LiveCareer-Resume

cloud security vulnerability engineer resume example with 5+ years of experience

Jessica
Claire
resumesample@example.com
(555) 432-1000,
, , 100 Montgomery St. 10th Floor
:
Professional Summary

Accomplished engineer proffering extensive cloud monitoring, deployment and troubleshooting skills. Defined, built and maintained infrastructure using vendor-neutral and platform-specific tools. Organized and focused person with extraordinary leadership acumen.

Skills

Data security, Qualys Cloud Platform, designing security controls, Nagios monitoring software, Symantec Endpoint Protection, Implementing security programs, good listening skills, Verbal and written communication, AWS Inspector, AWS Shield, GuardDuty, AWS WAF,

AWS Secret Manager, Nessus, OpenVAS.

(IDS/IPS) SIEM (Splunk/Qradar) Palo Alto Networks, Firewalls & Log Analysis. Rapid7 InsightCloudSec, Xpel, Trend Micro One, Amazon Web Services (EC2, EBS, S3, IAM, AMI, VPC, VPC Peering, NACL, SG, Route53, Auto Scaling, ELB, SNS, CloudWatch and Cloud Formation). Dome9, Barracuda Guardian Security, PostgreSQL, MySQL, DynamoDB.

Certifications
  • PMP- Certified
  • AWS Certified Cloud Practitioner – Certified
  • AWS Certified Solutions Architect - Associate -In-View
  • AWS Certified Security Specialty - In-View
  • AWS Certified Network Specialty – In- View
  • Scrum Master – Certified
Education
UniJos Overseas, Expected in Bachelor of Science : Architecture - GPA :
Western Governors University Online, USA, Expected in 05/2024 Master of Science : Cyber Security - GPA :
The SANS Technology Institute Orlando, FL, Expected in 04/2018 Certificate of Completion : Cloud Security Operations And Architecture - GPA :
Work History
Cgi Group Inc. - Cloud Security Vulnerability Engineer
Montgomery, AL, 08/2020 - 07/2022
  • Implemented and utilized automation to improve processes.
  • Created risk narratives that explain threat exposure to the enterprise.
  • Gathered vulnerability and threat information from various internal and external sources within the Org.
  • Generated and managed asset inventory reports.
  • Developed and maintained vulnerability management processes and standards.
  • Supported, maintained, and integrated the vulnerability management solutions with various systems and applications within the customer's org.
  • Conducted market analysis and proofs-of-concept on various vulnerability management tools (Tenable Nessus, Qualys) as new potential vendors to replace Rapid7.
  • Provided technical assistance to owners of the impacted systems and applications to remediate and mitigate vulnerabilities
  • Developed tools, documentation, processes, and techniques in Jira/Confluence to assist in the remediation of security vulnerabilities for team members that are new or need a guideline approach.
  • Enabled validation of reduced risk, by confirming vulnerable assets remediate through reporting.
  • Worked daily to generate scan reports on Rapid7 InsightVM
  • Generate Scorecard reports on all AWS Accounts based on severity level in Rapid7 Divvy Cloud Scorecards
  • Contact asset owners whose host "Project ID" is found in the scorecard report to fix their vulnerability
  • Monitor automatic weekly scans by Rapid7 to verify remediation efforts
  • Attend meetings with several teams in Europe/New Zealand to provide guidance or direction where needed.
  • Configured and manage tools to support vulnerability management (such as Tenable and Rapid7).
  • Worked with cross-functional teams including Engineering, Security Engineering, SOC, IT, and GRC teams to address the vulnerability.
  • Measured the effectiveness of defense-in-depth architecture against known vulnerabilities and processes that enable the organization to make informed decisions regarding remediation.
  • Conducted vulnerability management scans, supporting vulnerability management tooling, reporting, and capturing metrics of data.
  • Managed the lifecycle of vulnerabilities: identification, evaluation, prioritization, and reporting.
  • Conducted vulnerability scans of servers, applications, infrastructure, and EC2s.
  • Implemented automated monitoring and alerting on scanning tools and processes in Rapid7 InsightVM.
  • Developed tools, documentation, processes, and techniques in our Jira/Confluence to assist in the remediation of security vulnerabilities.
  • Conducted vulnerability scans of the Customer's systems, networks, endpoints, and applications.
