Asif Parwez

Bentonville, AR 72712 |

As a highly experienced career technologist, I bring comprehensive expertise in the technology stack
alongside a deep understanding of security controls spanning various levels. With a technology degree and
over 20+ years of hands-on experience across cybersecurity, infrastructure, networking, risk management,
and information technology, I am well-equipped to navigate complex technological landscapes. Eager to
drive business growth securely, I thrive on exploring new platforms and technologies, leveraging my innate
curiosity and passion for learning to identify areas for improvement and develop innovative solutions. With
advanced knowledge of security controls in both virtual and non-virtual environments, I am adept at
navigating regulatory frameworks such as NIST, SOX, PCI, and HIPAA, while also possessing industry
insight into vulnerability identification and risk factor analysis. Worked on
Implementation and migration of Sailpoint IIQ from IBM ISIM. My continual learning mindset ensures I stay
abreast of evolving security technologies, trends, threats, and exploits, enabling me to make informed
decisions and drive effective risk response strategies. Proficient in common development and query
languages, I am capable of building and administering solutions within the tech stack, and I excel in
communication, organization, and teamwork.

Certifications:
1. CompTIA Security+
2. Professional Scrum Master (PSM I)

Core Competencies:
 CompTIA Security+  Application Penetration  Vulnerability Management
 Professional Scrum Master I Testing  Vulnerability Assessment
 OWASP Top 10  Business Intelligence Life  Cyber Security Analyst
 Identity & Access Cycle  Backup & Recovery Strategies
Management  Data Warehousing & ETL Life  End User Training and Support
 Burp Suite Expert Cycle
 Data Analysis | Analytics
 OBIEE Data Governance

Professional Experience
Cybersecurity | Application Security | Penetration Testing | Identity and Access Management, (02/2021 to
till date)
BNSF Railways | DFW, TX

Identity and Access Management (IAM)

 Designed, implemented, and managed Identity and Access Management (IAM) solutions to control
user access and ensure compliance.
 Developed and maintained role-based access control (RBAC) models to streamline user provisioning
and deprovisioning processes.
 Conducted regular access reviews and audits to ensure appropriate access levels and detect any
unauthorized access.
 Implemented multi-factor authentication (MFA) and single sign-on (SSO) solutions to enhance
security and user experience.
 Design and Implementation experience with SailPoint IIQ 5.x,6.x,7.x and knowledge on Identity now
 Actively involved in the implementation of SailPoint Identity IQ. Managed client requirements and
configured SailPoint IIQconnectors.



