STEPHANE K
Summary
Security and GRC Analyst Engineer specializing in NIST 800-171 and CMMC compliance. Proficient in risk management and conducting vulnerability assessments with tools like Splunk and Nessus. Developed Business Continuity Plans and improved team collaboration for audit readiness. Experienced in analyzing large data sets to identify trends and enhance operational efficiency.
Overview
3
3
years of professional experience
1
1
Certification
Work History
Security and GRC Analyst Engineer
Kemo Consulting
02.2023 - Current
- Developed comprehensive Risk Assessment and Traceability Matrix for DoD contractor compliance. Threat vulnerability assessment, CVE research
- Led implementation of NIST 800-171, CMMC, and FAR 52.204-21 standards.
- Managed compliance documentation in SPRS (Supplier Performance Risk System).
- Designed and executed a Business Continuity Plan (BCP) aligning with regulatory requirements.
- Delivered compliance gap assessments and remediation tracking to ensure audit readiness.
- Security Analyst: Systems Vulnerability scanning and patching verification & validation, SOC Triage, Splunk, EDR, and SOAR
Education
Master of Science - Systems & Materials Engineering
Alabama A&M University
Normal, ALBachelor of Science - Mechanical Engineering
Polytechnic of Milan
Milan, ItalySkills
- Nessus and Wireshark
- Splunk and Microsoft Sentinel
- ELK Stack and EDR/AV
- Next-Gen Firewall (NGFW)
- Unified Threat Management (UTM)
- Security Orchestration, Automation, and Response (SOAR)
- NIST Cybersecurity Framework (CSF)
- ISO 27001 and CMMC compliance
- HIPAA and PCI DSS regulations
- Risk management and matrix analysis
- Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP)
- ASTM standards compliance
- ISO 9000 and ISO 9001 quality management
- ASME standards adherence
- Military Specification (Mil-Spec)
- Microsoft Office Suite proficiency
- Word, Excel, PowerPoint, Outlook, Teams expertise
- PowerShell scripting
- C programming
- Python development
Certification
- CompTIA Cybersecurity Analyst (CySA+) CS0-003
- CompTIA Security+ (SY0-701)
- ISC2 CC– Certified in Cybersecurity
- Lean Six Sigma Green Belt Certification (LSSGB)
- TryHackMe Defensive Security Labs – SOC, DFIR, Threat Intel, EDR, SIEM, Malware Analysis
Personal Information
- Driving License: Valid Driver’s License (Clean Record)
- Work Permit: US Citizen
Languages
- English
- French
- Italian
Security Clearance
Ability to obtain (Hold a clean record)
Practical Cybersecurity Projects
TryHackMe Defensive Security Analyst Portfolio, SOC Triage & Splunk Analysis: Used Splunk (SIEM) to monitor and triage real-time alerts, successfully classifying True Positive incidents (e.g., phishing) and creating detailed, compliant L1 Triage Case Reports., SIEM/SOAR Automation: Integrated SIEM with SOAR to automate incident response workflows, ensuring consistent execution of playbooks and efficient incident logging and tracking., EDR & Endpoint Security: Leveraged EDR solutions for deep endpoint Telemetry and visibility, applying EDR capabilities for threat detection, response, and forensic analysis., Risk & Compliance Remediation: Implemented Patch Management Policies and used CIS Benchmarks to correct system misconfigurations, significantly reducing system vulnerabilities and improving overall security posture., Forensic Investigation / Digital Forensics and Incident Response (DFIR): Conducted Exfiltration Forensic Investigation using Netflow records to track outbound data and successfully identify the specific compromised endpoint responsible for data theft., Performed vulnerability scanning and patch validation using Nessus and EDR tools.
Timeline
Security and GRC Analyst Engineer
Kemo Consulting
02.2023 - Current
Master of Science - Systems & Materials Engineering
Alabama A&M University
Bachelor of Science - Mechanical Engineering
Polytechnic of Milan