Discover Financial Services
Resume:
OYEDAPO OYEBAMI
**********@*****.***
Odenton, MD
CAREER SUMMARY
A cybersecurity professional with over 10 years of practical expertise utilizing industry-leading Vulnerability Management tools including Qualys, ServiceNow, Power BI, Tenable.sc, Rapid7, Prisma, Tenable.io, Crowdstrike-Spotlight, Crowdstrike, Sysdig, Datadog, JFrog, Cloud Security, Lansweeper, Airwatch, Cloud Security, and Nessus Manager. Proficient in detecting and addressing vulnerabilities within both on-premises and cloud environments. Skilled in areas such as, Change Control, Compliance, Risk Management, and Possesses extensive background in asset discovery, vulnerability assessment and management, risk mitigation strategies, system fortification procedures, audit processes, compliance scans execution and remediation efforts.
EDUCATION
Morgan State University–Bachelor of Science
CERTIFICATES
CompTIA Security+ ce
CompTIA Network+ ce
ISAKA Certified Information Security Manager (CISM)
Rapid7 InsightVM Certified Administrator
Qualys Certified Specialist
TECHNICAL SKILLS
Led the deployment of ServiceNow–Qualys automation, integrating Qualys APIs with the Vulnerability Response Module (VRM) to streamline end-to-end vulnerability lifecycle management.
Managed Rapid7 InsightVM vulnerability lifecycle, including site creation, scan scheduling, dashboard customization, and remediation tracking to improve organizational risk visibility and response.
Configured and optimized authentication scans in Qualys, Tenable.io, and InsightVM, enabling accurate vulnerability detection across diverse asset inventories.
Developed and customized dashboards in ServiceNow VRM, Qualys, Tenable, and InsightVM to provide actionable insights for system owners and executive stakeholders.
Oversaw and prioritized vulnerability remediation tasks and incident tickets within ServiceNow, ensuring timely closure and compliance alignment.
Built tailored workflows in ServiceNow VRM to support False Positive validation and Risk Acceptance/Exception management, improving process governance.
Utilized InsightVM’s Remediation Projects and Live Dashboards to track remediation SLAs and improve collaboration across security and infrastructure teams.
Collaborated with CMDB teams to enhance CI lookup rules using OS keywords, increasing the accuracy of vulnerability-to-asset matching in ServiceNow.
Performed credentialed and non-credentialed scans using Qualys, Tenable, and InsightVM, fine-tuning scan coverage and depth across hybrid cloud environments.
Created asset groups and tagging strategies in Qualys, Tenable, and InsightVM to segment vulnerabilities based on business units, OS, and environment types.
Monitored cloud misconfigurations and vulnerabilities across AWS and Azure, integrating findings into ServiceNow for streamlined tracking and remediation.
Produced detailed, risk-based reports using custom templates in Qualys, Tenable, and InsightVM, supporting security reviews, audits, and board-level reporting.
Managed the full vulnerability case flow, including CVE-based alerts, cloud misconfigurations, and system-level weaknesses, driving timely triage and escalation.
Coordinated with IT, Security, and Cloud teams to assign unowned vulnerabilities, reducing reassignment delays and enhancing remediation accountability.
Provided security leadership and mentorship, actively contributing to a culture of collaboration, continuous improvement, and vulnerability risk awareness.
PROFESSIONAL EXPERIENCE
Discover Financial Services Riverwoods, IL
Vulnerability Management Engineer May 2021 – Present
Spearheaded the configuration and optimization of Qualys, Tenable.sc, and Tenable.io for enterprise-wide vulnerability scanning and assessment.
Led the ServiceNow-Qualys integration, automating vulnerability lifecycle management using Qualys APIs and ServiceNow’s Vulnerability Response (VR) Module.
Defined and tested seamless data ingestion between Qualys and ServiceNow, enhancing vulnerability tracking and remediation workflows.
Streamlined vulnerability remediation by prioritizing risks within ServiceNow, aligning with business-critical asset classifications.
Conducted vulnerability assessments leveraging MDVM, Tenable.one, and Microsoft XDR to identify and prioritize critical risks based on exploitability (EPSS, CVSS) and threat intelligence.
Performed credentialed and non-credentialed scans for Windows, Linux, databases, web applications, and network devices across cloud and on-prem environments using Qualys and Tenable.
Performed quarterly PCI vulnerability scans, ensuring internal and external scanning requirements were met, and provided Attestation of Compliance (AOC) reports.
Mapped PCI DSS findings to CVSS scores, asset criticality, and compensating controls, prioritizing high-risk vulnerabilities affecting payment systems.
