Professional Profile

Cybersecurity Engineer focused on building scalable solutions with 12+ years of experience providing actionable deliverables to boost operational efficiencies. I solve problems and communicate them clearly. Growth-oriented environments are my sweet spot. I have deep technical experience in JavaScript, Python, Bash, and continuous delivery, cloud-native architecture, and DevOps Security.

Experienced troubleshooting, scanning, and utilizing Linux systems and various Linux command-line tools. i.e., DIG, to troubleshoot network-related issues.

Proficient with Windows command-line tools such as the PsInfo command-line tool, which can be used to retrieve information about remote systems in the network.

Used different tools, like Stinger to scan for malware; tools like CurrPorts, TCPView, and What’s Running to review process monitoring; perform file hashing with HashCalc.

Performed port redirection using the netcat command-line utility available for Linux, UNIX, and Windows platforms. In Linux/Unix using the finger command to retrieve information about the system users in the network.

Used TCPView to track the port usage of devices. This displays the entire list of all Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) endpoints on devices.

Configured Firewall Rules using Windows Firewall (w/Advanced Security), Remote Desktop, and the Command Line Interface.

Operated Microsoft Baseline Security Analyzer (MBSA) checking for available updates to the operating system, Microsoft Data Access Components (MDAC), MSXML (Microsoft XML Parser), .NET Framework, and SQL Server. MBSA also scans computers for insecure configuration settings.

Conducted system hacking by means of malware (IDA Pro) and trojan analysis tools; monitored ports and processes; monitored and protect files and folders.

Configured the TFTP (Trivial File Transfer Protocol) server to plant a backdoor on a victim’s computer system.

Experienced scanning networks using Nmap, Hping3, Nikto, OpenVas and other various network scanners to view open ports, running services, troubleshooting, and network connectivity.

Performed banner grabbing using tools such as telnet, Netcat, and Nmap. Performed to retrieve information about a computer system on a network to mitigate vulnerabilities and prevent attackers from gaining banner information.

Used Nmap to identify operating systems (OS) running on remote hosts.

Used the PoF tool to identify operating systems (OS) also running on remote hosts.

Observed PCAP files, logs and active real-time traffic patterns using WireShark.

Used the Cyber Kill Chain to better understand and combat ransomware, security breaches, and advanced persistent attacks (APTs).

Incorporated FireEye Threat Intelligence subscriptions and services to address all aspects of our threat intelligence needs.

Installed/Used HashCalc for file checking.

Implemented/Configured/Customized DNSSEC.

Implemented application-level session hijacking for viewing cookie information from unencrypted web sites.

Competent understanding of the Public Key Infrastructure (PKI), Symmetric Cryptography, and its' uses in SSL/TLS and SSH as relates to secure access and authorization.

Well informed of new Cyber Security industry news and trends: reading various periodicals, conducting research, and experimenting using virtual labs.

Experienced in Monitoring, Vulnerability Assessment, SOC Analysis, Incident Response, and Threat Mitigation. Also, hands-on Vulnerability Assessment and Penetration Testing

Technical Skills

Security Evaluation

Compliance Evaluation, Risk Management, MBSA

Monitoring

Intrusion Detection, Intrusion Prevention, Penetration Testing, FireEye

Mitigation:

•Incident Response,

•Threat Mitigation,

•SOC Analysis,

•Vulnerability Assessment,

•Vulnerability management protection systems (e.g., Founds tone, Ecora)

•SIEM

Application Security:

•Amazon Web Services

•AWS Cloud Front; Guard

•Aws Prowler

•Proficiency with fundamental front-end languages such as HTML, CSS and JavaScript.

•Firm grasp on cloud software concepts such as Docker and Kubernetes

•Experience writing well-maintainable RESTful web services

•Developed databases using MySQL, PostgreSQL, and MongoDB

•Familiarity with JavaScript frameworks such as Angular JS & React.

•TCP/IP and networking fundamentals, LAN, and WAN networking troubleshooting.

