Vulnerability Management Cloud Security
Resume:
Johnnie Parker New York, NY ***********@*****.*** 914-***-**** Linkedin.com/in/JohnnieParker
SECURITY PROFESSIONAL CLOUD SECURITY & VULNERABILITY MANAGEMENT EXPERT
Cybersecurity professional with almost a decade of experience leading vulnerability management and cyber risk reduction across cloud, container, on-prem, financial, and OT environments. Proven track record of translating technical security findings into executive-level insights and aligning remediation strategies with governance frameworks. Skilled in threat modeling, cross-functional coordination, and secure system design reviews. Experienced in building remediation playbooks, automating risk intelligence, and enabling mission-aligned cyber resilience through stakeholder engagement and technical depth.
Professional Experience
Alcority Attack Surface Reduction Engineer New York, NY JAN 2024 – JAN 2025
Drove threat reduction across 12 portfolio orgs, achieving an 85% reduction in critical vulnerabilities across AWS, Azure, containers, and on-prem.
Led security assessments and CVE triage using CVSS v3.1, vector chaining, and exploit analysis to prioritize risk mitigation.
Built Python-based automation for correlating scan data, asset risk, and vulnerability vectors; integrated into GRC and remediation pipelines.
Conducted tooling PoCs and contributed to security design reviews; mapped risks using MITRE ATT&CK and generated KPI dashboards via Axonius.
Partnered with engineering teams to align remediation playbooks with CMMC, CIS, and NIST 800-53 frameworks.
Bank of NY Mellon VP, Sr. Vulnerability Management Specialist (Technical Manager) New York, NY AUG 2019 – FEB 2023
Managed vulnerability operations across 600K+ systems; reduced exposure by 75% via structured triage, impact modeling, and SLA tracking.
Delivered code-level guidance and remediation logic to developers based on risk scoring, exploitability, and business function.
Automated reporting pipelines using Python, supporting audit, compliance, and executive metrics.
Reviewed source-level application logic in collaboration with development teams to identify insecure coding patterns during patch validation.
Co-led an internal task force to define risk quantification models for AI/ML workloads and supported integration of security signals into SOC dashboards.
Embedded security reviews into CI/CD environments and supported posture management tooling selection (Wiz, Dome9, Defender).
Vaco Consultant (Contract) Sr. Security Consultant Hoboken, NJ JAN 2019 – JUNE 2019
Led design and rollout of a vulnerability management program during a TSA transition, deploying Qualys and Tenable across global assets.
Created SOPs, triage workflows, and remediation playbooks; advised teams on prioritizing security risks based on real-world threat models.
Drove technical documentation and security risk communications to product and infrastructure stakeholders.
Conducted internal training sessions on vulnerability classification, secure remediation techniques, and real-time prioritization logic for risk owners.
Built asset-risk correlation maps across business units to highlight exposure concentration and influence backlog prioritization across engineering teams.
TD Ameritrade Security Engineer Jersey City, NJ MAY 2016 – OCT 2018
Managed vulnerability scanning across Windows, Linux, macOS, and Unix environments; increased scan coverage by 35% and improved detection accuracy.
Assessed platform-level vulnerabilities and security misconfigurations; applied CVSS scoring and threat modeling to prioritize remediation.
Evaluated emerging vulnerability management tools by conducting in-depth product assessments, comparing detection logic, reporting fidelity, and integration capability.
Built and maintained automated Python dashboards to centralize SOX audit controls, compliance metrics, and remediation timelines.
Partnered with DevOps and GRC teams to align vulnerability data with infrastructure code standards and policy enforcement.
Technical Proficiencies
Security Engineering & Architecture: Network/Endpoint Security, Vulnerability Management, EDR, Firewalls, SIEM
Cloud Security & DevOps: AWS, Azure, GCP, Kubernetes, Docker, Infrastructure as Code, GitLab
Partner & Stakeholder Engagement: Technical Evangelism, Solutions Enablement, C-Level Presentations, MSSP Operations, Internal Training
Automation & Scripting: Python, PowerShell, Bash for security automation and process optimization
Service Delivery & Offerings: PoC/RFP Management, Product Demos, Partner Collaboration, Security Compliance (CMMC, NIST, CIS,SOX)
Tools & SaaS Platforms: Qualys, Tenable, Wiz, Artifactory, Defender, Splunk, Sentinel, SNOW, Axonius, Snyk, Palo Alto, CrowdStrike, InsightVM
Certifications: Network +, Security +, Linux +, Cloud+, AWS Cloud Practitioner, Qualys VM & PC Specialist, CISSP (Pending)
Education
Udemy: Sales Engineer and Solutions Engineer: Technical Sales Training JAN 2025
NPower
AWS Certified Solutions Architect / Brooklyn, NY June 2019 – SEPT 2019
12-week program by Amazon & Accenture on AWS cloud optimization and architecture
Cyber Symantec Career Connection / Brooklyn, NY FEB 2016 - AUG 2016
26-week cybersecurity training covering multiple security domains
Tech Fundamentals: Networking & Systems Administration JAN 2015-JULY 2015
Bachelor of Engineering (BEng) in Mechanical Engineering University of New Orleans New Orleans, LA AUG 2012 – JAN 2014
Completed 40 credits toward degree.
Contact this candidate