Profiles search
Nick Winn
Lead Information Security Engineer
Denver, CO, United States
Details
Experience:
As the lead security engineer of the infrastructure security team, I define, implement and support solutions to ensure the continued security and compliance posture for the organization.
● Designed systems used for vulnerability management in addition to administration of the vulnerability management program.
● Led architecture review to ensure all solutions met standards and guidelines resulting in the integration of security in every platform.
● Oversaw security controls inside cloud environments and end points.
● Guided identification, testing and deployment of solutions needed to reduce or mitigate security risk.
● Developed parts of the GRC program and it's application to build standards and guidelines.
● Led the PCI Level 1 and SOC 2 Type 2 audit from an infrastructure and security perspective.
● Researching emerging threats and proactively implementing mitigating controls.
● Defining audit logging requirements and the appropriate incident response alerting.
● Mentoring and training security personnel.
● Threat hunting and close monitoring of internal infrastructure and insider threat.
● Evaluated and implemented security controls inside cloud environments.
● Working towards automating incident response actions based on real time threat analysis.
● Managed external relationships with 3rd party security tool vendors and penetration testers.
● Developed information security policy, guidelines, strategy, incident response playbooks and procedures.
● Incident response management, mitigation, and remediation efforts for security incidents.
● Common sense security champion and evangelist.
2019 : Present
Recurly
Lead Information Security Engineer
● Participated in initial conceptual project design to ensure security integrity.
● Authored security risk assessments for new and existing projects using industry standard NIST (800-53R4,800-144,800-146,800-37), ISO, PCI and CSA controls.
● Designed hybrid cloud cyber security framework.
● Guided focused security committee meetings on improvements and future milestones.
● Performed vendor risk assessments on new and current business relationships.
● Steered best security practices for reducing risk with external teams.
● Produced detailed threat and business impact analysis for emerging threats.
● Contributed process improvements for multiple teams under the Network Security Operations organization.
2018 : 2019
Charter Communications
Senior Security Engineer
I joined Shutterstock originally as a DevOps engineer and then moved to the security team after identifying major security issues. As a security engineer I helped Shutterstock secure it's infrastructure and maintain it's compliance focus while adopting new security frameworks. I was instrumental in finding and responding to all threats including uncovering a very elaborate fraud scheme which was costing Shutterstock hundreds of thousands of dollars monthly.
● Monitored and managed end point protection platforms, security scanning platforms, web application firewalls (WAF) and security event logging platforms.
● Co-authored information security policies.
● Conducted advanced analysis of malware and cyber attack tactics.
● Acted as artifact collector and presenter in multiple audits (NIST, PCI, SOX).
● Assisted with NIST 800-53r4 and ISO 27001 : 2013 framework implementation.
● Designed and documented new procedures for security operations and other teams.
● Conducted weekly security audits on both internal and external assets.
● Performed validation on security vulnerabilities found and then assisted with remediation of vulnerabilities or implemented compensating controls.
● Leveraged OSINT tooling to identify and locate exfiltrated data being leaked from the organization.
● Started Shutterstock’s first security awareness campaign.
● Designed security and compliance focused training material and slide decks.
● Reviewed and approved firewall changes and conducted firewall configuration reviews.
● Monitored network traffic and managed external firewall blocks against malicious addresses.
● Architected security infrastructure including occasionally working directly with vendors for support and building out POC’s.
● Conducted advanced threat hunting and performed incident response on known threats.
● Improved physical office security by demonstrating door sensor and RFID exploits.
● Reviewed and guided new projects to ensure compliance and best security practices.
2016 : 2018
Shutterstock
Information Security Engineer
● Maintained and optimized Jenkins pipeline.
● Build out disaster recovery for CI/CD pipeline.
● Maintained production RabbitMQ clusters.
● Assisted developers with internal tools and release process.
● Maintained multiple code repositories (artifactory, git, yum).
● Maintained code deployment tools and playbooks/manifests/recipes (ansible, puppet and chef).
● Participated in building plans and prototypes for moving Shutterstock services to AWS and VMware Cloud platforms.
● Assisted in Kubernetes (k8s) with docker adoption and integration in AWS.
● Built initial proof of concept Jenkins DSL for more efficient job creation and management.
2016 : 2017
Shutterstock
DevOps Engineer
• Worked with security team to identify, verify and remediate infrastructure security vulnerabilities.
• Evaluation of infrastructure security controls and identification of security deficiencies.
• Continuous threat hunting and monitoring of infrastructure events.
• Built and maintained security infrastructure (vulnerability scanners, gpu computing cluster, etc).
• Managed EMC, Purestorage, HP P2000 and Netapp storage infrastructure.
• Planned and began implementation of intelligent Splunk platform.
• In charge of decommissioning older, unsupported servers and planning upgrades to supported operating systems.
• Support Database Administrator team in changes to oracle infrastructure.
• Planned and executed large portions of company wide maintenance events.
• Designed and ran Ansible plays that built and maintained infrastructure across multiple environments.
• A member of a two person team responsible for all VMware infrastructure.
• Setup and maintained VMware backups using Veeam in addition to defining backup strategy.
• Responsible for Disaster Recovery Planning for multiple infrastructure solutions.
• Tech Debt Master
2015 : 2016
Return Path
Core Operations DevOps Engineer / Infrastructure Security
● Designed systems used for vulnerability management in addition to administration of the vulnerability management program.
● Led architecture review to ensure all solutions met standards and guidelines resulting in the integration of security in every platform.
● Oversaw security controls inside cloud environments and end points.
● Guided identification, testing and deployment of solutions needed to reduce or mitigate security risk.
● Developed parts of the GRC program and it's application to build standards and guidelines.
● Led the PCI Level 1 and SOC 2 Type 2 audit from an infrastructure and security perspective.
