Summary
Overview
Work History
Education
Skills
<Enter your own>
Cybersecurity Skills And Tools
Timeline
Generic

Raymond Lee

Summary

  • Seeking a Cybersecurity Architecture and Engineering Manager role to leverage over 15 years of extensive expertise in team leadership, cybersecurity architecture/engineering/operations, IT/software development.
  • Experience in building out security programs and drive security initiatives in small/large security team.
  • Extensive experience in startup and enterprise environments. Worked in FinTech, healthcare, enterprise software, IT, semiconductor, ecommerce industries to implement security engineering solutions in scale.
  • Security Certifications: CISSP, GPEN, GPCS, GREM, GMOB, GWAPT, GMON, GWEB, GSSP-Java.

Overview

17
17
years of professional experience

Work History

Senior Staff Security Architect/Engineer, Technical Lead

Synopsys
09.2022 - Current
  • Lead various security initiatives and provide technical leadership to support the organization's roadmap.
  • Provide security metrics in KPIs and KRIs, and security posture using the NIST CSF and maturity model.
  • Manage a team of 5 technical security architects and engineers in cloud, enterprise, and product security.
  • Responsible for the enterprise security architecture, design and implementation, operations security for on-premises and cloud solutions involving M&A, data center network and physical security design review, 3rd party vendors risk assessment, public clouds, and internal software products and platforms.
  • Technologies include SaaS, AI/ML, Containers, Kubernetes, SAML SSO, OAuth, ELK, API integrations, EDR, DLP, etc.
  • Architect enterprise security for HSM, secrets management, threat detection, data privacy and compliance.
  • Lead cloud and container security efforts in Synopsys Cloud Platform with microservices architecture.
  • Perform manual/automated penetration testing in various products (modern webapps, APIs, Infrastructure).
  • Conduct security reviews with different teams to provide security solutions and support business needs.

Sr. Security Architect/Engineer, Technical Lead

ICE Mortgage Technology
01.2021 - 03.2022
  • Led different security projects in agile SSDLC development.
  • Managed and mentored 5 direct reports to provide technical direction.
  • Interviewed candidates.
  • Worked on security roadmap with security leadership.
  • Involved purple/red team, security tools development, bug bounty, corporate and infrastructure security.
  • Performed security architecture and design reviews on products and platforms that involves IAM, applied cryptography, authentication, security protocols, docker, Kubernetes.
  • Implement DevSecOps pipeline.
  • Source code review and secure development training in Golang, Python, Java, C++, OAuth, SAML.
  • Designed and deployed DAST/SAST/SCA automation in CI/CD Jenkins pipeline for different projects.
  • Performed security assessments in network, physical, IOT, cloud, mobile, web, and 3rd party vendors.
  • Led the cloud security and automation initiatives.
  • Managed and monitored multi-cloud accounts for security vulnerabilities.
  • Performed cloud pen test assessment.
  • Worked on external SOC2 Cloud audit.
  • Built a mobile security program.
  • Worked with new mobile team for security and automation requirements.

Offensive Security Researcher

Intel IAGS
11.2018 - 11.2020
  • Led a team of 3 engineers (people and project management) for various pentesting/red team engagements.
  • This included security architecture review, DAST and SAST integrations, source code review, binary analysis, manual pentesting and exploitation, vulnerability management.
  • The products included platforms, standalone software, cloud and network infrastructure, web and mobile apps, IOT devices.
  • Worked with various technologies that involved applied cryptography, security protocols, PKI, IAM, PAM.
  • Pentest cycle includes threat modeling, attack modeling, finding vulns, fuzzing, exploitation, reporting.
  • Apply attack techniques methodology for various domains.
  • Communicate with product teams to understand the product specification, business use cases, architecture design, mitigations of discovered vulnerabilities.
  • Evaluated different security tools, including DAST vendors, Snyk. etc.
  • Created infrastructure proposals.
  • Volunteered in software conference as committee reviewer for 2 years in various tracks: Systems Engineering, Software Development, Security and Privacy.
  • Earned Security White Belt and Yellow Belt.
  • Developed react.js and node.js IT Cloud Broker app on multi-cloud accounts provisioning and automation.
  • IPAS Security Leadership Award: Secure the Platform, Defend Customer Data, Lead the Industry.

Senior Cloud Security Engineer (AWS), Team Lead

Symantec
08.2018 - 11.2018
  • Worked on CloudSOC CASB team to focus on product security in AWS infrastructure and AppSec areas.
  • Worked with external auditor on SOC-2 audit and security controls.
  • Performed other compliances work.
  • Deployed SafeBreach and Dome9 AWS monitoring tool.
  • Worked with DevOps to harden AWS services.
  • Conducted manual pentesting and vulnerability assessment on cloud infrastructure and software.

