Kyle A Waters

1** F***** Ct · New Castle, DE 19720 · (267) 318-4121 · kylewaters22@gmail.com

Security Engineer with 6+ years of experience in vulnerability management, regulatory compliance, Internal/External auditing (Sox, Soc1, Soc2) and security risk management. Expertise in using RSAM, RSA ARCHER, Qualys, and other security tools to align security architecture with operational goals. Strong communicator with a talent for cultivating trust and confidence across all levels of a complex organization.

As a cybersecurity professional with a deep understanding of Agile methodology, I consistently demonstrate my ability to embrace iterative and collaborative approaches to secure software development. I excel in working within cross-functional teams, actively participating in daily stand-ups, sprint planning, and retrospectives. With my strong grasp of Agile principles, I prioritize customer satisfaction and continuously seek feedback to drive incremental security improvements. I thrive in fast-paced environments, swiftly adapting to changing security requirements and effectively breaking down complex tasks into manageable user stories. Leveraging my expertise in Agile development practices such as Scrum or Kanban, I ensure the efficient delivery of high-quality, secure software, promoting transparency, teamwork, and continuous delivery. My track record of successful Agile projects, where I deliver value-driven, secure solutions on time, showcases my proficiency in Agile methodology as a cybersecurity professional.

My cloud security skills are a solid foundation for my future growth. I have a keen understanding of cloud infrastructure, including essential concepts such as Identity and Access Management (IAM), data encryption, and security configurations. I am proficient in working with major cloud providers like AWS, Azure, and I can analyze system vulnerabilities, mitigating risks, and respond to security incidents within a cloud-based environment. My knowledge of compliance standards and frameworks, such as GDPR and ISO 27001, further highlights my comprehensive approach to cloud security.

Experience

VM Response Analyst

JPMChase

As a Vulnerability Management Response Analyst, I work directly with all Line of Business App Teams, Subject matter experts, Production Management Teams, Product Owners, Senior Technology Management, and Risk and Control functions on.

  • Executes creative security solutions, design, development, and technical troubleshooting with ability to think beyond routine or conventional approaches to build solutions or break down technical problems.
  • Minimizes security vulnerabilities by following industry insights and governmental regulations to continuously evolve security protocols, including creating processes to determine the effectiveness of current controls.
  • Work with stakeholders and business leaders to understand security needs and recommend business modifications during periods of vulnerability.
  • Conducts discovery,vulnerability, penetration testing,and threat scenarios on multiple organizational assets to identify and assess if vulnerabilities are present and executes threat modeling for multiple applications including external applications interacting with the internal JPMC network.

Projects

  • Created mini projects for pipelining the VM team current tools to be use via automation.
  • Created a python roadmap for multi tool integration. The tool will allow Analyst with no access to retrieve data with out gaps.
August 2022 - Present

VM Remediation Analyst

JPMChase

Cybersecurity Vulnerability Management Remediation Team is responsible for leading the remediation of externally and internally identified critical vulnerabilities impacting JPMorgan Chase applications and/or infrastructure components. This function is performed globally and at the scale of which JPMC operates by collaborating with business and technical partners to remediate internal/external risk by leading efforts focused on resolving systemic vulnerabilities, notifying, and coordinating remediation efforts with various Lines of Business to produce the most effective process within the firm. My position on the Remediation team’s actions is driven based on the criticality of the vulnerability by balancing risk and the ability for our Line of Business partner to service their clients and customers globally.

  • Foundational knowledge of cybersecurity organization practices, risk management processes and principles.
  • Manage remediation activities ensuring appropriate, timely and complete resolution.
  • Communicate technology findings with leadership and Line of Business key stakeholders and provide accurate remediation metrics and management reports on a timely basis.
  • Strong deductive reasoning, critical thinking, problem solving, and prioritization skills.

Projects

  • Enhance our vulnerability management tool (CWS) by migrating it over to FARM for more efficient functionally .
  • After migrating to FARM, I created an internal vulnerability website that allowed the firm's product owners and application owners to remediate their findings without having to search the internet for remediation details.
Jan 2020 - August 2022

Security Engineer

Aqua America

Fulfilled an aggressive role as Security Engineer by leading security risk assessments and monitoring the Information Technology and Operational Technology environments with a focus on documenting risks in a risk register. I was also responsible for the identification of weaknesses and gaps in the security program as they relate to the security, privacy, and resiliency of the technology environment, and develop and document risk treatment plans that balance security risks while not negatively impacting efficiency or innovation.

Further, monitor compliance with security configuration standards for the IT servers, software and networking platforms based on CIS Benchmarks and provide Sarbanes-Oxley Section 404 compliance related to project management, change management and security. As a Security Engineer, I was assigned with defining metrics to assess the success of the security program and provide regular reports to security and business leadership. While implementing and maintaining controls for compliance and privacy. Our role also was a liaison to internal and external audit teams as needed.

    Projects

  • Leveraged leadership to train other employees on security awareness by creating and executing security awareness runbooks and monthly simulated phishing exercises .
Nov 2018 - December 2019

Information Security Specialist

Children's Hospital of Philadelphia

As an Information security Specialist, I Participate in all phases of the SDLC and project life cycles as needed for corporate initiatives - design, build and operate ensuring security policy and procedures, and control/compliance frameworks and security best practices are implemented and followed. Additionally, developed and implemented corporate-wide security measures such as systematic maintenance, strong password configuration, backup plans, remote software and monitoring access points. I met the challenges of reviewing and analyzing existing security procedures and recommended new technologies and/or policy modifications to upper management to facilitate increased efficiency and security. .

  • I compiled due diligence and competitive analysis reports from various sources and submitted them to the CISO.
  • I served as the main point of contact for evaluating security tools from vendors within the CHOP environment.
  • Communicate technology findings with leadership and Line of Business key stakeholders and provide accurate remediation metrics and management reports on a timely basis.
  • I served as the Subject Matter Expert for internal and external auditing.

Projects

  • I coordinated with PWC for our yearly audits. I aligned all internal business partners with collecting and reviewing documentation .
  • I conducted audits of external vendors using SOX, SOC 1, and SOC 2 methodologies and provided remediation guidance.
June 2013 - November 2018

Education

Penn State University

Master of Science - Information Science
January 2014 - December 2018

Penn State University

Bachelor of Science - Business Marketing
Business Marketing
January 2006 - December 2009

Certifications

AWS
AWS Devop
Azure
CASP
Cysa
CISM
Cobit5
itilv4
six sigma
Rapid7

Skills

Programming Languages & Tools

Interests

In addition to working as a Cyber Security Engineer, I relish spending time outdoors, mainly due to my two sons. Both of them are active in youth sports, which makes me a coach, and mentor for 10 months each year. Our family also includes two rescue dogs, so you can only imagine the lively atmosphere in our home on a daily basis! Similar to many fathers, I have a teenage daughter who I typically see during dinner and car rides to various places. As such, one of my favorite pastimes is playfully intruding into her space and dancing around her friends to engage with her.

When confined indoors, I enjoy watching a variety of shows on HGTV as well as comedy movies and television series.I dedicate a portion of my free time to staying updated on the latest advancements in front-end web development, cybersecurity, AI/ML, and the cloud computing world.

})