Security Analyst It
Resume:
Ganga Pruthvi Reddy Duvuri
Email: *******.****@*****.***
Phone: +1-945-***-****
LinkedIn: www.linkedin.com/in/ganga-pruthvi-reddy-duvuri-9340a7169 PROFESSIONAL SUMMARY:
Cyber Security Engineer with 11 years of experience and leading the portfolio of IT Security Governance, Risk
& Compliance (GRC).
Perform assessments for various clients (Banking, Telecom & Airline) across the globe in accordance with regulatory requirements and industry standards or best practices, such as:
PCI-DSS (Payment Card Industry Data Security Standards)
ISO 27001:2022
SOC1, SOC2
NIST
CSA STAR (Cloud Security Alliance, Security Trust Assurance Risk)
SOX
ISO 42001 (Artificial Intelligence Management Systems)
FED RAMP
HIPAA
Client audit assessments.
Continuously monitor AWS infrastructure to identify non-compliant Amazon Machine Images (AMIs) and remediate them by terminating or patching with the latest security-hardened images.
Strengthening Application & Cloud Security by integrating tools like Qualys, WIZ, Black Duck, Splunk, Check Marx, Aqua, Snowflake etc. and enhancing vulnerability management and compliance.
Perform quarterly User Access Reviews and Firewall Reviews in alignment with PCI DSS, ISO 27001 and SOC2 compliance standards.
Designed and implemented technical safeguards in AWS, including, Encryption at rest and in transit (using AWS KMS and TLS 1.2+), Access control and IAM policies enforcing least privilege, Centralized logging and monitoring using AWS CloudTrail, CloudWatch, and integration with SIEM tools.
Supported implementation of Information Security Management Systems (ISMS) aligned with ISO/IEC 27001:2022 standards.
Perform Gap Analysis, Risk Assessment, Architecture design and review, Information Security Audit and Third Party Vendor Risk Management [VRM].
Conducted Internal and External Audits. Performed Risk Assessments and providing Audit support wrt Internal (ITGC Testing for in scope Applications) and External Audits (SOX).
Monitoring and providing Security to Business and Consumer applications hosted in On-Prem and AWS Cloud environment.
Reviewed and updated Security Policies and procedures to align with PCI DSS v4.0 standards, covering areas such as password complexity, incident response, and change management.
Review of systems (Operating Systems, Network devices, Application and Databases) and identification of risk associated with access controls, logical security, network Security, logging/monitoring, vulnerability assessments, system hardening, secure software development, etc.
Maintained a comprehensive Risk register, performing Risk Assessment & Risk Treatment to identify, assess, and mitigate security risks effectively.
Good hands-on experience in Incident Management, Problem Management, Change Management, Operational Management & Threat Modelling activities.
Conducted Disaster Recovery Drills for AWS and internal networks, ensuring business continuity and adherence to compliance standards.
PROFESSIONAL CERTIFICATIONS:
Certified Lead Auditor, ISO 27001:2022
Certified Lead Implementer, ISO 42001 Artificial Intelligence Management Systems AWS Certified Solutions Architect (AWS-SAA)
AWS Certified Cloud Practitioner (AWS-CCP)
Certified Payment Industry & Security Implementer (CPISI-Advanced) TECHNICAL SKILLS: -
Category Tools & Technologies
Security Standards
PCI-DSS (Payment Card Industry Data Security Standards), ISO 27001:2022, ISO 42001 AIMS, SOC2, NIST, CSA STAR, FedRAMP, SOC1, SOX & Client Audit Assessments
Cloud Platforms
AWS (EC2, IAM, VPC, Amazon Guard Duty, Amazon Inspector, Cloud Watch, Cloud Trail, AWS Certificate Manager, AWS Secrets Manager) Tools
Red Hat Identity Manager (RHIM), Qualys, Netography, AppDynamics, Process Unity, Black Duck, Aqua, Checkmarx, Wiz, Cortex XDR, RSA Archer, Service Now, JIRA, Splunk, Torq, Snowflake, DataDog, SailPoint, OKTA, CyberArk. Operating Systems Windows, Linux & Unix
Professional Experience:
Client: FICO, Bozeman, Montana Mar 2020 – June 2025 Role: Cyber Security Senior Engineer
Responsibilities:
As part of the Cybersecurity GRC (Governance, Risk & Compliance) team, currently conducting PCI DSS attestation efforts for various in-house developed FICO products used by all banking customers in the USA.
Conduct quarterly reviews of AWS Security Groups (Firewall Review) to identify misconfigurations or non- compliance with security policies. Provide detailed findings and actionable remediation recommendations to all Banks, ensuring alignment with internal security standards and regulatory requirements.
Conduct Biannual User Access Reviews for both application and system users to ensure adherence to PCI DSS v4.0 requirements. This includes validating access rights based on roles and responsibilities, identifying excessive or outdated permissions, coordinating with business and technical teams for remediation, and submitting detailed review reports and evidence to the QSA/Auditor to support PCI compliance audits.
Support the product team during development activities by applying Secure by Design principles and perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) to identify and remediate security vulnerabilities early in the software development lifecycle.
Assessing findings and articulating the risks in the context of a client's risk management framework and recommend areas of improvement.
Exposure to the Information Security Management System (ISMS) framework, including performing detailed gap analyses to identify areas of non-compliance with ISO/IEC 27001:2022 requirements.
Assist customers throughout the implementation process, defining the scope of the ISMS, identifying applicable controls based on Annex A.
Collaborate with Auditors and Qualified Security Assessors (QSAs) for scope discussions and technical interviews. Responsible for preparing asset inventories, performing gap assessments, finalizing the assessment scope, and creating sample sets for evidence collection and audit readiness.
