Summary
Overview
Work History
Education
Skills
Certification
Additional Information
Timeline
Generic

Munachimso Ojiaku

Silver Spring,MD

Summary

My enthusiastic commitment to my purpose inspires and empowers me to do everything right, have fun, and be the best. I have devoted my professional life to protecting organization by enhancing the security posture of their computing environments, gained experience in working closely with other members of their engineering teams to assess their cloud architecture, monitored internal/external threats, analyzed potential vulnerabilities within cloud environments, and participate in risk reviews.

Overview

5
5
years of professional experience
1
1
Certification

Work History

Cloud Security Vulnerability Manager

Volkswagen Group Of America
05.2020 - 12.2022


  • Automated processes, managed patching schedules, and configured systems to identify and mitigate security threats with a comprehensive vulnerability management plan.
  • Monitored and analyzed security data sources to identify vulnerabilities; guided a team that deployed automated remediation to reduce the risk level and improved the overall security posture by 65%.
  • Ensured achievement of program Service Level Agreements (SLAs)
  • Worked with Senior leadership directives to ensure remediation of directives within required timelines
  • Utilized security tools to document and track vulnerabilities, detect intrusions and investigate security incidents.
  • Demonstrated success in designing, developing and implementing vulnerability management measures that reduce risk and improve security posture.
  • Maintained artifacts that demonstrate proof of vulnerability remediation
  • Established and managed vulnerability scans and performed comprehensive security assessments to test and update security controls.
  • Managed the lifecycle of vulnerabilities: identification, evaluation, prioritization, and reporting.
  • Created risk narratives that explain threat exposure to the enterprise.
  • Gather vulnerability and threat information from various internal and external sources within the Org.
  • Generated and managed asset inventory reports.
  • Developed and maintained vulnerability management processes and standards.
  • Supported, maintained, and integrated the vulnerability management solutions with various systems and applications within the customer’s org.
  • Developed tools, documentation, processes, and techniques in our Jira/Confluence to assist in the remediation of security vulnerabilities.
  • Conducted vulnerability scans of the Customer's systems, networks, endpoints and applications.
  • Conducted vulnerability scans, analyzed reports, and validated potential findings.
  • Coordinated PCI-DSS vulnerability scans and remediation efforts with the Cloud Security Team.
  • Tracked and provided metrics and insights on vulnerabilities and remediation within the Org.
  • Worked daily to generate scan reports on Rapid7 InsightVM
  • Generated Scorecard reports on all AWS Accounts based on severity level in Rapid7 Divvy Cloud Scorecards
  • Contacted asset owners whose host "Project ID" is found in the scorecard report to fix their vulnerability
  • Monitored automatic weekly scans by Rapid7 to verify remediation efforts

Cloud Security Engineer

Fannie Mae
01.2019 - 05.2020
  • Identified, analyzed and resolved infrastructure vulnerabilities and application deployment issues.
  • Used metrics to monitor application and infrastructure performance.
  • Reviewed existing systems and made recommendations for improvements.
  • Implemented cloud-native security services such as encryption and key management, identity and access management, and logging and monitoring.
  • Established secure cloud access control using network security, intrusion detection and prevention tools.
  • Developed a data classification system for storage and access of sensitive information.
  • Communicated/documented results of security audits and reports to stakeholders.
  • Led the development, review, and enforcement of policies, standards, and procedures related to cloud security.
  • Trained personnel on cloud security and best practices to ensure the safety of data and resources in the cloud environment.
  • Actively monitored cloud systems for security alerts and actively responded to security incidents.
  • Implemented systems to monitor and detect anomalous activities in the cloud environment.
  • Researched new cloud security technologies, solutions and processes and provided recommendations for improvement.
  • Stayed up-to-date on cloud security trends and best practices.
  • Established authentication and authorization strategies for cloud-based services.
  • Administered, maintained and patched cloud environments to ensure the highest level of security.
  • Used Amazon Macie to monitor buckets daily for specific PII information, provided visibility into data security risks, and enabled automated protection against those risks.
  • Enabled Security hub and guard duty in all accounts within AWS organization to have a centralized view of all cloud infrastructure security findings. Then used SNS to set up alerts based on security findings.
  • Organized company’s AWS accounts using AWS Organizations
  • Used the knowledge of AWS IAM and AWS SSO to grant security credentials to users and groups to specify which resources they can access.
  • Creating roles and permissions for authenticated users and EC2 Instances to assume them
  • Enhance account security using Multi-Factor Authentication
  • AWS Config to track and view all your AWS configurations and remediates any unwanted configuration
  • 3rd party system and vendor integrations via SSO
  • Automatically deployed a single web access control list that filters web-based attacks with Security Automations on AWS WAF
  • Using CloudWatch to create alarms to monitor metrics for services like EBS, EC2, ELB, RDS, S3.
  • Experience in setting up Life-cycle policies to back data from AWS S3 to AWS Glacier for archiving.
  • Hands-on knowledge with Cloud Key Management service (AWS KMS, AWS CloudHSM)
  • Built VPCs from scratch, creating private and public subnets, security groups and network access lists, configuring Internet gateways, and NAT gateway.
  • Reviewed and identified vulnerabilities while creating and analyzing metrics on the state of the system.
  • Basic knowledge of scripting / programming languages (Python).

