Jason R. Hall

Cybersecurity Engineer | Vulnerability, Risk & Compliance Specialist
Email: jsnryhl@gmail.com | LinkedIn: linkedin.com/in/jasonrayhall

Professional Summary

Accomplished Senior Cybersecurity Engineer with over 15 years of experience in risk management, regulatory compliance, and technical implementation across financial services and defense sectors. Proven expertise in cloud security, DevSecOps, and enterprise-scale vulnerability management. Demonstrated success in bridging technology-business communication gaps while delivering measurable security improvements in complex enterprise environments. Dedicated to continuous learning, practice, and professional development to stay ahead of emerging cybersecurity challenges.

Core Competencies

  • Security Frameworks & Standards: NIST CSF (1.1 & 2.0), NIST RMF, NIST 800-53, CIS Controls, DISA STIG, SCAP, ISO 27001, PCI-DSS compliance.
  • Cloud Security & DevSecOps: AWS, Microsoft Azure, CI/CD pipeline security integration, Infrastructure as Code (IaC), container security (Kubernetes, Docker).
  • Security Tools & Platforms: Qualys, Tenable Nessus, Rapid7 / Nexpose, Dome9, Check Point CloudGuard, Splunk Enterprise.
  • Programming & Automation: Python, PowerShell, Bash, JavaScript, T-SQL, API integration, web application security, compliance automation.

Professional Experience

Senior Cybersecurity Engineer

Truist Financial | March 2020 – January 2025

  • Led enterprise-wide asset hardening initiatives, reducing critical vulnerabilities by 40% through automated remediation workflows.
  • Architected and deployed an enterprise-wide vulnerability/configuration compliance management program, scanning 10,000+ assets, continuous monitoring, monthly reporting, risk assessment, and remediation with 95% coverage of all detected enterprise technologies.
  • Established cross-functional security partnerships with IT and business teams, embedding sustainable security practices across 500+ applications.
  • Designed automated compliance assessment tools for CIS Benchmarks and NIST 800-53 controls, improving audit readiness by 75%.
  • Conducted risk assessments for cloud migration projects, ensuring zero security incidents during transitions.
  • Developed comprehensive risk assessment frameworks for internal solutions and third-party SaaS providers, ensuring regulatory compliance.
  • Automated compliance monitoring using Python and PowerShell scripts, reducing manual assessment time by 60%.
  • Mentored junior engineers on cloud security best practices and DevSecOps implementation.
    Key Technologies: AWS, Azure, Qualys (PC, VM, CloudView), Splunk Enterprise, Python, JavaScript, Bash, PowerShell, GitHub, GitLab, Jira, Confluence, ServiceNow (CMDB).

Cybersecurity Engineer

Capital One | January 2012 – March 2020

  • Architected and deployed an enterprise-wide vulnerability/configuration compliance management program, scanning 10,000+ assets, continuous monitoring, monthly reporting, risk assessment, and remediation with 95% coverage of all detected enterprise technologies.
  • Integrated security checks into CI/CD pipelines, reducing deployment security issues by 50%.
  • Designed automated compliance assessment tools for CIS Benchmarks and NIST 800-53 controls, improving audit readiness by 75%.
  • Conducted risk assessments for cloud migration projects, ensuring zero security incidents during transitions.
  • Delivered security training programs to 200+ developers and IT staff on secure coding practices and threat awareness.
    Key Technologies: AWS, Azure, Qualys (PC, VM, CloudView), Splunk Enterprise, Python, JavaScript, Bash, PowerShell, GitHub, GitLab, Jira, Confluence, ServiceNow (CMDB).

Cybersecurity Engineer

Northrop Grumman | September 2008 – January 2012

  • Managed secure Linux and Windows environments for DoD military data systems, maintaining 100% DISA STIG compliance.
  • Implemented configuration baselines for deployment across 50+ military installations nationwide.
  • Executed vulnerability assessments and patch management for mission-critical defense systems.
  • Developed SCAP-compliant security policies, reducing configuration drift by 80%.
    Key Technologies: DISA STIG, SCAP, VMware ESXi, Windows/Linux Servers.

Education

Bachelor of Science, Computer Science
ECPI University | 2004 – 2007

Certifications

  • CompTIA Security+
  • CompTIA Network+
  • Certified Cloud Security Professional (CCSP)
  • Microsoft Certified Professional (MCP, MCTS)

Specialized Training

  • NIST 800-53: Assessing Security and Privacy Controls
  • NIST Risk Management Framework
  • AWS Essential Training
  • Google Cloud Cybersecurity
  • Microsoft Security, Compliance, and Identity Fundamentals
  • ISACA Professional Member / (in progress) Certification Training
    • CISSP (Certified Information Systems Security Professional)
    • CISA (Certified Information Systems Auditor)
    • CISM (Certified Information Security Manager)

Technical Skills Summary

  • Operating Systems: Windows Server, Linux/Unix, Mainframe.
  • Virtualization: VMware ESXi, AWS EC2, Azure VMs.
  • Containerization: Docker, Kubernetes.
  • Web Servers: Microsoft IIS, Apache HTTP, Tomcat.
  • Databases: Oracle, SQL Server, MySQL, PostgreSQL, MongoDB.
  • Network Security: Firewalls, Switches/Routers, IDS/IPS, Virtual/Cloud.
  • Project Management: Jira, Confluence, SharePoint.
  • Version Control: GitHub, GitLab.
  • Collaboration Tools: ServiceNow, Jira, Confluence, SharePoint.

Professional Philosophy

Dedicated to bridging the technology-business communication gap through collaborative security practices. Committed to delivering proactive, adaptive cybersecurity solutions that anticipate emerging threats and evolve with the security landscape. Focused on fostering reciprocal training, awareness, and communicative practices to enhance cross-organizational collaboration.