Post Job Free
Sign in

Security Officer

Location:
Seattle, WA
Posted:
April 16, 2021

Contact this candidate

Resume:

Principal Engineer – Oracle Compute Infrastructure (OCI) – Seattle, WA, September 2020 –

Responsible for architecture, compliance and security of OCI core infrastructure and services. In 30 days, proposed design for the future of compliance in substrate and core services allowing security to be embedded in CI/CD using ‘shift security left’ concepts.

Senior Product Architect – Dynics INC. – Ann Arbor, MI (Remote), June 2017 – current Performed research & development for in-line application firewall and trace collection of remote connectivity on services such as RDP, SSH, Telnet, VNC, etc. in real-time. Scaled products to speeds of 20+Gb/s for inline IPS. Implemented new security features based on customer requirements. Offered a cloud solution to customers that increased revenue by 50%. Developed and built from ground up IDS/IPS application firewall to prevent and mitigate security issues to IT systems using SCADA protocols. Successfully deployed the product in customers plant floors as Ford, GM, GE, VW increasing security posture and remote access to the system leading to support contracts and development grants for at least 3 years. Technical Program Manager/ SDE / Senior Security Engineer – Amazon Web Services – Seattle, WA December 2016 – September 2020

Owner in innovating, operating, scaling the largest cloud network edge ( Petabyte traffic levels) with DPDK based solutions. 10- 15% APEX reduction by optimizing the DPDK solution to scale for different hardware generations. 30% OPEX reduction by implementing CI/CD tooling and increasing test coverage and fuzzing. Successfully lead mitigation of crypto IP compliance risks in China regions. Lead GDPR compliance initiative in the HR vertical. Improved roadmap delivery by proposing vertically oriented teams for maximum customer affinity in the Edge computing space. Co-founder & CTO – Opentech Consulting & Services – September 2014 – Aug 2020 Bootstrap the business and build its product portfolio and create the brand posture through niche market solutions and expertise. In 2 years, the security branch of the business had 10 long term customers 100 consulting service and 12 products in its portfolio for public and private sector. 2241 13th Ave W #102

Seattle, WA 98119

*****.****@*****.***

Cell: 512-***-****

Ermal Luçi

KEY COMPETENCIES

• Customer/Cost oriented designs, distributed systems, SDN, SDWAN, Open Source, Fault tolerant systems

• Implemented cost-effective business solutions promoting teams with Agile methodologies, DevOps cultures

• Comprehensive risk management experience, systems analysis and product lifecycle management

• Experienced with programming languages e.g. C, C++, Python, Ruby, .NET(C# VB#), Java, JavaScript, HTML5, Ruby, TypeScript, PHP, Shell XML, Go.

• Proficient with database technologies e.g. Oracle, MSSQL, PostgreSQL, MySQL/MariaDB, Progress, Redis, Cassandra, and various clusters related to them

• Architect Cloud solution for platforms hosted in AWS, OCI, Azure and GCP either in IaaS, Paas, SaaS

• Automated Security Controls mentality for mitigating risks with rapid product evolution lifecycle

• Subject matter expert in networking e.g. SDN, SD-WAN, overlay networking

• Subject matter expert in Operating System (OS): BSDs, Linux, Solaris various components as storage, networking, security

• Vast protocol knowledge and production troubleshooting: TCP/IP, SCADA, IPSec/VPN, IPS/IDS, UDP, GRE, GIF, VxLAN, Dynamic Routing (BGP/OSPF/RIP), DNS, etc…

• First-hand experience with container technologies and their deployments as Docker, Kubernetes and their underlying components

• Scalable solution for continuous delivery (CD) in large fleets (40.000+ fleet sizes) as Ansible, Chef, Terraform

• PKI solutions/systems end-to-end lifecycle and compliance/operational aspects

• Budget planning and management expertise

• Supply chain expertise and monitoring

• Compliance processes and controls for ISO27001, PCI-DSS, FedRAMP, GDPR, etc.. CAREER HISTORY

17+ years of International Experience

building and delivering IT & IT security solutions Chief Information Security Officer and acting CTO / ISO 27001 Project Manager Safran Aleat Sh.p.k. – Albania, December 2008 – November 2016 Built and scaled from a single person security program for governance, risk modeling, security architecture/operations, Cyber security dashboards, fraud prevention and external vendor vetting. Lead 10+ teams to adopt security practices distributed in 3 different continents in public and private sector. Managed/Owned PKI solutions for identity management, providing cloud based e-Services to customers as System as a Service

(SaaS) platform conformant with IT security best practices and international regulations. Managed a budget of over € 200M for a head count of 700 personnel for a business of €250M revenue. Provided leadership to committees oriented to improving IT security organization and controls. Implemented and monitored stable incident-response processes on defined security perimeters, to detect and/or prevent non- compliance.

