IT Security Analyst

North Hollywood, CA
US$17/hr compensation
Start the conversation: This is the recruiter hiring for this position. Start networking here:
Job Description

VICTOR A. DOCDOCIL




 



Block 006 Lot 040, Yakal St, Camella Homes Seville, 

Habay, Bacoor Cavite, 4102, Philippines

+63 32 9295579876. vdocdocil@yahoo.com

 

IT SECURITY ANALYST


AREAS OF SPECIALIZATION & INTERESTS:

  •   Windows & Unix/Linux Administration
    • CyberSecurity/PenTest/Forensics/DB
  •   Network/Internet/Wireless Security
    • DRP-BCP / Vulnerability Assessment
  •   Info Security Admin/Risk Management
    • Best Practices/Compliance/Policies/Audit





MEMBER: Alliance of Security Analysis Professional (http://asap.maddoktor2.com/)

 

OBJECTIVE:       To develop a career as an Information Security Analyst in a growing company where my skills and years of experience will be utilized in achieving the goals and objectives of the organization.

 

Summary of Skills:

  • Knowledge of information security principles and practices and security architectures.
  • Understanding of advanced security protocols and standards and in-depth knowledge and understanding of existing IT technology.
  • Conduct security research in keeping abreast of latest security issues.
  • Excellent communication and writing skills.
  • Oversee companywide efforts to identify and evaluate all critical systems.
  • Drive education & awareness of IT Security, Compliance & Privacy.
  • Experience in Project Management.
  • Proactively assesses potential items of risk and opportunities of vulnerability in the network/IT Security and Risk Management.
  • Able to build and developed, productive and positive working relationships within IT, external IT and clientele.
  • Experience with security policies, procedures, and standards. Recognized and identify areas where security policies and procedures require change, or new ones need to be developed.
  • Experience in introducing and implementing IT Standards and Compliance (ie,PCI Standards, HIPAA, SOX, Common Criteria, COBIT, ISO, etc.) and Best Practices.
  • Experience providing security recommendations, in addition to compliance-related gaps.
  • Ability to plan, design, and implement security programs for clients.
  • Understanding of SDLC concepts, web-application security flaws / vulnerabilities.
  • Experience auditing Windows, Unix (e.g. Solaris, RHEL, AIX, HP-UX) operating systems.
  • Excellent customer service and decision-making skills.
  • Ability to support and work in a team environment.
  • Outstanding knowledge of network technologies TCP/IP, routing and firewalls.
  • Extensive knowledge of all stages of IT Security life cycle.
  • Ability to solve complex problems in a simple and accurate manner.
  • Participated in the planning and design of enterprise security architecture.
  • Recommended additional security solutions to existing security solutions to improve overall enterprise security.
  • Designed and executed vulnerability assessments, penetration tests and security audits.
  • Provided recommendations for adaptation of new technologies and polices.
  • Participated in investigations into problematic activity.
  • Monitored all in-place security solutions for efficient and appropriate operations.
  • Maintained and developed operational configurations of all in-place security solutions.
  • Maintained up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions.
  • With background experience Penetration Tester/Security Assessment.
  • Background experience on Forensic analysis/Investigation management.



TECHNICAL PROFICIENCIES    

Platforms:        Windows Server & OS 2000/2003/2008/XP/Vista/Windows 7, MS Exchange Server & Outlook, Unix/Linux/Sun, IBM AIX HP UX, Oracle DB 8i/10g.

Networking:     DHCP, TCP/IP, Novell, Ethernet, FDDI, WLAN-Wi-Fi, DSL, NIS+, BOKS, Frame Relay, IPVPN, MPLS, VoIP, Data Centre Operation, Virtualizations, etc.

Languages:      C++, Java, PL/SQL, Visual Basic, Oracle, Shell scripting, Perl.

Tools:               Wireshark, SamSpade, NMAP, Nessus, SysInternals Suites, Port Scanners, WatchGuard 11.4/Firebox X5500e , Microsoft Network Monitor, Metasploit Framework, knowledge in other security technologies,  etc.

Hardware:        Switches/Hubs, Routers, RAID, Switches, Biometric Scanners, Wireless Bridge, etc.

Security:          Information Security Management (ISM)-BS7799, Common Criteria/TSEC, COBIT, ISO 27001, ISO 27002, Access Control, PCI-DSS, SOX, HIPAA, National Institute of Standards and Technology (NIST), SAS 70, Rainbow Books, C|EH, CISSP, IT Security Audit, Computer Privacy & Security, Digital Forensics, Anti-virus, Spyware/Malware/Spams, Computer Security Audit, ITIL Framework, Systems and Procedures, Project Management, Experience.


PROFESSIONAL EXPERIENCE

 

Department of Public Works and Highways (DPWH)           July 1, 2009 – Present

OIC, IT Policies and Standard Section

Designated Chief IT Security Officer (July 2009 – Dec. 2010)

Technology Support Division - Monitoring Information Service (MIS)

 

Establish and implement Formulate and maintain/update ICT policies and standards that will provide the overall guideline and direction in the implementation of ICT activities in the Department.


