Scrum Master Information Security

ANUP KUMAR NAVURU

Cybersecurity Engineer

LinkedIn: anup-kumar-navuru-96b032258

Email: ***********@*****.*** Phone: +1-240-***-****

Location: Ashburn, VA

CISM Certified Information security Manger ISACA SCRUM Master Threat and Vulnerability Management PKI Cryptographic solutions Security Operations GRC Data Protection

SIEM Splunk Incident Management Risk Management Service Now Certificate Management

AWS Azure Security Architecture Shell Scripting Endpoint Security Malware Analysis

EXECUTIVE SUMMARY

Cybersecurity professional with 6 years of hands-on experience in Threat and Vulnerability Management, Security Operations, Incident Response, and Risk Assessment. CISM certified and a Certified Scrum Master with a track record of enhancing enterprise security posture through cryptographic key lifecycle governance, audit readiness, and compliance alignment (NIST, HIPPA, PCI DSS). Proficient in configuring and automating ServiceNow asset and inventory management workflows, integrating barcode scanning for real-time key tracking. Skilled in designing secure, auditable workflows for key generation, assignment, rotation, and expiration, with lifecycle alerting to mitigate risk. Adept at working in secure, role-based environments, experienced in collaborating across cybersecurity, PKI, and infrastructure teams to operationalize compliance-driven solutions. Strong in leveraging SIEM platforms (Splunk) for threat detection and Power BI for executive-level reporting. Committed to aligning cybersecurity strategies with business goals to reduce operational risk, improve visibility, and drive resilient, audit-ready environments

Certifications

CISM Certified Information security Manager, ISACA

CSM Certified Scrum Master, scrum Agile

IBM Artificial intelligence practitioner certificate

IBM Data Science Practitioner Certificate

Certified Information Systems Security Professional (CISSP) – (Currently Preparing-Expected July,2025)

Technical Skills:

Cloud Platforms: AWS, Azure, GCP

SIEM and Network security : Wire shark, Splunk, AlienVault

Endpoint Security: CrowdStrike, Tenable

Vulnerability Management: Qualys, Tenable

Firewalls: Palo Alto, Cisco ASA, Check Point

OS Expertise: Windows, Windows Server, Linux, Ubuntu, Kali

Compliance frameworks : NIST, HIPPA, PCI DDS, ISO.

Agile & PM: Scrum Master, Agile Methodologies

Data Analytics: Power BI (security dashboards & executive reports)

Certificate management, PKI : Venafi

Digital workflows management :Service Now

Information Security Governance

Information Risk Management and Compliance

Information Security Program Development and Management

Information Security Incident Management

Protocols: TCP/IP, L2TP, PPTP, IPSEC, IKE, SSL, SSH, UDP, DHCP, DNS, NetBIOS, SNMP, TLS

PROFESSIONAL EXPERIENCE:

Hood College, Frederick,MD January 2024 – May 2025

Graduate Assistant – OIRA (Office of Institutional Research & Assessment)

Collaborated with administrative units and IT services to optimize Course Evaluation processes, improving real-time data collection workflows and integrating digital forms into centralized systems Acted as a technical liaison between IT support and academic offices to align system capabilities with compliance and performance monitoring needs.

Managed student performance data by updating and maintaining records in Chalk and Wire software, ensuring accuracy and compliance with academic standards.

Developed and automated student performance dashboards using Power BI, analysing semester performance data, transcripts, and key academic metrics.

Utilized Qualtrics for survey distribution, email automation, and response analysis, generating insights from student feedback and academic engagement trends..

Provided IT support by assisting users with technical issues, including hardware troubleshooting, software debugging, and network connectivity challenges, ensuring minimal downtime

NTT Data November 2019 – Jan 2023

Client: HUMANA

Sr. Security Engineer

Skilled in developing and implementing comprehensive security policies, procedures, and controls to ensure adherence to NIST, ISO 27001, PCI, and HIPPA guidelines.

Endpoint security and cloud security administration using AWS and AZURE

Using AZURE Dashboards Established automated alerting mechanisms for key and certificate expiry events, supporting proactive key lifecycle governance

Implemented Shell scripts in Linux to manage TLS certificates and enforce PKI-based encryption standards, ensuring secure data transmission across enterprise services.

Document, analyse, and mitigate vulnerabilities across enterprise networks.

Conduct on-site and scheduled vulnerability scans, configure firewall rules using Qualys, and Tenable.

Develop risk remediation plans and collaborate with teams to resolve security gaps.

Design and implement data protection strategies using tools like Microsoft Purview to ensure alignment with organizational objectives and compliance with regulatory requirements.

