picture.jpg

Julia Chen

Cybersecurity Analyst

Cloud Security Engineer

DevSecOps Engineer

isc-cissp.jpg isaca-cisa.jpg aws-ccp.jpg

Contact Info

Visitor Count:

About Me

I am a solutions-oriented Cybersecurity Analyst with notable success implementing Information Security solutions in Vulnerability Management, SIEM, and Web Application Security since 2006. Currently inspired to become a Cloud Security/DevSecOps Engineer.

This online resume was built using AWS S3, Cloudfront, API Gateway, DynamoDB and Lambda and deployed with Terraform templates. Please check out my GitHub repositories.

Career Profile

  • 15+ years of hands-on experience in cyber security roles specializing in Vulnerability Management, SIEM, security metric reporting, and Incident Response.
  • Demonstrated experience conducting network vulnerability assessments using tools to evaluate attack vectors, identify system vulnerabilities and develop remediation plans and security procedures.
  • Understanding the Software Development Life Cycle and Development Operations (DevOps) principles. Working knowledge of integrating VM, SAST and DAST security testing tools using Jenkins and Bamboo.
  • Knowledge of CVE, CVSS scoring, CIS Controls, CIS Benchmarks, OWASP Top 10, and CWE/SANS Top 25.
  • Capability to configure, implement and maintain various security tools such as Qualys, Checkmarx, Acunetix, OWASP Zap, QRadar, CyberArk, Okta, Cisco Umbrella, Cisco AMP, and Cisco ISE.
  • Hands-on experience configuring data sources for metric reporting/tracking using MS Excel, MSSQL, Tableau, Python and PowerShell.
  • Ability to lead and work in a multi-team environment and drive completion of deliverables.
  • Ability to learn quickly and work independently with minimal supervision. Highly self-motivated and directed, with keen attention to detail.
  • Proven analytical and problem-solving abilities.
  • Strong understanding of networking (TCP/IP, OSI model), operating system fundamentals (Windows, Linux), security technologies (firewalls, IDS/IPS, Vulnerability Management, EDR) and scripting languages (Python, PowerShell, BASH).
  • Certified in CISSP, CISA and AWS Certified Cloud Practitioner certifications.

Work Experience

CI Financial

2014 - 2022

IT Security Analyst
  • Developed the vulnerability management program from scratch; established patching SLA and VM exception process to ensure vulnerabilities were detected, monitored, measured, and regularly planned for mitigations.
  • Conducted vulnerability scans on OS, Network and Web Applications (SAST & DAST).
  • Collaborated with IT teams to prioritize the findings using a risk-based approach and provided extensive support on scan result analysis and remediation.
  • Coordinated with Managed Security Service Provider (MSSP) to ensure complete and continuous logging of enterprise devices. Investigated security alerts escalated by MSSP SOC to detect breaches and respond to incidents. Developed SIEM use cases and reports to detect cyber security threats proactively.
  • Participated in business and IT projects to ensure the design and implementation of resilient security architecture and technologies for optimal threat protection, monitoring and incident response.
  • Designed reporting metrics to ensure visibility and awareness of vulnerabilities in the department's IT assets.
  • Monitored security advisories for the latest security exploits, evaluated the applicability and provided mitigation recommendations.
  • Contributed to creating and maintaining enterprise security documents (policies, standards and procedures).
Indigo

2004 - 2014

IT Security Analyst
  • Performed operating system, network and application vulnerability assessments to identify and prioritize environmental security exposures. Follow up with IT staff to remedy findings.
  • Designed and Compiled reports/matrix for corporate security status, including MS Patch, Vulnerability Assessment, Anti-Virus and Dormant Accounts.
  • Analyzed and resolved security incidents and vulnerability issues in a timely and accurate fashion and conducted user, system, and network activity audits where required.
  • Worked with internal businesses, users and staff to enforce corporate information security policy and procedures by assisting in applying security standards to projects and implementations.
  • Deployed and administered security software solutions such as Symantec Security Information Manager, Symantec Endpoint Protection, Sourcefire IDS, Nessus and FireEye.
  • Led and participated in the annual PCI DSS merchant audit.
Dynamic Pipe

2003 - 2004

Windows Desktop Administrator
  • Built and administered Windows 2000/XP Desktop/Laptop workstations for 80 LAN users and provided operational support.
Chapters Online

2000 - 2001

System Administrator
  • Built and configured web and database servers for the www.chapters.indigo.ca website. Activities included building server hardware, installing operating systems, and configuring website components and third-party applications.
  • Diagnosed problems and resolved hardware failures immediately to ensure uninterrupted service.
Blockbuster Canada

2000 - 2000

Technical Support Analyst
  • Provided complete satisfaction resolution to all issues/requests and concerns from the Blockbuster support centre and region offices (approximately 150 employees).

Education

Seneca College

2002 - 2003

Internet Systems Administration – Using Linux (ISA) Certificate
  • One-year Post-Diploma certificate focused on Linux Systems Administration.
  • Intensive academic and hands-on training in Linux Installation and Configuration, Shell Programming (BASH, PERL, PHP), Server Administration (Apache, Sendmail, MySQL), Network Administration (DNS, SAMBA, DHCP), Security and X Window.
Ryerson University

1999 - 2000

Information Technology Professional (ITP) Certificate
  • One-year Post-Graduate program focused on client/server technologies, including MCSE, Novell Netware, Lotus Notes, Visual Basic, Web Design, Database and A+.
National Chengchi University

1988 - 1992

Bachelor of Arts Degree