  • Conducted vulnerability scans, analyzes reports, and validated potential findings.
  • Coordinated PCI-DSS vulnerability scans and remediation efforts with the Cloud Security Team.
  • Tracked and provided metrics and insights on vulnerabilities and remediation within the Org.
Boeing - Cloud Security VTM Engineer
City, STATE, 12/2018 - 05/2020
  • Identified, analyzed, and help teams resolve infrastructure vulnerabilities and application deployment issues.
  • Reviewed existing systems and make recommendations for improvements.
  • Recommended IT security improvements to achieve system confidentiality, integrity, and availability.
  • Conducted IT audit assessments for systems or applications to recommend solutions to mitigate risks.
  • Conducted risk analysis, system certifications, auditing, security documentation, and security testing.
  • Assessed threats, risks, and vulnerabilities from emerging security issues to advise pertinent stakeholders on appropriate measures.
  • Conducted and participated in annual disaster recovery exercises.
  • Demonstrated respect, friendliness, and willingness to help wherever needed.
  • Used critical thinking to break down problems, evaluate solutions and make decisions.
  • I was working daily to generate scan reports on Rapid7 InsightVM.
  • Generate Scorecard reports on all AWS Accounts based on severity level in Rapid7 Divvy Cloud Scorecards
  • Contacted asset owners whose host "Project ID" is found in the scorecard report to fix their vulnerability
  • Monitored automatic weekly scans by Rapid7 to verify remediation efforts
  • Attend meetings with several teams in Europe/New Zealand to provide guidance or direction where needed.
  • Configured and manage tools to support vulnerability management (such as Tenable and Rapid7).
  • Worked with cross-functional teams including Engineering, Security Engineering, SOC, IT, and GRC teams to address the vulnerability.
  • Measured the effectiveness of defense-in-depth architecture against known vulnerabilities and processes that enable the organization to make informed decisions regarding remediation.
  • Conducted vulnerability management scans, supporting vulnerability management tooling, reporting, and capturing metrics of data.
  • Managed the lifecycle of vulnerabilities: identification, evaluation, prioritization, and reporting.
  • Conducted vulnerability scans of servers, applications, infrastructure, and EC2s.
  • Implemented automated monitoring and alerting on scanning tools and processes in Rapid7 InsightVM.
  • Developed tools, documentation, processes, and techniques in our Jira/Confluence to assist in the remediation of security vulnerabilities.
  • Conducted vulnerability scans of the Customer's systems, networks, endpoints, and applications.
  • Conducted vulnerability scans, analyzes reports, and validated potential findings.
  • Coordinated PCI-DSS vulnerability scans and remediation efforts with the Cloud Security Team.
  • Tracked and provided metrics and insights on vulnerabilities and remediation's within Boeing organization-wide.
  • Created risk narratives that explain threat exposure to the enterprise.
  • Gathered vulnerability and threat information from various internal and external sources within the Org.
  • Able to recommend appropriate actions to remediate vulnerabilities and mitigate risks and ensures the implementation of appropriate security settings including those required by Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIG)
  • Track and report security and compliance issues
  • Validate remedial actions and ensure compliance with DLA and DOD information security policy
  • Responsible primarily for day-to-day vulnerability management services
  • Ensuring vulnerabilities are identified and prioritized on the list to get sev 1 & sev 2 vulnerabilities resolved to decrease the backlog of existing vulnerabilities on the network.
  • Perform deep-dive analysis of vulnerabilities leveraging data from various sources; analyze data sources and provide recommendations for optimal reports and providing recommendations on remediation to customer
  • Serving as an escalation point on issues, dependencies, and risks related to vulnerability scanning
  • Build relationships with the client's security team and IT system and application owners to decrease the likelihood of friction or roadblocks