Vulnerability Threat Assesor

Bank Of America
01.2018 - 12.2018
  • Assessed threats, risks and vulnerabilities from emerging security issues to advise pertinent stakeholders on appropriate measures.
  • Conducted IT audit assessments for systems or applications to recommend solutions to mitigate risks.
  • Recommended IT security improvements to achieve system confidentiality, integrity and availability.
  • Conducted and participated in annual disaster recovery exercises.
  • Developed risk assessment reports to identify threats and vulnerabilities.
  • Reduced the threat of external vulnerabilities by creating customized secure architectural designs and configurations, resulting in an 80% reduction in security incidents.
  • Analyzed system logs, identified potential threats, and recommended mitigation strategies to reduce the risk of system compromises.
  • Ensured compliance with established policies and regulations while monitoring user access to data stored in the organization’s systems.
  • Analyzed network traffic for malicious activity and identified security incidents and implemented corrective measures to mitigate these threats.
  • Developed and provided technical guidance on system security reviews and processes.
  • Configured and managed tools to support vulnerability management (such as Tenable and Rapid7).
  • Worked with cross-functional teams including Engineering, Security Engineering, SOC, IT, and GRC teams to address the vulnerability.
  • I established and matured cross-company processes around vulnerability management including operating models, maturity models, SLAs/SLOs, discovery, handling and reporting processes, roles/responsibilities.

Education

Bachelor of Science - Information Technology

Towson University
Baltimore, MD
05.2022

Certificate of Completion - SEC545: Cloud Security Architecture And Operations

The SANS Technology Institute
Orlando, FL
04.2018

Skills

Vulnerability Assessment, IT Security, Threat Management, Employee security training, IT risk management, Information Governance, Security testing, General networking principles, DLP, Cybersecurity concepts and tooling, InfoSec, Access Control

Policy Development, Credentialing process, Payment Card Industry Data Security Standard Compliance (PCI DSS), CIS Top 18 Controls, Tenable Nessus, AWS Cloud Security and Infrastructure experience, Security Strategy, Vulnerability Management & Gap assessment

Certification

  • AWS Certified Cloud Practitioner - Certified
  • AWS Certified Solutions Architect Associate - Certified
  • AWS Certified Security Specialty - Certified
  • Scrum Master Certified (SMC) - Certified
  • ITIL Foundation - Certified

Additional Information

I have developed capabilities to:


  • Develop a holistic understanding of a company’s technology and information systems
  • Applies a risk-based approach to appropriately design business enabling security solutions for cloud capabilities
  • Design, build, and oversee implementation of enterprise-class security solutions across multi-cloud environments
  • Align organizational security strategy and infrastructure with overall business and technology strategy
  • Identify and communicate current and emerging security threats
  • Design security architecture elements to mitigate threats as they emerge

Timeline

Cloud Security Vulnerability Manager

Volkswagen Group Of America
05.2020 - 12.2022

Cloud Security Engineer

Fannie Mae
01.2019 - 05.2020

Vulnerability Threat Assesor

Bank Of America
01.2018 - 12.2018

Bachelor of Science - Information Technology

Towson University

Certificate of Completion - SEC545: Cloud Security Architecture And Operations

The SANS Technology Institute

Similar Profiles

  • JULIE AMATO

    JULIE AMATOJULIE AMATO

    Phone Supervisor/Phone Team Lead at The Dako Group, Volkswagen Group of America Customer Care CenterPhone Supervisor/Phone Team Lead at The Dako Group, Volkswagen Group of America Customer Care Center

  • Leslie Kempf

    Leslie KempfLeslie Kempf

    Corrosion Vehicle Test Technician at Volkswagen Group of AmericaCorrosion Vehicle Test Technician at Volkswagen Group of America

  • ANUPAM MALHOTRA

    ANUPAM MALHOTRAANUPAM MALHOTRA

    Senior Director, Special Projects at Volkswagen Group of America (Audi)Senior Director, Special Projects at Volkswagen Group of America (Audi)

  • Chaitanya Banala

    Chaitanya BanalaChaitanya Banala

    IT Technical Delivery Lead at Volkswagen Group of AmericaIT Technical Delivery Lead at Volkswagen Group of America

  • Alvin Beltran

    Alvin BeltranAlvin Beltran

    Personal Banker at PNC BankPersonal Banker at PNC Bank

CREATE PROFILE
Munachimso Ojiaku