Resume of Security Engineer or information security engineer or security analyst

Title
Security Engineer or information security engineer or security analyst

Primary Skills
Vulnerability scanning, Centrally managed AV/HIPS, desktop encryption, RSA 2-factor authentication for the corporate VPN

Location
US-PA-Aldan

Posted
Feb-02-08

CISSP, GSEC

PROFESSIONAL BACKGROUND:

EDS
April, 2005 - Present
Towers Perrin Account
Philadelphia, PA
www.EDS.com

Delivery Security Officer
June, 2007 - Present
oPerformed all analyst duties in addition to DSO duties until February, 2008 when Analyst position was refilled.
oOversee all security offerings that client Towers Perrin subscribes to from EDS: Vulnerability scanning, Centrally managed AV/HIPS, desktop encryption, RSA 2-factor authentication for the corporate VPN, Modem War dialing, Database compliance scanning, and server compliance monitoring, as well as reporting functions.
oResponsible for monthly MS patch analysis and emergency deployment strategies. Coordination of all quarterly security patch recommendations. Assist with process modifications to further refine and distribute patches and associated communications.
oDirectly responsible for reducing number of unprotected devices by 60%.
oAudit functions - responsible for collection and delivery of all client related information requested by external client auditors including non-security items. Directly involved in two major client-side audits, as well as periodic and on-going audit preparation activities. Also responsible for security related questionnaires from Towers Perrin Clients.
oActing as single point of contact for any EDS offerings, incidents, and security related client projects.
oResponsible for weekly progress reporting to client executives, and keeping all stakeholders aware of project status.
oResponsible for managing remediation of annual external penetration test results; coordinating all remediation, RFC approvals, working in conjunction with project managers to ensure client satisfaction.
oSole security contact for any Severity-1 ticket issued on a 24/7 basis.
oConduct regular meetings with EDS security capabilities to attain status and promote progress on projects.

Information Security Analyst
April, 2005 - June, 2007
oOutsourced to EDS in April, 2005.
oContinued to perform same Information Security Analyst functions as with position at Towers Perrin.
oAlso integral in the transition of all security services from Towers Perrin to EDS throughout 2005.
oAssisted DSO with audit functions, coordination of efforts by the Threat and Vulnerability management team to support/rebuild/remediate ailing McAfee environment.
oWas first contact for all requests from the client regarding monitoring and reporting.

Towers Perrin
Philadelphia, PA www.TowersPerrin.com June 1996 - April 2005

Information Security Analyst
August 2003 - April 2005
oDesign of homegrown firewall metrics database, spreadsheets, graphs and daily/weekly/monthly reporting procedures
oDevelopment of monitoring processes and procedures
oIncident Response - detection, first response and handling the incidents, participation on incidence response team
oDevelop and maintain intrusion detection infrastructure
oScan to detect modems and unauthorized devices - developed scanning and remediation process front to back.
oIdentify suspicious and malicious activities, identifying and tracking malicious code, documenting events and incidents
oReview firewall, access control, remote access, web filtering, proxy, mainframe, and application log files and maintain logging tools.
oMonitor industry information for threats and delegating information to appropriate personnel for implementation
oView & Analyze real-time activity on Network Intrusion Detection (ISS) and Host Intrusion Detection (ISS)
oImplement and maintain compliance monitoring processes for UNIX environment, assisted in remediation process
oPolicies/Standards/Directives review.
oProject management to introduce, test, and build new security initiatives.


Outage Command Center (OCC) Specialist
January 2002 - August 2003
oPromoted January 2002. In addition to duties as Data Center Operator/Analyst -
oMonitored crucial client-accessed benefit websites for availability and analyzed outage situations to diagnose cause and perform associated service restoration functions in 24x7 datacenter.
oManaged high severity outages to resolution, including troubleshooting, testing, collecting information from teams and assisting third level support in the resolution process ensuring each ticket was fully documented for further analysis and reporting.
oAnalyzed resolved outages for patterns and root causes, suggesting and implementing process adjustments that decreased outage times, and improved ticket documentation.
oCreated / updated documentation and tools that staff heavily depended on, trained staff and administered documentation database.
oPrepared daily operational performance metrics.

Data Center Operator/Analyst
July 1997 - January 2002
oProvided first-level support and customer service for calls from all offices as well as clients worldwide regarding LAN/WAN and mainframe connections, system performance, mainframe job status, network availability, and outage information.
oLiaised Data Communications group regarding outages and estimated time of return for circuits on the network.
oPerformed job release, troubleshooting, automation, and preventive maintenance to all systems.
oDesigned, implemented, and updated documentation and databases used throughout the department.
oManaged backup media processes for Disaster Recovery.
oManaged Physical security for the datacenter, fire suppression, keycard checkout, video surveillance.

Output Services Operator
June 1996 - June 1997
oConducted production and quality control of high end client forms processing from queue-based printing processes.
oPerformed client requests for production changes and test runs.
oPerformed cataloging, management and organization of mainframe data on storage media.
oTrained incoming employees.


TECHNICAL SKILLS: (Partial)
Operating Systems: All Windows platforms workstation and server, BSD, Mac OS, Novell, MVS RACF, VM
Productivity Tools: MS Office Suite, MS Project, MS Outlook, Lotus Notes, WebEx, VMWare, Visio, Peregrine Service Center, MS Communicator, Jabber
Security Tools: ISS DB Scanner, ISS System Scanner, Sandstorm Phonesweep, AppSec Appdetective, RSA
Languages: PERL, Java, Visual Basic
Networking: LAN/WAN, frame relay, MLPPP, routers, switches, hubs, token ring, Ethernet, TCP/IP, VPN, Active Directory
Hardware: laptops/workstations, servers, wireless devices, telecomm, peripherals.

EDUCATION:

Studies toward Bachelor of Science Chemical Engineering, Drexel University
Studies toward Bachelor of Science Information Technology, University of Phoenix

Cardinal O'Hara High School, Springfield, PA

CERTIFICATIONS:

CISSP - Certified Information Systems Security Professional
GIAC GSEC - Global Information Assurance Certification - GIAC Security Essentials Certification


REFERENCES: Provided Upon Request

Certifications
See above


You must be logged in and have a current resume access subscription. Login or Register »

View all resumes in US-PA-Aldan »
View all resumes in US-PA »

View other Security Engineer or information security engineer or security analyst resumes, System / Network Administrator resumes