•Familiarity with cloud-based services; (Azure; Google Cloud, GSuite, & AWS Services)

•Experience with REST APIs, JSON, Web Security, and micro-services architecture

•SQL Queries & ERD Diagrams

•Web Security Basics; CRUD Operations; MVC Framework; & Design Patterns

•Application Deployment

•Experience with Big Data technologies such as Hadoop and Elastic Search

•Experience with REST APIs, JSON, Web Security, and micro-services architecture

•HTML, CSS, and JavaScript

•DOM manipulation

•jQuery

•Consuming RESTful APIs

•Parsing JSON to extract meaningful data

•Using AJAX to update data on a website

•Converting traditional applications into progressive web applications (PWAs)

•Creating single-page applications with React

•Computer Science applied to JavaScript (data structures, algorithms)

Cyber Security Tools:

Splunk

Metasploit

Ettercap

Nmap

ELK Stack

Hping3

Telnet

Burp Suite

IDA Pro

MDM Solutions

Cyber Kill Chain

Intrusion Detection Tools (e.g., Snort, Splunk Enterprise Security (SES), Metasploit, pfSense Firewall Manager, Kali Linux, Alien Vault, ArcSight)

Hardware and software firewalls (e.g. Comodo Firewall)

Honeypot tools (e.g., KFSensor)

IDS/Firewall evasion tools (e.g. Traffic IQ)

Guidelines:

NIST 800-53 Series

Risk Management Framework (RMF)

Enterprise Mission Assurance Support Service (eMASS)

DoD Information Assurance Certification and Accreditation Process (DIACAP)

PCI – DSS

ISO 27000 series

COBIT

HIPAA

NIST 800-61 (Cloud Response In Cloud Encvironment)

Common Vulnerabilities & Exposures

Professional Experience

June 2019 – PRESENT

County of Riverside, Riverside, CA

Senior SOC Analyst

Risk Management Framework Analysis, System Control Assessments, Vulnerability Assessment and Compliance Testing.

Architect and implement secure network environments following NIST Risk Management guidelines, Security Assessment and Testing, and Continuous Monitoring.

Implemented and configure Secure Network Architecture and configuring SIEM tools using Splunk-Snort IDS/IPS.

Experienced in providing Security Related Awareness and Training to executives, stakeholder and end-users.

Knowledgeable of Vulnerability Assessment and Penetration Testing (V.A.P.T.).

Skilled in analysis of results of security, vulnerability and risk management assessments.

Able to develop mitigation strategy for security problems and create Incident Response Plans.

Use of both Cyber Kill-Chain and Diamond Model for event correlation.

Use of Splunk dashboards, visualizations, with the ability to configure Splunk for specific uses and reports.

Familiar with various cyber security tools including, Splunk, Snort, Nessus, WireShark, Metasploit, and Deployment of the ELK stack.

Experience in working with AWS cloud security and Cloud response models (NIST SP 800-61).

Experienced in the NIST Risk Management Framework (RMF) process regarding FedRAMP for cloud computing services to ensure safeguards.

Experienced in performing cybersecurity network engineering.

Organized and compiled the documents required for the authorization package and authorization letter for submittal to the Authorizing Official (AO) to approve system operations under NIST RMF 800-37, for security controls.

Evaluated cloud computing services, cloud service providers, and cloud brokers using the CSA CCM domains to align the VA’s cloud-based needs with regulatory security compliance and in accordance with NIST framework for cloud computing networks.

09/2017 – 05/2019

Security Advisor for Application Development

VMware, Richmond, VA

Designed and created applications and then tested the product for functionality and errors. Ensured that performance and security were functional within the secure coding practices.

Interpreted application use cases into functional applications, including business functioning workflows.

Designed backend coding with JavaScript and Python to create APIs for clients to fetch data from servers etc.

Utilized Microsoft Visual Studio (.NET Framework), Python, and JavaScript code.

Utilized Fuzzing to test generated random inputs based on custom patterns and checking whether the application can handle such inputs properly.

Implemented secure web protocols such as Perl, HTTP, SSL/TLS, HTML, in secure coding practices.

Utilized Burp Suite to display HTTP messages, persistence, authentication, proxies, logging, and alerting.

I helped with bugs and bottlenecks using GitHub to help with solutions to coding problems.

Used Selenium to record, edit, and debug tests, along with recording and playback of its scripts.

Utilized Bootstrap to create CSS forms, buttons, and navigation, for page layouts.

Collaborated with development team through GitHub to maintain version control for different projects.

Preformed Static and Dynamic testing to analyze code at fixed points/simulate controlled attacks on a running web application during its development.

