Jocelyn Khuu

Security Engineer

Summary

Hello! I'm Jocelyn. A Security Engineer focusing on enterprise security and IAM. Currently working remotely from California.

Experience

01/2025 - Present

American Specialty Health

Info Security Engineer II

  • TBD
01/2022 - 12/2024

Clover Network, Inc.

Security Engineer

  • Oversaw patch management for endpoints, increasing user patching by 70%
  • Managed endpoint security for over 900 devices by hardening systems according to CIS benchmarks
  • Led deployment of the asset management system SnipeIT on GCP instances using Terraform and Puppet
  • Used Terraform to implement Britive, managing privileged Snowflake access and setting entitlement policies
  • Created Python scripts to automate OpenLDAP IAM tasks, reducing group creation time by 97%, from 1 minute to 2 seconds, saving IT significant time
  • Configured SSO for SaaS applications through ForgeRock
  • Managed GCP IAM permissions in Terraform for developers and develop RBAC IAM policies
  • Monitored and responded to detections in Crowdstrike and Lacework and participate on on-call
  • Completed vendor security assessments for applications and work with GRC on audits
  • Responded to and investigate phishing email reports in Proofpoint TAP and Google Workspace admin tools
06/2021 - 01/2022

Petal Card

IT Support Specialist

  • Lead IT as sole IT support for NY HQ and VA locations supporting over 150 systems
  • Administered Google Workspace, Okta, Slack, Zoom, Zendesk, JIRA, Confluence, and JAMF Pro
  • Increased user patching by over 40% by deploying DeprecationNotifier via JAMF and bash scripting to nudge users to complete security updates
  • Identified gaps in IT Security and worked cross-functionally to improve and implement new processes and policies and assisted with SOC2 compliance for endpoint and IT security
  • Completed Zendesk and Okta integration to enhance security with MFA after hours for over 50 users and worked with customer operations teams to ensure minimal impact
04/2019 - 06/2021

Facebook

Enterprise Support Tech

  • Spearheaded deployment of Go2Chef to use Chef-Solo for off-corp Linux (Fedora) provisioning, enabling over 2,000 Fedora users to provision and bootstrap systems from home
  • Acted as escalation for configuration management and client security issues relating to Chef, MDM profiles, and 802.1x certificates by troubleshooting from stack traces and logs and tracking trending issues
  • Collaborated with Client Security and Internal Detection and Response Team (IDR) on malware removal and troubleshooting security software such as Santa (binary authorization), MDATP, Carbon Black, and Osquery
  • Developed Python tool for automated Chef upgrades on Linux systems by dynamically generating JSON config files, bootstrapping Chef with Go2Chef, and querying Chef’s Omnitruck API for metadata and package downloads
04/2018 - 04/2019

Stanford University

Computing Support Analyst II

  • Provided tier 2 desktop support for over 2,000 faculty and staff
  • Imaged and deployed Windows 10 and MacOS systems and ensured HIPAA data security requirements were met
  • Troubleshot endpoint management software (IBM BigFix) and security software (SCEP) for over 5,000 systems
  • Collaborated with InfoSec teams on isolating systems, VLAN migrations, and maintaining system compliance
  • Created and modified network database entries for systems and assigned IPs and changed VLANs for systems
04/2017 - 04/2018

Futurewei Technologies

IT Helpdesk Engineer

  • Provided front-line helpdesk support for multiple locations including over 800 local and remote users
  • Lead, created, and presented in weekly IT orientation and served as the point of contact for all new hires
  • Educated users on security policies through orientation and reported security incidents to management
  • Tracked and triaged tickets through Track-IT, resolving an average of 500 tickets per month
  • Created and maintained images, configured user profiles, and deployed Windows 7, 10, and MacOS systems
  • Provisioned Avaya VoIP phones by updating VLAN settings and completing firmware updates
  • Configured and managed network patch panels, activating ethernet ports and ensuring proper connectivity between switches and end-user devices

Education

University of California, Irvine

B.A., Business Economics