- Application & Cloud Security Expertise: 4+ years of experience in software development and security engineering, specializing in identifying and managing software risks while balancing security and efficiency.
- Communication and Training: Strong ability to communicate software vulnerabilities and mitigation options to stakeholders, balancing business agility with security.
- Agile Methodologies: Adept at managing work using agile methodologies, including sprints and story estimation, to enhance project efficiency and team collaboration.
- Technical Collaboration: Proven ability to collaborate effectively with cross-functional teams, including developers and engineers, to build secure services and platforms.
- Network Security Monitoring: Wireshark, Nmap, Suricata, Snort
- SIEM: Splunk, ELK Stack, Wazuh, Security Onion
- Digital Forensics: Autopsy, Volatility, FTK Imager, KAPE
- CI/CD Tools: GitLab, Docker, Kubernetes
- Programming: Python, PowerShell, SQL, HTML, CSS
- DAST/SAST Tools: AppSpider, Burp Suite, SonarQube
- Security Frameworks: MITRE ATT&CK, NIST, OWASP
- Network Security: TCP/IP, HTTP, RESTful APIs
- Blue Team 1 Certification
April 2024 - Year Up Cybersecurity Bootcamp
February 2021
May 2023 - Present
- Spearhead system log analysis and network traffic monitoring, uncovering and probing a minimum of five potential security incidents weekly, boosting overall security vigilance.
- Lead implementation of anti-virus software, EDR tools, and firewalls, coordinating with team members to ensure comprehensive protection and seamless integration.
- Customize and roll out training on identifying and reporting phishing emails to ensure deeper comprehension of security practices and improved phishing detection.
- Automate routine security tasks, reducing manual workload and increasing operational efficiency.
- Prepare detailed reports on security incidents and trends, providing actionable insights to senior management.
BNY Mellon, February 2021 β March 2023
- Designed and maintained robust data ingestion pipelines using Informatica PowerCenter and Apache Airflow, streamlining data flow and enhancing accessibility by 25%.
- Assisted in the migration of legacy data systems to AWS S3, contributing to a 33% reduction in infrastructure costs and improved data storage efficiency.
- Developed and optimized ETL processes with Informatica PowerCenter, reducing data processing time by 20%, and ensuring timely and accurate data delivery.
- Coordinated cross-functional teams to resolve over 700 vulnerabilities, ranging from threat levels 3 to 7, by implementing daily and weekly meetings, to document findings and develop action plans.
BNP Paribas, August 2020 β January 2021
- Conducted comprehensive vulnerability assessments using static code analysis tools like SonarQube and dynamic application scanning tools like Burp Suite and AppSpider, identifying critical security issues and enhancing the overall security posture of 50+ web applications.
- Monitored and analyzed Security Information and Event Management (SIEM) systems to identify potential security threats and supported corrective actions.
- Provided strategic insights through weekly reports to the head of Application Security, driving proactive security measures and informed decision-making.
Certificate, April 2024
- LinkedIn: antony-sandoval
- Email: Antony.Sandoval0531@gmail.com