•Access, document and improve information security systems and applications. Very technical, hands-on role that performed vulnerability assessments on network applications and systems, making and implementing recommendations, updating policies and procedures. Member of information security incident response team, assisting the company in maintaining regulatory compliances within PCI-DSS version 2 and Sarbanes Oxley. Managed, maintained and performed a successful upgrade and migration of Security Information Event Management (SIEM) which comprised of multiple instances of Splunk running version 5.0.5 in a distributed environment. Maintained and created new scripts in Bash, Python and Perl that assisted in pulling in the necessary data into Splunk to meet audit and reporting requirements. Collected and analyzed systems, applications, routing, networking, switching and firewall security logs. Utilized CVS and or RCS for document check-in and version control including fallback and file restoration capabilities. Ensured that common files / scripts / configuration files were distributed within a uniform fashion. Maintained the CRON jobs that were utilized by the information security service / role accounts. Provided evidence gathering for audits relating to PCI-DSS V2, which also included quarterly wireless vulnerability scans as it pertains to PCI-DSS V2. Responded to information security related incidents, primarily customer facing while performing daily-duties. Responsible for maintaining 22+ instances of SNORT. Worked in a strict change control environment, which included mandatory freeze periods. Created, filed and approved change management requests (CMR)Updated existing policies and procedures as well as creating new ones. Worked with a small, tight and knowledgeable information security team. Worked independently with minimal managerial oversight and direction.Key responsibility was prioritizing work / tasks as well as meeting deadlines.

Planed, organized, managed and coordinated a variety of Information Protection functions / services for the Mortgage Home Loans and Legacy Asset Servicing Line of Business (LOB). General functions included: act as first Point of Contact for LOB (in relation to GIPBC, audit and compliance requests), provided positive LOB project/initiative support, demonstrated knowledge and provided oversight of Information Protection requirements for LOB processes that support the principal of Information Protection, acted as first Point of Contact for any/all Hardest Hit Fund (HHF) / Emergency Home Owners’ Loan Program (EHLP) sponsored or initiated security requirements, risk assessments, third party assessments, LOB risk assessments (LOBRA) process, vulnerability assessment, policies and standards, act as first POC for all architecture and/or technology related questions, act as liaison for all Bank of America Corporation (BAC) initiatives that involved LOB, served as project manager for critical Information Protection initiatives (as situation required), provided metrics for assigned responsibilities on a regular basis to both immediate management and other groups as required, assisted with any Computer Incident Response Team (CIRT) related activities for LOB, reviewed, understood, supported and communicated all Information Protection requirements and updates, ensured that Information Protection guidelines are incorporated into LOB policies/processes, identified, communicated and supported all Information Protection training requirements, provided support for LOB audit findings, whether self identified or issues or exam/audit findings, provided oversight for issue resolution related activities, fostered effective and transparent communication between LOB and corporate BAC groups, coordinated and distributed Information Protection related communications, focused on issue remediation oversight and integration of Information Protection controls into operational business processes.

Installed, configured and maintained Imperva Web Application layer Firewalls (WAF). Set up, maintain, monitor and manage daily configuration changes of firewalls, review for security anomalies and respond 24 X 7 to alerts generated. Set up, maintain and monitor intrusion detection systems and equipment, scrutinize anomalies, and respond 24 X 7 to alerts they generate. Set up, maintain and monitor strong authentication equipment. Support 24 X 7. Establish system security standards for production and office equipment and monitor ongoing security for all systems and networks at all company locations (both production and non-production). Review and sign off on security soundness of all DI product specifications, network designs and in-house applications, customer recommendations, fraud reports. Participated in the development process and SDLC of existing and new applications, providing secure design alternatives. Perform product security acceptance testing as part of product release process. Set up, maintain and program privilege and password management tools. Monitor security vulnerability alerts and identify issues that are applicable to DI. Security ‘harden’ all devices used by Digital Insight and establish and maintain high availability for all security devices used on all platforms. Support third party audits and network scans from regulators, SAS 70 auditors and customers. Provide technical support Security Support Engineers, MIS or data center as needed. Provided support and guidance to teams of developers designing and developing applications.

Responsible for understanding Regulatory, business, Information Security, Regulations and Controls requirements. Perform necessary research and analysis of enterprise information security requirements and regulations. Technical subject matter expert in understanding and stating where SDLC stands relative to RISC (Regulations, Information Security and Controls), Legal and Regulatory Compliance, including Application Recovery. Interface with other customers, organizations, business units such as the Environments or Production Technology Support Groups, to produce the Application Recovery Plan and other AR deliverables. Work and coordinated with the Software Development Lifecycle (SDLC) Project Manager to schedule, estimate, status updates relative to tasks, identify issues, risks, action items, etc. for EIS (Enterprise Information Security) and Disaster Recovery Projects. Responsible for identifying areas of non-compliance relative to regulatory business security and Disaster Recovery, formulating design and technical solutions to achieve compliance. Responsible for providing evidences of compliance. Responsible for implementing the approved approaches to bring projects into RISC compliance.

Responsible for data classifications, authentication and encryption. Designed and implemented corporate wide intrusion detection systems (IDS) and Intrusion Prevention Systems (IPS) solutions. Perform penetration testing and security audits. Proactive monitoring of the network security infrastructure, resource capacity planning and strategy. Responsibilities include the development of safeguards to protect the processing of proprietary and classified information including MS SQL, IIS, Oracle Active Directory, DNS, Microsoft Exchange, Lotus Notes, Send mail and Surfcontrol against accidental or unauthorized modification, destruction, or disclosure. Interface with business unit management, engineering staff and customer representatives during the design and development of security measures. Work with management, end users and programmers to plan data and system security measures, to include employee data access needs, in order to minimize the risk of data loss or disclosure. Interpret and implement security policies and procedures for programming personnel. Perform written risk assessment on the introduction or modification of unclassified systems into special program areas. Perform audits to ensure the network and servers are operating in accordance with established plans and policies. Document changes to approved security plans resulting from system configuration modifications, operational processing requirements, and policy changes. Conduct comprehensive investigation of all computer security incidents. Additional skills: Windows client security, Windows network security, Network security, Client security, PKI implementation and deployment, assisted with troubleshooting security related client build issues.