Continued...
  Collaborated with stakeholders to define and enforce IAM policies, standards, and procedures
aligned with organizational objectives.
Penetration Tester (PT)
 Conducted comprehensive penetration tests on various network infrastructures, applications, and
systems to identify security weaknesses.
 Developed and executed custom scripts and tools to simulate advanced attack scenarios and
exploit vulnerabilities.
 Collaborated with cross-functional teams to remediate identified vulnerabilities and improve
security posture.
 Produced detailed technical reports and executive summaries, providing actionable
recommendations to stakeholders.
 Maintained up-to-date knowledge of emerging threats, attack techniques, and industry best
practices.
 Conducted comprehensive API penetration tests to identify and exploit vulnerabilities in RESTful
and SOAP APIs, ensuring the security and integrity of data exchanges between services.
 Utilized tools such as Postman, Burp Suite, and OWASP ZAP to perform in-depth security
assessments of APIs, uncovering issues such as authentication flaws, improper input validation, and
insufficient rate limiting.
 Proficient in setting up, configuring, and troubleshooting TCP/IP networks, ensuring optimal
performance and security for enterprise-level systems.
 Expert in HTTP/HTTPS protocols and DNS configuration, with hands-on experience in implementing
SSL/TLS certificates to secure communications and managing DNS records for high-availability
websites.
Vulnerability Management (VM)
 Developed and implemented NIST 800-53 compliant security policies and procedures, ensuring
robust protection of sensitive information across multiple systems and platforms.
 Led security control assessments and audits based on NIST 800-53 standards, identifying gaps and
recommending actionable improvements to strengthen overall security posture.
 Coordinated with cross-functional teams to integrate NIST 800-53 security controls into the system
development lifecycle (SDLC), enhancing compliance and risk management efforts.
 Provided training and guidance on NIST 800-53 requirements to IT staff and management, fostering
a culture of security awareness and ensuring adherence to federal and industry standards.
 These points can be tailored further to fit your specific roles and accomplishments related to NIST
800-53.
 Managed the full lifecycle of vulnerability management, from detection to remediation, across
multiple platforms and environments.
 Utilized vulnerability scanning tools such as Burp Suite, Nessus and OpenVAS to identify security
vulnerabilities.
 Prioritized vulnerabilities based on risk assessment and business impact, ensuring timely and
effective remediation efforts.
 Developed and maintained a vulnerability management program, including policies, procedures,
and reporting mechanisms.
 Conducted regular vulnerability assessments and penetration testing to validate the effectiveness
of security controls.
Cloud Cybersecurity (CC):
 Implemented robust security measures for cloud infrastructure, including encryption, identity and
access management (IAM), and network security controls, resulting in a 30% reduction in potential
attack vectors.
 Designed, implemented, and educated on SailPoint build processes, code migration, and source
control use. Documented the IT security and identity management environment to include
processes.
 Developed and enforced cloud security policies and procedures in compliance with industry
standards such as GDPR, HIPAA, and ISO/IEC 27001, ensuring regulatory compliance and enhancing
data protection.
 Conducted regular vulnerability assessments and penetration tests on cloud environments using
tools like AWS Inspector and Azure Security Center, identifying and mitigating security risks before
they could be exploited.
  Designed and deployed automated Cloud Security Posture Management (CSPM) solutions,
continuously monitoring cloud resources for misconfigurations and compliance violations, leading to
a 40% improvement in security posture.
 Led incident response efforts for cloud-based security breaches, performing digital forensics and
root cause analysis to develop and implement effective remediation strategies, minimizing
downtime and data loss.
Incident Response and Mitigation:
 Led and coordinated the response to over 50 security incidents annually, effectively containing
threats, eradicating malicious activities, and ensuring system recovery with minimal downtime.
 Forensic Investigation and Root Cause Analysis:
 Conducted comprehensive digital forensic investigations and root cause analyses to identify the
origins and impacts of security breaches, resulting in enhanced threat detection and prevention
measures.
 Development and Implementation of Response Plans:
 Designed and implemented a robust incident response plan, incorporating regular drills and
tabletop exercises, which improved the organization’s readiness and reduced response times by
30%.
 Threat Intelligence and Monitoring:
 Utilized advanced security tools and threat intelligence platforms to monitor network traffic, identify
vulnerabilities, and preemptively address potential threats, reducing incident rates by 25%.
Data Loss Prevention (DLP)
 Implemented and managed Data Loss Prevention (DLP) solutions to protect sensitive data from
unauthorized access and leakage.
 Developed and enforced DLP policies and rules to monitor, detect, and prevent data breaches and
compliance violations.
 Conducted regular audits and assessments to ensure the effectiveness of DLP controls and
compliance with regulatory requirements.
 Trained employees on data protection best practices and the proper handling of sensitive
information.
 Coordinated with IT and security teams to integrate DLP solutions with existing security
infrastructure and incident response processes.

