Lead Engineer, Risk Management
CurrentI was promoted to oversee the core strategies, product roadmaps, and quarterly business objectives and measurements for security, vulnerability, and risk operations in support of 14K+ users.Additional Responsibilities - Collaborate with Chief Information Officer (CIO) to align business objectives with technical requirements and capabilities, establishing long-term strategies to improve daily security procedures and standards.- Partner with systems, networking, and server teams to communicate vulnerability and risk trends based on daily scans and reports. Design strategic plans that leverage automation to address potential intrusions or outages.- Manage vulnerability management tools and partners, including vulnerability scanners, vulnerability prioritization tools, attack surface discovery/management tools, and threat intelligence tools, to shape remediation efforts, acting as liaison between technical advisors and teams responsible for remediation. - Establish and maintain relationships with varying vendors for claims auditing processes.Select Achievements- Improved overall company security and enhanced understanding of common threat actors by establishing Threat Intel team from scratch. Implemented Alerting & Detection Strategy framework, developed standardized team processes, and created actionable alerts based on frequent incident types.- Reduced overall number of incidents and enabled incident responders to concentrate on additional projects by creating specific priorities and hierarchies based on types of alerts from incident management response tool.- Played pivotal role in standing up Attack Surface Management tool to automatically scan assets by defining alert processes, triage procedures, and approval of items for red teaming.- Increased company’s CMMC security rating from Level One to Two through implementation of automated procedures.