Post Job Free

Resume

Sign in

Security Information

Location:
Renton, WA
Posted:
April 20, 2021

Contact this candidate

Resume:

Nghihan Dinh (Han)

adlt97@r.postjobfree.com 206-***-**** LinkedIn

Professional Overview

IT Security Project/Program Manager/Analyst/Engineer with 10+ years of experience in Cyber Security, Software Development Life Cycle (SDLC) and IT Operations including eCommerce product support.

Expertise in directing and managing Risk Management Initiative while implementing and enhancing key info security objectives and controls framework to maximize productivity using Agile Methodology, Scale Agile Framework and leading in program management.

Proficient in security risk assessment, bug chasing, security assurance, and vulnerability management while staying in Governance, Risk, and Compliance (GRC) with standard policies and best practices.

Proficient in OWASP Top 10 vulnerabilities and common information security standards, such as: ISO 27001/27002/9001, NIST 800-53, PCI DSS, and GDPR.

Professional Experience

The Salesforce Company - Bellevue, WA

Security Program Manager - Customer Success Advocate Team - CSAT (Consultant) 2/2020 – 2/2021

This project management role is responsible for tracking and reporting security vulnerabilities (Product and Infrastructure Security) across multiple work streams and organizations with Salesforce. Providing communication, data analysis, and ability to meet timelines will ensure your success in this capacity.

●Developed plans with Security Vulnerability Program Owners to improve the tracking and reporting services go through the release exception process within SLA.

●Provided a consolidated daily/monthly status report of critical vulnerabilities to Security Leadership Teams.

●Worked with internal resources and third parties/vendors for the flawless execution of security vulnerability projects.

●Defined the project scope and objectives, and program development utilizing SAFe Framework involving all relevant stakeholders and ensuring technical feasibility.

●Lead the Security Bug Triaging program for tracking and reporting to Leadership Teams.

●Managed security documentation to ensure security documentation and guidelines are up to date.

●Evaluated, and communicated vulnerabilities and risks identified throughout the security review process.

●Conducted manual security assessments for product web applications and identified critical vulnerabilities like XSS, SQL injection, CSRF, authentication bypass, weak cryptography, authorization security flaws before a product goes live.

Project Manager / Information Security Engineer – Security Assurance (Consultant) 2/2019 – 1/2020

Supported Security Threat and Vulnerability Management Programs (TVM) and Security Assurance (SA) with emphasis on communication and coordination of enterprise-level remediation, vulnerability/bug triage and validations, and customer engagement of ensure the patching and removal of vulnerabilities/bugs.

●Worked with vulnerability owners for closure within SLA and go through the Governance, Risk and Compliance (GRC) exception process for risk assessment (RA) and risk acceptance/mitigation.

●Identified and handle all assets of vulnerability assessments to identify vulnerabilities or confirm compliance to security standards including false positives and exclusions.

●Worked with security operations, application supports, networking, access management, and architecture teams to ensure that we identify, validate, and management security risks using SAFe framework.

●Developed a detailed project plan to monitor and track progress included bug escalations.

●Managed the security on boarding processes for new business units (Merger and Acquisition).

●Defined process for security detects and response in Nexus Scanning / Security Center including report services.

The Walt Disney Company via Mainz Brady Group, Seattle, WA 6/2018 – 1/2019

Senior Information Security Specialist (Consultant)

Supporting Global Information Security vulnerability management programs (EVM) with emphasis on communication and coordination of enterprise-level remediation, vulnerability validation, and customer engagement of ensure the removal of vulnerabilities.

●Investigated solutions and mitigations for vulnerabilities present within the Enterprise and propose remediation in collaboration with the subject matter experts.

●Validated vulnerabilities remediated, including verification of ability to verify false positives (PCI and Perimeter), and conducted security risk assessment.

●Lead in vulnerability management through meeting facilitation, activity measurement, customer engagement.

●Performed data analysis of diverse and historical data sets in support of vulnerability management project and program decisions.

Alaska Airline Group via Kelly Mitchell Company, SeaTac, WA 10/2017 – 5/2018

Project Management / Senior Enterprise Solutions Analyst (Consultant)

Supporting corporate acquisition (Virgin Airlines); challenges include complex integration across enterprise systems, applications, and operations. Responsibilities: requirements gathering and documentation (apps/systems/processes), system monitoring, user access before/after integration, document analysis, and use case definitions.

●Established, reinforced, and supported a robust process for generation of critical support documentation.

●Partnered with developers, vendors, and analysts to accurately document operational environments utilizing the SAFe frameworks. Liaison between application delivery, 3rd party SaaS solution providers and internal.

●Created support documentation, including troubleshooting guides, decision trees, system diagrams, and escalation matrices, and run books including documenting and testing for Data Disaster Recovery Program.

●Updated of Software Service Oriented Architectures and audit process improvement.

Microsoft via Microland Limited Company, Issaquah, WA 9/2016 – 9/2017

O365 Migration Engineer (Vendor)

Demonstrated advanced implementation, support, and troubleshooting capabilities with Office 365 suite of services, including business systems planning and scheduling, as well as compliance with design and deployment standards. Completed migrations, such as Exchange to Exchange and Exchange to Office 365.