Technical implementation of Cryptographic solutions.

Coordinated with cybersecurity, infrastructure, and PKI teams (Venafi) to centralize certificate lifecycle management and ensure enterprise alignment

Conducted security audits and assessments to evaluate the effectiveness of security controls, incident response processes, and overall security operations.

Review/Creating Weekly/Monthly report for SIEM/Client health check and Alarm review

Automated asset inventory management using ServiceNow

Investigate and respond to security alerts, malware threats, phishing campaigns, and zero-day attacks.

Develop and fine-tune SIEM use cases, alerts, queries, and dashboards for effective security monitoring.

Developed reports to document security testing and analysis results.

Assist in initial SIEM deployment and oversee ongoing operations.

Coordinate penetration testing activities and application Security audits.

Work closely with security teams to remediate findings from pen tests and improve security posture.

Develop reports detailing security gaps, risk severity levels, business impact, and remediation strategies.

Provide stakeholders with weekly and monthly vulnerability reports and risk analytics.

Work closely with the Threat Intelligence team to detect and block indicators of compromise.

Investigate ransomware infections on workstations, endpoints, servers, and applications.

Configured firewall rules and security groups to ensure proper segmentation of network scans.

Proactively coordinated with security teams and stakeholders to resolve vulnerabilities efficiently.

Led Security awareness initiatives, enhancing threat detection capabilities across the organization. Assisted with the development and implementation of security awareness training programs.

Project: Certificate Remediation “Venafi Digital Certifications Automation”

Led the automation of digital certificate lifecycle management using Venafi, PKI, and ServiceNow, enhancing compliance with NIST and HIPPA standards, automated workflows in Linux using Shell scripting to monitor TLS certificate expiration, renew certificates, and update keystores, reducing downtime and mitigating security risks. Created a centralized Azure dashboard to visualize and monitor the lifecycle of all production and non-production certificates. This dashboard used color-coded blocks (Red – Expiring, Yellow – Warning, Green – Healthy) to represent certificate status, allowing teams to easily track and act on certificates nearing expiration. Implemented automated alerts and notifications to inform responsible teams about certificate/key renewals. Mapped key ownership and created workflows for tracking access, status updates, and audit trails, regularly communicated with Service and Solution Vice Presidents, as well as designated points of contact, by sending status emails and escalation notifications regarding expiring certificates. Managed certificate operations including creation, renewal, revocation, and decommissioning based on requests raised through ServiceNow. Document SOPs and training materials to hand over the solution to the operations team.

Deloitte

Client: CELGENE PHARMACEUTICALS August 2016 – November 2019

Security Analyst

Led cybersecurity risk assessments and identified security gaps.

Managed and deployed vulnerability management tools (Qualys, Tenable, Rapid7).

Developed cloud security strategies for AWS and Azure environments.

Cybersecurity governance, policy enforcement, and compliance monitoring.

Incident handling, forensic analysis, and risk mitigation strategies.

Endpoint security and cloud security administration using AWS and Azure.

Managing firewall configurations, VPN access, and security segmentation.

Scripting for security automation and process optimization.

Developed risk assessment methodologies for IT security governance.

Ensured compliance with industry regulations (NIST, ISO 27001, HIPAA).

Investigated security breaches and provided incident response support.

Monitored, detected, and responded to cyber threats using EDR and XDR platforms.

Developed and enforced Identity and Access Management (IAM) policies for secure authentication and authorization.

Deployed and managed Data Loss Prevention (DLP) solutions, including CyberArk and Netskope.

Led incident response investigations, conducting forensic analysis and providing mitigation strategies.

Provided expert guidance on security governance, risk management, and compliance (GRC) frameworks.

Conducted security audits and prepared reports for regulatory compliance (PCI-DSS, HIPAA, GDPR).

Designed and implemented Zero Trust security models for enhanced network protection.

Automated log analysis and security incident response workflows using Python and Ansible.

Ensured endpoint security compliance by deploying and managing CrowdStrike Falcon and Microsoft Defender.

Provided cybersecurity consulting for risk assessments and security policy enhancements.

Assisted in DevSecOps integration, embedding security measures into CI/CD pipelines.

Developed and maintained technical security documentation, including policies, procedures, and security guidelines.

Researched and implemented AI/ML-driven security solutions for threat detection and anomaly detection.

Collaborated with cross-functional teams to improve security postures and enterprise-wide cyber resilience.

EDUCATION:

Masters: Hood College, Frederick .MD, USA

Bachelors: Vikrama Simhapuri University, Nellore, India

Contact this candidate