Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Vamshi Yadagiri

Summary

Results-driven Information Security Analyst with extensive experience in Governance, Risk, and Compliance (GRC), Enterprise Risk Management (ERM), and Cybersecurity Operations. Proficient in leveraging frameworks like NIST 800-53 Rev 5, ISO 27001, COBIT, and tools such as RSA Archer, ServiceNow, and Sai360 to manage risks, enforce compliance, and drive audit readiness. Skilled in policy exception management, risk scoring, and control assessments. Experienced in Vulnerability Management, Identity and Access Management (IAM), and Incident Response, using tools like Splunk, Microsoft Sentinel, Nessus, Tenable, Qualys, and Burp Suite. Adept in threat detection, CTI integration, and proactive threat hunting. Strong background in web application security testing, secure SDLC practices, and automation using Python, PowerShell, and SQL. Proven ability to deliver process improvements, support business continuity planning, and communicate effectively with technical and non-technical stakeholders. Committed to enhancing organizational security posture and ensuring regulatory compliance.

Overview

11
11
years of professional experience
1
1
Certification

Work History

Information Security Analyst

Wells Fargo
09.2022 - 01.2025
  • Enhanced the organization’s security posture by implementing robust security controls in accordance with NIST 800-53 Rev 5, identifying and mitigating vulnerabilities that safeguarded sensitive customer data, thus fostering increased trust and compliance with financial regulations.
  • Led compliance initiatives that minimized the risk of security incidents, maintained audit readiness, and streamlined operational workflows to avoid significant financial penalties associated with non-compliance or data breaches.
  • Splunk: Developed high-fidelity detection rules and dashboards for real-time security monitoring and analytics, significantly improving incident response times and threat visibility.
  • Microsoft Sentinel: Integrated log analysis and threat intelligence feeds to enhance detection capabilities for advanced persistent threats (APTs).
  • Nessus and Tenable: Executed comprehensive vulnerability management processes, performing regular vulnerability assessments and remediation planning to ensure ongoing compliance with security policies.
  • RSA Archer: Utilized for ERM processes, enabling effective risk identification and mitigation strategies.
  • ServiceNow: Employed to streamline risk management workflows and enhance organizational resilience.
  • Sai360: Used to enhance risk management and compliance efforts, providing a comprehensive view of organizational risks.
  • Implemented a structured Vulnerability Management Program utilizing Nessus and Tenable to systematically identify, assess, and prioritize vulnerabilities, following a risk-based approach aligned with Enterprise Risk Management (ERM) principles using RSA Archer, ServiceNow, and Sai360.
  • Executed extensive web application security testing using Burp Suite, employing methodologies such as manual penetration testing and automated scanning to identify security vulnerabilities, with a focus on OWASP Top 10 risks.
  • Collaborated closely with development teams during the Software Development Lifecycle (SDLC) to enforce secure coding practices, resulting in an improvement in application security.

IT Operations Analyst

Encora Inc
03.2021 - 08.2022
  • Proactively managed enterprise security risks through comprehensive vulnerability assessments, resulting in timely remediation efforts that significantly reduced the organization’s attack surface and strengthened its overall security framework.
  • Increased the efficiency of security operations by designing and optimizing Splunk correlation rules; this led to a 30% reduction in false positives, which improved the reliability of security incident responses.
  • Splunk: Analyzed security event logs and created correlation rules to detect brute-force attacks and utilized advanced search capabilities for incident investigation.
  • Burp Suite: Employed for secure coding guidelines development and thorough security testing of applications to enhance development security.
  • RSA Archer: Used to facilitate ERM practices, improving risk management processes.
  • ServiceNow: Integrated for comprehensive risk management and compliance tracking.
  • Sai360: Utilized to enhance risk assessment and mitigation strategies.
  • Developed and executed PowerShell scripts for automating security log analysis and incident response workflows, improving response times to security incidents and enabling proactive risk management.
  • Collaborated with compliance teams to develop and maintain security policies and procedures aligned with NIST 800-53 Rev 5, ensuring the organization’s adherence to regulatory requirements and best practices in risk management using RSA Archer, ServiceNow, and Sai360.

Technical Analyst

Tech Mahindra
02.2018 - 02.2021
  • Conducted IT security risk assessments in accordance with NIST 800-53 Rev 5 standards, leading to the implementation of security controls that effectively mitigated identified risks and vulnerabilities, enhancing organizational security.
  • Played a key role in advancing organizational resilience by contributing to the development and implementation of business continuity and disaster recovery plans, ensuring minimal disruption during adverse events.
  • Burp Suite and AppScan: Utilized for rigorous web application security testing, identifying vulnerabilities, proposing remediation strategies, and ensuring compliance with secure coding practices.
  • Qualys: Executed comprehensive vulnerability scans to assess compliance with established security benchmarks, facilitating continuous monitoring and improvement of security posture.
  • RSA Archer: Applied for risk assessment and management, enhancing ERM capabilities.
  • ServiceNow: Utilized for managing risk mitigation plans and improving organizational resilience.
  • Integrated MITRE ATT&CK framework into security monitoring processes, allowing teams to better understand attacker behavior and enhance threat detection and incident response capabilities using RSA Archer.
  • Followed structured methodologies for conducting adversarial testing, including reconnaissance, exploitation, and post-exploitation, to assess the security posture of applications and systems effectively using ServiceNow.