Walmart | Bentonville, AR
OBIEE Technical Lead / Solution Architect/ Cyber security (01/2011 to 10/2020) (10 years):
 Extensive experience in Oracle Business Intelligence Enterprise Edition (OBIEE), including design,
development, implementation, and maintenance of OBIEE solutions.
 Led multiple end-to-end OBIEE projects from inception to delivery, ensuring alignment with
business objectives, timelines, and budget constraints.
 Skilled in conducting thorough requirements gathering sessions with stakeholders to capture
business needs and translate them into OBIEE reports and dashboards.
 Proficient in setting up, configuring, and troubleshooting TCP/IP networks, ensuring optimal
performance and security for enterprise-level systems.
 Successfully engaged with end users and stakeholders to gather requirements, understand
business needs, and translate them into actionable OBIEE solutions.
 Designed and implemented customized reporting solutions in OBIEE, tailored to meet specific
business requirements.
 Collaborated closely with cross-functional teams, including business analysts, developers, and
project managers, to ensure seamless integration of OBIEE solutions with existing IT infrastructure
and business processes.
 Strong capability in designing comprehensive OBIEE solutions that address business requirements,
enhance data visualization, and provide actionable insights for decision-making.
 Proficient in creating intuitive and visually appealing dashboards and reports in OBIEE to provide
actionable insights for decision-makers.
 Developed and enforced DLP policies and rules to monitor, detect, and prevent data breaches and
compliance violations.
 Conducted regular audits and assessments to ensure the effectiveness of DLP controls and
compliance with regulatory requirements.
 Leading the development and implementation of data governance policies and procedures to
ensure the effective management, protection, and utilization of organizational data assets.
  Implementing measures to maintain data quality and integrity across the organization, including
data profiling, cleansing, and validation processes, to enhance decision-making and operational
efficiency.
 Strong background in Extract, Transform, Load (ETL) development using Oracle Data Integrator
(ODI) or other ETL tools to integrate data from multiple sources into OBIEE.
 Installing, administering and troubleshooting various IAM solutions (Sailpoint IIQ, Thychotic, and
ISIM)
 Deployed several out-of-box SailPoint connectors to connect various client Systems (JDBC, LDAP,
AD etc.)
 Developed and conducted user training sessions to enhance end user adoption of OBIEE reports
and dashboards, empowering them to leverage data-driven insights effectively.
 Experienced in providing operational support for OBIEE environments, including troubleshooting
issues, monitoring system health, and performing routine maintenance tasks.
Great Achievement @Walmart - BI Compliance Project!
 During my tenure, I undertook a pivotal role in conceptualizing and executing the 'BI Compliance'
project, a comprehensive initiative aimed at fortifying Walmart’s adherence to regulatory
requirements and industry standards. At the outset, I collaborated closely with stakeholders across
departments to meticulously define project objectives and establish key performance indicators
(KPIs) aligned with our compliance goals. Leveraging OBIEE (Business Intelligence) tool and
methodologies, I orchestrated the design and implementation of innovative data-driven solutions
tailored to address our specific compliance needs.
 Central to the project was my adept utilization of data analysis techniques to dissect complex
datasets, identify patterns, and extract actionable insights critical for informed decision-making.
Through rigorous reporting and visualization techniques, I transformed raw data into intuitive
dashboards and reports, empowering stakeholders at all levels with the information needed to
navigate compliance challenges effectively. Furthermore, I led comprehensive training sessions to
ensure seamless adoption of the new compliance processes and tools across the organization.
 The successful execution of the 'BI Compliance' project yielded tangible results, including
heightened regulatory compliance, streamlined processes, and mitigated risks. By championing a
culture of data-driven decision-making, I facilitated enhanced operational efficiency and positioned
the organization for sustained compliance excellence amidst evolving regulatory landscapes. My
leadership and expertise in business intelligence played an instrumental role in driving the project's
success, ultimately contributing to the overall advancement of the organization's strategic
objectives.

Haemonetics | Braintree, MA
ETL Tech. Lead | OBIEE Developer, (03/2010 to 12/2010)

Cardinal Health | Columbus, OH

Clarify CRM Application Owner, Team Lead and Production Support, (01/2007 to 06/2010)

Sprint PCS | Overland Park, KS

Clarify CRM Software Developer, (03/2001 to 06/2006)

Education:
MS: Computer Science | Jamia Millia Islamia, Central University, New Delhi, INDIA
BS: Mathematics | Jamia Millia Islamia, Central University, New Delhi, INDIA
Professional Development
 Certified: CompTIA Security+
 Certified: Professional Scrum Master I
 Dale Carnegie Training @Walmart