)




October 21 – 25, 2019 Certified Ethical Hacking v10

SAS Management

August 26 - 29, 2019 Information Technology Infrastructure Library 4 Foundation

Trendsnet, Inc.

February 27 – March 4, 2017 Certified Information Security System Officer – MILE2 Cybersecurity

WorldTech Information Solutions, Inc.

Sept. 29, 2010 – March 10, 2011 Microsoft Power Package training (Windows Server 2008/MS Exchange 2010/MS SQL Server 2008)

NIIT - Vietnam

Sept. 26 - December 15, 2009 CISCO Training Exploration 4

Mapua Institute of Technology - IT

July 18 – September 5, 2009 CISCO Training Exploration 3

Mapua Institute of Technology - IT

April 25 – July 25, 2009 CISCO Training Exploration 2

Mapua Institute of Technology - IT

January 8 – March 5, 2007 CISCO Training v3.1 (CISCO – 1)

Mapua Institute of Technology – IT

January 2002 Web site of E-marketing Corporation

STI – College Recto

System Analysis and Design

Knowledgeable in Implementing DNS, DHCP, Domain Controller (Active Directory), File Server,VPN (remote Connection), Back up and restoration on Windows Server 2012/2016.

Knowledgeable on EMAIL Server (Office 365)

Knowledgeable in ISO 27001:2013 Information Security Management System, ISO 22301:2012 Business Continuity Management, MITRE Framework, and Cybersecurity Killchain.

Knowledgeable VB.NET, XML, HTM5/CSS, Java

Knowledgeable in SPLUNK Monitoring/ SIEM, McAfee ESM.

Proficiency in McAfee ePO, GTI (Global Threat Intelligence), RSA Fraud and Risk Intelligence, and DarkTrace.

Knowledgeable of IT Project Management, IT infrastructure, and Risk Assessment.

Specialized in CyberKillChain, OWASP Top10, MITRE ATTACK, and BSP Circular 982.

Excellent in Customer Services and handling cross-cultural.

Knowledgeable in Security Architecture/Threat Modeling.

Excellent communication skills in English, Vietnamese and Khmer (verbal and written)

Honest and team player

Knowledgeable in Cloud Computing (AWS, and TELSTRA)

Knowledgeable in Vulnerability Scanning tool (NMAP, Qualys, Veracode, AppScan, Nessus)

Knowledgeable in Penetration Testing (Metasploit, Acunetix)

Knowledgeable in Malware Analysis and Reverse Engineering using PEStudio.

Knowledgeable in software/hardware troubleshooting (Server /PC).

Playing and coaching basketball, badminton and other musical instrument like drums, and keyboard.

Reading books, bible, newspapers, or any other articles.

Surfing Internet, chat with other people and photography

Name Position Company Contact no.

Kester Pechardo Windows Server Admin APAC Customer Services, Inc. 091********

Ferdinand Samaniego Instructor Bitshield Security Consultant, Inc 090********

Paulo Gadia Immediate Supervisor Globe Telecom, Inc. 091********

I hereby certify that the above statement is true and correct to the best of my knowledge and belief.



Contact this candidate