John Brooks
Taunton
Summary
Information Security Engineer with four years of experience protecting TJX and serving as primary safeguard against external threats to TJX's ecommerce operations. Proficient in tuning WAF rules, optimizing performance, and ensuring PCI compliance. Skilled in analyzing traffic patterns, responding to incidents, and integrating WAF solutions with other security tools to enhance overall protection.
Overview
4
4
years of professional experience
Work History
Senior Security Engineer
TJX Companies
01.2021 - Current
- Manage Akamai's WAF to safeguard web applications from a variety of security threats, including SQL injection, cross-site scripting, DDoS, and Account Takeover attacks(ATO).
- Continuously monitor and analyze traffic patterns through Akamai’s security platform to detect potential vulnerabilities and mitigate risks.
- Triage and respond to security incidents, adjusting WAF configurations and security rules for optimal protection and performance.
- Collaborate with corporate security, development, and operations teams to integrate Akamai security solutions with the broader infrastructure.
- Troubleshoot WAF-related issues and ensure high availability and minimal downtime for web applications.
- Maintain Akamai's Enterprise Application Access (EAA) to ensure developers and QA specialists safely and securely conduct business priorities with minimal friction
- Conduct reviews of SAST scans to ensure new vulnerabilities are accounted for and given a remediation plan.
Education
Bachelor of Science - Software Engineering
Loyola University Chicago
Chicago, IL12-2020
Skills
- Incident response management
- Splunk
- WAF
- Python
- Akamai Bot Management (BMP, BMS, Content Protector)
- Akamai Account Protector
- IAM (via Akamai EAA)
- Content Security Policy (CSP)
- SAST scan review (via Veracode)
Accomplishments
- x2 TJX "Associate of the Quarter" award winner - June 2023 and September 2024
- Built TJX's Akamai Bot Manager Premier and Account Protector solution from the ground up
- Rolled out Akamai Enterprise Application Access (EAA) at TJX allowing users both internal to TJX and external to TJX to safely and securely access Non-Production
- Used Akamai EdgeWorkers to implement TJX's Content Security Policy on PCI compliant webpages
- Moved initial alert investigation away from the ecommerce security team to TJX's SOC; trained the SOC how to use Akamai Web Security Analytics (WSA) and how to conduct analysis for various attack types
- Worked with TJX SOC to convert the ecommerce WSA alerts into Splunk alerts to align with TJX SOC's SIEM tool and broader infrastructure
Timeline
Senior Security Engineer
TJX Companies
01.2021 - Current
Bachelor of Science - Software Engineering
Loyola University Chicago
Similar Profiles
Leflore PressLeflore Press
Part-Time Backroom Coordinator at TJ Maxx, TJX CompaniesPart-Time Backroom Coordinator at TJ Maxx, TJX Companies
Kassidy NezKassidy Nez
Assistant Store Manager of Operations at TJX CompaniesAssistant Store Manager of Operations at TJX Companies
Yolanda McClainYolanda McClain
Store Manager TJ Maxx at TJX CompaniesStore Manager TJ Maxx at TJX Companies