Performing vulnerability discover and enumeration; providing summary reports and remediation guidance. Responding to computer incidents related to malware and network based attacks as part of a Computer Security Incident Response Team (CSIRT) or Product Security Incident Response Team (PSIRT). Designing a cybersecurity program involving products and services, firewalls, IDS/IPS, SIEMs, vulnerability scanners, data access controls, data loss prevention (DLP), identification and access management, network infrastructure and cloud hosted applications / services. Evaluating new security products and technologies for integration into the security program. Monitoring events and alerts generated by firewalls, SIEMs and load balancers; Triaging of incidenting originating from a ticket tracking system; Producing and reviewing daily and weekly metrics around security events. Collaborating with internal teams to provide security guidance and best practices
Tools and Environments
Cloud services: AWS microservices, networking and concepts
Orchestration and Provisioning: CloudFormation and Terraform
Scripting: Python, Ruby and Javascript