Jorge Gomez Email & Phone Number
@statestitle.com
7 phones found area 305 and 561
LinkedIn matched
Who is Jorge Gomez? Overview
A concise factual answer block for searchers comparing this professional profile.
Jorge Gomez is listed as Principal Cloud Security Engineer at Twilio at Twilio, based in Miami-Fort Lauderdale Area, United States. AeroLeads shows a work email signal at statestitle.com, phone signal with area code 305, 561, and a matched LinkedIn profile for Jorge Gomez.
Jorge Gomez previously worked as Principal Cloud Security Engineer at Twilio and Staff Cloud Security Engineer at Twilio. Jorge Gomez holds Master'S Degree, Computer Engineering from University Of Miami.
Email format at Twilio
This section adds company-level context without repeating Jorge Gomez's masked contact details.
AeroLeads found 1 current-domain work email signal for Jorge Gomez. Compare company email patterns before reaching out.
About Jorge Gomez
Educated and motivated individual with a strong engineering background and over 10 years of cybersecurity experience. Highly analytical, versatile, creative, and vetted under high-pressure decision-making situations. Strengths and interests include application/product security, DevSecOps, cloud security, and security architecture & engineering. Other interests include front-end web development and cloud-native microservice architectures using JAMStacks - React, Next.js, GatsbyJS, Node.js, JavaScript/TypeSript.
Listed skills include Information Security, Network Security, Information Technology, Cyber Security, and 31 others.
Jorge Gomez's current company
Company context helps verify the profile and gives searchers a useful next step.
Jorge Gomez work experience
A career timeline built from the work history available for this profile.
Staff Cloud Security Engineer
• Technical lead for Google Cloud Platform (GCP) and responsible for cloud security initiatives that automated GCP Project lifecycle, consolidated M&A Google Accounts, and eliminated shadow IT, resulting in the shutdown of 1,459 GCP Projects reducing the attack surface by 28.36%• Project lead for WAF as a Service (WaaS), which empowers engineers to manage AWS WAF rules via infrastructure as code (IaC) in a self-service manner, improving security posture at the edge and reducing WAF costs by 20%. This led to an AWS re:Inforce conference talk on API Security using the Well-Architected framework and how to apply at an Organization at scale. • Frontend engineer and design architect for the Artificial Intelligence Identity and Access Management (AiIAM) web application, which allows engineers to use natural language to construct AWS IAM policies in a self-service manner, following the principle of least privilege. This led to a conference talk at BSidesSF 2024, titled " AiIAM: Transforming the Democratized AWS IAM Architecture with LLMs." • Design architect and contributing developer to an AWS Support Slack Bot initiative that allows incident commanders to engage AWS support natively via Slack. The application creates AWS infrastructure by using a simple Slack command, eliminating AWS hard quotas for onboarded accounts and saves over 600 hours annually during production incidents allowing for quicker mean time to remediate (MTTR).
Staff Product Security Architect
• Security lead for the identity and access management (IAM) product with the goal to provide granular authorization permissions to DigitalOcean API tokens and the cloud control panel following the principle of least privilege – this was released on schedule to 10k customers in private beta• Developed a scalable GitHub Application, written in Node.js, that served as a secret scanner and identified potential API tokens, database connection strings, private keys, and other secrets in every GitHub Organization repository within an enterprise and notified the pusher via Slack, while creating a security issue to track the vulnerability• Co-authored "Securing your DigitalOcean account," which highlights key actions to take to improve the security of your DigitalOcean account and reduce the risk of an account takeover – article can be found at: https://www.digitalocean.com/blog/securing-your-digitalocean-account• Completed application security and security architecture reviews for customer-facing products, provided guidance to engineering teams on security best practices, and reviewed engineering documents, including, Request for Comments (RFCs), Technical Design Documents (TDD), and architecture drawings
Senior Staff Security Architect
• Security architect responsible for the design and implementation of zero trust security controls using an agent/gateway model, micro-segmentation, and software-defined perimeter, which resulted in a 50% reduction in cybersecurity incidents by improving the security of employee web browsing activity, focusing on web content filtering/malware protection, enhancing network visibility, and effectively reducing the risk of lateral movement• Author and security architect for Network Security Architecture, Bring Your Own Device (BYOD), and Mobile Device Management (MDM) policies to improve the security of Doma's Azure footprint, which followed the Center of Internet Security (CIS) Benchmarks and NIST Cybersecurity Framework (CSF) and was a contributing factor to Doma’s public listing in the New York Stock Exchange (NYSE), while preparing it for SOC 2 Type II certification• Developed Encryption Standards and deployed a hardware security module (HSM) in order to meet strict customer encryption requirements and improved key management practices achieving FIPS 140-2 level 3 compliance• Liaison to Product Security and Software Engineering to promote a secure software development life-cycle and a DevSecOps culture, including, the evaluation and successful integration of security testing technology, such as Static Application Security Testing (SAST), Software Composition Analysis (SCA), Container Security, and Dynamic Application Security Testing (DAST)• Managed strict service level agreement (SLA) for critical, high, and medium vulnerability findings at 10 days, 45 days, and 60 days, respectfully• Regularly measured the maturity of the Product Security/application security program using Open Web Application Security Project (OWASP) Security Assurance Maturity Model (SAMM) and disseminate progress with senior leadership• Completed security architecture reviews, threat modeling activities, and data flow diagrams to identify security risks in application architecture
Lead For Application Security & Cloud Security Architecture
