Senior Information Security Analyst

Leo Z. Li

**** ** ****** **, ***********, NJ ****7

Phone: 347-***-**** email: ******.**@*****.***

Professional Summary

Lead Security Analyst and Security Data Architect with 15+ years of experience in information technology and over a decade in cybersecurity. Proven success in designing, implementing, and managing strategically converged security programs in complex global environments. Adept at financial crime detection, fraud prevention, vulnerability management, data mining, and data protection. Strong track record of protecting enterprise systems and client funds, while ensuring compliance with data governance and industry standards.

Core Responsibilities

Strategic planning and leadership of business security protection initiatives.

Response coordination for security incidents and cyber-related breaches.

Cross-platform data analysis to detect fraudulent activities across cyber and financial domains.

Design, collection, and management of security event data for behavioral analytics.

Development of custom security alerts targeting cyber threats and fraud patterns.

Active participation in fraud and cyber threat hunting operations. Areas of Expertise

Vulnerability Management (Tenable)

Perform data analysis with vary tools, shell scripting, SQL, Python

Critical Incident Response

Business Security Architecture

Enterprise Data Integration & Analytics

Cybersecurity & Threat Analysis

Financial Fraud Prevention & Investigation

Anti-Money Laundering (AML) Programs

Security Content Development (SIEM, DLP, IDPS)

Business Process Analysis

Oracle GoldenGate Enterprise Solutions

Machine Learning & Automation in Security

Security Intelligence & Threat Intel Databases

Data Compliance (HITRUST, PCI-DSS, GDPR)

Secure Vendor Data Exchange & Logging Standards

Corporate Trust & Financial Data Protection

IBM WebSphere Replication Server

Key Accomplishments

Built and implemented a vulnerability management program using Tenable, supporting quarterly reporting and compliance.

Developed security processes and guidelines aligned with HITRUST certification requirements.

Prevented millions of dollars in potential losses by identifying high-risk user access behavior and collaborating with application teams to block fraud vectors.

Created a fraud detection alert system with 94% accuracy, saving over $900,000 in just eight months by detecting anomalous remote access attempts.

Established logging and event collection standards for business applications and vendor data exchange, enabling proactive threat monitoring.

Built a cyber fraud intelligence database in partnership with PFPG and NCFTA, providing near-real-time threat insights that helped prevent attacks.

Spearheaded enterprise initiatives for automated intrusion detection, contributing to faster, more accurate threat mitigation.

Professional Experiences

Healthix Inc 11/2019 – 01/2025

Senior Information Security Analyst

Designed, implemented, and managed a vulnerability management system using Tenable; produced quarterly vulnerability reports to inform organizational risk posture.

Built web application scan using Docker on Linux

Established security processes and guidelines in alignment with HITRUST requirements to support compliance efforts.

Oversaw alert triage and incident investigation from SOC using SecureWorks; led smooth transition to Taegis XDR, increasing system log coverage from 36% to 99%, including remote devices integration.

Monitored OCR breach reports issued by the U.S. Department of Health and Human Services; investigated potential impacts to Healthix participants and documented findings for compliance reporting.

Developed standard operating procedures for Identity and Access Management (IAM) analysis and reporting.

Established standardized logging and monitoring protocols via Splunk and ELA, enhancing system visibility and threat detection.

Conducted information risk assessments for third-party vendors and internal systems, contributing to enterprise risk management.

Managed and monitored Web Application Firewall (WAF) using Imperva to defend against web-based threats.

Investigated alerts from Intrusion Detection and Prevention Systems (IDPS), including Palo Alto and Cisco PowerSphere, to mitigate critical threats.

Redefined the organization’s web application vulnerability scanning process using Black Duck (formerly WhiteHat/ Synopsys).

Participated in cybersecurity incident response training to prepare for high-severity events.

Co-chaired a Data Loss Prevention (DLP) project using Digital Guardian, integrated with Microsoft Purview for enhanced data governance.

Designed and implemented a security information support database to improve data accessibility and analytics.

Automated data processing and analysis workflows, reducing manual effort and enhancing efficiency. Alliance Bernstein 10/2018 – 09/2019

Business Security Analyst

Developed and documented business processes for monitoring internal and external data exchanges, aligning with organizational security standards.

Implemented standardized monitoring and logging protocols for data exchange activities using Splunk, improving audit readiness and issue detection.

Created and enforced security policies to govern data access, sharing, and retention practices.

Conducted detailed access and exchange activity analysis for third-party vendors and clients to identify anomalies and ensure compliance.

Deployed Data Loss Protection (DLP) strategies to safeguard personally identifiable information (PII) using Varonis.

Analyzed user data access patterns and storage practices using Varonis and SphereBoard to identify risks and enforce least privilege principles.

Automatic Data Processing 07/1996 – 06/2018

Lead Security Analyst (2013 – 2018)

Led investigations into business security incidents and fraudulent activities, ensuring rapid resolution and risk mitigation.

Monitored suspicious behaviors using logs from IDS, malware detection systems, DLP, email gateways, firewalls, and more to identify and investigate anomalies.

Conducted fraud hunting operations to proactively identify threats and prevent financial losses.

Collaborated with law enforcement agencies to support criminal investigations and prosecution efforts.