Ensuring all departments, functions, and teams in enhancing adherence to information security policies, procedures, and regulatory requirements to improve overall compliance and mitigate security risks.
Conducting internal audits of various management systems, focusing on security controls and ensuring compliance with contractual, regulatory, and industry-specific security standards and obligations. Environment & Tools : AWS, RHIM (Red Hat Identity Manager), Amazon IAM (Identity and Access Management), Amazon Guard Duty, JIRA, Splunk, Torq, Snowflake, DataDog, SailPoint, OKTA, CyberArk & Service Now. Client: AIRBUS, Herndon, Virginia Sep 2018 – Mar 2020 Role: Information Security Engineer
Responsibilities:
Implemented strong Access Controls and identity federation across PCI and ISO 27001 aligned systems using MFA, Role-Based Access Control (RBAC), and AWS IAM policies (for cloud-hosted systems) for Aircraft A350 & A380 families.
Designed and implemented Compliance monitoring frameworks, including setting up dashboards and management reporting mechanisms to track audit and compliance status
Oversaw implementation of log collection and monitoring systems (SIEM) to detect anomalies and support PCI DSS Req. 10.
Directed the implementation and provided strategic advisory for ISO 27001:2022 compliance across enterprise IT systems and within the aerospace manufacturing domain.
Validated deployment of encryption protocols (TLS 1.2+, AES-256) for Cardholder data in transit and at rest across on-prem and cloud environments.
Worked with QSAs to complete ROC (Report on Compliance) and SAQ D documentation, ensuring all payment systems met PCI DSS v4.0 standards.
Contributed to drafting policies, procedures, and controls for data protection, access management, incident response, and business continuity.
Managed vulnerability and patch management programs for both PCI and ISO-scoped systems using tools like Tenable, Qualys, AWS Inspector, and coordinated remediation with internal IT/OT teams.
Developed and maintained Statement of Applicability (SOA), risk registers, and control matrices specific to high-value manufacturing assets and sensitive R&D data.
Consulted on secure system development lifecycle (SSDLC) and secure cloud migration strategy in coordination with DevOps and aerospace platform engineers. Environment & Tools: AWS, Splunk, Linux, FTS, Amazon Cloud Watch, AirNavX, AirnavV3, Skywise Airbus. Client: T-Mobile, Bellevue, Washington Jul 2016 – Aug 2018 Role: Product Security Engineer
Conducted full-spectrum PCI DSS v4.0 audits across T-Mobile billing platforms & payment gateways aligning cardholder data environments (CDEs) with segmentation standards and completing ROC support with QSA teams.
Conducted AWS Security Group and VPC firewall rule reviews quarterly detecting lateral exposure, unused rules, and overly permissive CIDR blocks. Worked with network security engineers to implement NACLs, VPC endpoints, and tighter route table controls to restrict CDE ingress/egress.
Collaborated with GRC, Legal, and Engineering to ensure compliance with GDPR, incorporating data handling, encryption, and retention controls directly into cloud-based storage and messaging architecture.
Used Splunk to correlate logs and detect anomalies in telecom customer identity access, aligning log retention, alerting thresholds, and compliance dashboards to PCI and internal T-Mobile standards.
Executed fine-tuned AWS Security Group audits to detect misconfigured firewall rules across customer- facing and internal telecom workloads. Integrated Guard Duty findings with Splunk SIEM for near real-time anomaly tracking and response.
Managed remediation planning, evidence collection, and QSA engagement lifecycle for PCI DSS and internal audit readiness, reducing external dependency by building internal playbooks and mapping control artifacts to audit requirements.
Led Continuous Control Testing (CCT) and evidence collection for multiple in-scope systems, building reusable evidence libraries in Confluence and automating audit task workflows through Service Now automation, significantly reducing audit fatigue.
Performed in-depth analysis of S3 bucket policies, CloudFront distributions, and WAF configurations to ensure telecom customer data was properly geo-restricted, encrypted, and shielded from web-based attacks.
Executed AWS Well-Architected Security Reviews across T-Mobile’s internal microservices and third-party partner integrations, recommending changes to IAM roles, KMS usage, and security logging to enhance cloud posture.
Drove biannual User Access Reviews (UARs) across legacy data centers, mapping entitlements to business roles and compiling formal evidence packages for both ISO audits and PCI DSS validation. Environment & Tools: AWS, Zabbx, DataDog, AppDynamics, OKTA, F5, Linux & Service Now Client: FHPL (Family Health Plan TPA Ltd) Hyderabad Nov 2014 – Feb 2016 Role: CRM Executive (Customer Relation Ship Manager)
Acted as the primary liaison between policyholders, healthcare providers, and internal claims processing teams to ensure timely resolution of queries related to policy benefits, claim status, and pre-authorization requests.
Ensured confidentiality and integrity of sensitive customer information, including health records, policy details, and KYC data, during communication and CRM updates.
Provided claim tracking assistance and guidance on required documentation for cashless and reimbursement processes in alignment with IRDAI (Insurance Regulatory & Development Authority of India) compliance standards.
Followed internal security protocols and IRDAI guidelines while handling Personally Identifiable Information
(PII) and Protected Health Information (PHI).
Escalated suspected data breaches, phishing attempts, or unusual customer behavior to the Information Security or IT Helpdesk teams as per FHPL's incident response procedure.
Handled escalated customer complaints with professionalism and empathy, delivering end-to-end resolution through coordination with medical officers, underwriting, and hospital networks.
Maintained compliance with data protection policies by avoiding unauthorized data sharing, screen captures, or use of removable media.
Environment & Tools: TAGIC CRM Software.
Contact this candidate