Applied Fortify Static Code Analyzer to identify and pinpoints security vulnerabilities in source code early in the software development lifecycle.

Used Software Security Assurance to resolve security vulnerabilities.

Utilized Fortify WebInspect for dynamic application security testing.

Created style forms using CSS3 to give websites a more user-friendly look colors, fonts.

April 2015 – June 2017

UCLA Health, Los Angeles, CA

Senior Security Analyst

Monitored network traffic for security events and perform triage analysis to identify security incidents with respect to Confidentiality, Integrity, and Availability.

Responsible for detecting successful and unsuccessful intrusion attempts through analysis of relevant event logs and supporting data sources by utilizing SIEM tools such as Nessus and Splunk Enterprise.

Developed scheduled alerts, reports, and correlated searches on Splunk.

Conducted Security Control Assessments to assess the adequacy of management, operational privacy, and technical Security controls implemented using NIST 800 framework.

Assessed and updated System Security Plan (SSP) and created a Security Assessment Report (SAR) for stakeholders.

Implementation of IT Strategy and Enterprise Security Architecture.

Developed Plan of Action & Milestones (POA&M).

Created various control types (administrative controls, technical controls, physical controls).

Conducted Business Impact Analysis to determine security plan.

Performed Risk Assessments in accordance with NIST Risk Management Framework.

Familiar with Regulatory Compliance (HIPAA, FISMA, CFAA, CIPPA, COPPA, SOX, GLBA).

Experience in Report Writing (Vulnerability Reports, Executive Summaries and Penetration Testing reports).

Worked with the Incident response group in monitoring for intrusion events.

Conducted Security Risk Assessment on all new applications, IT Systems or changes to existing IT systems to verify if they satisfy the established security baseline before adoption into Corporate infrastructure.

Created report detailing identified vulnerabilities and remediation steps.

Assisted with development of the security awareness program for employees and agents.

Installed and configured of network security devices such as Firewall Palo Alto (Suite), Routers, Switches, IDS/IPS using McAfee Endpoint, Symantec Endpoint, Carbon Black, and Servers.

Monitored, analyzed, and interpreted network traffic alerts using SIEM tools

Skilled in how to collect security logs, application logs, system logs and monitors privileged users to mitigate threats

Monitored network traffic for suspicious activity by continuous monitoring with various security tools (e.g., Wireshark, Tcpdump, Splunk, ArcSight) to identify potential incidents, network intrusions, and malware events.

Monitored systems, identifying, studying, and resolving all instances/events reported by various SIEMs alerts (SourceFire, Tipping Point).

I analyzed and researched large sets of logs on end devices to detect potential malicious activities.

Conducted system security evaluations and assessments, documented and reported security findings using NIST 800 guidance per the continuous monitoring requirements.

Provided scanning of range operating systems and test beds using SCAP compliance tool and Nessus vulnerability scanner for independent security analysis.

Monitored systems, detecting, analyzing, and resolving all incidents/events reported by various SIEM tools.

March 2013 – April 2015

Ford Motor Company, San Diego, CA

Senior Security Analyst

Conducted kick off meetings to collect systems Information (Information type, boundary, inventory, etc.) and categorize systems based on NIST SP 800-37.

Followed OWASP Top 10 to develop the web portal security plan.

Provided plan to harden the network through Firewall rules and port settings, configuration of Cisco routers and switches and Windows and Linux servers.

Reviewed Disaster recovery plans (DR) and participated in Business Continuity Plan Tests (BCP).

Provided detailed technical recommendations and policy guidance to system managers to aid in the improvement of Cyber Security posture and NIST SP 800-53 (Risk Management Framework) compliance.

Developed Splunk content and correlation rules for malware and abnormal traffic detection.

Deployed, configured and maintained Splunk forwarder on different platforms.

Worked with internal stakeholders to create a matrix that mapped project requirements to National Institute of Standards and Technology (NIST) security controls.

Reviewed and updated System Security Plans (SSP) using NIST 800 series requirements.

Refined IPS/IDS rules to better detect ongoing threats.

Completed the annual cyber risk compliance program IAW NIST 800-171 and DFARS.

Working with senior leadership to ensure that cybersecurity and compliance go hand in hand.

Implemented governance, risk management, and compliance (GRC) program to help improve information sharing.

Assisted with managing, implementing, and directing physical security programs (access control) as a military contractor.

