Pablo L. Salinas
Houston,TX
Summary
Trusted Vulnerability Management Engineer with seven years protecting companies against bad actors who disrupt business operations. Serves as primary safeguard against external threats. Educate colleagues on best practices and network safety protocols. Protect networked assets through both preventive and reactionary measures.
Overview
5
5
years of professional experience
1
1
Certification
Work History
Vulnerability Management Cybersecurity Engineer
Chevron
01.2022 - Current
- Deployed and configured the Tenable One SaaS solution to streamline vulnerability identification and management.
- Conducted comprehensive testing and automated scan processes to enhance efficiency and coverage.
- Integrated Tenable One data with ServiceNow Vulnerability Response (VR) for centralized tracking, remediation, and reporting of vulnerabilities.
- Improved overall security posture by optimizing workflows and reducing manual effort through automation and integration. Resulting in a significant reduction of network critical and high vulnerabilities from 10% to 1% and maintaining that level.
- Coordinated with third-party security information and event management (SIEM) providers to maintain protections and predict threats.
- Developed risk-based remediation strategies for networks, operating systems, and applications to reduce the likelihood of a ransomware attack while ensuring business continuity for the different business units
- Managed Chevron's attack surface by routinely performing perimeter scanning every month leveraging Tenable and Shodan to obtain a list of Chevron's live public IP addresses, domains and subdomains, and scanning for vulnerable external systems that may be in scope of compromise.
- Worked with teams to develop company-wide information assurance, security standards and procedures.
- Led and trained team of managed service providers (MSP) on vulnerability scanning of Chevron's network by developing a Vulnerability scanning playbook encompassing vulnerability prioritization, risk remediation strategies, and reporting.
- Authored security and vulnerability reports, detailing logged incursions and suggesting remediation efforts.
- Offered preventive training to harden personnel against intrusion vectors such as phishing, ransomware and more.
Governance Risk & Compliance Program Engineer
Chevron
01.2021 - 12.2021
- Facilitated the Cyber Maturity Assessment 2021 by setting up access control for the Stroz Team, scheduling interviews, providing the Stroz team with documentation regarding our cyber initiatives, addressed questions/concerns and provided updates to IRSM leadership team
- Led a team of risk and vulnerability analyst to assign weighting to compliance rules to improve risk posture and find weaknesses in our compliance process
- Evaluated the security control assessment of the technical, management, and operational controls from NIST 800-82 and in charge of enterprise communication to groups such as Audit to guarantee the controls are implemented correctly and are working at intended
- Oversaw development of risk severity rankings for improving Risk Assessments and reporting dashboard in GRC tool (ServiceNow)
- Initiated the cyber partnerships between Risk Managers, Cyber Engineers, and Cyber Policy Governance (CPG) teams to ensure all areas are aligned on decisions being made by each group
- Created a single work intake form linked to our Azure DevOps board that forwards requests to the correct group to organize and prioritize daily policy, risk, and contracts questions
- Piloted an automated compliance project by meeting with customers and stakeholders to gather requirements
- Used CIS and STIG automation rules to create proof of concept to improve compliance for our internal customers
- Prepared and presented comprehensive reports to upper management and audit team, covering issues and recommendations.
- Delivered subject matter expertise for internal and external customers on compliance best practices and quality control.
IAM Cybersecurity Engineer
Chevron
01.2020 - 12.2020
- Designed and developed an application to automate the management of large groups on both on-prem and Azure Active Directory, leveraging azure functionality and services such as Azure event hubs and Azure functions
- Led on-prem migration of active directory, servers, VM, to Microsoft Azure including decommissioning servers, processes, and services
- Managed access control for the external third parties leveraging Microsoft Azure B2B and Microsoft Azure B2C
Education
Master of Science - Information System Security
University of Houston, College of Technology
Houston, TX12.2019
Bachelor of Science - Industrial Engineering
University of Houston, Cullen College of Engineering
Houston, TX12.2013
Skills
- Cloud security
- Security training
- Penetration testing
- Cybersecurity frameworks (NIST 800-53)
- Vulnerability assessment
- Compliance management
- Application security
- Threat analysis
- Incident response management
- Scripting languages (Python, Bash, Powershell)
- Risk assessment
- Threat hunting
Certification
- GIAC Penetration Tester (GPEN) - Global Information Assurance Certification.
- GIAC Certified Incident Handler (GCIH) - Global Information Assurance Certification.
Coursework
Security Analytics, Network Security, Secure Enterprise Computing, Control System Security, SEC560: Enterprise Penetration Testing, SEC504: Hacker Tools, Techniques, and Incident Response, Network Exploitation Basics, Web Hacking Fundamentals
Languages
English
Native or Bilingual
Spanish
Native or Bilingual
Timeline
Vulnerability Management Cybersecurity Engineer
Chevron
01.2022 - Current
Governance Risk & Compliance Program Engineer
Chevron
01.2021 - 12.2021
IAM Cybersecurity Engineer
Chevron
01.2020 - 12.2020
- GIAC Penetration Tester (GPEN) - Global Information Assurance Certification.
- GIAC Certified Incident Handler (GCIH) - Global Information Assurance Certification.
Master of Science - Information System Security
University of Houston, College of Technology
Bachelor of Science - Industrial Engineering
University of Houston, Cullen College of Engineering
Similar Profiles
Zubair SyedZubair Syed
Okta Developer at ChevronOkta Developer at Chevron
Janiese HendersonJaniese Henderson
Customer Service Representative at ChevronCustomer Service Representative at Chevron
Karrie RojasKarrie Rojas
Cashier at ChevronCashier at Chevron