Risk Management Cloud Security
Resume:
NETHRI AITHA
Ph: 740-***-****
Email: ***********@*****.***
Cybersecurity Professional Risk Management Cloud Security Compliance Results-driven IT Security professional with 10+ years of experience specializing in Cybersecurity, Policy Compliance, Risk Management, and Vulnerability Management. Proven track record across consulting and enterprise environments, including Fortune 500 corporations and diverse industry sectors.
Profile Snapshot
• Security Risk Assessments: Extensive experience performing end-to-end risk assessments, identifying threats, and developing mitigation strategies.
• Cloud Security Architecture: Hands-on experience migrating workloads to the cloud and designing secure architectures in AWS, Azure, and GCP.
• GRC Expertise: Proficient in Archer eGRC, leveraging it for governance, risk, and compliance processes.
• CSPM & Cloud Auditing: Conducted numerous security audits using cloud-native tools and CSPM tools like Prisma Cloud to ensure compliance and secure cloud configurations.
• Security Automation: Built tools and automated processes for enhanced Security Risk Management and operational efficiency.
• Regulatory Compliance: Implemented and validated security controls for standards including PCI DSS, HIPAA, NIST 800-53, CIS Benchmarks, and HITRUST in both on-premises and cloud environments.
• Application & Code Security: Skilled in Dynamic and Static Application Security Testing (DAST/SAST), including manual code reviews and Infrastructure as Code (IaC) analysis.
• DevSecOps: Developed and integrated DevSecOps pipelines, embedding security into the CI/CD process.
• Web Application Security: Hands-on remediation of vulnerabilities related to OWASP Top 10 and SANS Top 25.
• Process Optimization: Adept at implementing scalable, business-aligned security methodologies to support enterprise goals. Core Competencies
Platforms Windows Server 2008, Server 2012, RHEL 6/7, Solaris, AIX 6, AIX 7 Languages Python, SQL, RQL, HTML, Java Script
Pentesting Tools Burp Suite, OpenVAS, Nmap, Nipper, Wireshark, Nessus, Maltego, Metasploit Applications MS Visual Studio Code, Tableau, SharePoint Designer 2014, Sql Server Protocols TCP/IP, UDP, SNMP, SMTP, and HTTP
Security Tools Splunk, Qualys, Veracode, Checkmarx, Archer eGRC, Fortify WebInspect, UCMDB, SD Elements Cloud Security Tools Prisma Cloud, Microsoft Defender, Sentinel, Entra Career Contour
Cyber Security Risk Manager
CVS Health, Remote Mar ‘18– till date
• Performed security risk assessment on 2000+ projects and involved in complete project life cycle.
• Identified vulnerabilities posing a high risk to the business and communicated them to the appropriate stakeholders for remediation, resulting in improved security posture and increased attack resiliency.
• Performed manual code reviews on database development and mainframe languages.
• Conducted vulnerability assessments and audits using Prisma Cloud to identify and mitigate security risks in the cloud environment.
• Extensively used Prisma Cloud to develop custom policies using RQL, map to controls, identify and remediate alerts etc.
• Worked with Control Owners to create controls and controls procedures with Archer for all the business units.
• Conducted risk-based audits aligned with NIST, ISO 27001, and CIS frameworks, identifying gaps in access control, configuration management, and incident response.
• Evaluated and validated technical controls for applications and systems, ensuring compliance with internal policies and external regulatory requirements (e.g., GDPR, HIPAA, SOX).
• Performed Application Risk assessments and third-party risk assessments within Archer.
• Worked with application teams to create and document findings, remediations plans, exceptions in Archer.
• Worked on projects and performed security risk assessments migrating from On Premise to Cloud (AWS, GCP and Azure).
• Worked closely with development teams to triage findings and guide secure coding practices based on SAST/DAST results.
• Improved scan accuracy and reduced false positives by fine-tuning SAST/DAST configurations and custom policies.
• Automated application scanning using Checkmarx and Veracode APIs and integrated results into JIRA for centralized vulnerability tracking and remediation.
• Worked with application teams to integrate security tools into their CI/CD pipeline.
• Utilized Twistlock (Prisma Cloud Compute) to scan container images for vulnerabilities across on-premises and cloud-native environments
(AWS, Azure, GCP).
• Utilized BI tools such as Tableau, in conjunction with Python scripts, to design and develop automated dashboards delivering real-time insights into KPIs and security metrics.
• Integrated BI platforms with various data sources including SQL databases, cloud services (AWS/GCP/Azure), and security tools (Splunk, Qualys, Veracode) to centralize reporting.
