Profiles search
Kevin Joseph
Information Security Engineer
Hollister, CA, United States
Details
Education:
Bachelor of Business Administration - BBA
Management Information Systems, General
San Francisco State University
2014 : 2016
Management Information Systems, General
San Francisco State University
2014 : 2016
Experience:
• Installed and configure Enforce Server Administration console to manage Endpoints, policies, policy rules, Agent groups, Incidents, manage DLP servers, and etc.
• Provide virus removal and systems upgrades for Microsoft Defender, Symantec Endpoint Protection, McAfee, & Malware applications
• Assist on the role out of Defender for Endpoint Protection
• Proven experience designing effective programs, guidelines, design documents for Office 365, Microsoft Teams, Office 365 ProPlus, Skype for Business and SharePoint Online.
• Developing Operations and End User Knowledge base articles, Course content, Job adis and Visual Tutorials for driving end-user adoption.
• Reviewed and designed security best practices for Symantec EPP and DLP, Anti-Virus, HIPS and DLP. Reporting for the development and execution of remediation plans.
• Prior experience working in a Security Operations Centre; working with Endpoint Detection & Response (EDR) products
• Evaluate next-gen (EDR) endpoint detection and response software
2021 : Present
BCBSA
Information Security Engineer
• Our team supports our business assurance practice and integrated compliance audits for Sarbanes-Oxley, SOC1 & SOC2 and other IT consultative service
• Member of an Expert Staff of PCI Consultants, answering to the Vice President of IT Support, Providing Advice on Audit Governance, Support, Vulnerability and Remediation Management.
• Responsible for the creation, socialization, and implementation of the organization's GRC security framework.
• Risk and Compliance automation leveraging GRC technologies
• Archer consultant specialization in managing and executing GRC IT Risk governance design Framework programs.
• Working knowledge in PCI DSS, ISO 27001. HIPAA. HITRUST. SOC II security and privacy requirements.
• Implemented Rapid 7 Insight VM for vulnerability management and remediation
• Conduct cybersecurity controls assessments in accordance with NIST publications 800-37, 800-53, 800-60, DoDI 8500.01, and others as required.
• Collect Operation and Maintenance artifacts on an ongoing basis so that Security Control Assessment (SCA) is seamless.
• Executed daily vulnerability assessments, threat assessment, and mitigation and reporting activities to safeguard information assets and ensure protection has been put in place on the systems.
2019 : 2020
Beach Body
Cyber Security Analyst
• Provide guidance, direction and oversight for 3rd party assessments, internal audit engagements, baseline security standards, discovery and remediation of IT security and compliance issues surrounding HIPAA, risk standards CMS compliance, PAN data, PCI-DSS compliance, FFIEC directives, NIST, Sarbanes-Oxley SOX, ISO/IEC 27001 : 2013, ISO/IEC JTC 1, NERC-CIP 007 R2, and DISA/STIGS data standards.
• Manage Compliance and Audit projects of ISO 27001/2 and its derivatives - (HITRUST, Shared Assessment), SOC 1, SOC 2 Security Trust Principal Audit, Consulting and collaboration around an ISO 27001 Information Security Management System.
• Developed a comprehensive risk management program based on current industry security frameworks to document observations, enterprise risk, remediation, monitoring using frameworks like NIST 800-53, ISO 27001, SAE 16 (SOC 1 and 2), HIPAA, HITECH, COBIT and SOX.
• Assessed System Security Plans (SSP) for systems located and/or leveraging cloud Platform as Confidential Service (PaaS) and Software as Confidential Service (SaaS) solutions.
• Provide advanced technical support to customers using Microsoft Defender for Endpoint suite of security solutions and related technologies including Azure and Microsoft 365.
• Manage and Maintain Microsoft Defender ATP (Vulnerabilities and Remediation)
2017 : 2018
DTE ENERGY
Information Security Analyst
• Responsible to establish the tool capability for security assessments and conduct the compliance and vulnerability assessments for infrastructure servers and devices using QualysGuard on a periodic basis.
• Responsible for day to day support of enterprise Risk and Cyber Security groups in RSA Archer GRC project
• Experience in preparations for ISO27001 surveillance audit and internal audits and working with the divisions in gathering the evidences required for the external audit.
• Performed end-to-end Application Security reviews and control self-assessments across pre-deployment and post production.
• Perform IT Audits and compliance, SSAE16 SOC1 Type II/SAS 70 Type II
• Involved in maintaining Data Privacy for GDPR, HIPAA and lead SOC 2 and HITRUST Audits
• Provides direct support of Symantec Network and Endpoint DLP systems including Linux based Symantec Enforce, Defender, Discover and Monitor servers as well as their Oracle support database server.