Improved YoY CAPEX and OPEX by 20% driving DevOps culture and Infrastructure as Code (IaaC). Developed Business Continuity (BCP) and Disaster Recovery Planning (DRP) protocols in order to secure protection of the integrity and confidentiality of company’s private data. Made company name a recognized and trusted brand in the country and technology community for identity and security solutions.

IT Consultant - BSD Perimeter LLC – KY, USA / Electric Sheep Fencing (Remote) – TX, USA, January 2010 – June 2015 Performed research & development for www.pfsense.org open source project. Defined and integrated latest functionalities of software-based firewalls, routing, VPN technologies and application firewalls. Developed, scaled and integrated various hardware and software protocols and appliances for different customers from kernel level development up to presentation levels (Web GUI) for services such as:

• Captive Portals / Identity Management • VPN (IPSec, OpenVPN MPLS L2TP PPTP)

• Routing Protocols (BGP OSPF RIP…) • Web Proxies / Application Firewalls

• Kernel Driver Development • QoS / WiFi network improvements

• AWS Appliance Integration • Firewall build/support/troubleshoot Senior IT Consultant - WHEEL Systems Sp. z.o.o (Remote). – Poland, December 2015 – December 2016 Implemented transparent monitoring/tracing of remote connectivity on services such as RDP, SSH, Telnet, VNC, etc. in real- time with a rule engine for security policies. Data collection and monitoring for security events and threat detection. Scaled product features to speeds of more than 1Terrabit/s and 10 Million concurrent sessions. Senior IT Consultant - Defense.net (Remote) – CA, USA, January 2013 – May 2013 Performed research & development using large-scale security mitigation techniques for protecting large financial institutions

(e.g. Bank of America), from malicious traffic directed to their services. Developed core modules of a cloud-based service handling more than 500 Gb/s of DDoS network traffic. Sourced infrastructure equipment from third party vendors for on- premise. Ground up architecture for cloud based solutions for customer VPCs. Open Source Developer/Contributor

www.pfsense.org, April 2008 – June 2015

www.freebsd.org, December 2007 – (present)

• Developed device drivers, networking stack, improved crypto subsystems

• Various presentations in conferences for network topics

• Developed and scaled TCP/IP network stack

• Built appliance images for platforms e.g. Amazon AWS, Microsoft AZURE, Embedded Systems

• Built, enhanced and troubleshooted a full firewall solution based on customer needs and giving them proper SLA commitment.

• Brand and trust management • Risk Management

• Software Engineering • Regulatory Compliance (ISO27001, PCI, NOC)

• Project Leadership & Management • BCP/DRP

• Open Source • Operating Systems/ Embedded Systems

• System Analysis & Architecture • Agile culture/processes

• Obsolescence Management

• Distributed systems

• Identity management, PaaS, SaaS, IaC

• Cloud (AWS, Azure, GCP platforms)

• Startups

• Network architecture/technology

• IT Consulting

• DevOps/DevSecOps culture

EDUCATION

University of Tirana 2000 – 2007

BS/MS Degree in Computer Science

Harry T. Fultz 1995 – 2000

Electronic and Telecommunication Technical School

CERTIFICATIONS

INFIGO - Splunk administration, deployment,

management and reporting

August, 2016

ISC2 – Certified Information System Security Professional

(CISSP)

August 2016

Safran – Lean Sigma

White Belt March 2015

BSI - ISO 27001 Lead Auditor

ISO 27001:2013 Standard, June 2014

BSI - ISO 27001 Lead Auditor

ISO 27001:2005 Standard, June 2011

Keynectis – PKI administration & management

June 2010

Raiffeisen Bank – 6 Sigma

Green Belt, February 2008

IBM – Cognos MIS Reporting

MIS Specialist, April 2007

CONTINUOUS EDUCATION

Conference Presented Attended

RSA, USA February 2013

BSDCan, Canada May 2011 May 2013, May 2014, June 2015 EuroBSD, Europe October 2010, October 2011, October 2012, September 2013 October 2014

DerbyCon, USA September 2010

REFERENCES AVAILABLE UPON REQUEST

AREAS OF EXPERTISE

Ermal Luçi



Contact this candidate