Lead Associate Principal, IT Security Vulnerability Management Support - Options Clearing Corporation (OCC) - Kinde, MI (Remote)
(2020-06)
Subject matter expert (SME) sought after for our vulnerability management issues/actions.
- Manage the following Qualys modules: Vulnerability Management, Detection, and Response (VMDR), Policy Audit (PA – Formerly known as Policy Compliance (PC)), Web Application Scanning (WAS), Cybersecurity Asset Management (CSAM)/External Attack Surface Management (EASM), Cloud Agent (CA), Cloud Connectors
- Manage the following ServiceNow Modules: Vulnerability Management (Vulnerable Item Record (VIT)), Configuration Compliance (Configuration Test Results (CTR)), Application Vulnerability Response Module (Application Vulnerable Item Records (AVIT))
- Utilize Atlassian Jira for Vulnerability Management project creations, tracking, and completion actions
- Manage applicable Vulnerability Management security controls within the Archer GRC platform
- Perform reviews and provide approval/disapproval recommendations on submitted vulnerability risk exceptions
Senior Advisor, IT Vulnerability Management - CVS Health - St. Cloud, Florida (Remote)
(2016-11 - 2020-06)
Sought after as the Subject Matter Expert (SME) for our Qualys vulnerability scanning and management functions for the enterprise (Health Care Benefits (HCB), Retail, and PBM).
- Create Qualys vulnerability Cloud management structure and have successfully deployed Qualys virtual appliances within the Google Cloud Platform (GCP), Amazon Web Services (AWS), and Microsoft Azure (Azure) cloud environments. This allows enterprise vulnerability detection and remediation efforts within cloud environments
- Create vulnerability detection procedures for our external third-party tool called Expanse. This allows me to manage our known external (internet facing) IP space, for vulnerability detection
- Managing the enterprise security tools (Qualys and Expanse) vendor relationships successfully. This allows a great working environment that ensures our tools are running as stated by the vendors and license agreements. This provides tool suites to be utilized by our other IT Hygiene teams (asset management, policy compliance, web application security, etc.)
- Provide Enterprise vulnerability management/security consulting, engineering, and vulnerability remediation experience
- Training and mentoring other employees, supporting contractors, and cognizant members (onshore run-team) on our applicable security tools. This training has provided an increase of support success, that assists enterprise teams with remediation efforts of their servers, network devices, and applications
- Employes Project Management solutions and process development throughout the project lifecycle
- Leading and supporting all IT security audits, assessments, and all other key security requests for IT Hygiene, Qualys scanning and reporting functions
- Communicating (email and/or Webex sessions) with our clients/teams to help them understand open vulnerabilities within their environment. Provide information on how the security tools detect the vulnerabilities, where the vulnerabilities are located, and the recommended solution for remediation
Security Vulnerability Engineer - RANDSTAD Technologies - Orlando, Florida
(2016-06 - 2016-10)
Provided vulnerability management functions for Advanced Care Scripts (ACS), ensuring vulnerability remediation of ACS servers prior to their migration into the CVS production network.
- Remediated over 2,500 security vulnerabilities within the first 90 days of employment
- Identified vulnerabilities by conducting network vulnerability assessments, utilizing QUALYS network vulnerability management scanners
- Provide remediation recommendations to senior management that ensure information security control compliance
- Utilized Microsoft's Systems Center Configuration Manager (SCCM), to assist with remediation efforts of over 75 ACS production servers
- Collaborated closely with coworkers and vendors to analyze associated vulnerability reports and ensure timely remediation of vulnerabilities accordingly
- Created weekly security vulnerability reports for department heads. Provided recommendations on increasing the networks security posture
- Sought out by CVS Health senior management to assist with vulnerability remediation efforts
Information Security Analyst - Assured information technology (AIT) Engineering - Orlando, Florida
(2014-09 - 2016-05)
- Performed automated and manual DISA Security Technical Implementation Guide (STIG) assessments (Windows and Linux OS, Applications, Network Devices, MS Office products). Created and maintained STIG checklists that provided high-level security posture assessments for senior management
- Performed network vulnerability assessments, utilizing Tenable Security Center/Nessus vulnerability scanner, Security Content Automation Protocol (SCAP), and the Assured Compliance Assessment Solution (ACAS) tools
- Utilized Host Based Security Suite (HBSS) ePolicy Orchestrator (ePO) for Malware and Antivirus protection of the network and to deploy and configure security McAfee products
- Configured Group Policy Objects (GPOs) to implement Operating System (OS) hardening and/or security configurations that meet the Department of Defense (DoD) and the National Institute of Standards and Technology (NIST) security policies
- Developed and implemented organizational IT security policies and procedures (Acceptable use, mobile device, password criteria and security, and phishing techniques)
- Acted as Subject Matter Expert (SME) for mobile device management security. Performs vulnerability assessments on the AirWatch Mobile Device Manager (MDM)
- Performed IT Security control validations utilizing Risk Management Framework (RMF) guidelines (NIST SP 800 Series)
Senior Cyber Security Analyst - Advanced Resource Technologies Inc (ARTI) - Horn of Africa, Africa
(2013-06 - 2014-07)
Information Systems Vulnerability Manager responsible for ensuring security compliance for over 30 servers, 2000 workstations, and 50 network devices.
- Held responsible for the secure configuration and auditing of the enterprise network, utilizing vulnerability assessment tools (eEye Retina, Security Content Automation Protocol (SCAP), USB Detect, and Nessus)
- Acted as Incident Response Team member responsible for taking immediate action on all security breaches (unauthorized flash media use, insertion of viruses to the network, and policy violations)
- Managed organizational security training, utilizing the Army Training and Certification Tracking System (ACTCS)
- Briefed Senior Level Management with the security posture of the enterprise by providing updated metrics. Provided approved mitigation strategies and/or plans to correct the shortfalls
Cyber Security Program Manager - SRA International - Stuttgart, Germany
(2010-08 - 2013-06)
Acted as Management member appointed to the IT Security Project Management Directorate. Directly responsible for the critical security device upgrades, secure system design using risk management doctrines, and internal career development of cyber professionals.
- Managed 10 concurrent projects with competing resource requirements. Responsible for the project planning, scheduling, and reporting to the stakeholder suite and U.S. Government. Projects included: Enterprise upgrades of key IT security assets, system hardening of servers and baseline OS, Implementing, and maintaining the vulnerability scanning suite; Led migration projects to certify and accredit over 20 critically assigned systems using NIST and DIACAP Accreditation guidelines for the Departme
- Led and managed a team of 4 for the entire U.S. Africa Command enterprise network accreditation project. The project led to its first ever Authorization to Operate (ATO) in an approved U.S. Government infrastructure for USAFRICOM
- Created security policies, procedures, and guidelines that follow Department of Defense rules and regulations
- Assessed team training requirements, identified, and procured required training to ensure team members meet audit requirements