Key Achievements:     

  • Proposed and collaborate the redesign and implementation of firewall configuration using UTM as front-end network firewall infrastructure and VPN connection.
  • Formally evaluate security features of information products and systems.
  • Monitor compliance with policies, procedures, and recommend best practices standards.
  • Develop and publish Information Security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements.
  • Monitor and maintain levels of compliance to the Information Security elements of the IT Service Group and liaised with Network Admin Section for collaboration.
  • Drive education & awareness of IT Security, Compliance & Privacy across the Department.
  • Assist in the review of audit logs (spams), reviewing daily log reports and identifying suspicious activities and update spam filtering DB.
  • Provide second level support coordination for Support Desk; assist other Admins when required.
  • Contract formulation, review, and amendments for Wide Area Network Agreement.
  • Attend Bids and Award Committee’s and Procurement as IT representatives and evaluator.
  • Contribute Technology write-ups with Departments Tambuli e-Magazine.
  • Assists in business units in identifying security requirements and improvement.
  • Perform Contracts and/or Technology review proposals for IT Architecture upgrading.
  • Coordinate Website connectivity problem with Provider until connection resolved.
  • Designated Project Manager for Communication Network Project, Web Site Outsource, WAN Redesign and assist in Firewall re-design.
  • Formulate proposals and handles projects to improve IT services, which includes web site outsourcing, UPS re-configurations, WAN redesigns etc. and propose IT solutions incorporating Industry Standards (i.e., BS 7799/ISO 27001, PCI-DSS, etc).


 

Optimum Solutions Pte – Barclays Capital (Singapore)         November 2008 – December 31, 2008

Consultant - Account Security Administrator (Infrastructure)

(Global Technology Administrator – Global Information Security)

Consultant hired to handle Lehman Brothers Account Migration to Barcap System and handled day-to-day support for Barclay’s worldwide support and handling sensitive/confidential security issues in a professional manner and using ITIL, ISO 27001 standards.

 

Key Achievements:

  • Provide help desk support level 1 & interacting with user to provide first line of assistance and basic troubleshooting.
  • Creation, deletion and modification, granting rights, change/amend group ownerships of (i.e. Application, function, data, migration, distribution list, user, mapping, printer, support role, system, shared drives, mailbox access, etc) and user accounts using different security solution applications (AIM automation) or thru manual process in Active Directory environment for better secured account administration and computing.
  • Resolve customer’s technical queries, expectations & concerns by proving real time support accurately worldwide through tickets, phone and emails.
  • Escalate technical, non-technical issues to management and support teams as required
  • Update Daily Shift Engineer file for work accomplished to be processed by next employee shifts to maintain request follow-ups and turnovers to adhere to SLA's.
  • Assist in the security assurance activities, which consist in requesting evidence to verify compliance against approved security baselines for various operating systems, network components, and databases.
  • Assist in the tracking the status of all security-related audit findings and assisting in the closure of the significant findings in a reasonable amount of time.


Optimum Solutions Pte – Citibank (Singapore)                   October 2007 – October 2008

Consultant - Information Security Administrator (Midrange Support- Unix Platforms)

(AP-Security and Compliance)


Take ownership of user problems and be proactive when dealing with user issues. Handles sensitive/confidential security issues in a professional manner and on-call 24 x 7 support services.

 

Key Achievements:

  • Performs system security administration on technology platforms in accordance with the defined policies, standards and procedures of the organization, as well as with industry best practices and PCI-DSS/PA-DSS, ISO 27001 guidelines.
  • Monitor ticket queue & ensure all request & issues are resolved in an efficient & timely manner like access management tasks (add, update, delete, reset, and grant rights) for user accounts in Asia Pacific Region.
  • Manage customer expectations through ongoing communication by phone or emails and provides technical support advised for hardware troubleshooting issues and software’s.
  • Performed the clearing of inactive, old accounts on both Unix and database platforms
  • Troubleshooting problems in relation to the applications supported and connectivity.
  • Escalate technical, non-technical issues to management and support teams as required.
  • Track, monitor & update incidents on daily basis to ensure a timely resolution.
  • Fulfill service request & update service request ticket status/security technical knowledge support for operations Risks Management and Internal Audit/Log Review Team on a daily basis.
  • Assist in the review of user access (entitlement review) and programs for both regular & privileged users and maintain access rules, defining who has access to which data sets under what circumstances in accordance with approve request compliance.
  • Participated on different multiple application projects implementation to deployment. Maintains excellent communication with the IT Manager on all tasks and projects.
  • Participating in significant systems projects coordination for new application/server testing and deployment from UAT to PRD.
  • Establish, document, and distribute security incident response and escalation procedures to ensure timely and effective handling of all situations.
  • Incident management skills, ability to effectively manage various IT security Incidents and tracking till closure.
  • Provides emergency on-call support (on-site/off-site) on a rotating schedule.
  • Represent our group in Change Management meetings for changes to projects and monitoring of the implementation and fine-tuning as required on projects implemented.
  • Proactively shares knowledge through technical sharing and training, solution contribution and self service participation.


