Cyber Security Manager
MetLife
Total des années d'expérience :10 years, 9 Mois
- Demonstrated exceptional multitasking skills by concurrently overseeing three critical initiatives - Veracode Discovery and
Remediation, Burp Enterprise Implementation, and Vendor Automation. Successfully optimized processes in the Vendor
Automation project, reducing man-hours and enhancing operational efficiency.
- Designed server specifications tailored to project requirements and geographic regions, including access provisioning, and
comprehensive cost analysis to optimize server hosting expenses.
- Veracode Discovery and Remediation Lead: Spearheaded the Veracode Discovery initiative, taking responsibility for configuring the
tool with precise inputs, including IP ranges, keywords, and exclusions lists. Diligently analyzed the generated reports, identifying
potential DAST candidates for scanning and ensuring thorough vulnerability assessment. Pioneered the process of discovering
ownership for newly identified hosts, employing multiple tools, and collaborating with regional security leads for verification.
Proactively reported newly found vulnerabilities, fostering swift remediation efforts across the organization.
- Python Scripting and Data Governance: Developed Python scripts to automate various critical functions within Burp Enterprise,
including querying GraphQL for data, configuring scans, and generating comprehensive reports. Implemented a customized data
governance solution by scripting the linkage of issues and their counts to Power BI, providing actionable insights for informed
decision-making.
- Security Health Check Initiatives: Successfully executed comprehensive security health check initiatives, providing senior
management with actionable insights into the organization's security posture. These initiatives not only identified vulnerabilities but
also offered strategic recommendations to enhance our overall security resilience, ensuring alignment with industry best practices
and regulatory compliance.
- Software Consultant for Global Clients: Provided consulting services to three prominent international clients, focusing on enhancing
their software security and infrastructure.
- Application Penetration Testing: Conducted thorough application penetration testing using advanced vulnerability scanners to
proactively identify and mitigate system threats, preventing potential exploitation.
- SaaS ERP Development: Developed SaaS-based ERP solutions for diverse industry clients by leveraging the power of open-source
communities, ensuring cost-effective and scalable software solutions.
- Client-Centric Security Measures: Tailored website defense strategies by carefully considering client concerns and unique
requirements, resulting in robust security protocols to safeguard against cyber threats.
- Regular Security Scanning: Conducted routine security scans on client websites to identify and address security risks, ensuring
continuous protection against evolving threats.
- Strategic Technical Design: Led the development of strategic technical designs for small-scale projects, collaborating effectively
within the team. Actively participated in Secure Code Reviews, ensuring the implementation of secure coding practices.
- CMS Expertise: Utilized expertise in content management systems (CMS) such as Drupal and WordPress to create and manage
content for internal websites, enhancing overall site functionality.
- Stakeholder Collaboration: Consulted with stakeholders to evaluate current functionality and complexities related to feature
additions, providing valuable insights for informed decision-making.
- Architectural Guidance: Offered high-level architectural guidance and developed detailed specifications to address software
challenges effectively, optimizing software solutions.
- Process Improvement Leadership: Spearheaded process improvement initiatives for development and application monitoring,
enhancing operational efficiency and quality assurance.
- Knowledge Sharing: Promoted knowledge sharing within the team through mentorship, coaching, technical talks, and blogging,
fostering continuous learning and growth
- Efficient eCommerce Project Delivery: Orchestrated the rapid development of an eCommerce project tailored for User Acceptance
Testing (UAT), ensuring timely and efficient deployment.
- ERP Integration and API Design: Proficiently coded functionalities related to ERP systems while designing APIs to facilitate seamless
data exchange.
- Data Analysis and Quality Assurance: Conducted in-depth data analysis and executed compatibility and quality assurance testing,
guaranteeing robust software performance.
- Technology Recommendations: Collaborated on requirements and initial mock-ups, providing valuable technology
recommendations to optimize system performance.
- API Testing: Leveraged SoapUI for rigorous API testing, assessing software progression and readiness for the next stage of
development.
- Client Training and CMS Expertise: Delivered client training on Content Management Systems (CMS) and conducted
comprehensive Phase I activity reviews to ensure client satisfaction and project success.