• Program manager and technical lead for the software, mobile, and application security program where detection and mitigating controls resulted in a 14-day rate of remediation for critical, high, and medium vulnerabilities – preventing cross-site scripting (XSS), SQL injection, and other OWASP top ten vulnerabilities• Responsible for processes, standardization, and automation of the software development lifecycle (SDLC) through the use of security-integrated Continuous Integration / Continuous Deployment (CI/CD) pipelines where testing toll gates reduce security vulnerabilities, technical debt, and produced over $500k in annual cost avoidance• Cloud Security Architect and Subject Matter Expert (SME) for all major efforts involving AWS and digital transformation projects where monolithic and on-premise applications were successfully re-architected using cloud microservices improving redundancy, scalability, and agility – these migrations avoided 5k hours in operational overhead over a year period• Tracked key performance indicators (KPI) and metrics for senior and executive leadership to ensure critical, high, and medium-level severities are mitigated in a timely manner by eliminating 60% of noise generated from security testing tools• Drove culture changes to promote Agile, DevSecOps, and Cloud Security best practices to enable digital transformation• Coordinated operational and tactical efforts including static and dynamic application security testing, software composition analysis, penetration testing, red team engagement, and other tier 1/2 application and cloud security concerns
Senior Cybersecurity Analyst - Cyber Threat Intelligence And Cyber Incident Response
• Processes commercial and open-source intelligence, assesses cybersecurity risk, and disseminates Cyber Threat Intelligence reports to senior leadership to help drive intelligence-driven defense efforts• Serves as the Cybersecurity Incident Commander for cyber events and incidents that affect the confidentiality, integrity, and availability of NextEra Energy and its affiliate’s systems• Agile Product Owner for the Cybersecurity Operations Center (CSOC) Orchestration and Automation projects, which provides tier 1 and 2 analysts with a workbench that promotes efficiency and productivity• Mentors junior and associate analysts on cybersecurity best practices and coaches them with cybersecurity incident response investigations by strengthening host-based and network forensics, static and dynamic analysis, and identifying the root cause
Information Security Analyst - Cybersecurity Operations Center
• Cybersecurity Operations Center (CSOC) rotational assignments, including intrusion detection/prevention system (IDS/IPS) monitoring, operational support for tier 2 security incidents, monitoring for potential critical cyber asset (CCA) violations reported via the Security Information Event Management (SIEM), follow-up on suspicious/persistent malware detection on all corporate assets, and monitoring and reporting on sensitive Sarbanes Oxley (SOX) / Non-Public Information (NPI) / Personally Identifiable Information (PII) access abuse on all corporate SQL databases• Processes emails sent to the Spam mailbox to identify malicious emails that made it past security controls and takes action to mitigate security gaps• Responsible for email, asset, and network share collections for litigation hold requests, using Encase software for all cases involving NextEra Energy Inc.• Design, development, and maintenance of an open-source mock phishing assessment framework called GoPhish to promote the security awareness program and perform monthly mock phishing assessments
Senior Information Security Administrator - Identity And Access Management
• In charge of the design, deployment, and logistics for a company-wide project to enable multi-factor authentication for remote access and the implementation of the RSA Authentication Manager Prime for self-service requests• System Owner and Subject Matter Expert (SME) for RSA 2Factor SecurID and Managed Engine Password Pro and responsible for its account management (user/system changes), security patches, upgrades, and testing in accordance with North American Electric Reliability Council Critical Infrastructure Protection Standard (NERC CIP)• Technical lead and Information Security liaison for efforts and projects to limit remote desktop access to multi-factor authentication protocols for Windows and UNIX servers that were deemed critical by regulatory standards
Information Security Administrator - Access Administration
• Design and implementation of IT solutions for internal and external security administration processes, access controls, identity provisioning/de-provisioning and regulatory compliance• Audit security processes related to employee and contractor workforce assignments and established relevant resolutions, which included the review of contractor and employee recertification for renewal of system access• Grant least privilege access of UNIX and Windows OS to appropriate employees and contractors using IBM and Microsoft products• Process termination of system access for separated employees and contractors in a timely manner to mitigate the risk of a security incident
Information Security College Intern - Nerc Cip Compliance
• Involved in various projects to make Florida Power & Light and its affiliates compliant with NERC CIP standards• Assisted the Cybersecurity Project Manager in day-to-day assignments and participated in security initiatives including the removal of NPI data from FPL applications in accordance with the Florida Breach Notification Law
Jorge Gomez education
Master'S Degree, Computer Engineering
Bachelor'S Degree, Electrical And Electronics Engineering
Frequently asked questions about Jorge Gomez
Quick answers generated from the profile data available on this page.
What company does Jorge Gomez work for?
Jorge Gomez works for Twilio.
What is Jorge Gomez's role at Twilio?
Jorge Gomez is listed as Principal Cloud Security Engineer at Twilio at Twilio.
What is Jorge Gomez's email address?
AeroLeads has found 1 work email signal at @statestitle.com for Jorge Gomez at Twilio.
What is Jorge Gomez's phone number?
AeroLeads has found 7 phone signal(s) with area code 305, 561 for Jorge Gomez at Twilio.
Where is Jorge Gomez based?
Jorge Gomez is based in Miami-Fort Lauderdale Area, United States while working with Twilio.
What companies has Jorge Gomez worked for?
Jorge Gomez has worked for Twilio, Digitalocean, Doma, Nextera Energy, Inc., and Florida Power & Light Company.
How can I contact Jorge Gomez?
You can use AeroLeads to view verified contact signals for Jorge Gomez at Twilio, including work email, phone, and LinkedIn data when available.
What schools did Jorge Gomez attend?
Jorge Gomez holds Master'S Degree, Computer Engineering from University Of Miami.
What skills is Jorge Gomez known for?
Jorge Gomez is listed with skills including Information Security, Network Security, Information Technology, Cyber Security, Active Directory, Disaster Recovery, Windows Server, and Security Architecture Design.
Search by job title, company, industry, location, and seniority. Export verified B2B contact data when you need it.
Start free trial