Profiles search

jordan stein

Senior Penetration tester at IBM
Huntsville, AL, United States

Details

Experience: • Regularly leads in the technical assessment and delivery of specific technical solutions to the customer. Engages in technical problem solving across multiple technologies; often needs to develop new methods to apply to the situation.

• Lead enterprise Vulnerability Management process using various software - configure option profiles, schedule scans/maps, authentication records, reporting and track remediation of vulnerabilities.

• Responsible for enterprise patch management and operations which include asset discovery, integration, compliance metrics and patching 3rd party applications.

• Auditing GRC & security framework audits w.r.t software asset management, ITGC, SOC Type I/II,

ISO27001, Risk assessment, NIST, COBIT, PCI-DSS, GDPR, from the internal and external point of view.

2016 : Present

IBM

Senior Information Security Analyst

• Access cloud perimeter and public facing assets for exploitable vulnerabilities, reduce attack surface and automate vulnerability assessment process.

• Perform SAST for over 150 applications using Fortify, Checkmarx and triage findings.

• Develop Python scripts to interact with Qualys APIs for automating multiple tasks such as scanning, asset clean up, generating reports.

2015 : 2017

PwC

Information Security Analyst

Conducting vulnerability assessment with penetration testing of business applications, and technology

infrastructures

2014 : 2015

PwC

Associate Security Analyst
Company: IBM

About

I am a highly experienced technology consultant with extensive experience in information security and application development. I have a professional background in security consultancy, where I regularly helped my clients to improve the security of their applications and infrastructure. My passion is helping clients to integrate security into their development pipelines to facilitate continues deployment, while maintaining the highest levels of security.



I have a vested and keen interest in penetration testing and anything cyber related, I am always looking for ways to develop and learn. I have enjoyed leading numerous in house training sessions over the last year. This is alongside leading, planning and delivering complex tailored testing plans to clients across multiple industries and technologies.

I enjoy developing new tools for both offensive testing and automation of processes and systems within the organization.