•Conduct comprehensive application penetration testing on web and API applications, identifying and mitigating security vulnerabilities.Lead security reviews and threat modeling sessions, integrating security tools and processes into the DevOps pipeline to enhance application security.Perform static and dynamic code analysis, utilizing tools such as Burp Suite, to uncover and resolve security flaws in application code.Collaborate with development teams to enforce secure coding practices and address vulnerabilities in line with the OWASP Top 10.● Managed SIEM systems, optimizing configurations for enhanced monitoring and threat detection, resulting in improved incident response times.● Ensured ongoing SOC 2 compliance through meticulous assessment of vendor SOC 2 reports and proactive implementation of necessary security controls.● Conducted continuous research to ensure policies were up-to-date with current NIST guidance and compliant with federal, state, and local regulations.● Developed and implemented a comprehensive insecurity awareness program, including annual training, AUP acknowledgment tracking, and phishing simulations.● Conduct comprehensive security reviews and threat modeling exercises to identify and address potential risks in cloud environments and on-premises systems.● Develop and implement security strategies for Google Cloud Platform (GCP), ensuring compliance with industry standards and best practices.● Administer and manage SIEM systems, including configuration, monitoring, and analysis of security events to detect and respond to threats.● Collaborate with cross-functional teams to evaluate security considerations in cloud environments, including AWS, Azure, and Google Cloud.● Conduct in-depth security reviews and threat modeling for applications hosted on Google Cloud Platform (GCP), identifying vulnerabilities and recommending mitigation strategies.

Proactively implemented updates, maintained, managed, monitored, and supported enterprise network and systems security operations infrastructure throughout the shared services environment.Perform daily DLP Incident monitoring, analysis and reporting, solution checks, client interaction, and day-to-day DLP operations.Managing SIEM - Net forensics Create and run routine reports and data analytics in Excel and Tableau. Audit and validate data/reports.Responsible for delivering an end-to-end continuous integration - continuous delivery system for the products in an agile development approach using Chef/Ansible and Jenkins and Shell Scripts.Wrote Ansible playbooks to set up the Continuous Delivery pipeline and this primarily consists of a Jenkins and Sonar server, the infrastructure to run these packages and various supporting software components such as Maven.Managed the large security, risk, and compliance initiatives of SOX-404 IT, PCI DSS HIPAA/HITECH, Privacy Act, and FTC including security policies, procedures, and controls. Experience with Windows, Linux, vulnerability assessment tools, firewalls, IDS/IPS, HIPS/HIDS, Nessus, NMAP, SIEM, Splunk, Rapid7 Nexpose and Insight, WAF, routers, switches, VMware, Endpoint Security, Cloud Security, Symantec Endpoint ProtectionAssesses a residual risk rating for the vendor based on their control environment.Monitor, analyze, and respond to network incidents and events. Participate in disaster recovery implementation and testing under NIST framework, HIPPA, & HITECH standards.Developed approaches for industry-specific threat analyses, application-specific penetration tests, and the generation of vulnerability reports.

Monitor network and system security using security information and event management (SIEM) tools to detect and respond to potential security incidents.Assist in the initial assessment and triage of security alerts and incidents, determining their severity and impact.Analyze system and network logs for signs of suspicious or unauthorized activities and report findings to senior analysts.Conduct routine vulnerability assessments and scans to identify and report security weaknesses.Assist in the timely deployment of security patches and updates to mitigate known vulnerabilities.Monitor and manage user access rights, ensuring that permissions are appropriate and aligned with security policies.Promote security awareness among employees, helping them understand and adhere to security best practices.Maintain accurate and up-to-date records of security procedures, incident reports, and policies.Assist in enforcing and implementing security policies, standards, and guidelines within the organization.Generate and present security reports to management, summarizing security incidents, trends, and areas for improvement.Use various security tools and technologies, such as antivirus software, intrusion detection systems (IDS), and firewalls, to bolster security defenses.Stay informed about the latest cybersecurity threats and vulnerabilities through threat intelligence sources.Participate in security testing activities, including vulnerability assessments and penetration testing, and assist in remediating finding.