Access control to restrict entrance to a property, a building, or a room to authorized persons.

Secured keys, desktops, laptops, and other sensitive items.

Conducted risk assessments and collaborated with Management and technical team to provide recommendations regarding any changes that were being implemented on assigned systems.

Performed and analyzed vulnerability scan reports and worked with stakeholders to establish plans for sustainable resolutions.

Monitored controls post authorization to ensure continuous compliance with the security requirements by evaluating vulnerabilities through Nessus scan results and work with the IT staff for mitigation actions.

Performed threat and vulnerability analysis and providing warnings of anticipated exploitation.

Monitored and tracked security vulnerabilities to ensure affected systems are patched.

Monitored servers, network gears, and applications in the operation center environment.

Experienced in analyzing phishing emails when detected, analyze malicious links and attachments, analyze user impact via Splunk, remove phishing emails from exchange servers and block unwanted URL/IP Address.

Responsible for implementing the Risk Management Plan with an organization’s stakeholder team. Use the risk management plan, with the stakeholder team, to ensure the steps of the risk management process are conducted (Set Objectives; Risk Identification; Risk Assessment; Risk Analysis; Risk Tolerance; and Risk Mitigation).

Responsible for ensuring the team’s plan to integrate and implement OPSEC measures to protect the organization’s sensitive and/or critical information in every phase of all operations, exercises, tests, or activities.

Jan 2011 – March 2013

Exxon Mobile Corporation Seattle, WA

Senior Systems Engineers

Evaluated systems based on Risk Management 800-37 Framework (RMF).

Experienced in System Security Test and Evaluation (ST&E) and provided full security assessment.

Monitored security patch levels of the servers, workstations and network environments, and anti-virus systems.

Assisted in planning, development and security of a system that aims to establish a security infrastructure.

Developed and maintained security Implementation policies, procedures and data standards.

Executed security data management plans for the design and implementation of data collection, scheduling and review clarification and reporting systems.

Experience investigating, capturing, and analyzing events related to cyber incidents

Documented and logged technical incident detail for future reference.

Developed and implemented a complete restructure of security groups to more effectively manage domain permissions to resources.

Assessed business process to identify potential risks.

Experienced in researching emerging cyber threats to understand and present hacker methods and tactics, system vulnerabilities, and indicators of compromise

Analyzed log data from SIEM tools such as Splunk, and WireShark to identify threats and vulnerabilities on the network to prevent cyber security incidents.

Monitored the general support system for vulnerabilities and threats including patch management, weak password settings, and weak configuration settings.

Managed Security Assessment and Authorization (SA&A) process to support continuous monitoring activities in accordance with NIST and FISMA requirements and guidelines.

Reviewed and analyzing log files to report any unusual or suspect activities.

Worked with system data including but not limited to security event logs, system logs, proxy and firewall logs.

Assisted in deploying network monitoring and threat analysis.

Monitored the TCP / UDP / IP traffic and turned off ICMP protocol on servers that contained confidential business data.

Reviewed cybersecurity controls to determine if the controls were implemented correctly.

Trained users with Cloud migration, Acceptable use policy, Systems Updating, Patch Management, Social Engineering awareness and training, Password best practices, Handle Emails, Endpoint protection, Encryption, Hashing, Network Defends, etc.

Distributed weekly security status reports to executives.

Executed incident response within the incident response development (detection, triage, analysis, mitigation, reporting, and documentation).

Responsible for change management procedures by auditing and evaluating change management logs for accountability.

Organized application teams to implement encryption and tokenization solutions for level six processes on the OSI model.

Assisted in Incident Response and systems recovery to mitigate threats

Monitored traffic for anomalies based on alerts received from various sources, triggers, and tickets generated by internal government staff and endpoint devices.

Assessed and analyzed log files to report any unusual or suspect activities.

Designed and continuously upgraded standard operational processes used by the SOC.

Implemented cyber security tools (Nessus, Exabeam, Wireshark and Splunk), to facilitate the adoption of the Information System Continuous Monitoring (ISCM) approach and to support the remediation of identified cybersecurity threats and vulnerabilities.

Utilized Splunk to support dashboard, report and other capabilities to support the Cyber Security Program.

