Summary
Overview
Work History
Education
Skills
Certification
Timeline
Awards
Generic

Anthony Ali

Morrisville,NC

Summary

Senior Information Security Engineer with 12 years of experience across vulnerability management, incident response, EDR, and cloud security. Known for modernizing security programs, driving risk-based remediation, and translating technical risk into executive-level metrics. Experienced incident commander and SOC leader in regulated environments.

Overview

11
11
years of professional experience
1
1
Certification

Work History

Senior Information Security Engineer

PROS
Remote
06.2022 - Current
  • Owned and matured the enterprise Vulnerability Management program, modernizing tooling by replacing legacy solutions with CrowdStrike Exposure Management and Wiz, achieving 100% endpoint and cloud asset coverage.
  • Implemented a risk-based vulnerability prioritization model, reducing the critical/high vulnerability backlog by ~60% and improving remediation outcomes across infrastructure and cloud teams.
  • Partnered with engineering teams and architects to prioritize remediation based on exploitability and business impact, reducing mean time to remediate (MTTR) by ~40%.
  • Implemented and operationalized Wiz for cloud vulnerability and misconfiguration management, providing continuous visibility across Azure and AWS environments.
  • Led the configuration and maturation of CrowdStrike Falcon EDR, including sensor update strategies, prevention policy tuning, and detection optimization, achieving 100% endpoint sensor coverage.
  • Served as Incident Commander for security incidents, leading response efforts from containment through recovery and coordinating SOC, engineering, and executive stakeholders.
  • Trained and mentored SOC Level 1 and Level 2 analysts, improving alert triage quality, escalation accuracy, and response consistency.
  • Produced executive and board-level KPIs and KRIs, translating technical exposure data into business-aligned risk metrics.

Information Security Engineer

Sammons Financial Group
West Des Moines, IA
09.2020 - 06.2022
  • Served as Cloud Security SME across Azure and AWS, implementing security controls and monitoring for cloud infrastructure.
  • Managed third-party penetration testing engagements and coordinated remediation of findings across teams.
  • Implemented and maintained vulnerability scanning and patching processes aligned with NIST SP 800 standards.
  • Managed SIEM-based monitoring and alerting using Splunk and LogRhythm.
  • Led organization-wide phishing simulations and security awareness campaigns, tracking KPIs to improve employee security posture.
  • Supported audits, risk assessments, and enforcement of corporate security policies.

Information Security Engineer ( Contract)

Brown Brothers Harriman
Jersey City, NJ
04.2019 - 03.2020
  • Performed incident triage and investigation, determining scope, impact, and remediation actions.
  • Supported IAM, RBAC, and PAM initiatives using SailPoint and One Identity, managing access for ~6,000 users.
  • Led application access recertification and governance processes to enforce least privilege.
  • Developed provisioning and de-provisioning workflows aligned with compliance requirements.
  • Monitored security events via endpoint security tools and SIEM platforms.

Security Engineer

United Metro Energy/Red Apple Group
New York, NY
10.2014 - 04.2019
  • Implemented enterprise cloud security controls across Azure, AWS, and GCP, including PIM and identity integrations.
  • Led MDM/EMM security implementations and endpoint monitoring initiatives.
  • Developed and enforced security policies, disaster recovery plans, and incident response procedures.
  • Conducted system security assessments, patch management, and compliance activities aligned with NIST SP 800 and ISO 27001.
  • Supported ongoing security monitoring and incident response operations.

Education

Master of Science - Data Science

Utica College
Utica, NY

Bachelor of Science - Cybersecurity

Utica College
Utica, NY

Associate of Arts - American Studies

Stony Brook University
Stony Brook, NY

Skills

    Security Domains:
    Vulnerability Management, Incident Response, Endpoint Detection & Response (EDR), Cloud Security, SOC Operations, Threat Detection, Risk Analysis & Mitigation, Identity & Access Management (IAM), PAM/PIM, Data Loss Prevention

    Technologies & Platforms:
    CrowdStrike Falcon & Exposure Management, Wiz, Azure, AWS, SIEM (Splunk, LogRhythm), Proofpoint, Cofense, Palo Alto, SailPoint, Carbon Black, SentinelOne

    Scripting & Data:
    Python, SQL, Bash, PowerShell

Certification

(ISC)² Certified Information Systems Security Professional (CISSP)

ID# 739921

EC-Council Certified Ethical Hacker (CEH)

ID # ECC9470532168

EC-Council Associate Certified Chief Information Security Officer (CCISO)

ID # ECC8347265109

Timeline

Senior Information Security Engineer

PROS
06.2022 - Current

Information Security Engineer

Sammons Financial Group
09.2020 - 06.2022

Information Security Engineer ( Contract)

Brown Brothers Harriman
04.2019 - 03.2020

Security Engineer

United Metro Energy/Red Apple Group
10.2014 - 04.2019

Master of Science - Data Science

Utica College

Bachelor of Science - Cybersecurity

Utica College

Associate of Arts - American Studies

Stony Brook University

Awards

Homeland Security, NSA, NIETP · Certificate of Academic Excellence in Cyber Defense

DACCA · Digital Forensic Examiner

Anthony Ali