Security Engineer (GRC/Audit)
July 2011 – December 2013
Reviewed all logs and anomalous behavior reports multiple times daily.
Conducted internal audits on policy compliance, asset management, and company-wide departmental business continuity needs.
An integral part of the Incident Response Team as head of the Cyber Incident Response Team, and advisor on the Management Incident Response Team.
Was responsible for production and maintenance of security policies and controls: Information Security Policy, Business Continuity Management Plan, Data Classification Policy, Visitor Access Policy, and ePolicies (acceptable use).
Scanned all user-machines for vulnerabilities with Qualys and Acunetix.
Performed gap analysis/audit to assess compliance with ISO 27001, ISO 27002, ISO 22301, OWASP Top 10, NIST 800-53, and SANS Top 20.
Performed social background checks on all new hires (Facebook, Twitter, LinkedIn, & Maltego searches)
Evaluated, deployed, and used Faronics AntiEx, Faronics AntiVirus, Faronics DeepFreeze, Bit9, and Symantec Ghost for endpoint security and imaging.
Administrator of video surveillance system (using Axis software and cameras).
Prepared and conducted company-wide and small-group training on security topics (social engineering, policy compliance, conference reporting).
Scoped and coordinated annual and bi-annual pentests (from 3rd party agencies).
Prepared and compiled evidences for successful WebTrust, WebTrust 2.0, and EHNAC accreditations.
Responsible for all user machine patching, utilizing Secunia and WSUS for all Microsoft and 3rd party patches.
“Gamified” security awareness training through a quiz system tied to account logins.
Maintained the Risk Registry through a confluence wiki.
Created and ran crypto games/puzzles for fun.
Held a Certificate Authority Trusted Role as Internal Auditor.