•Develop MVP standards for security instrumentation and direct global implementation of security technology, including vulnerability, application, cloud, and network security, ensuring seamless integration and effective control across global tech infrastructure•Achieved 98% WAF coverage, 98% endpoint security health, and 100% code scanning across 100k users, 70k endpoints, 4 data centers, and 150 offices by creating in-house automated inventories, collaborating cross-functionally, and establishing standardized metrics •Lead the creation of the first secure server pipeline to eliminate ad hoc server provisioning through collaboration with software development, cloud operations, and cloud architecture, enabling secure cloud migration for key applications and improving system efficiency •Manage a $15 million budget, promoting automation and innovation to enhance interoperability and achieve cost efficiencies•Develop a strategy leveraging commercial, open-source, and internal technologies, improving risk management and remediation speed

•Led 50 engineers across four teams, delivering high-performance, scalable technology implementations across various security verticals, both on-premises and in multi-cloud environments•Integrated security automation within engineering support to maximize automated playbooks and organizational investment in the Cyber Security program•Implemented container security policy that integrated into the container deployment pipeline and aligned with the CIS Critical Security Controls framework•Developed agent health remediation strategy to provide executive visibility into the global health of technologies within the security stack, including analytical reporting to drive remediation operations•Collaborated with engineering and security teams to create implementation timelines and development roadmaps for data loss prevention, insider threat analytics, cloud, container, endpoint, and database security, as well as security automation

•Led deployment and content development for distributed Splunk Enterprise and Splunk Enterprise Security clusters, including new technology initiatives and proof of concepts (POCs) like Security Event and Incident Monitoring, Malware Sandboxing, Tap Aggregation, and Log Retention•Performed dynamic malware analysis to extract new indicators and share findings with industry partners, and incorporated cyber intelligence indicators from public and private sources into security technologies•Specialized in network analysis utilizing a variety of tools and techniques such as network security monitoring, log analysis, and forensic analysis•Ensured compliance with North American Electric Reliability Corporation (NERC) critical infrastructure protection standards

•Implemented Information Security Compliance program, achieving no significant findings in FDIC, PCI, and FFIEC audits•Established vulnerability remediation program for three data centers and one corporate environment•Developed PowerShell scripts for system monitoring, Active Directory changes, and web application vulnerabilities•Coordinated incident response program to handle Denial of Service attacks, fraud, and other threats•Administered security technologies including malware analysis, SIEM, encrypted email, mobile device management, web filtering, and vulnerability management