PROFESSIONAL SUMMARY
Overview
Work History
Education
Skills
Certification
Timeline

Marat Yakupov

Serco, Inc.
Lakeland,FL
1
Certification
7
years of professional experience

Security professional with extensive experience in designing and implementing comprehensive security strategies. Proven track record in identifying vulnerabilities and mitigating risks, ensuring seamless protection of critical assets. Known for collaborative teamwork and adaptability, consistently achieving high-impact results in dynamic environments.

Work History

Senior Security Engineer

4 Years 3 Months
Serco, Inc. | 03.2022 - Current
  • Led end-to-end Microsoft Sentinel deployment from greenfield to full production in under 4 months — independently configuring data connectors, analytics rules, workbooks, and incident automation — establishing a modern SIEM/SOAR capability for the enterprise.
  • Developed automated vulnerability reporting pipeline delivering risk-prioritized remediation assignments to asset-owning teams, improving KRI trending and ensuring highest-impact vulnerabilities received immediate remediation attention.
  • Drove endpoint and server compliance from baseline to 99% against STIG benchmarks through systematic remediation tracking and automated configuration enforcement via Azure DSC and Intune.
  • Administered Microsoft Defender for Cloud Apps, developing and enforcing application control policies to govern 3,000+ cloud applications — blocking non-business SaaS apps and establishing approval workflows for new app onboarding.
  • Spearheaded migration from legacy Group Policy Objects (GPOs) to Azure DSC for servers and Intune for workstations, modernizing configuration management and improving policy consistency across the enterprise.
  • Conducted enterprise-wide firewall rule optimization using AlgoSec, identifying and eliminating redundant and obsolete rules to reduce attack surface and improve policy manageability without disrupting business operations.
  • Served as SME for enterprise AlgoSec Firewall Analyzer deployment, onboarding and managing Palo Alto firewalls across the enterprise — cutting manual policy review time by standardizing firewall configuration workflows.
  • Led deployment, maintenance, and policy management for the full Microsoft Defender suite (Endpoint, Cloud, Container, Office, Identity) using Azure DSC, MECM, and Intune — reducing configuration drift across thousands of endpoints.
  • Spearheaded Azure WAF SME role, collaborating with 10+ application teams to remediate vulnerabilities and enforce mitigation policies, directly reducing web application attack surface.
  • Owned Defender for Containers vulnerability management program, ensuring containerized environments maintained compliance with industry security standards across cross-functional teams.
  • Automated enterprise phishing simulation campaigns end-to-end using custom scripts and integrations, improving reporting turnaround from days to hours.
  • Built custom Power Platform connector integrating Tenable VM API, automating vulnerability scanning and reporting workflows and eliminating 10+ hours of weekly manual effort.
  • Developed Azure Logic App pipelines leveraging Defender APIs to automate threat detection, remediation ticketing, and security reporting — measurably improving SOC response efficiency.
  • Administered two Tenable.sc instances across 7,000 endpoints, overseeing vulnerability assessments, remediation tracking, and executive-level compliance reporting.
  • Responded to zero-day threats (e.g., Log4Shell, PrintNightmare) by performing rapid Tenable-based risk assessments and delivering remediation recommendations within hours of CVE publication.
  • Utilized Azure DSC to enforce Windows device compliance baselines at scale, automating configuration deployment and STIG configuration enforcement across the enterprise.
  • Managed Cloud IAM using Azure Entra ID and Enterprise Applications — configuring RBAC, SSO integrations (including Tenable SSO via Azure), and access governance controls.
  • Served as SME for Carbon Black App Control (Unix) and Symantec Endpoint Protection (Windows/Unix), ensuring endpoint policy enforcement and agent health across diverse OS environments.
  • Authored and shepherded 300+ change requests through the CAB process for high-impact security deployments, maintaining a strong approval record in a regulated federal contracting environment.
  • Delivered formal security tool training to junior analysts and security team members, enabling effective adoption of newly deployed platforms including Tenable, Microsoft Defender suite, and Microsoft Sentinel.

IT Security Analyst

2 Years 8 Months
Publix Supermarkets, Inc. | 07.2019 - 03.2022
  • SME for Tenable.sc, Tenable.io, and Nessus — administered 3 Tenable.sc instances and 150+ Nessus scanners continuously assessing 150,000+ endpoints, one of the largest Tenable deployments in the retail sector.
  • Developed 50+ PowerShell scripts to automate Tenable workflows (agent group population, scan scheduling, compliance policy distribution), significantly reducing analyst toil.
  • Built and deployed 40+ Power Automate flows and multiple Power Apps to automate regulatory processes, improving compliance tracking and end-user accountability.
  • Designed and implemented an automated compliance scan policy management system using PowerShell, Power Automate, and Power Apps — eliminating manual policy distribution and version control errors.
  • Responded proactively to zero-day vulnerabilities by generating automated risk assessment reports and remediation status updates, enabling leadership to make rapid, data-driven decisions.
  • Developed custom vulnerability and compliance scan policies tailored to business unit security requirements and regulatory obligations.

Education

Bachelor of Science - Computer and Information Science, Cybersecurity

University of West Florida | 05.2019

Skills

Vulnerability Mgmt: Tenable.sc
Tenable.io
Nessus
Nessus Agents — 150K+ endpoint scale; zero-day rapid response
Cloud Security: Microsoft Defender Suite (Endpoint
Cloud
Container
Office
Identity)
Azure WAF
Defender for Containers
Cloud IAM & Infra: Azure Entra ID
Enterprise Applications
RBAC
Virtual Machines
Storage Accounts
Network Security Groups
Automation & APIs: PowerShell (50+ scripts)
Power Automate (40+ flows)
Azure Logic Apps
Power Apps
Tenable & Defender APIs
Network Security: AlgoSec Firewall Analyzer
Palo Alto firewall administration
enterprise firewall policy management
Endpoint Security: Carbon Black App Control
Symantec EPP
Microsoft Defender
Azure DSC
MECM
Intune
SIEM & Logging: Microsoft Sentinel (full solo deployment)
Splunk
Azure Log Analytics Workspaces
Azure Event Hubs
Cloud App Security: Microsoft Defender for Cloud Apps — app control policies
SaaS governance
non-business app blocking
Compliance & Change: CMMC
PCI-DSS
SOX
PII
STIG — audit evidence
change management (CAB process)
compliance reporting
Dev & Source Control: Git
PowerShell
SharePoint
Azure DSC
Security information and event management

Certification

  • Microsoft Azure Fundamentals (AZ-900) — January 2023
  • GIAC Enterprise Vulnerability Assessor (GEVA) — July 2021
  • Tenable Certificate of Proficiency — Tenable.sc, Tenable.io, Nessus — July 2019

Timeline

Senior Security Engineer

Serco, Inc.
03.2022 - CurrentRead More

IT Security Analyst

Publix Supermarkets, Inc.
07.2019 - 03.2022Read More

University of West Florida

Bachelor of Science from Computer and Information Science, Cybersecurity
Read More
Marat Yakupov