• Investigate T-Mobile breach identifying artifacts on TOR network• Investigate suspicious employee behavior and violations of process, procedures, and standards• Audit, Deny or Approve all software, technologies and third parties to be used in the environment• Audit every aspect of the business from procurement to software development, deployment, configurations, and diagrams• Review architecture diagrams for cellular networks recommending a defense in depth approach with security controls pertinent to the technologies• Investigate project managers and their teams to identify suspicious and illegal activity gathering required evidence to establish sufficient use case for further investigation• Ensure change control process is implemented, reviewed, and modified to align with legal and regulatory compliance ensuring policies, processes and standards are updated and adhered to• Pentest security controls after the business has implemented and configured the technologies, implemented logging and validated security configuration of the controls to ensure alignment to security requirements

• Participate in 3rd party bank audits of True Accord's services• Audit client and vendors to ensure regulatory and legal compliance• Build out a comprehensive security program while achieving PCI and SOC2 certification• Monthly meetings with the Chief Legal Officer to review laws, policies, and technologies• Audit payment gateways for CIA and ensure GAPs and violations from audits are remediated• Identify opportunities during Brexit to ensure secure opportunities for growth with measured ROI• Implement a change control approval process that ensures CIA and aligns with legal and regulatory compliance• Present to leadership a project plan to remediate and resolve identified GAPs from auditor interviews and presented data• Investigate infrastructure outages, insider threats and ensure client data is purged in accordance with regulatory and legal compliance• Penetration test 3rd party payment gateways, internal and external APIs, and all 3rd party applications with Burp Suite and open-source tools• Deploy SIEM, ASV EDR amongst various other technologies to ensure framework compliance across multiple frameworks such as PCI, SOC2, NIST• Partner with FinTech financial institutions to expand True Accord’s security controls into the business process to ensure legal and regulatory compliance• Implement Securonix into a multi-tenant, multi cloud environment delivering cloud, appliance and on-premises logs for monitoring security violations of controls and policies

• Penetration test VPN, NAC and DLP for PII and PCI data exposure• Utilize Net Witness to complete event reconstruction and analysis• Implement architect for special projects migrating Wells Fargo from SWIFT to block chain• Identify potential threat vectors and remediate in alignment with the changes control approval process• Engage in Threat Hunting activities with Splunk identifying IOCs, correlating timelines, and reviewing packet captures• Catalog artifacts from Threat Hunting and penetration tests and assign risk profiles to assets based on vulnerabilities, threat, and asset value• Investigate Net Flow traffic and packet captures extracting artifacts and correlating within Splunk and Cybereason the running processes for sandboxing

• Penetration test high value assets and validate vulnerabilities utilizing Burp Suite and Metasploit• Present to executive leadership ROI of the vulnerability management and pen testing program and project plan• Automate the vulnerability remediation and validation process partnering with server owners for exception review• Provide continuous scanning for over a million globally connect assets across multiple cloud environments and on premise

• Drive Forensics deployment in AWS using AWS-labs security automation• Penetration test custom applications in AWS and communicate best security practices recommendations• Configure cloud resources and 3rd party vendor tools to vendors best practices in alignment with legal and regulatory GRC• Work with Principal Engineers on architecture and design of the multi cloud environments before and after penetration testing• Lead Wells Fargo in implementing security technologies within the AWS cloud including the deployment and configuration of 3rd party Vendor tools and AWS resources

• Participate in the vendor management process and executing POC’s of vendor products• Develop vulnerability management program with AWS utilizing Nessus Security Center• Integrate Mine Meld threat intelligence with Palo Alto Autofocus next generation firewalls• Migrate AWS and on-premises logging into Alert Logic SIEM for MSSP partnership and collaboration• Pentest and patch Palo Alto Firewalls and present findings and remediation project plan to executive leadership• Lead the security team in the deployment and tuning of Cylance and creating Playbooks to respond to SIEM alerts• Respond to events in Dark Trace identifying IOC’s and tuning the Palo Alto firewalls, Dark Trace and Cylance to prevent specific SHAs, URLs