Summary

• With over 6 years of experience as a cybersecurity expert, I have developed strong adaptability and collaborative leadership, allowing me to thrive in diverse technical environments.
• My expertise lies in anticipating, identifying, and neutralizing sophisticated digital threats, while effectively leading teams to design robust security strategies.
• My continuous focus on evolving cybersecurity trends ensures that I am equipped to safeguard systems and data against ever-changing digital risks, making me a proactive and reliable security professional.

Technical Skills

Vulnerability Analysis, Risk Assessment, and Patch Management: Qualys VMDR, CSAM, WAS, Tenable.io, Nessus, WAS, Secureworks, VMDR, WAS

Hardening Tools: CIS-CAT, Ping Castle AD

DAST Tools (Dynamic Application Security Testing): Burp Suite Pro, Acunetix, Invicti, HCL AppScan, WebInspect, AppSpider R7

SAST Tools (Static Application Security Testing): HCL AppScan Source, Fortify SCA

Frameworks: OWASP Top 10 (2021), STRIDE Microsoft

Pentesting Tools: Cobalt Strike, Empire, Metasploit, Lin/Win/peas, Nmap, ExploitDB, Hashcat, ExploitPack, RustScan

Threat Intelligence: Shodan, Fofa, IntelX, LeakIX, ANY.RUN, VirusTotal, TheHarvester

Incident Response: THOR SPARK, AlienVault OSSIM, Wazuh

Patch Management: Automox

Endpoint Detection & Response (EDR): CrowdStrike

Password Management: Keeper Vault

Scripting Languages: PowerShell, Bash, Python

Compliance Standards: PCI DSS, SOC 2, ISO 27001, HIPAA, HITRUST

Soft Skills

• International environment adaptability
• Initiative and Leadership
• Interpersonal communication
• Creative and critical thinking
• Decision making
• Speak in public

Certifications

• Certified Information Security Manager
• Certified Information Security Auditor
• Certified Ethical hacking - Ec-Council V10.
• Certified in Incident Handler V2 Ec-Council.
• Certified Threat Intelligence Analyst certificate Ec-Council.
• Certified Computer Hacking Forensic Investigator Ec-Council.
• Certified ISO/IEC 27001 Information Security SKILLFRONT
• Conference 2015 Instituto Politecnico Nacional ESCOM “Evasion de antivirus”.
• Conference 2017 Universidad Mileniun Toluca “Control is Only illusion”
• Conference 2017 Xalapa Veracruz Auditorio IMAC “Hacking a usuarios MAC”.

Work Experience

Timeline: 07/2023 – Present

Role: Cyber Security Web Application Tester | Cyber Security Engineer (Contractor)

Responsibilities:

• Conducting comprehensive vulnerability scans on infrastructure to detect security gaps.
• Monitoring and managing Rapid7 and Keeper Vault for effective vulnerability tracking.
• Overseeing the Vulnerability Management Life Cycle, ensuring timely resolution and patching.
• Utilizing CrowdStrike and Mimecast for security monitoring and incident detection.
• Handling service requests and tracking incidents through ServiceNow ticketing system.

 

Timeline: 07/2023 – 10/2023

Zurich Mexico City. (Remote)

Role: Cyber Security Web Application Tester

Responsibilities:

• Performing penetration tests on web applications/API
• Proposal of mitigation measures for each identified vulnerability.
• Implementing application security processes using OWASP methodologies to protect web applications from threats and vulnerabilities.

 

Timeline: 01/2023 – 03/2023

CargoSprint — Peachtree City, Georgia (Remote)

Role: Cyber Security Engineer

Responsibilities:

• Developed and implemented comprehensive cybersecurity policies across the organization.
• Created Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP) to ensure compliance with SOC2 standards.
• Conducted staff training sessions to enhance awareness of cybersecurity policies and best practices.
• Managed and monitored CrowdStrike EDR and JumpCloud for proactive threat detection and system management.

 

Timeline: 07/2020 – 03/2023

Metabase Q - Mexico City (Remote)

Role: Endpoint Security & Vulnerability Management Engineer

Responsibilities:

• Implemented robust security processes to strengthen the organization’s cybersecurity posture.
• Led and mentored a team of cybersecurity professionals, fostering a strong security culture.
• Hardened critical assets following the CIS (Center for Internet Security) framework to mitigate vulnerabilities.
• Established and managed effective patch management procedures across systems.
• Conducted regular vulnerability scans on both infrastructure and web applications to identify and address security risks.

 

Timeline: 02/2021 – 12/2022

ADAN Systems Solutions S. de R.L. de C.V. — Mexico City (Remote)

Role: Pentester | Etical Hacker (contractor)

Responsibilities:

• Performed penetration tests on web applications and infrastructure to uncover security vulnerabilities.
• Proposed mitigation measures for each identified vulnerability, enhancing the overall security posture.
• Prepared detailed reports summarizing the test findings, including insights on detected vulnerabilities.
• Provided actionable recommendations to improve the protection and resilience of systems against attacks.

 

Timeline: 08/2018 – 07/2020

Servicio de Administración Tributaria SAT México - Mexico City

Role: Web Application Security Architect

Responsibilities:

• Implementing application security processes using OWASP methodologies to protect web applications from threats and vulnerabilities.
• Collaborating with team members to manage and supervise the use of computer security tools, such as WAFs and SAST/DAST tools, ensuring effective security controls.
• Certifying vulnerability analysis and generating comprehensive vulnerability reports, contributing to the success of security improvement projects.
• Performing dynamic and static code analysis with industry-standard tools to identify and remediate security issues in web applications, promoting secure coding practices.

 

Timeline: 05/2018 – 08/2018

IQSec S.A. de C.V. - Mexico City

Role: Cybersecurity jr. engineer

Responsibilities:

• Conducting pentesting to identify and exploit vulnerabilities in systems and web applications.
• Monitoring infrastructure using QRadar and PRTG technologies for enhanced security.
• Providing third-level support to address complex cybersecurity issues.
• Working with security and PCI technologies such as Tufin, Proofpoint, and Arbor