Security Engineer

• Jul 2022 - Present

Cyber Security Analyst

• Mar 2021 - Jul 2022

Deployment Specialist - Compliance As Code

• Mar 2016 - Nov 2020

Beginning to end automation solution rollout designed to streamline and simplify repetitive daily, weekly, monthly tasks. System hardening requirements translated and customized into Chef templates for each customer. Responsible for educating stakeholders and bridge teams for support when traditional troubleshooting procedures are not successful.Highlights:- Czech Republic Trip: Created training material and educated foreign department on novel procedures following introduction of Continuous Compliance.- Provided feedback from multiple stakeholders in weekly scrum calls with DevOps teams to ensure deliverables in each two week sprint cycle- Achieved first 3 accounts at full automation implementation across ~4,000 servers leading to 1.6 FTE savings- Utilized health check reporting tools to verify security hardening requirements were met as noted in our security hardening frameworks like PCI-DSS, CIS, FFIEC, HIPAA- Regularly studied application architecture documentation for our Continuous Compliance platform to help with troubleshooting and education stakeholders Show less

Security Compliance - Tool Configuration

• Feb 2010 - Mar 2016

Responsible for analysis and conversion of customer technical specifications into health check scan routines for AIX, Linux, Windows, and z/OS Mainframe systems. Code testing was conducted for quality assurance and that desired outcomes were achieved. Worked with multiple stakeholders to educate and help transition from outdated methods and technology to new standards and software.Highlights:- Improved from Level 1 to Level 3 Lead, establishing standards and best practices for peers- Collaborated with peers and System Administrators to determine root cause of false positive reports and rectify- Regularly collaborated with internal audit team to ensure scanning tools are checking the correct and agreed to values within strict and short notice deadlines- Assisted internal audit team with follow-up requests to mitigate potential findings and join calls with external audit firms such as PwC and Ernst & Young for additional clarification as needed Show less

Security Compliance - Data Analyst

• Jun 2009 - Feb 2010

Responsible for analysis of health check data reports for accuracy and completeness relating to system hardening requirements. Delivered these reports to the designated Account Focal who communicated and tracked progress of remediation with System Administrators. Assisted with technical issues or questions from System Administrators to ensure proper remediation or work with the Tool Configuration team to adjust the scan routines. Reviewed vulnerability scan Bigfix reports to help determine applicability and assist Account Focal with patch management cycles.Highlights:- Part of the team that developed and implemented process and procedures adopted globally by IBM, still in use today- Provided excellent support to 200+ clients- Worked with build teams to ensure compliance with internal processes, including SOX technical requirements- Reviewed Bigfix patch scans for completeness and then worked with the system administrators to either schedule the change window to implement the patch, document justification on why it wasn’t needed, or find and implement alternative solution to reduce risk of exploitation Show less