T-Mobile via Aditi Staffing Company, Bellevue, WA 3/2015 – 9/2015

Sr. Analyst, Enterprise Info Security (Consultant)

Within a Security Enterprise role, contributed to SOX compliance monitoring, measurement, analysis, and the evaluation of security processes. Responsibilities also included assessing vulnerability risks, providing metrics-based reporting, supporting the testing/audit process, and establishing schedules and timelines for security projects.

●Evaluated applications, network devices, and computers to assess the risk of vulnerabilities and threats, using Common Vulnerability Scoring System (CVSS v3.0) including details and metric report for Vulnerability Management Team.

●Reviewed and analyzed data pertaining to information system functions relative to SOX compliance for CIS, ISMS/ISO 27001/2, NIST 800 series, PCI DSS 3.1, and CPNI for security industry standards.

Crowley Company, Seattle, WA 8/2012 – 2/2015

Project Manager / Senior Business Systems Analyst

●Streamlined processes and product development using Agile Software Development Process for the Audit Schedule and Document Management Programs to provide government compliance documentation for quick audit reviewing/closing.

●Created an improved method for sending all updated documentation to boats underway for safety and incident responses, ensuring HQ had up-to-date safety procedures and incident reporting methods.

●Analyzed and migrated data and developed automated custom reporting functionality (SaaS/3rd-party software).

Planning:

●Created project scope and objective by conducting extensive research for project plan.

Analysis:

●Developed business process and functional requirements, and translated to system requirement specifications, including functional specifications for process refinement and automation.

Construction:

● Built a process for Document Management Systems with improved document controls (review, approval, retention versions, destruction, and recovery.)

●Created a model, and analyzed data from a computing technical view, and integrated into an overall computing system and network architecture including UAT.

Deployment:

●Trained documentation teams; prepared and presented training to internal customers and system users.

●Provided SaaS application training: Audit Program Schedule and Document Management.

Compliance:

●Performed SSQE compliance audits (ISO9001/14001) and implemented corrective actions to adhere to federal/state/local regulations, including SOX 404 control for user security access.

Operations/

Management:

●Supported systems utilized by the functional areas related to Safety, Security, Quality, and Environmental (SSQE) operations.

●Managed and administered a SharePoint site for the SSQE department, including workflows, sites, and permissions.

Boeing Company — Renton, WA 8/2007 – 4/2010

Project Manager / Senior Data and Systems Analyst / Functional Analyst - BCA Finance

Provided communication, collaboration, and cohesion throughout the SDLC. Applied SAFe methodologies and Lean principles for support efforts and existing, new financial, and product marketing (eCommerce) software developments including GRC efforts.

Planning:

●Contributed to project scoping, including business needs analysis, solution recommendations, and cost-benefit analysis.

●Involved in business case studies (assessing capability gaps, determining a solution approach, defining solution scope, and defining a business case) including Disaster Recovery planning and testing.

Analysis:

●Gathered and documented requirements and translated into written functional specifications.

●Utilized root cause analysis to support operational controls for new and emerging areas of risk and implemented control requirements.

Design:

●Developed test plans and scripts to validate system functionality and meet business requirements.

●Participated in design reviews to validate against requirements including systems mapping end-to-end data flows including report services.

Construction:

●Used ITIL processes for Change Management and Incident Management to support financial operations including user/systems security administration activities.

●Reviewed test findings within the Internal/External Audit Team (SOX 302/404) and facilitated remediation of control gaps.

Deployment:

●Consolidated 200 processes down to 100 common processes across Finance Systems.

●Executed test scripts based on test plans (User Acceptance Test and/or Quality Assurance Test).

Technical Skills

●Operating Systems: Windows 10/8; Windows 2016/2008 Server; Exchange 2016/2008 Server; IIS 6.0; Red Hat Linux 6.0; Ubuntu 15.10; Kali Linux 2.0; and Macintosh

●Software & Applications: Office 365; SharePoint 2010/2013/365; Visio; Virtual Box, VMware, Hyper-V, Wire shark, and Metasploit (Armitage).

●Hardware/Network: A+; Net+, and Sec+

●Languages: C++; MS Visual Basic; ASP; Python; and Java Scripts.

●Database Development: Access; Visible Analyst; SQL, combined with VBA.

●Tools: ClearCase; ClearQuest; Requisite Pro; PRIMUS; Rational Tool Applications (DOORS); Minitab; Quality Companion; Archer GRC; Kanban, SAFe, Remedy; Jenkins, SCOM; SCSM; CMT Viewer; Binary Tree; SMT Migration Tool; BAM Migration; Dell on Demand for Migration; Git, Service-Now; Cognos Analytics; Einstein Analytic, Jira, Version One, Cloud Aware, GUS ticketing, Smartsheet, Tanium; Defect Dojo, Sonatype, Snyk, and Qualys.

Education & Training

●Highline College - Security Engineer Certifications/Degree (In progress)

●TLG Learning, Top Rated Microsoft Training Partner - Systems Analyst/Administrator.

●Bachelor of Arts in Business Administration: Concentration in Management Information Systems (MIS) - Western Washington University

●Associate of Arts in Business Administration - Highline Community College

Certifications / Hobbies

●Certified Penetration Testing Engineer (Mile2).

●Information Technology Infrastructure Library/ITIL Certified (v.3).

●Microsoft Certified IT Professional (MCP).

●Unix/Linux Administration Certification.

●CISSP (in progress).

●AWS (in progress).

●Project Management Professional - PMP (in progress).

●Gardening.

●Koi Pond / Water falls.

●Dog Lover.



Contact this candidate