Senior Security Engineer, Technical Lead

Workday
11.2015 - 08.2018
  • Heavily involved in security engineering roadmap, product architecture reviews, DevSecOps, monitoring.
  • Led the initiatives in Red/Purple Teaming engagements to improve the security and detection capabilities.
  • Influence and provide advice to management/other orgs.
  • Technical leadership and mentor junior engineers.
  • Perform security architecture design and reviews for the Workday cloud and platform; code reviews and contributions to several dev scrums; and security development.
  • Security lead for many key projects and participate in the design of the upcoming changes in the platform to improve the security of the service.
  • Implement and manage security policies in F5 ASM and Content Security Policy for web applications.
  • Lead and develop security services and continuous integration to assess the security by leveraging dynamic, network, and static scanners technologies.
  • Work closely with technology and development organizations.
  • Organize internal Red/Blue/Purple team activities, as well as design and build CTF docker images.
  • Perform regular security assessment/penetration testing to assess the overall organization security risks.
  • Work on security incidents and threat intelligence by using Splunk SIEM, Proofpoint, API development.
  • Draft and deploy security processes, policies, standards, development best practices in WIKI confluence.

Senior Security Engineer

Walmart Global eCommerce
06.2015 - 11.2015
  • Conducted manual code review and security assessments for different Walmart products/web applications.
  • Taught security awareness training on secure coding and development practices, web attacks, phishing.
  • Worked with OpSec teams design, run, and manage secure platforms in AWS (EC2, VPC, RDS, S3).
  • Maintained OpSec's puppet and Chef cookbook powering the infrastructure hardening and management.
  • Performed threat modeling, security architecture and design on projects across different departments.
  • Provided remediation guidance for security issues and help business units embed security into their SDLC.
  • Red teaming, threat responses and security operations monitoring from different appliances and sources.

Senior Application Security Engineer

Lending Club
02.2014 - 06.2015
  • Reported directly to CISO.
  • Full involvement in the SSDLC for company's products using React, Java, node.js stack.
  • Define the product security requirements and security design.
  • Perform regular static and dynamic code analysis with Fortify, AppScan, Burp.
  • Led and provided developer secure coding training.
  • Implemented security features and libraries.
  • Fixed and tested security vulnerabilities of the product.
  • Performed vulnerability assessment and penetration testing on web applications, mobile apps, and API.
  • Monitored and log analysis with Splunk, NewRelic.
  • Container deployment with Docker and Vagrant.
  • Performed MDM POC with different vendors.
  • Deployed MDM and policies to mobile devices.
  • Managed Imperva Web Application Firewall and Database Monitoring to implement security and business policies to detects web attacks and DDOS attacks on the web applications and database applications.
  • Performed security review and POC evaluations on third-party vendors and provide recommendations.

Senior Application Software Engineer/Security Developer

UCSF ITS
05.2008 - 02.2014
  • Led the security architecture, design, configurations, and testing efforts on the new high availability (HA) infrastructure of the UCSF Weblinks financial and reporting system.
  • The infrastructure supported the failover and load balancing.
  • Integrated with the UCSF MyAccess IAM SSO system with Shibboleth.
  • Reviewed the security configurations in F5, Apache, Shibboleth, and WAS.
  • Designed and implemented the security components (session management, application timeout, authentication, and access control) to use SSO.
  • Performed account provisioning using IBM Tivoli Identity Manager, and vulnerability assessment.
  • Implemented defense-in-depth security controls in the web applications with OWASP ESAPI to mitigate the top security vulnerabilities such as SQL Injection, XSS, and CSRF.
  • Practice OWASP secure coding principles: protective HTTP headers, input validation, output encoding, least privilege, data security, etc.
  • Performed security testing with tools (OWASP ZAP, WebScarab, AppScan, NetSparker, Firefox plugins), manual verification.
  • Threat classification, risk assessment, and reference OWASP testing guide.

