Vulnerability Management Cyber Security

JOSE GARCIA

Lake Placid, Florida *************@*****.*** 706-***-**** https://www.linkedin.com/in/AJoseGarcia PROFESSIONAL SUMMARY

Proactive (Hands on) Senior Threat and Vulnerability Engineer, disrupting intrusion attempts before they occur by using tools and process to discover and categorize vulnerabilities on premise and cloud environments. SKILLS

• Qualy’s Vulnerability Management VMDR/ PC/PCI/Containers/WAS/CSAM certified

• AI Fundamentals,

• Cloud computing vulnerability support at all levels server and serverless.

• Scanning, Identifying vulnerabilities Severity (CVSS, CVE, others)

• Infrastructure and Web and Cloud Application vulnerability experienced

• Report generations and documenting process and procedures and recommending mitigations.

• Service Now, Qualys, Rapid 7, Wiz experienced among others

• Process & Performance Improvements

• Technological integration of Vulnerability management tools and others

• Project Documentation

• Technical Analysis, process Vulnerabilities around analysis and provide recommendations

• Quality Assurance & Risk Assessment

• Experienced in Security Operations Centre Support, IAM Security vulnerabilities, data vulnerability understanding.

• Project Management – migrations to AWS security experienced

• PCI-DSS, SOX, HIPAA, ITIL, NIST, FIM

WORK HISTORY

Senior Cyber Security Vulnerability Management Analyst - Engineer Kaseya Corporation 2024 - 2025

Senior Security Vulnerability Management working with Junior Analysts assisting them with escalate issues using past experience to mentor and bring up analyst to higher level.

Rapid 7, Wiz among several other tools work.

Produce senior level vulnerability reporting and analysis to management and work on escalated iss ues

Produce recommendations to improve scanning and vulnerability tool collection of data document improvements and new processes

Senior Cyber Security Vulnerability Management Engineer Hertz Global Corporation 2021 - 2024

Managed the Threat and Vulnerabilities Program – CrowdStrike, Qualys VMDR and Wiz (i.e. process improvement, scan results, consistent patching and remediation efforts), increasing the business ability to identify, classify, remediate, mitigate weaknesses in the environment and meeting compliance requirements, leading to 34% decrease in malicious attacks.

Acted as a point of escalation for Qualys, Rapid, Scans and agents for vulnerability management to SOC and provide guidance and mentoring to associate security Engineers and Analysts escalations.

Contributed to the architecture security reviews and consult on creating compliance processes that improve the security of Key’s products, platforms, and services.

Managed Administer Qualys PCI Security Module as Engineer working with Compliance to created Reporting, SOX and other Compliance requirements and risk assessments.

Completed end-to-end transition for multiple Managed Security Service providers, resulting in

$280K in yearly savings..

Conducted security assessments and scans on the company's systems, boosting productivity by 69% in the first year of implementation in resolving and detection of vulnerabilities.

Senior Global Cyber Security Vulnerability Management Engineer & Team Lead OpenText 2019 - 2021

Led the evolution of the Global Qualys (VMDR) Threat and Vulnerability Management Program operating in 42 countries with 68000 IP’s scanned weekly, resulting in the decommissioning of 227 legacy servers and updating the patch policies and procedures to meet the monthly compliance requirements.

Advised on enterprise information security policies, technical standards, guidelines, Procedures and other elements of an infrastructure necessary to support information security in compliance with established company policies, regulatory requirements and generally accepted information security controls.

Increased retention of IT professionals from 53% to 81% by working with employees on career development, creating performance improvement plans, increasing employee engagement, recognition, and weekly one-on-one meetings.

Streamlined incident response processes for faster containment and mitigation of threats.

PCI, FIM, SOX among multiple support areas for Compliance. Security Threat & Vulnerability Analyst Synovus Financial Corp. 2017 - 2019

Security TVM functions with Qualys VMDR to include PCI, Risk, Container, and Policy Compliance.

Managed the System Center Configuration Infrastructure which includes patching, packaging, compliance baselines, Windows upgrades for 9k devices.

Managed security testing and evaluation on production and integration systems and building residual risk reports.

Performed penetration testing to remediate vulnerabilities in web applications, improving security posture by 41%.

Analyzed security incidents that reduced the time to detect and respond to security incidents by 24 hours in the first year and increased team efficiency by 17%.

Reduced the company's vulnerability to cyber threats by developing and enforcing comprehensive security policies.

Achieved 99% uptime for all network systems and secured data within organizational guidelines; implemented new technologies to improve performance and reliability. EDUCATION

Computer Engineering – Miami Dade College and Barry University 1998 Training & Courses:

Generative AI Fundamentals

Certified Information Systems Security Professional (CISSP) (Course Completion and

Candidate)

Interconnecting Cisco Network Devices (ICND)

Pent Test+

AWS Practitioner course passed

VMware vSphere: Troubleshooting

Microsoft Scripting with PowerShell

Symantec Security Management Systems

Project Management certified training

Microsoft Certified Systems Engineer

ACCOMPLISHMENTS

Military Service – US Naval Air Division 6 years – Petty Officer

Contact this candidate