Mactan-Cebu International Airport Authority                    April 1996 – October 2007

Systems/Network LAN Administrator          


Extensive LAN/ WAN/ hardware/ software and I.T. networking experience within an ever changing environment.  Establish enterprise-wide computerization program from designs to implementation and maintenance. Design and implement security policies and procedures which include formulation of Disaster Recovery Plan and Business Continuity Plan.           

 

Key Achievements:

  • Supervised MIS staff on daily basis. Liaise/coordinate, builds and maintains vendors/integrator relationships for equipments, solutions, & maintenance of existing equipments and applications.
  • Manage, monitor and control all access to databases by performing DB queries and scripts.
  • Administer user accounts, including additions, deletions, and modifications.
  • Monitor and analyze security alerts and information, and distribute to appropriate personnel.
  • Formally evaluate security features of information products and systems.
  • Hardening systems in line with Industry best practice for ISO 27001-IT/BS7799-Information Security Management Security standards. Ensures a stable performance environment enterprise-wide and updated service packs.
  • Research on the latest industry security practices and technologies as well as emerging threats and vulnerabilities. Provide advisory to IT teams.
  • Conduct security risk assessment on network infrastructure, IT application and operation areas, recommend the risk mitigations, provide technical expertise and implementation.
  • Provides management support for Business Continuity Planning and Disaster Recovery.
  • Coordinated with vendors to conduct in-depth compliance audits, penetration testing, and presenting results to immediate supervisor. Performing tasks associated with vulnerability assessments, security patch management, and intrusion/incident management.
  • Handling of different security incidents/reviews, vulnerability assessments, and reporting and doing proper investigation and responds when need arises (i.e., viruses, Trojans, etc.).
  • Develop and publish Information Security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements.
  • Evaluating, recommending and implementing proven state of the art security solutions/practices to enhance Services core security capabilities in the areas of security infrastructure, access management, networking, databases, servers, etc.
  • Deploy anti-virus software on all computers & ensures that virus definition updated.
  • Assists in the planning, design, documentation, and implementation of various systems to include desktop PC’s inventories, servers, network equipment, applications.
  • Assists in business units in identifying security requirements and improvement.
  • Conduct security awareness training, best practices.
  • Performs comparative analysis on results collected against ever-changing industry threats, vulnerabilities and other malicious technological programs launched through the internet.
  • Recommend specific improvements to security and internal control and follows up on all recommendations with vendors and stakeholders.
  • Assist in the organization and inventory of all hardware and software resources.

 

EDUCATION & CREDENTIALS

Bachelor of Science in Information and Computer Science (BSICS)

UNIVERSITY OF CEBU, CEBU PROVINCE, PHILIPPINES (1988) (formerly Cebu Central Colleges)


Masters in Public Administration (MPA)

UNIVERSITY OF THE VISAYAS, CEBU PROVINCE, PHILIPPINES (1998)


Professional Certification                                                 

3COM Certified Solutions Associate – 2001                                Certified Brainbench Internet Security (Beta)

Certified Brainbench Microsoft Security                            Certified Brainbench SAN Concepts       

Certified Brainbench Networking Concepts Assessment               Certified Brainbench Server Administration

Certified Brainbench Computer Forensics (U.S.)               Certified Brainbench Network Authentication

Certified Brainbench Firewall Administration Concepts      Certified Brainbench RDBMS Concepts

Certified Brainbench Network Technical Support               Certified Brainbench HTML 3.2 Developer  

Certified Brainbench MS Windows 2003 Administration     Certified Brainbench Network Monitoring


Trainings/Seminars:

Computer Privacy and Security – (CBT)                                    Network Security - 2007

Certified Ethical Hacking & Countermeasures –2007               Computer Hacking Forensics Investigation

Wireless Security  – Global Knowledge Inc. – 2007                 Secure Disposal - Citibank 2007

Information Security Incidents – Citibank – 2007                    Securing Our Future - Citibank 2007

Anti-Money Laundering: Corporate - Citibank 2007                  Windows NT/2000 Administration – 2001

Seminar on EC Council Certified Ethical Hacker Course            Introduction to Oracle PL/SQL - 2001

PC Troubleshooting (Advanced)                                               Oracle Reports Developer – Build Reports

Oracle Forms Developer – Build Forms I – 2001                      Network Management Software – 2001

Enterprise Database Administration Part 1A: Architecture       Local Area Networking (LAN) – 1994

LAN Planning, Design, Security – 2001                                     LAN Planning, Design, Security & Admin

Systems Security, Administration and Control – 2001             Information Technology Property Rights

SAD- Data Modeling, Database Management                           

CISA, CCNA, CISSP, C|EH, Linux+, Server+, Network+, Security+ (reviewer)

Environmental Symposium for Environmental & Safety Coordinators – 2004

Profile
vdocdocil@­yahoo.com
Open Position

Hi, I'm vdocdocil@yahoo.com .

Indicates a required field