Technical Support Engineer

3pleplay Group
01.2014 - 01.2017
  • Supported the organization’s security strategy by applying NIST 800-53 Rev 5 security controls, enhancing compliance and overall risk management practices across the organization.
  • Enabled timely identification and remediation of security gaps through thorough vulnerability assessments, directly contributing to organizational security resilience.
  • Nessus: Conducted vulnerability assessments to identify potential security risks across the enterprise environment, facilitating proactive risk management.
  • Burp Suite: Assisted in web application security testing to ensure compliance with secure coding standards.
  • ServiceNow: Applied for tracking and managing security-related processes and risk mitigation efforts.
  • Implemented and maintained role-based authentication frameworks to enhance identity and access security throughout the organization’s infrastructure.
  • Developed basic Python and PowerShell scripts for automating security-related checks, improving efficiency and accuracy in ongoing risk assessments and compliance monitoring using ServiceNow.

Education

Master of Computer Applications - Computer Science

Kakatiya University
India
07-2018

Skills

  • Security Frameworks & Compliance:
    NIST 800-53 Rev 5, ISO 27001, COBIT, COSO ERM, ITIL, GRC processes, regulatory compliance
  • Enterprise Risk Management (ERM):
    Risk identification, assessment, and mitigation using RSA Archer, ServiceNow, Sai360; risk scoring; policy exception management
  • Policy Exception & Governance:
    Policy exception review, risk scoring, control mapping, documentation, and exception lifecycle management
  • Vulnerability & Threat Management:
    Vulnerability assessment and remediation using Nessus, Tenable, Qualys; threat hunting; risk-based prioritization
  • Identity and Access Management (IAM):
    Role-Based Access Control (RBAC), least privilege, access reviews, identity governance
  • Incident Response & Cyber Threat Intelligence (CTI):
    Threat detection, incident triage, threat hunting, MITRE ATT&CK, kill chain analysis
  • Security Operations & Monitoring:
    SIEM tools (Splunk, Microsoft Sentinel); log analysis; detection rule development; alert tuning
  • Web & Application Security:
    OWASP Top 10, vulnerability assessments, secure SDLC practices, tools like Burp Suite and AppScan
  • Business Continuity & Disaster Recovery:
    Business Impact Analysis (BIA), disaster recovery planning, resilience strategies
  • Programming & Automation:
    Python, PowerShell, SQL; automation of risk assessments, reporting, and security tasks
  • Process Improvement & Documentation:
    Workflow optimization, process automation, creation of SOPs, runbooks, and compliance reports
  • Soft Skills:
    Strong communication, stakeholder collaboration, problem-solving, attention to detail, adaptability, and time management

Certification

  • CompTIA Security+ (SY0-701)
  • Microsoft Certified: Azure Fundamentals (AZ-900)
  • (In Progress) CEH

Timeline

Information Security Analyst

Wells Fargo
09.2022 - 01.2025

IT Operations Analyst

Encora Inc
03.2021 - 08.2022

Technical Analyst

Tech Mahindra
02.2018 - 02.2021

Technical Support Engineer

3pleplay Group
01.2014 - 01.2017

Master of Computer Applications - Computer Science

Kakatiya University

Similar Profiles

  • PATRICIA M. SCHERER

    PATRICIA M. SCHERERPATRICIA M. SCHERER

    Regional Bank Private Banker II at Wells Fargo Bank / Wells Fargo AdvisorsRegional Bank Private Banker II at Wells Fargo Bank / Wells Fargo Advisors

  • Andrew S. Hollenbach

    Andrew S. HollenbachAndrew S. Hollenbach

    Collateral Valuation Analysis at Wells Fargo Home Mortgage and Wells Fargo Bank NACollateral Valuation Analysis at Wells Fargo Home Mortgage and Wells Fargo Bank NA

  • Laxmikanth Chittampally

    Laxmikanth ChittampallyLaxmikanth Chittampally

    Senior Operational Processor at Wells Fargo India Solution PVT Ltd, Wells FargoSenior Operational Processor at Wells Fargo India Solution PVT Ltd, Wells Fargo

  • Mayank Oberoi

    Mayank OberoiMayank Oberoi

    Financial Accounting Associate/ Alteryx SME at Wells Fargo International Solutions Private LTD (Wells Fargo)Financial Accounting Associate/ Alteryx SME at Wells Fargo International Solutions Private LTD (Wells Fargo)

  • TARIQ IQBAL SIDDIQUI

    TARIQ IQBAL SIDDIQUITARIQ IQBAL SIDDIQUI

    Information Systems Analyst /Information Security Analyst at Ministry of Interior (MOI)Information Systems Analyst /Information Security Analyst at Ministry of Interior (MOI)

CREATE PROFILE
Vamshi Yadagiri