Jan 2009 – Jan 2011

VMWare Carbon Black, Boulder, CO

Cyber Security Analyst

Experienced in the creation of reports on Cyber Security events and Vulnerabilities found in vulnerability assessment scans using tools such as (Nessus, OpenVAS, Retina CS).

Investigated and analyzing Cyber Security events found in vulnerability scans and suggest countermeasures to mitigate the threats.

Penetrated tested systems and networks for vulnerabilities and auditing by performing “Footprinting,” and Scanning using tools such as Nmap, Hping3, “Whois,” lookup, Path Analyzer Pro, OpUtils, Google hacking.

Skilled in finding Cyber Security vulnerabilities and risks in computer networks and resolve those vulnerabilities by ensuring patch management, security in-depth, and updating systems.

Performed security assessments and audits for compliance with the NIST Risk Management Framework.

Followed Incident Response Plan to mitigate system breach, document findings, and perform post-incident analysis to update the Incident Response Plan.

Performed Access Control Identity Management, Penetration Testing, Vulnerability Assessment, SOC Analysis, Incident Response, and Threat Mitigation.

Experienced in evaluating systems for Cyber Security best-practices and vulnerabilities by performing system “Footprinting” and scanning with tools such as Whois Lookup, DNSstuff, Social Engineering Toolkits.

Experienced in performing log analysis, intrusion detection/prevention, and incident management as SOC Analyst by reviewing alerts from various SIEM tools.

Hands-on experience in using tools such as IDA Pro, ArcSight, Splunk, LogRhythm, AlienVault, Nessus, Wireshark, ForgeRock, Tcpdump, and Nmap.

Skilled in collecting network traffic and perform analysis from network devices such as Firewall, IDS/IPS, Antivirus, Switches, and Router traffic through Log and Event-based on TCP/IP.

Experienced with AWS Cloud Security and architectural technology.

Experienced in monitoring systems for any anomalies, proper updating, and patch management by taken systems baseline.

Proficient in using encryption and hashing tools such as the MD5 online tool, Hash Calc, and Crypto Demo.

Experienced in malware analysis including viruses, worms, trojans, botnets, and rootkits using both static and dynamic analysis.

Good background knowledge on common protocols such as HTTP, FTP, SSH, DNS, DHCP, SNMP, SMB, TLS, SSL.

Experienced in using applications such as Microsoft Office Suite/365 (Word, Excel, PowerPoint).

Skilled in Networking protocols and packet analysis tools, Computer Networking and TCP/IP stack.

Performed environmental safety operations, inspected equipment fuel levels, and replenished equipment fuel levels.

Evaluatedoperationsandensuredcompliancewithapplicableregulations.

Trained members on compliance topics, policies, and environmental safety standards.

Provided technical support for environmental remediation and litigation projects; conferred with corporations and government agencies and consulted on clean-up procedures of contaminated sites to protect personnel and environment.

Education

Master of Science (MS) Degree – Cyber Security

California State University, Dominguez Hill In Progress

Master of Arts (MA) Degree – Negotiation, Conflict Resolution, & Peacebuilding California State University, Dominguez Hill In Progress

Bachelor of Arts (BA) Degree – Political Science & Law and Society

University of California, Riverside

Technical Writing Program

California State University, Dominguez Hill – Carson, CA

Cybersecurity Certificate

California State University, Dominguez Hills – Carson, Ca

(USC) Data Analytics Boot Camp, Certificate of Course Completion Viterbi School of Engineering, University of Southern California, Los Angeles – Ca

(UCLA) Full-Stack Software Developer Boot Camp, Certificate of Course Completion

University of California, Los Angeles – CA

(UCLA) Cyber Security Boot Camp, Certificate of Course Completion

University of California, – Los Angeles, CA

Certifications

CompTIA Security+

Splunk Fundamentals Part 1 Certified

Certified Ethical Hacker (CEH) In Progress

Training

Microsoft Azure Fundamentals AZ-900

Microsoft Azure Security AZ-500

Amazon Web Services (AWS) Fundamentals

Amazon Web Services (AWS) Security

Amazon Web Services (AWS) Solutions Architect

CompTIA Network+

Linux+

CCNA

United States Marine Corps (Awards)

-National Defense Service Medal

-Navy Unit Commendation

-Meritorious Unit Commendation

-Certificate of Commendation

-Letter of Appreciation (3 Awards)

-Good Conduct Medal

Contact this candidate