GoAlto | Javier Olivo García Araque

Javier Olivo García AraqueCyber-Security Engineer & Consultant

Ethical Hacker v10, EC Council Security Analyst ECSA v10, ISO 27001:2013 Auditor, Diploma ISO 27001-27002 OEA-UNI Peru, COBIT v5, ITIL v3. I am interested in working in activities related to cybersecurity and assessment information security systems against ISO 27001:2013, NIST-USA, GDPR-EU, HIPAA, and PCI DSS standards. I have experience implementing controls and countermeasures based on these frameworks using COBIT and ITIL, and strong capabilities for vulnerability assessment, Ethical Hacking, Web Pentesting based in OWASP & PTES methodologies, Incident response, Malware analysis, Cyber Intelligence and awareness to teams from executive and technical areas. I have experience working with Kali Linux on security evaluations, and tools like OpenVas, Nessus, Metasploit, Armitage, Burp Suite, and Acunetix. Knowledge about Secure SDLC based on ASVS, SAMM, BSIMM, Cyber Intelligence with THE HIVE-MISP, CrowdStrike, and deep web explorations, Also know SIEM technologies such as Alien-Vault, McAfee SIEM, McAfee ePO. In all my experience I have been working with intercultural teams (English-Spanish).

Tech stack

Splunk (13)

Security Testing (12)

CrowdStrike (7)

Linux Server Configuration (6)

Windows Server 2012 (6)

Azure DevOps (6)

Azure IaaS (6)

Linux Server Administration (5)

Quality Auditing (5)

Product Lifecycle Management (PLM) (5)

Active Directory (5)

AWS Cloud Architecture (4)

Networking (3)

IT Project Management (3)

Customer Relationship Management (CRM) (2)

Server Administration (2)

Microsoft Dynamics CRM (2)

SQL Server Management Studio (2)

Visual Studio (2)

OpenVPN (2)

Microsoft Windows (2)

Software Technical SWOT Analysis

Infrastructure monitoring

Cyber Security

Technical Project Management

DevOps

Experience

Senior Security Engineer

Endava

10/2023 - Currently

Blue Team Member, Incident Management, Security Tools Monitoring, Alerting Management, Threat Hunting, Incident Management, Support for Tier 1 and 2 of SOC.

Security Testing

Splunk

CrowdStrike

Senior Cyber-Security Engineer

Softtek

09/2021 - 09/2023

SAST & DAST analysis, Treat Modeling, Vulnerability Assessment, Penetration Testing, black, gray and white box analysis, Social Engineering, Incident Management, Threat Hunting, SOP documentation, Cybersecurity Awareness, and Expert Support for Tier 1 and 2 of SOC.

Security Testing

AWS Cloud Architecture

Azure DevOps

Splunk

CrowdStrike

Senior Security Consultant

S2 Grupo

11/2019 - 11/2021

Evaluation and Implementation of ISMS on clients in EU, UK, USA, and Latam, Design Cybersecurity Strategies, implement NIST CSF assessments, Vulnerability Assessment, Penetration Testing, Social Engineering, Cybersecurity Awareness, Expert Support for Tier 1 and 2 of SOC.

Security Testing

Splunk

CrowdStrike

Azure DevOps

Senior Cyber Security Engineer

Grant Thornton

11/2018 - 11/2019

Activities related to information security, implementing strategies based on ISO 27001 and NIST framework, vulnerability testing, penetration testing, and ethical hacking implementing OWASP and CEH Methodologies, Social Engineering, Incident response, malware analysis, managing McAfee ePO, Awareness to team of diversity areas respect to cyber security and other activities related to managing and improving information security on Compensar Health Client.

Security Testing

Splunk

AWS Cloud Architecture

Microsoft Windows

Azure DevOps

Azure IaaS

Security Engineer

Teleperformance

05/2019 - 11/2019

Risk Analysis in Nearshore campaigns: - Corporative Information Security Audits - Incident Management & Incident Response. - Review Security Policies. - Cybersecurity Advice

Splunk

A3Sec

Security Engineer

02/2019 - 05/2019

My direct responsibilities as a cyber security consultant in this client Liberty Insurance were: • Vulnerability assessment and exploitation. • Pen-testing with OWASP methodology • POC • Hacking along perimeter infrastructure • Incident response and management • Social Engineering campaigns • Awareness in information security Traversal functions to support identity management, IT projects such as the migration of on-premise systems to AWS cloud, where need to support the team in USA head quarters to migrate the South America subsidiaries. Also, support the cybersecurity audits under the NIST framework performed to the client by third parties.

Security Testing

Splunk

CrowdStrike

AWS Cloud Architecture

Azure DevOps

Cyber Security Engineer

Entelgy

11/2018 - 02/2019

Vulnerability Assessment and exploitation, Penetration testing based on OWASP methodology, Social Engineering, Incident response management, malware analysis, Cyber Intelligence, implementing security tools such as Cuckoo Sandbox, IDS Alien Vault, and the Hive.

Security Testing

Splunk

CrowdStrike

SLA Specialist

Stefanini

09/2014 - 11/2018

Activities related to the assessment of the information security system of the company, assess the operational infrastructure area topics related to ISO 27001:2013, GAP analysis using MAGERIT and ISO 27005, audit established process adjusting it to compliance of ISO 27001:2013 Standard to prepare the company for ISO 27001 certification. Also supports other areas of IT services, and PMO with third clients such as Pfizer laboratories, Citibank, and Amdocs as SLA Specialist.

Splunk

Azure IaaS

Security Testing

Quality Auditing

Product Lifecycle Management (PLM)

Applications Engineer

GoNet USA

06/2013 - 09/2014

Active Directory management, Administrator of Gras and VPN services, analysis and debugging database, site care requirements for hardware and software problems, Interactions work with other countries USA, Poland, Finland, India, Costa Rica.

Active Directory

OpenVPN

SQL Server Management Studio

Linux Server Configuration

Windows Server 2012

Visual Studio

Applications Analyst

Access Consulting

01/2012 - 06/2013

Second level support cases escalated by helpdesk in Argentina, liaison with central helpdesk in USA for HP project (Pfizer Laboratories), interactions work with other countries Poland, Finland, Costa Rica, Active Directory management, Administrator of Gras and VPN services, manage the Mcafee orchestator console for local domain, remediation of security issues reported by the global console, analysis and debugging database , site care requirements for hardware and software problems, assembly and installation of desktop and laptop computers Lenovo, Hewlett Packard, Dell and others, configuration profiles CRM and ERP software owner.

Server Administration

Linux Server Configuration

Linux Server Administration

Windows Server 2012

Microsoft Dynamics CRM

Customer Relationship Management (CRM)

Network Maintenance Engineer

Consorcio Telecomunicaciones de Colombia

03/2009 - 01/2012

Managing technical contractors and field engineers belong to compartel program in telecenter projects and BDP for 3.5G connectivity issues, WIMAX and satellite, electronics, electricity, routing networks, nodes, and clusters, system administration, Linux Server, Informix, Windows Server 2003, 2008, client systems such as Win 98, XP, W7, Solaris and Linux, internal audit quality of technical maintenance performed by contractors validating the networks function efficiently in compliance with the regulations requested by the Ministry of Technology Information and Communications of Colombia

Linux Server Configuration

Linux Server Administration

Windows Server 2012

Active Directory

Networking

IT Project Management

Education

Specialist Engineer in Cybersecurity

Universidad Nacional Abierta y a Distancia UNAD

02/2015 - 07/2017

Systems Engineer

Universidad Nacional Abierta y a Distancia UNAD

02/2011 - 06/2015