Developed and implemented fraud alert mechanisms to enable early detection of fraudulent behaviors.

Designed and managed a fraud prevention data platform using Oracle GoldenGate to centralize and synchronize data across systems.

Created detection content in Splunk and Security Analytics (SA) to support fraud prevention use cases.

Performed fraudster profiling to identify recurring attack patterns and improve defensive strategies.

Utilized various scripting languages in combination with PL/SQL for data mining and advanced analytics within the enterprise data warehouse.

Partnered with the Payroll Fraud Prevention Group (PFPG) to enhance fraud mitigation tactics specific to payroll systems.

Integrated third-party threat intelligence sources to enrich internal fraud detection capabilities.

Coordinated with stakeholders in the Prepaid Card Industry to combat fraud targeting prepaid financial products.

Investigated all data security incidents affecting business assets, ensuring appropriate response and remediation. Security Data Architect (2012 – 2013)

Collaborated with business owners, project leaders, and enterprise architects to align security architecture with business objectives.

Identified critical application data points for integration into fraud detection systems and anomaly monitoring.

Designed and maintained a security-focused data warehouse supporting fraud prediction and alerting, leveraging Oracle GoldenGate for real-time data replication.

With well-known scripting languages, shell, PL/SQL, Python, generate result for fraud alerts.

Defined logging standards for product change events to enable advanced event analysis and threat visibility.

Conducted data analysis to detect abnormal client and user behaviors across systems.

Developed and implemented new fraud detection rules and techniques, improving early threat identification.

Strategically planned and executed fraud prevention measures in advance of ancillary program rollouts.

Built and maintained data transformation tools to enhance ETL processes and data quality for fraud analytics.

Responded to security incidents, assessed fraud impact, and provided technical insights and prevention strategies.

Applied risk-averse principles when supporting the design and implementation of ancillary projects.

Led initiatives to prevent payroll and prepaid card fraud, tailoring defenses to known threat models.

Ensured adherence to Global Data Protection Regulations (GDPR) by helping to develop processes for handling personal data securely.

Worked with payment card systems and VISA DPS to enforce data collection and protection in accordance with PCI-DSS standards.

Lead Database Administrator / Sr. System Analyst (2004 – 2012)

Designed and architected real-time change data capture solutions using Oracle GoldenGate, enabling enterprise- wide, near real-time data replication.

Researched and evaluated various data integration technologies, contributing to strategic decisions for enterprise data architecture.

Developed and maintained an enterprise data lake environment to support ad-hoc reporting and business intelligence initiatives.

Led enterprise data integration projects across a wide range of platforms and applications, ensuring seamless data flow and consistency.

Implemented federated connectivity between HRB and IBM DB2 using IBM’s Federated Database solution for unified data access.

Designed and implemented High Availability (HA) architecture for IBM WebSphere Replication Server and IBM InfoSphere CDC, enhancing system reliability.

Created a real-time global fault detection data mart using Oracle GoldenGate, improving incident response capabilities and operational analytics.

Integrated Microsoft SQL Server with Oracle databases using GoldenGate for seamless cross-platform data sharing.

Developed comprehensive support documentation and conducted training sessions for enterprise support teams managing database and integration systems.

Implemented and supported ADP reporting solutions in an open-source environment, streamlining reporting workflows.

Engineered and deployed HA solutions for ADP Reporting applications, ensuring continuous uptime and performance.

Support Specialist / Network Administrator / Domino Developer (1996 – 2004)

Evaluated, implemented, and supported internal and external application integrations, ensuring smooth system interoperability.

Developed and documented backup and recovery procedures for both network and personal computing environments, supporting business continuity.

Created standard operating procedures and developed user-friendly documentation to support end-user adoption and troubleshooting.

Designed strategies for software distribution using multiple deployment technologies to improve IT efficiency.

Built alternate support environments using Citrix, enabling remote access and disaster recovery support.

Evaluated, recommended, and implemented cutting-edge system hardware and software, ensuring infrastructure remained modern and secure.

Implemented automated update systems for Microsoft Windows OS, reducing manual patching and improving system stability.

Designed and managed an Information Tracking System (ITS) to handle client data management and improve workflow visibility.

Architected and deployed a data warehouse leveraging Domino and Oracle platforms for enhanced reporting capabilities.

Administered SQL Server and Oracle databases supporting the organization’s human resource management system.

Developed custom database management utilities using Microsoft .NET, improving operational workflows. Education

Bachelor of Engineering in Electrical Engineering

The City College of New York

Certifications & Professional Training

Certified Fraud Examiner (CFE)

Certified Varonis Data Advantage Administrator

Oracle Certified Professional (OCP)

Certified Network Engineer

Technical & Security Training

CISSP Training

Tenable Professional & Expert Training

Taegis XDR Training

EventLog Analyzer Training

Oracle GoldenGate Training

CISCO Certified Network Administrator (CCNA) Training

Windows & Linux Administration

Oracle GoldenGate & IBM InfoSphere CDC

Microsoft SQL Server Administration

Scripting Languages: Shell, Python, VB

Programming: Java, .NET, Python

Data Modeling & Warehousing: Erwin, Informatica

Development platform: Docker

Citizenship

U.S. Citizen

Contact this candidate