Jul 2020 – Oct 2021 · 1 yr 3 mos · Santa Clara County, California, United States

• Partner with software development teams to incorporate and implement secure SDLC/Devsecops
• Conduct architecture design reviews on web and mobile applications
• Perform automated and manual security testing of web applications
• Work with third party vendors to conduct security assessment of applications
• Established secure design and development guidelines for developer community

Sep 2018 – Nov 2019 · 1 yr 2 mos

• Led Vulnerability Incident Response program for application vulnerabilities
• Implemented Vulnerability Disclosure Program for Dell that involved on-boarding Bug Crowd
• Developed new processes and implemented tools and techniques to perform ongoing security assessments of the environment
• Analyzed externally reported vulnerabilities
• Partnered with business and technology teams to provide security expertise and helped develop remediation solutions for security threats and vulnerabilities
• Employed defense-in-depth principles along the kill chain to eliminate risk and vulnerabilities and improve security controls
• Delivered security training and education to technical staff and acted as an internal security consultant to advise or influence business and technical partners

Feb 2017 – Aug 2018 · 1 yr 6 mos

• Vulnerability Management
• Implemented processes and managed tools used to scan, identify vulnerabilities and tracked their remediation
• System patching, deployment of specialized controls, code or infrastructure changes, changes in development processes
• Worked with internal business units to drive secure configurations in images used for desktops, servers, network devices, and wireless network devices
• Maintained central tracking and management of enterprise vulnerabilities
• Gained hands-on experience in tools such as Burp Suite, Zap, NMAP, Nexpose, Nessus, IBM Appscan, GRC Archer, Jira
• Assimilated technical data, worked with large datasets and translated into layman terms

Feb 2016 – Jan 2017 · 11 mos

• Performed information security incident response and incident handling based on risk categorization and in accordance with established procedures
• Identified incidents and made recommendations to protect the network
• Assisted in administration and integration of security tools to include new data/log sources, expanding network visibility and automation
• Managed and executed multi-level responses and addresses reported or detected incidents
• Conducted analysis using a variety of tools and data sets to identify indicators of malicious activity on the network and digital assets
• Analyzed malware for functionality as well as extraction of indicators that can be used as detection methods
• Provided detailed forensic analysis and reporting on a variety of sources including packet captures, filesystems, host based application and security logs, networking and security devices
• Supported ongoing tracking and remediation of security issues, ensuring that tickets are closed and issues are addressed in a timely manner
• Managed hand offs at shift boundaries for any open response activities

Aug 2014 – Jan 2016 · 1 yr 5 mos

• Worked with peers to assist global Security Operations Center in defining the overall security response strategy
• Created reports and dashboard to provide metrics for SOC operations in a meaningful way for Sr. Management
• Worked with Incident Response team to help create RCA’s for events escalated to incident levels
• Performed Network Security Monitoring
• Performed risk assessment on firewall access requests