Job History

FormAssembly

Ensure FormAssembly meets the highest security standards, administering security audits, making infrastructure improvements, and helping achieve/maintain security standards such as PCI DSS Level 1, ISO-27001, HIPAA, GDPR, FedRAMP and others.

  • SUSTAIN AND IMPROVED the enterprise information security and risk management framework, policy, processes, and tools.

  • DOCUMENT processes, procedures, and workflows for Security Operations.

  • DEPLOY AND MAINTAIN security tooling at FormAssembly. (AV/EDR. IDS/IPS, DLP, Logging & Monitoring)

  • MONITORING the adequacy and effectiveness of FormAssembly common controls and timely remediation of observation.

    • Conducting testing of security controls

  • MAINTAINING certifications roadmap based on customer needs e.g. Fedramp, ISO 27001, PCI DSS

  • FACILITATING external certification audits to include timely remediation of observations

    • Assisting Security leadership in developing processes and controls to manage risks and issues.

  • RESEARCH AND IMPLEMENTED NEW INTERNAL SOLUTIONS

    • Eramba a GRC tool that simplifies and manage security controls

    • Safebase that simplifies customer security and compliance reviews.

    • Elastic Security for monitoring of security events, and looking for significant events, and processing reports of unexpected network activity.

  • WORKING across multiple internal teams and to handle internal and customer questions regarding security related topics.

  • SYSTEM IMPROVEMENT & WORKFLOW DESIGNING

    • Provided support for Atlassian Products such as JIRA and Confluence

    • Design and configure JIRA workflows and Automations

  • IT ENGINEERING

    • Assist with user lockouts, authentication, access requests, terminations and transfers.

    • Google workspace account deactivation, activiations, backups and license true-ups

    • Assist with Okta and SaaS application configuration changes, MFA integration, SSO and security and functionality change control

Upwork

  • CONDUCTED security control assessments and Gap Analysis's for following the required methodology of examining, interviewing and testing of Security Controls based on NIST SP 800-53 Rev. 4, NIST SP 800-53A Rev. 4, and NIST 800-37 Rev.1.

  • PLANNED AND DEPLOYED, Wazuh Open Security Platform (SIEM) agents across 400 Window virtual servers and 40 Window physical servers

  • CONFIGURED Wazuh manager server and unique rulesets for different clients in regard to their contractual requirements

  • PREPARED clients for SOC2 by mapping controls to policies.

  • DEPLOY AND IMPLEMENT GRC tool Eramba and create workflows around and HITRUST and SOC2.

  • PERFORMED Vulnerability Assessment and Penetration Testing using commercial and open source tools such as Nmap, Nessus, and Metasploit.

  • UTILIZED Tenable Nessus Scanning to ensure compliance standards are maintained and patches are up to date.

  • SYSTEM ADMINISTRATION. Linux servers such as Ubuntu and Debian-based systems

Secure Compliance Solutions

  • DRIVE monitoring of security events using a Elastic SIEM (and AlienVault), looking for significant events, and processing reports of unexpected network activity

  • USE THREAT INTELLIGENCE to hunt for indications of compromise in log data and utilizing endpoint security tools

  • MAINTAINED the security services and technologies involving the SIEM configuration & planning, and incident response

  • DEPLOYED AND MANAGED Endpoint Security, from SentinelOne to Malwarebytes

  • MEETING OR EXCEEDING service level agreements (SLA's) for incident response and investigations

  • ADMINISTER the Atlassian product line (Jira, Agile, Confluence, etc.)

  • IDENTIFIED opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk

  • DESIGN & MANAGED JIRA/Confluence queries, dashboards for metrics reporting for various teams

  • DEVELOPED custom Atlassian workflows, post functions, validators

  • PERFORMED log management of corporate and client-facing systems such as ensuring log source health, monitoring abnormal log activity, performing investigations, and managing the AlienVault appliances.

  • ANALYZED AND ASSESSED security incidents and escalate to client resources or appropriate internal personnel for additional assistance, in accordance with Triage and Incident Response procedures.

  • VULNERABILITY ANALYSIS – Performs routine vulnerability scans (using OpenVAS vulnerability engine) against specified systems, analyzes the results, on client's environment from on-premise network to the cloud.

  • PERFORMED penetration tests on client environment on a monthly basis using tools such as Metasploit Pro, NMAP, and other open sourced tools.

Prevail Health Solutions

  • PRIMARY CONTACT for all IT Operations, Risk, Compliance, Security and Technical question.

  • LED AND IMPLEMENTED HITRUST Compliance Certification Process from the self-assessment to the validated assessment. Mapped HITRUST to SOC2 Security Controls.

  • EVALUATED SIEM products in order to assist with the selection and implementation of the best tool to help identify network attacks, malicious behavior, policy violations and provide comprehensive auditing and reporting capabilities to support regulatory compliance.

  • MANAGED AND ADMINISTERED Device Management System (ManageEngine, Intune, and JAMF)

  • DEPLOYED first Security Information and Event Management (Wazuh) system across all company devices and servers.

  • UTILIZED endpoint security systems to implement security policy and prevent data loss.

  • CONFIGURED AND OPTIMIZED network hubs, routers, and switches (Cisco Meraki and etc).

  • IMPLEMENTED AND CONFIGURED LDAP, SSO, SAML using Jumpcloud (Directory-as-a-service)

  • ADMINISTERED support for corporate Office 365 suite including email (Exchange), storage (OneDrive), file share (SharePoint), and the rest of the Office 365 productivity suite, and ensure they comply with strict security requirements required by HIPAA and HITRUST

  • MANAGED AND ADMINISTERED VPN Server from configuration, maintenance, to granting access to employees.

  • ADMINISTERED, DEVELOPED, AND MAINTAINED Identity and Access platform Jumpcloud.

Alight Solutions

Worked in CLIENT SECURITY at Alight Solutions. Responsibilities include supporting/presenting the security program to our clients, including physical security, cyber security, application security, privacy, incident response, vulnerability management, and business continuity practices. Externally, this work includes maintaining ongoing relationships with client security groups, coordinating client security reviews and audits; internally we are the liaison between business and technology. We connect client requirement with business goals and secure operations.

  • Respond to client security inquiries via 30+ of Standard information Gathering (SIG) or customized questionnaires with 100-600 questions

  • Help facilitate client onsite security audits.

  • Successfully closed out a client security assessment without any follow up by providing informative and accurate responses to their questionnaire.

American Academy of Orthopedic Surgeons

PreviousElevator PitchNextBehavioral-Based

Last updated