2016 : 2017
Bank of America NYC
Information Security Engineer
• Provide virus removal and systems upgrades for Microsoft Defender, Symantec Endpoint Protection, McAfee, & Malware applications
• Assist on the role out of Defender for Endpoint Protection
• Proven experience designing effective programs, guidelines, design documents for Office 365, Microsoft Teams, Office 365 ProPlus, Skype for Business and SharePoint Online.
• Developing Operations and End User Knowledge base articles, Course content, Job adis and Visual Tutorials for driving end-user adoption.
• Reviewed and designed security best practices for Symantec EPP and DLP, Anti-Virus, HIPS and DLP. Reporting for the development and execution of remediation plans.
• Prior experience working in a Security Operations Centre; working with Endpoint Detection & Response (EDR) products
• Evaluate next-gen (EDR) endpoint detection and response software
2021 : Present
BCBSA
Information Security Engineer
• Our team supports our business assurance practice and integrated compliance audits for Sarbanes-Oxley, SOC1 & SOC2 and other IT consultative service
• Member of an Expert Staff of PCI Consultants, answering to the Vice President of IT Support, Providing Advice on Audit Governance, Support, Vulnerability and Remediation Management.
• Responsible for the creation, socialization, and implementation of the organization's GRC security framework.
• Risk and Compliance automation leveraging GRC technologies
• Archer consultant specialization in managing and executing GRC IT Risk governance design Framework programs.
• Working knowledge in PCI DSS, ISO 27001. HIPAA. HITRUST. SOC II security and privacy requirements.
• Implemented Rapid 7 Insight VM for vulnerability management and remediation
• Conduct cybersecurity controls assessments in accordance with NIST publications 800-37, 800-53, 800-60, DoDI 8500.01, and others as required.
• Collect Operation and Maintenance artifacts on an ongoing basis so that Security Control Assessment (SCA) is seamless.
• Executed daily vulnerability assessments, threat assessment, and mitigation and reporting activities to safeguard information assets and ensure protection has been put in place on the systems.
2019 : 2020
Beach Body
Cyber Security Analyst
• Provide guidance, direction and oversight for 3rd party assessments, internal audit engagements, baseline security standards, discovery and remediation of IT security and compliance issues surrounding HIPAA, risk standards CMS compliance, PAN data, PCI-DSS compliance, FFIEC directives, NIST, Sarbanes-Oxley SOX, ISO/IEC 27001 : 2013, ISO/IEC JTC 1, NERC-CIP 007 R2, and DISA/STIGS data standards.
• Manage Compliance and Audit projects of ISO 27001/2 and its derivatives - (HITRUST, Shared Assessment), SOC 1, SOC 2 Security Trust Principal Audit, Consulting and collaboration around an ISO 27001 Information Security Management System.
• Developed a comprehensive risk management program based on current industry security frameworks to document observations, enterprise risk, remediation, monitoring using frameworks like NIST 800-53, ISO 27001, SAE 16 (SOC 1 and 2), HIPAA, HITECH, COBIT and SOX.
• Assessed System Security Plans (SSP) for systems located and/or leveraging cloud Platform as Confidential Service (PaaS) and Software as Confidential Service (SaaS) solutions.
• Provide advanced technical support to customers using Microsoft Defender for Endpoint suite of security solutions and related technologies including Azure and Microsoft 365.
• Manage and Maintain Microsoft Defender ATP (Vulnerabilities and Remediation)
2017 : 2018
DTE ENERGY
Information Security Analyst
• Responsible to establish the tool capability for security assessments and conduct the compliance and vulnerability assessments for infrastructure servers and devices using QualysGuard on a periodic basis.
• Responsible for day to day support of enterprise Risk and Cyber Security groups in RSA Archer GRC project
• Experience in preparations for ISO27001 surveillance audit and internal audits and working with the divisions in gathering the evidences required for the external audit.
• Performed end-to-end Application Security reviews and control self-assessments across pre-deployment and post production.
• Perform IT Audits and compliance, SSAE16 SOC1 Type II/SAS 70 Type II
• Involved in maintaining Data Privacy for GDPR, HIPAA and lead SOC 2 and HITRUST Audits
• Provides direct support of Symantec Network and Endpoint DLP systems including Linux based Symantec Enforce, Defender, Discover and Monitor servers as well as their Oracle support database server.
2016 : 2017
Bank of America NYC
Information Security Engineer
Company:
BCBSA
Years of Experience:
7
Skills
Bilingual Communications, Computer Software Training, Construction Supervision, Hands-on Training
Profile Photo