• Translated complex data sets into clear, visually compelling dashboards to support strategic decision-making across cybersecurity and IT functions.
• Integrated low-code apps with REST APIs, databases, and third-party systems (e.g., ServiceNow, SharePoint, Azure, Jira) to enable seamless data flow and automation.
• Integrated Prisma Cloud with CI/CD pipelines to automate Infrastructure as Code (IaC) security scans for Terraform templates, enabling early detection of misconfigurations and policy violations before deployment.
• Designed and implemented custom security policies in Prisma Cloud to enforce organizational standards, ensuring secure-by-design IaC practices across multi-cloud environments (AWS, Azure, GCP).
• Supported internal and external IT audits by providing documentation, technical evidence, and walkthroughs of security controls and configurations.
• Participated in technology audits and control assessments using Archer eGRC to monitor risk, document controls, and manage findings.
• Configured and monitored IAM policies and audit logs in Okta, PingOne, and Microsoft Entra to secure cloud access and support identity lifecycle management.
Sr Consultant, Information Security
ERCOT, Austin TX May ‘17– Feb ‘18
• Conducted manual/Automated security assessments on web applications. Identified critical vulnerabilities and developed proof-of-concept exploits that allowed the business to understand the risk, resulting in speedy remediation.
• Automated Veracode assessments using Jenkins.
• Conducted manual verification to identify False Positives.
• Perform/oversee security testing and manage remediation of identified vulnerabilities.
• Utilized Veracode to perform static code analysis across multiple applications, ensuring compliance with OWASP Top 10.
• Involved in Penetration Testing and review of reports generated by external pen testing team.
• Develop security testing plans and integrate into the software development lifecycle such as Agile.
• Worked with DevOps, Development and QA to ensure code, platform, and application are secure against real-world threat actors before being promoted into production.
• Built REST API integrations for CI/CD pipelines, enabling dynamic security checks and reporting as part of the DevSecOps process.
• Monitor and proactively report on current threats and vulnerabilities to application security.
• Conducted manual/automated code reviews to identify security threats during development.
• Generated technical reports containing security-based findings.
• Trained staff regarding web application evaluation tools.
• Developed customized tools for Security Assessment as per the needs. Sr Analyst, Information Security Jul ‘15– Apr’17
Capital One, Plano TX
• Performed Security risk assessment for wide variety of projects and involved in complete project life cycle.
• Worked on several systems/servers to meet predefined minimum-security baselines to ensure all the systems are up to date with latest patches and firmware.
• Perform vulnerability assessments using automated tools Fortify WebInspect, Veracode, Qualys, Qualys WAS etc.,
• Improved scan accuracy and reduced false positives by fine-tuning SAST/DAST configurations and custom policies.
• Performed penetration testing using Burp Suite, Web Scarab.
• Worked with the Sr. Security Architects and Risk Management teams to report any Risk exceptions / Business variances and helped remediate several vulnerabilities lowering the risk of the project and created risk exceptions to meet project timelines.
• Conducted security reviews on SSL certificate requests.
• Worked with project team members and developers to implement secure coding practices.
• Maintained and supported low-code applications post-deployment, implementing enhancements and troubleshooting issues to ensure business continuity.
Alcon Laboratories, Fort Worth, TX Nov’14 –Jun’15
SQL Developer
• Actively participated in interaction with users, team lead, DBAs and technical manager to fully understand the requirements of the system.
• Developed several stored procedures and database objects as per business needs.
• Developed Logical and physical data model using ERWin and mapped the data into database objects.
• Used Joins, correlated and non-correlated sub-queries for complex business queries involving multiple tables from different databases and implemented triggers and stored procedures and enforced business rules via checks and constraints.
• Created indexes on selective columns to speed up queries and analyses.
• Resolve and troubleshoot complex issues.
• Participated in all phases of SDLC starting from analysis to delivery of the application development projects and supported enhancements and maintenance of existing applications.
• Involved in performance tuning of SQL queries and stored procedures using SQL Profiler and Database Engine Tuning Advisor.
• Developed Tableau reports and created dashboards for senior management based on multiple database sources. Education
Bachelor of Technology in Information Technology Jun ‘07– May ’11 Jawaharlal Nehru Technological University, Hyderabad, India Certifications
• CEH Certified
• CompTIA Security+ Certified
• AWS Certified Solutions Architect.
• Microsoft Certified Azure Fundamentals
• Microsoft Certified Sql Server Developer
Contact this candidate