Summary
Overview
Work History
Education
Skills
Languages
Certification
References
Timeline
Generic
Jhohan Anthony Hernández Sánchez

Jhohan Anthony Hernández Sánchez

San Juan De Miraflores

Summary

Information Security and Cybersecurity Professional with over 5 years of experience in managing perimeter security platforms (Firewalls, IPS/IDS, antispam, XDR, antivirus consoles, SIEM), vendor management, leading integrations with Security Operations Centers (SOC) in both on-premise and cloud environments (AWS). Motivated to work with cybersecurity teams, including blue team and red team roles.

Overview

6
6
years of professional experience
1
1
Certification

Work History

Cybersecurity Analyst

WALLY
Lima, Perú
12.2022 - 12.2023
  • Lead and achieve the implementation and integration of security and cloud infrastructure platforms (AWS) with the SOC provider.
  • Integration of security platforms and new sources (SIEM/SOC).
  • Lead the configuration and implementation of new cybersecurity platforms.
  • Propose and create use cases for AWS cloud infrastructure and web applications.
  • Management of cybersecurity platforms (SIEM ELASTIC, ESET Antivirus Console, CORTEX XDR)
  • Review and propose remediations for security findings in AWS cloud infrastructure (SecurityHub).
  • Analyze and propose remediation for vulnerabilities in operating systems (EKS version, EC2 OS versions).
  • Management of vulnerability analysis tools in code (Sonarqube, Fluidattacks).
  • Vulnerability management and support for dev-squads until remediation within the deadline based on severity (low, medium, high).
  • Execution of information security protocols to counter threats.
  • Monitor systems and components to detect cybersecurity vulnerabilities, unusual activities affecting information.
  • Monitor the performance of security controls.
  • Review Jenkins pipelines and potential security findings.
  • Responded promptly to cyber incidents by analyzing attack signatures, isolating affected systems, and restoring normal operations.
  • Investigated information security breaches to identify vulnerabilities and evaluate damage.
  • Reviewed audit logs daily for unusual activity or patterns that could indicate an attempted breach or attack.
  • Reviewed security bulletins and vulnerability patch releases.
  • Monitored user activities on the network for suspicious behavior or malicious activity.
  • Analyzed network traffic logs, firewall logs, intrusion detection system alerts, and antivirus reports to identify potential threats.
  • Provided technical support for troubleshooting issues related to security systems and networks.
  • Updated virus protection systems based on computer virus reports such as malware outbreaks, phishing campaigns, ransomware attacks.
  • Promoted security awareness among employees and clients to alleviate risks and breaches.

IT Security Analyst

CLARITY CONSULTING
Lima, Perú
05.2022 - 12.2022
  • Compliance with internal Company security policies.
  • Support to Dev-Squads in defining the scope of security testing and Ethical Hacking. Active participation in chapter activities (Dailys of dev-squads).
  • Security story management (Jira) for each application/Dev-squad. Management and analysis of vulnerability reports of the components involved (application servers, code repository) in the Dev-Squad reported by tools (Qualys, Fortify, Sonarqube) and accompany the squad in the remediation of the vulnerability.
  • Review the security histories of the dev-squad and validate that the vulnerabilities have been remediated within the deadline according to severity (low, medium, high).
  • Review, validation and security compliance on application code changes in the different environments (DEV-QA-PRD).
  • review of jenkins pipelines and possible security findings.
  • Management and analysis of findings from code analysis platforms (fortify, sonarqube).
  • Reviewed security bulletins and vulnerability patch releases.
  • Worked with cross-functional teams to achieve goals.

Security Analyst

GLOBAL HITSS
Lima, Perú
01.2021 - 04.2022
  • SIEM management (QRADAR):
    Integration of log sources.
    Propose and implement use cases.
    Management of security events/incidents.
    Review of the results of security and fraud monitoring and control controls.
    Maintenance of security event log sources. Documentation of controls and processes in the area of security monitoring and control.
    Tracking, information gathering.
  • Monitored alerts generated by intrusion detection systems to identify potential attacks against corporate networks.
  • Reviewed network traffic logs to identify signs of unauthorized access and underlying network vulnerabilities.
  • Protected secure data files and regulated access.
  • Analyzed web traffic logs to detect anomalies or malicious activities.
  • Monitored security access logs and analyzed system events for suspicious activity.
  • Investigated reported information security incidents by analyzing log files, conducting interviews with involved personnel.

Security Analyst

SECURESOFT
Lima, Lima
02.2018 - 12.2020

IT security platform management: Firewalls (Checkpoint, Palo Alto, Fortinet, Cisco ASA), Web Filters (McAfee Web Enterprise: SecureSoft Gateway, BlueCoat, ForcePoint), Antispam (Cisco IronPort, Cisco CES), McAfee (IPS/IDS, SIEM, DLP and ePo), SSL VPN Juniper Pulse Secure, CyberArk, CORTEX XDR.
-Incident management, response and resolution.
-Attention of requests involving the platforms (creation of rules, permissions, blocking, traffic analysis).

Education

Associate of Science - Computer Networking And Telecommunications

ISIL
Lima, Peru
03-2017

Skills

  • Incident Response
  • Firewall Configuration
  • Network Security
  • Data Security
  • Application Security
  • Intrusion Detection
  • Managing Security Breaches
  • Monitoring Computer Viruses
  • Protecting Networks
  • Forensic Analysis

Languages

Spanish
First Language
English
Intermediate (B1)
B1

Certification

PECB ISO/IEC 27001 Security Information Foundations

Certificate code: ISFO1043008-2019-03

Verification web: https://pecb.com/en/userCertification/certificateVerification

ITIL® v4 Foundation Certificate in IT Service Management

Certificate code: GR671068317JH

Verification web: https://www.peoplecert.org/for-corporations/certificate-verification-service

CertiProf - Cyber Security Foundation – CSFPC Certification ID: 53732121

McAfee Certified Product Specialist: ePolicy Orchestrator (ePO) Specialist - Digital Certificate

McAfee Certified Product Specialist: Security Information and Event Management (SIEM) - Digital Certificate

McAfee Certified Product Specialist: Network Security Platform (NSP) - Digital Certificate

Microsoft Technology Associate (MTA 98-365): Windows Server 2012 R2 Administration Fundamentals

Certificate Code: wnrvF-4Smz

Verification website: verify.certiport.com Microsoft Technology Associate (MTA 98-367): Security fundamentals

Certificate Code: nJsa-XVYE

Verification website: verify.certiport.com

References

References available upon request.

Timeline

Cybersecurity Analyst

WALLY
12.2022 - 12.2023

IT Security Analyst

CLARITY CONSULTING
05.2022 - 12.2022

Security Analyst

GLOBAL HITSS
01.2021 - 04.2022

Security Analyst

SECURESOFT
02.2018 - 12.2020

Associate of Science - Computer Networking And Telecommunications

ISIL
Jhohan Anthony Hernández Sánchez