Integrated Qualys and Tenable.io with ServiceNow VR to automate PCI compliance tracking, ticket creation, and risk-based remediation.
Developed and implemented an automated workflow for False Positive and Risk Exception management, improving assessment accuracy.
Designed custom dashboards in ServiceNow VR Workspace for real-time remediation tracking and executive-level insights.
Partnered with Security Operations, Cloud Security, and Infrastructure teams to identify high-risk vulnerabilities and collaborated with business units to drive risk-based remediation decisions.
Led zero-day vulnerability tracking, providing actionable intelligence via daily ThreatCon dashboards and real-time alerts.
Provided regular updates to stakeholders on vulnerability lifecycle progress, including remediation roadblocks and expected timelines, to ensure transparent communication and accountability.
Utilized Nessus, CrowdStrike, and CMDB for post-patching validation, ensuring successful vulnerability remediation.
City National Bank MIAMI, FL
Threat and Vulnerability Management Analyst April 2017 – April 2021
Installed, configured, and managed agents in a corporate setting, aligning them with Rapid7 InsightVM platforms.
Performed comprehensive network scans, agent evaluations, and container assessments, including credential checks for Unix, Windows, network devices, and VMWare.
Performed risk-based vulnerability prioritization using InsightVM's Real Risk Score, focusing on exploitability and asset criticality.
Analyzed scan results, CVSS scores, and exploitability metrics to prioritize vulnerabilities based on risk.
Assessed vulnerability case backlog to identify trends by application, business unit, and vulnerability type, providing actionable insights for prioritization.
Developed and delivered vulnerability health reports for stakeholders and leadership using Power BI and Excel, highlighting remediation performance, aged vulnerabilities, and risk trends.
Created weekly and monthly vulnerability metrics dashboards to track SLA compliance, remediation progress, and backlog reduction.
Configured reliable data flow into Power BI by establishing connections with Rapid7 for real-time and scheduled vulnerability data.
Designed and built interactive Power BI dashboards providing visibility into vulnerability metrics, including severity, affected assets, and remediation status.
Implemented and maintained KPIs and visualizations to highlight critical metrics such as high-severity vulnerabilities, aging vulnerabilities, patch compliance rates, and open versus resolved vulnerabilities.
Automated vulnerability reporting and remediation tracking through ServiceNow Vulnerability Response integration.
Classified and prioritized vulnerabilities based on CVSS score, asset criticality, and exposure, enabling IT and security teams to focus on impactful issues.
Analyzed business unit remediation efforts and case closure metrics to establish guardrails for remediation quality, ensuring consistent vulnerability resolution across the organization.
Monitored PCI DSS scan reports and collaborated with system owners to remediate non-compliant assets before QSA audits.
Collaborated with IT and security teams to communicate findings effectively, ensuring actionable insights on high-priority vulnerabilities.
PRO SAVVY/Chenega Corporation/C2 Alaska/Contract Washington, DC
Cyber Threat and SOC Analyst March 2016 – March 2017
Execute containment of compromised hosts and initiate remediation efforts.
Conduct proactive remediation measures such as blocking and taking down malicious IOCs through RecordedFuture and Anomali.
Utilize Service Now to log, categorize, and escalate tickets to the appropriate teams.
Develop work notes templates integrated into Service Now to streamline ticket creation and enhance consistency across the team.
Review incident analyses and provide feedback to junior analysts.
Utilize Tanium to track and identify assets and end users during investigations.
Assist in suppressing false positives through Splunk notables.
Take a leadership role in threat detection and incident response activities.
Monitor, defend, and safeguard perimeter interfaces against malicious network traffic using Splunk ES.
Provide threat intelligence and an additional layer of defense against cyber-attacks and advanced persistent threats (APTs) using tools like Anomali ThreatStream and FraudWatch Security.
Collect and analyze security data to identify potential anomalies in the security environment and mitigate any risks and vulnerabilities.
Employ all three industry-accepted methodologies: Hypothesis-driven investigation, IOC-driven investigation, and Machine learning investigation to guide threat hunting efforts.
Conduct dynamic analysis through Malware Code Analysis Platform (MCAP) to dissect malware and observe behavioral indicators.
Utilize packet sniffer tools such as Wireshark to capture packets and store data for offline analysis.
Perform additional investigations within the client's area of responsibility for malicious activity or signs of lateral movement within the environment.
Conduct network analysis of egress and ingress traffic to inform determinations and recommendations during investigations.
Contact this candidate