Goldman Sachs - Cloud Security Vulnerability Engineer
City, STATE, 09/2017 - 12/2018
  • Identified, analyzed, and resolved infrastructure vulnerabilities and application deployment issues.
  • Partnered with infrastructure teams on evaluation and feasibility assessments of new systems and technologies.
  • Developed security metrics and technical analysis to give insight into performance and trends.
  • Worked with business partners to balance requirements, security, and risk reduction.
  • Designed, installed, and configured email encryption gateways with data loss prevention.
  • Engaged business and technology stakeholders to gather goals and requirements.
  • Designed and implemented security-monitoring solutions to detect and prevent attacks on the cloud infrastructure.
  • Led incident response for security incidents affecting the
  • Responded to inquiries from management and staff about cloud security issues.
  • Stayed up to date on cloud security trends and developments.
  • Helped guide and prioritized the cloud security and design of Identity solutions and how they work holistically with other systems, both Identity systems, and others within the Goldman Sachs organization.
  • Ensured cloud security controls like PCI-DSS, NIST 800-53, CIS
  • I worked on improving vulnerability management processes (secure code review, red teaming, vulnerability assessment, etc.).
  • Served as a vulnerability management analyst for assigned applications
  • Analyze vulnerabilities and characterizes risk
  • Engage with stakeholders and mission partners to facilitate application vulnerability assessments
  • Performs code review, software assurance testing, and application vulnerability scanning
  • Facilitates the coordination of remediation efforts, prioritizing remediation efforts based on risk
Southwest Airlines - Cybersecurity Analyst
City, STATE, 09/2016 - 09/2017
  • Created cybersecurity best practice communications to educate staff against known threats and potential vectors of attack.
  • Developed and maintained incident response protocols to mitigate damage and liability during security breaches.
  • Collaborated with third-party payment card industry (PCI) compliance partners.
  • Managed relationships with third-party intrusion detection system providers.
  • Maintained operational readiness and effectiveness of all IT Security controls, applications and monitoring systems.
  • Monitored intelligence feeds to identify new threats & risks relevant to Southwest.
  • Reviewed, investigated, and remediated IT Security alerts and events.
  • Supported and executed the Company’s incident response plan.
  • Developed new and used existing automation tools to support event response and IT Security operations.
  • Audited computer systems, network infrastructure, and application security in accordance with best practices, applicable laws, regulations, and IT security policy.
  • Consulted with and advised end users on secure computing practices and compliance with Southwest IT Security policy.
  • Reviewed, recommended, and led projects to implement new policies, best practices, and technologies.
  • Supported and consult with colleagues across all of Information Technology on secure system architecture and configuration.
  • Supported organizational and departmental security planning and implementation.
  • Supported and enhance the patch management process.
  • Created and reviewed security reports and automated alerts.
  • Supported organizational compliance with Sarbanes Oxley controls and IT Security process and procedures.
  • Participated in the development of, manage and maintain an agency Data Classification process where sensitive data that is housed within agency applications can be identified and cataloged.
  • Researched and make recommendations for further protecting sensitive data and provided additional security technologies to serve this purpose.
  • Assisted with the process of performing application code reviews, system vulnerability assessments, and penetration testing to test the strength of the agency computing environment.
  • Assisted with the Server and Network Hardening processes performed by the infrastructure teams and perform Hardening Validation testing to ensure that policies and guidelines are being adhered to.
  • Researched and recommend the appropriate levels of infrastructure security required for the Virtualized, Middleware, and Database environments, and managed the administration of security on these platforms to ensure that adequate controls are in place.
  • Assisted with the process of implementing and maintaining current and supported levels of Anti-Malware and Anti-Spam technologies to protect the agency computing environment.
  • Assisted with the implementation and administration of Data Loss Prevention technologies including but not limited to Full Disk Encryption, Removable Media Encryption, and port protection technologies.

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

Your data is safe with us

Any information uploaded, such as a resume, or input by the user is owned solely by the user, not LiveCareer. For further information, please visit our Terms of Use.

Resume Overview

School Attended

  • UniJos
  • Western Governors University
  • The SANS Technology Institute

Job Titles Held:

  • Cloud Security Vulnerability Engineer
  • Cloud Security VTM Engineer
  • Cloud Security Vulnerability Engineer
  • Cybersecurity Analyst

Degrees

  • Bachelor of Science
  • Master of Science
  • Certificate of Completion

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

*As seen in:As seen in: