AV
Security Engineer · NYU M.S. Cybersecurity · Open to opportunities

Angelo
Vasquez

 

Building toward API Security Engineering — securing the connections between systems that power modern enterprise infrastructure. Eight years in technology operations at Synchrony, an M.S. in Cybersecurity at NYU, and a portfolio of security tools built from scratch at the intersection of application architecture and threat intelligence.

View Projects Live Helpdesk Demo Get In Touch
8+
Years Experience
20+
Incidents / Day
$1.8M
Revenue Led
// Profile Dossier AV-2026-SEC
Current
Security Systems Engineer
Synchrony Financial
Target
API Security Engineering
PAM · Detection Engineering
Education
M.S. Cybersecurity, NYU Tandon
GPA 3.9 · Expected May 2027
Active
Delinea Secret Server · Azure Sentinel · KQL · LenelS2 OnGuard
API Security PAM Threat Intel SIEM RAG · LLM OSINT Identity Governance
Scroll
Work

Projects

Security tools built from scratch — live, deployed, and field-tested.

01
Live
OMNIX — Intelligence Platform

Full-stack OSINT intelligence aggregation platform. 17 files, 1,434 lines, 5 API routes in production. Integrates HIBP, Shodan, Hunter.io, AbuseIPDB, VirusTotal, crt.sh, WhoisJSON, IPQualityScore, and GitHub into a unified analyst interface with an executive design system.

ReactNext.jsVercel Shodan APIVirusTotalHIBP AbuseIPDBHunter.io
View Live Platform
02
Live
SentinelMap

React + Vite IP intelligence tool with Mapbox GL JS geolocation, AbuseIPDB threat scoring, and real-time visitor IP detection.

ReactMapbox GL JSZustandAbuseIPDB
View Live
03
Live
Azure Sentinel SIEM Deployment

Enterprise SIEM — live Sentinel workspace, custom KQL detection rules mapped to MITRE ATT&CK Initial Access, and triaged real triggered incidents.

Microsoft AzureSentinelKQLMITRE ATT&CK
Case Study
04
Live
Fraud Network Analysis

Graph-based fraud investigation tool using Neo4j. Surfaces shared device clusters, transaction loops, and duplicate patterns via graph traversal and anomaly scoring.

Neo4jGraph AnalysisOSINTJavaScript
Live Demo
05
Live
Identity Bridge

API-driven identity correlation — unifies LenelS2 OnGuard physical access with Active Directory and SSO for real-time identity resolution and SIEM enrichment.

OnGuard OpenAccess APIActive DirectoryPythonSIEM
Live Demo Executive Brief
06
Live
SOC RAG Assistant

LangChain + FAISS + HuggingFace all-MiniLM-L6-v2 + GPT-4o-mini. Six curated SOC knowledge packs — answers pulled from curated documents, not general training data. Live on Streamlit Cloud.

LangChainFAISSHuggingFaceGPT-4o-miniStreamlit
Launch App
07
Live
AWS Threat Detection Lab

Live AWS environment using GuardDuty, CloudTrail, and SNS alerting. Simulates real attack scenarios — credential stuffing, S3 exposure, IAM abuse — each mapped to MITRE ATT&CK with a triage runbook.

AWS GuardDutyCloudTrailSNSMITRE ATT&CK
GitHub
08
In Progress
AWS Honeytoken Tripwire

Deception-based detection using planted IAM credentials, S3 objects, and EC2 keypairs. Any access triggers a CloudTrail → Lambda → SNS pipeline with full context alerting.

LambdaCloudTrailIAMPython
GitHub
09
In Progress
Terraform AWS Security Baseline

IaC provisioning a secure AWS environment — VPC, least-privilege IAM, locked S3, CloudTrail logging, GuardDuty. Redeployable in minutes.

TerraformHCLAWS VPCGuardDuty
GitHub
10
In Progress
AI Health Coach App

Apple Watch + iPhone app leveraging HealthKit and Dexcom CGM integration. Four-layer architecture with Claude API-powered coaching for personalized health prevention guidance.

SwiftHealthKitClaude APIWatchOS
In Progress
AI Engineering

Generative AI in Action

Live demonstrations of AI tools I've built — from SOC analyst assistants to RAG pipelines and agentic workflows.

SOC Assistant Demo
RAG Pipeline
Architecture
Live · Streamlit Cloud

Ask anything about phishing triage, Splunk SPL hunting queries, MITRE ATT&CK mapping, AWS CloudTrail events, or IAM fundamentals. Answers are pulled from curated SOC knowledge packs, not general training data.

▶ Launch Live App →

Opens in new tab · Selectable knowledge packs · Evidence sources · Conversation history

How the SOC RAG Assistant processes your question — from raw text to structured analyst guidance:

01 — Question
Analyst asks in plain English
02 — Embed
HuggingFace converts to vector via all-MiniLM-L6-v2
03 — Search
FAISS MMR similarity search · k=3 · fetch_k=8
04 — Generate
GPT-4o-mini answers using ONLY retrieved context
✓ SOC Playbooks ✓ Splunk SPL Hunting ✓ AWS Security ✓ IAM Fundamentals ✓ MITRE ATT&CK ✓ Cyber Fundamentals
# RAG pipeline — chunk_size=700 · overlap=120 · lambda=0.55 def run_rag_query(question: str) -> str: embedder = HuggingFaceEmbeddings( model_name="all-MiniLM-L6-v2" ) db = FAISS.load_local("index", embedder) retriever = db.as_retriever( search_type="mmr", search_kwargs={"k": 3, "fetch_k": 8} ) chain = RetrievalQA.from_chain_type( llm=ChatOpenAI(model="gpt-4o-mini"), retriever=retriever ) return chain.run(question)

Key innovation: instead of relying on the LLM's general knowledge, it only answers from curated documents — making responses accurate, auditable, and domain-specific.

Try the SOC Assistant

Ask about DNS tunneling, phishing response, or ransomware triage:

AI
SOC RAG Assistant online. Ask me about phishing, ransomware, DNS tunneling, or any SOC triage scenario.
Background

Experience

8+ years across IT operations, enterprise security, and AI enablement in regulated and high-volume environments.

Jan 2025 — Present
Consultant, Systems Engineer
Synchrony · Stamford, CT
  • Administer secure password resets, MFA, and identity governance while preventing unauthorized activity
  • Resolve 20+ incidents/day across tools and stakeholders; document outcomes with clear, actionable updates
  • Deploy and maintain enterprise software with a compliance-first approach; support secure decommissioning
Jun 2016 — Dec 2024
IT Customer Lead
AltaGIT · Bronx, NY
  • Configured and secured networks, routers, switches, endpoints, and wireless; macOS/Windows imaging
  • Used Splunk for anomaly detection and troubleshooting; supported encryption and backups for resilience
Jun 2017 — Jan 2025
General Manager / Operations Manager
El Nuevo Pollo Sabroso 1 & 2 · Bronx, NY
  • Led a $1.8M+ revenue operation; improved profitability 10% through process redesign and execution
  • Scaled digital ordering to ~1,052 online transactions/month via Otter + Lightspeed POS
  • Managed 17 vendors and cross-functional teams; negotiated pricing, standardized workflows
Capabilities

Skills

Security engineering depth across API design, threat intelligence, and enterprise infrastructure.

API Security
REST API Design OAuth 2.0 / JWT OpenAPI / YAML API Gateway OWASP API Top 10 Rate Limiting API Threat Modeling Serverless Functions
Security Operations
IAM / MFA Identity Governance Incident Response Splunk / SIEM Network Security KQL MITRE ATT&CK Triage Runbooks Delinea Secret Server
AI Engineering
LangChain RAG Pipelines FAISS Claude API OpenAI Prompt Engineering HuggingFace Vector Search Streamlit
Development & Infrastructure
Python JavaScript React PHP · MySQL Swift Microsoft Azure AWS Docker Terraform Linux / CLI Log Analytics
Credentials

Certifications

Active certifications and completed training programs.

EC-Council C|CT
EC-Council
Active
CCNA
Cisco Certified Network Associate
In Progress
Generative AI for Cybersecurity
Completed
Done
Intro to Linux
NCAE-C · University of West Florida
Done
Kaggle Python & Programming
Kaggle
Done
Academic

Education

Strong academic record across three institutions.

M.S. Cybersecurity
New York University (NYU)
Expected May 2027
GPA 3.9
B.A. Sociology
Lehman College
Completed
A.A. Liberal Arts
Westchester Community College
Completed
Get In Touch

Let's build
something.

Building toward API Security Engineering. Open to roles, conversations, and collaboration at the intersection of API architecture and security.

in
linkedin.com/in/angelo-vasquez
gh
github.com/AMV9978
OMNIX: Live Intelligence Platform
SentinelMap: Live Threat Tool

Send a Message

✓ Message sent! I'll get back to you within 24–48 hours.