Education

M.S. - Computer Science

San Jose State University

B.S. - Computer Science, Minor in Mathematics

San Jose State University

Skills

  • Leadership
  • SANS LDR514 training
  • Strategic planning
  • People and project management
  • Leadership presentations
  • SWOT analysis
  • Roadmap development
  • Security metrics and dashboard
  • Tableau
  • JIRA
  • Confluence
  • Service Now
  • Risk matrix
  • NIST CSF
  • SOC2 Audit
  • OneTrust
  • M&A
  • TPRM
  • AuditBoard
  • CSET
  • Security ScoreCard
  • OpenAI LLM
  • GPT4
  • PAN
  • F5
  • InfoBlox IPAM
  • Zscaler
  • SentinelOne
  • CrowdStrike
  • O365 security
  • OKTA SSO
  • SailPoint IAM
  • Tanium
  • JAMF
  • Gigamon
  • Vormetric
  • CloudHSM
  • Beyond Trust PAM
  • Microsoft CASB
  • Zscaler CASB
  • Digital Guardian DLP
  • Cyberark PAM
  • Deloution
  • Keeper Secret Manager
  • Proofpoint
  • Abornmal security
  • SSDLC
  • STRIDE
  • Pasta
  • Threat Modeler
  • API design
  • WAF
  • CMM
  • BSIMM
  • ASPM
  • Checkmarx
  • Snyk
  • Blackduck
  • GitHub
  • Copilot
  • GitLab
  • Veracode
  • Apigee API management
  • APIsec
  • Docker
  • Kubernetes
  • Traceable
  • Azure
  • Azure OpenAI
  • AWS
  • GCP
  • CSPM
  • CWPP
  • Wizio
  • Prisma Cloud
  • HashiCorp
  • 365Inspect
  • AzureInspect
  • ScoutSuite
  • Aqua
  • Kube-bench
  • CloudSOC
  • CLI
  • SDK
  • API custom tools development
  • Akamai
  • Cloudflare WAF
  • Burp Suite
  • Kali Linux
  • Cobalt Strike C2
  • SET
  • GoPhish
  • Metasploit
  • Bloodhound
  • Atomic Red Team
  • Mimikatz
  • Nmap
  • Empire
  • Wireshark
  • Aircrack-ng
  • SQLMap
  • Hydra
  • Hashcat
  • Recon-ng
  • ELK SIEM
  • Splunk
  • LogRythm
  • SOAR
  • Nexpose
  • Qualys
  • Honeypot
  • Entrust
  • Venafi PKI
  • Solarwinds
  • QRadar

<Enter your own>

  • Relocation: 1
  • Availability: Open to Relocation

Cybersecurity Skills And Tools

SANS LDR514 training, Strategic planning, People and project management, Leadership presentations, SWOT analysis, Roadmap development, Security metrics and dashboard, Tableau, JIRA, Confluence, Service Now, Risk matrix, NIST CSF, SOC2 Audit, OneTrust, M&A, TPRM, AuditBoard, CSET, Security ScoreCard, OpenAI LLM, GPT4, PAN, F5, InfoBlox IPAM, Zscaler, SentinelOne, CrowdStrike, O365 security, OKTA SSO, SailPoint IAM, Tanium, JAMF, Gigamon, Vormetric, CloudHSM, Beyond Trust PAM, Microsoft CASB, Zscaler CASB, Digital Guardian DLP, Cyberark PAM, Deloution, Keeper Secret Manager, Proofpoint, Abornmal security, SSDLC, STRIDE, Pasta, Threat Modeler, API design, WAF, CMM, BSIMM, ASPM, Checkmarx, Snyk, Blackduck, GitHub, Copilot, GitLab, Veracode, Apigee API management, APIsec, Docker, Kubernetes, Traceable, Azure, Azure OpenAI, AWS, GCP, CSPM, CWPP, Wiz.io, Prisma Cloud, HashiCorp, 365Inspect, AzureInspect, ScoutSuite, Aqua, kube-bench, Microsoft CASB, CloudSOC, CLI, SDK, API custom tools development, Akamai, Cloudflare WAF, Burp Suite, Kali Linux, Cobalt Strike C2, SET, GoPhish, Metasploit, Bloodhound, Atomic Red Team, Mimikatz, Nmap, Empire, Wireshark, Aircrack-ng, SQLMap, Hydra, Hashcat, Recon-ng, ELK SIEM, Splunk, LogRythm, SOAR, Nexpose, Qualys, Honeypot, Entrust, Venafi PKI, Solarwinds, QRadar

Timeline

Senior Staff Security Architect/Engineer, Technical Lead

Synopsys
09.2022 - Current

Sr. Security Architect/Engineer, Technical Lead

ICE Mortgage Technology
01.2021 - 03.2022

Offensive Security Researcher

Intel IAGS
11.2018 - 11.2020

Senior Cloud Security Engineer (AWS), Team Lead

Symantec
08.2018 - 11.2018

Senior Security Engineer, Technical Lead

Workday
11.2015 - 08.2018

Senior Security Engineer

Walmart Global eCommerce
06.2015 - 11.2015

Senior Application Security Engineer

Lending Club
02.2014 - 06.2015

Senior Application Software Engineer/Security Developer

UCSF ITS
05.2008 - 02.2014

M.S. - Computer Science

San Jose State University

B.S. - Computer Science, Minor in Mathematics

San Jose State University

Similar Profiles

CREATE PROFILE
Raymond Lee