Information Security Analyst

• Oct 2015 - Present

Information Security Analyst

• Oct 2015 - Present

Designed threat modeling during the SLDC process.Performed security assessments for existing and new applications and infrastructure.Worked with application development teams on remediating Application Security vulnerabilities.Leveraged STRIDE threat model methodology to identify areas of potential attacks to applications and make informed decisions about risk and priorities for fixes.Leveraged the MITRE ATT&CK Framework.Identified control deficiencies and assisted with mitigating risk and reducing the chance of an unwanted risk outcome. Tanium Administrator:Configure, patch, and provide administration of Tanium/Endpoint Security.Implement and operate Tanium/Endpoint Security solutions across a large and diverse enterprise (60K+users, 100+ applications, large IP enabled footprint)Provide technical guidance, oversight, and enforcement of security directives, policies, standards, plans,and procedures.Develop and present program status / metrics to management.Identify roadblocks and propose effective solutionsImplement Tripwire and configure policies to monitor systems.Developed plans to safeguard computer files against modification, destruction or disclosure. Show less

Information Security Analyst

• Dec 2015 - Dec 2019

• Verify client protection by conducting assessments of recently applied or modified web application firewall (WAF) rules• Serve as application security subject matter expert to other SOC teams• Produce reporting artifacts at auditor's request• Analyze and investigate attacks for make recommendations based on current best security practices.

Security Analyst

• Sep 2012 - Oct 2015

• Work directly with customers to identify and allow legitimate activity • Tune WAFs to ensure maximum availability of customer applications while providing coverage for new threats. • Verify client protection by conducting assessments of recently applied or modified WAF rules • Serve as application security subject matter expert to other SOC teams • Meet the expectations of clients in accordance with their Service Level Agreement • Provide customer service experience that exceeds customer expectation • Produce reporting artifacts at customer or auditor's request • Analyze and investigate attacks for customers and make recommendations based on current best security practices. Show less

information Technology Specialist (25B)

• Jun 1996 - Apr 2011