● Researching emerging threats and proactively implementing mitigating controls.
● Defining audit logging requirements and the appropriate incident response alerting.
● Mentoring and training security personnel.
● Threat hunting and close monitoring of internal infrastructure and insider threat.
● Evaluated and implemented security controls inside cloud environments.
● Working towards automating incident response actions based on real time threat analysis.
● Managed external relationships with 3rd party security tool vendors and penetration testers.
● Developed information security policy, guidelines, strategy, incident response playbooks and procedures.
● Incident response management, mitigation, and remediation efforts for security incidents.
● Common sense security champion and evangelist.
2019 : Present
Recurly
Lead Information Security Engineer
● Participated in initial conceptual project design to ensure security integrity.
● Authored security risk assessments for new and existing projects using industry standard NIST (800-53R4,800-144,800-146,800-37), ISO, PCI and CSA controls.
● Designed hybrid cloud cyber security framework.
● Guided focused security committee meetings on improvements and future milestones.
● Performed vendor risk assessments on new and current business relationships.
● Steered best security practices for reducing risk with external teams.
● Produced detailed threat and business impact analysis for emerging threats.
● Contributed process improvements for multiple teams under the Network Security Operations organization.
2018 : 2019
Charter Communications
Senior Security Engineer
I joined Shutterstock originally as a DevOps engineer and then moved to the security team after identifying major security issues. As a security engineer I helped Shutterstock secure it's infrastructure and maintain it's compliance focus while adopting new security frameworks. I was instrumental in finding and responding to all threats including uncovering a very elaborate fraud scheme which was costing Shutterstock hundreds of thousands of dollars monthly.
● Monitored and managed end point protection platforms, security scanning platforms, web application firewalls (WAF) and security event logging platforms.
● Co-authored information security policies.
● Conducted advanced analysis of malware and cyber attack tactics.
● Acted as artifact collector and presenter in multiple audits (NIST, PCI, SOX).
● Assisted with NIST 800-53r4 and ISO 27001 : 2013 framework implementation.
● Designed and documented new procedures for security operations and other teams.
● Conducted weekly security audits on both internal and external assets.
● Performed validation on security vulnerabilities found and then assisted with remediation of vulnerabilities or implemented compensating controls.
● Leveraged OSINT tooling to identify and locate exfiltrated data being leaked from the organization.
● Started Shutterstock’s first security awareness campaign.
● Designed security and compliance focused training material and slide decks.
● Reviewed and approved firewall changes and conducted firewall configuration reviews.
● Monitored network traffic and managed external firewall blocks against malicious addresses.
● Architected security infrastructure including occasionally working directly with vendors for support and building out POC’s.
● Conducted advanced threat hunting and performed incident response on known threats.
● Improved physical office security by demonstrating door sensor and RFID exploits.
● Reviewed and guided new projects to ensure compliance and best security practices.
2016 : 2018
Shutterstock
Information Security Engineer
● Maintained and optimized Jenkins pipeline.
● Build out disaster recovery for CI/CD pipeline.
● Maintained production RabbitMQ clusters.
● Assisted developers with internal tools and release process.
● Maintained multiple code repositories (artifactory, git, yum).
● Maintained code deployment tools and playbooks/manifests/recipes (ansible, puppet and chef).
● Participated in building plans and prototypes for moving Shutterstock services to AWS and VMware Cloud platforms.
● Assisted in Kubernetes (k8s) with docker adoption and integration in AWS.
● Built initial proof of concept Jenkins DSL for more efficient job creation and management.
2016 : 2017
Shutterstock
DevOps Engineer
• Worked with security team to identify, verify and remediate infrastructure security vulnerabilities.
• Evaluation of infrastructure security controls and identification of security deficiencies.
• Continuous threat hunting and monitoring of infrastructure events.
• Built and maintained security infrastructure (vulnerability scanners, gpu computing cluster, etc).
• Managed EMC, Purestorage, HP P2000 and Netapp storage infrastructure.
• Planned and began implementation of intelligent Splunk platform.
• In charge of decommissioning older, unsupported servers and planning upgrades to supported operating systems.
• Support Database Administrator team in changes to oracle infrastructure.
• Planned and executed large portions of company wide maintenance events.
• Designed and ran Ansible plays that built and maintained infrastructure across multiple environments.
• A member of a two person team responsible for all VMware infrastructure.
• Setup and maintained VMware backups using Veeam in addition to defining backup strategy.
• Responsible for Disaster Recovery Planning for multiple infrastructure solutions.
• Tech Debt Master
2015 : 2016
Return Path
Core Operations DevOps Engineer / Infrastructure Security
Company:
Recurly
Years of Experience:
20
Spoken Language:
English
Skills
Active Directory, Apache, Cluster, Data Center, Disaster Recovery, DNS, Email Hosting, Firewalls, Hardware, High Availability, HP, Identity and Access Management (IAM), Information Security, Information Security Standards, Infrastructure, Integration, ITIL, IT Management, IT Service Management, Linux, Networking, Operating Systems, Payment Card Industry Data Security Standard (PCI DSS), Red Hat Linux, SAN, Secure Cloud, Security, Security Architecture Design, Servers, Shell Scripting, Software Documentation, Software Installation, Solaris, Storage, Storage Area Networks, System Administration, Technical Support, Testing, Threat & Vulnerability Management, Troubleshooting, Unix, Virtualization, VMware, Windows
About
20+ years of proven IT experience with a heavy focused on engineering, operating, maintaining, scaling solutions around Unix and Linux operating systems. In the last 7 years, my career has moved to information security engineering technology, practices, implementations and research. I am firm believer of never recreating the wheel (also known as over engineering) and in automation to prevent human error to increase effectiveness and efficiency.
Profile Photo
