Anthony Ly
***********@*****.***
LinkedIn Profile: https://www.linkedin.com/in/anthony-ly-4657a11/
SUMMARY
Strong in developing an integrated approach that focuses on accomplishing objectives while handling risks and acting with integrity for Governance, Risk and Compliance. Extensive knowledge of Java-based applications and maintain AWS cloud-based business intelligence SaaS solutions. Management of secure infrastructure of the applications including security compliance framework, risk assessment, process control and engineering processes leading to SOC2 type 2 certification year over year. Conscientious and reputation for dependability, integrity and professionalism. Well organized, inquisitive problem solver who enjoys challenges and thrives in a fast-paced environment. Proven ability to manage multiple high-level projects. Results oriented professional with experiences in all aspects of QA testing, AWS services, software development life cycle (SDLC), systems engineering and configuration management.
ACCOMPLISHMENTS
●Increased core system availability to 99.8% by developing standards and architectural governance and implementing best practices.
●Assessed and monitored the utilization of AWS services/used for the applications resulted in cost saving.
●Spearheaded the creation of a company-wide security policies and implemented engineering process control and security framework for SOC2 compliance and audit.
●Scrum Master Certified (SMC)
●Scrum Fundamental Certification
●Six Sigma Yellow Belt Certification
EXPERIENCE
VSee Lab Inc., San Jose, California July 2020 – Present
Director of Security/DevOps Security
Conduct security risk assessment of IT infrastructure using Department of Health & Human Services SRA tool.
Ensuring internal compliance (including IT, vulnerability scans, annual training, access control, review server and application logs, security incident and risk assessment) are executed in a timely manner.
Respond to customers’ security risk assessment and questionnaires.
Perform internal and external audits and identify security risk and plan for mitigation.
Assist in writing security related policies and procedures to enforce security compliance.
Facilitate Change Control and Access Control processes to implement and review.
Configure Elastic Cloud to stream data using Filebeat agent installed on Linux (Ubuntu Amazon Linux and CentOS) servers and set up rules for triggering alerts and monitor host intrusion and application errors as part of SIEM.
Configure Atomicorp’s OSSEC HIDS system to trigger alerts and monitoring file integrity and vulnerabilities of servers.
Review and respond to SecurityScoreCard alerts of vulnerabilities to the server and implement and mitigation plan.
Perform Qualys SSL scan to ensure the encryption and ciphers used on servers are in compliance.
Install and configure vulnerability scan host to identify servers’ vulnerability and implement plan for remediation and mitigation.
Perform pen-testing using ZAP (OWASP framework) to identify application vulnerabilities and implement plan for remediation and mitigation.
Plan and implement backup of servers and databases for restoration process and perform disaster recovery process.
Facilitate employee’s on/off boarding processes to ensure new employees are in compliance including Sophos Installation of Intercept X, enrolling users in training, device compliance, access granting, user acceptance policies, NDA are in place and perform background check.
Manage and configure data loss prevention policy via Sophos Central Endpoint Protection to control the upload/download of PHI data from users’ device and AWS workspaces.
TrustArc Inc., San Francisco California May 2011 – May 2020
Director of QA/IT Infrastructure (Hands On)
●Managed DevOps teams to support the implementation and deployment of applications utilizing Kubernetes, containers and various deployment tools in AWS.
●Created and maintained company’s security documents (policies, standards, baselines, guidelines and procedures).
●Developed, implemented, maintained, and oversaw internal policies, procedures, and associated plans for system security administration and user access management.
●Lead strategic security planning to achieve business goals by prioritizing defense initiatives and coordinating the evaluation, deployment, and management of current and future security technologies.
●Planned and implemented disaster recovery and business continuity plans, procedures, audits, and enhancements.
●Secured application/server infrastructure in AWS cloud to ensure the integrity and the availability and confidentiality of the applications and servers
●Created bash/shell scripts to automate in monitoring application/server’s performance, utilization to minimize costs.
●Secured the infrastructure of the applications by hardening OS, installing and configuring anti-virus/anti-malware (Clam AV) and host-based IDS (OSSEC) and email notification if unauthorized access is detected.
●Installed and configured IDS (snort) system on a Linux CentOS to monitor internal network traffic.
●Performed security scanning of OS/Applications and pen-testing of applications including APIs using OWASP recommended open-source tools.
●Managed and maintained DNS/domains, SSL certificates for the servers and partner integration.
●Monitored application health, performance and alerts via CloudWatch and integration with PagerDuty for 24X7 on-call support and escalations.
●Managed configurations and controlling application source codes and configurations in Stash (GIT) repositories.
●Installed/configured and administering of Atlassian’s JIRA/Confluence and Stash.
●Configured, managed access authorization via Active Directory and open-source LDAP.
●Managed, configured and monitored of Cisco router and switches to detect intrusions and to trigger alert notifications.
●Managed internal environments (Dev/QA), installation of multiple Linux Virtual Machines running on OpenStack.
●Managed and enforced Identity Access Management (IAM) to ensure roles and access permission is properly granted per security policy.
●Installed, configured and managed Web and application servers of Java/Tomcat and NGINX/Apache on a Linux Ubuntu OS.
●Coached and enforced testing guidelines to ensure quality of products tested.
●Managed both on-shore and off-shore QA teams for both black-box and automation testing.
●Performed weekly and 1-on-1 meetings to identify issues and provide solutions/recommendations to enhance their testing experiences.
Cisco Systems, Milpitas, California April 2010 – May 2011
Program Manager/Release Engineer
.
Golden Gateway Financial Inc., Oakland California Nov 2007 – April 2010
Sr. QA Engineer/IT Administrator/Application Server Support
Pay By Touch, San Francisco, California
Sr. QA ENGINEER October 2006 – November 2007
eBay Inc, San Francisco, California May 1999 - September 2006
Sr. Data warehouse and QA ENGINEER
EDUCATION Golden Gate University Los Altos, California
MASTER OF SCIENCE IN MIS GPA 3.87 May 1999
LANGUAGE Fluent in writing, reading and speaking English, Mandarin, Cantonese, Vietnamese and a few other native Chinese dialects.
& SKILLS Linux, HTTP/HTTPS, TLS, SSL, TCP/IP, DNS, SMTP, VPC, VPN, NGNIX, Apache Tomcat, Java, PostgreSQL, MySQL, Jenkins, GoCD, LDAP, OpenStack, MS Windows, MS Office and Active Directory. AWS services including Load Balancer, Autoscaling, ECS, RDS, Elasticsearch, Elasticache, IAM, RDS, CloudFront (CDN), CloudWatch, EBS, ECR, S3, Glacier, Route 53, SNS, SES and Redshift and KMS encryption. Highly proficient in configuration, installation, maintenance and administration of LAMP stack, Unix Shell Scripting, Python (under study) and AD management and GPO policies. Asana and Slack.
CORE COMPETENCIES
Cyber Resilience
IT Compliance and Risk Management
Availability Management
Authentication Protocol
Risk Management
Vulnerability Scanning
OWASP Top Ten Risks
ZAP pen-testing tool
Sophos Intercept X
OSSEC HIDS
ElasticSearch, Filebeat Log streaming and Kibana.