Security Analyst Devops Engineer
Resume:
LOVELINE SHEY
Washington DC · 302-***-****
******@*******.*** · www.linkedin.com/in/lshey
IT Professional with over 6 years’ experience in Security and Automation. Solid hands-on experience as a DevOps Engineer with expertise in creating and maintaining CI/CD Pipelines, designing, testing, and provisioning cloud architecture, skilled in automation, building and deployment processes. Team player, work closely with product owners to obtain details, understand requirements, and design solutions tailored towards the client’s goals. Excellent at multitasking with the ability to support multiple projects simultaneously.
SKILLS
Kubernetes & Helm
Docker
Terraform
Ansible
Jenkins
Prometheus & Grafana
Splunk
SonarQube
Maven
Nexus
Communication
Analytical
Reliable and Dependable
Keen Listener
Detail Oriented
Collaborator
Highly Receptive to Training
Flexible and Adaptable
AUGUST 2018 – PRESENT
DEVOPS ENGINEER, Dominion systems
Hands on experience using version control tool Git, GitHub as a SCM, Jenkins for CI/CD interacting with maven, SonarQube, Nexus Experience and Tomcat
Configuration and automation of CI/CD pipelines for code deployment using Jenkins
Migrating applications from virtualization to containerization using docker for containerization and docker hub as a registry
Installation, configuration, managing and supporting Kubernetes container platform
Configuring and using build tools like maven
Installation and configuration of Nexus as an antifactory repository to upload artifacts prior to deployment
Installation and configuration of plugins in Jenkins and working closely with development engineers to ensure automated test efforts are tightly integrated with the build system ensuring that errors are addressed on time while building and performing deployments
Coordinating and assisting developers in establishing and applying appropriate branching, labeling/naming conventions using GIT source control.
Design architecture within Amazon Web Services
Deployment of AWS infrastructure with core services such as EC2, VPC, IAM, S3 etc.
Configuration of Haproxy and Nginix Ingress for high availability
Helping to build DevSecOps Strategy and Practice to integrate cybersecurity into all stages of SDLC
Advocating for software engineering practices such as unit testing, code reviews, full build testing, quality engineering practices to the teams to improve end to end secure delivery practices
Provisioning of Infrastructure on AWS using Terraform
Hands on experience provisioning Infrastructure as a code using Terraform and Ansible
Collaborated with Engineering team leads to create, implement and apply DevSecOps principles, processes based on frameworks or security design principles like OWASP and NIST
APRIL 2017 - JULY 2018
SYSTEM ANALYST, Compass Solutions
Reviewed systems software modifications, testing procedures, and the preparation of supporting documentation to determine if it was following NIST/FISMA
Assessed and determined that the organization established a SDLC methodology and assigned responsibility for each phase of the cycle so that system design, development, and maintenance progressed smoothly and accurately
Reviewed systems software modifications, testing procedures, and the preparation of supporting documentation to determine if the NIST standards were being followed.
Reviewed and evaluated the procedures for performing post-implementation reviews
Reviewed and evaluated the procedures for the maintenance of existing applications.
Reviewed and evaluated the procedures for modifying systems software.
Reviewed SCM platform GitHub to ensure segregation of duty existed within the change management environment using NIST/ FISCAM, FISMA and FedRAMP compliance Framework
Experience with information security controls as outlined in NIST SP 800-53
Assessed, evaluated, and tested Information Technology General Controls (ITGC), including logical access, physical access, IT operations, and application development for the systems.
Conducted and Lead audits and/or special reviews of the Company’s controls and procedures over the Company’s Information Technology (IT) infrastructure, systems development, and business applications in accordance with the annual risk-based audit plan for design and operating effectiveness of internal controls, including FISCAM and NIST related controls.
Advocated for and ensured appropriate security practices were communicated and implemented within their projects
JANUARY 2016 – APRIL 2017
SYSTEM SECURITY ANALYST, ETAINS SOLUTIONS
Assisted with the execution of the SOX testing including the definition of the testing scope, control evaluation, test activities, monitoring issue resolution, report activities and risk assessment for assigned areas. Conducted and documented process walkthroughs and tests over operating effectiveness of controls for external auditors.
Performed deep dives on IT security-related processes like security exception and security assessments by evaluating network security, application security, and physical security as part of control testing for internal products and third-party applications.
Lead and conducted Cyber- Security risk assessments for technology and security frameworks.
Assisted in kickoffs, status, and closing meetings with engagement team and client and contribute to IT Audit knowledge base and internal practice development initiative.
Led IT related controls assurance or controls readiness projects associated with external audits, internal audits, and service organization controls reports, e.g., SOC 1 Type 1 and 2
Assisted with security planning, security compliance guidance in accordance with FISCAM and FISMA as well as other agency regulations.
Experience with applying NIST SP 800-37 Risk Management principles, interpreting requirements, and developing implementation guidance.
Preparation of team meeting agendas and co-leads meetings. Assists in preparation and/or review of meeting minutes.
EDUCATION
BACHELOR’S IN SCIENCE
CERTIFICATIONS: CERTIFIED INFORMATION SYSTEM AUDITOR (CISA) # - 20168600
Contact this candidate