Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Gary Rich

San Diego,CA

Summary

Security engineering leader specializing in designing and scaling Continuous Threat Exposure Management (CTEM) programs across cloud infrastructure, application, container, and endpoint environments. Proven experience consolidating security detection sources into unified exposure intelligence platforms and building automation pipelines using Python, Tines, Apache Airflow, and data engineering workflows. Deep expertise with Wiz CNAPP, Tenable SecurityCenter, and application security scanning platforms, enabling prioritized remediation and measurable risk reduction. Experienced operating in highly regulated environments aligned with NIST 800-53, HIPAA, HITRUST, SOC 2, PCI DSS, and ISO 27001.

Overview

13
13
years of professional experience
1
1
Certification

Work History

Staff Security Engineer

Reltio
San Diego, CA
01.2022 - Current
  • Designed and operationalized a company-wide exposure management program aligned with the Continuous Threat Exposure Management (CTEM) methodology, consolidating vulnerability intelligence across cloud infrastructure, application code, containers, and endpoint environments.
  • Architected a centralized exposure intelligence pipeline integrating Wiz CNAPP, Wiz Code, Cycode, SonarQube, Tenable, and SentinelOne, providing unified visibility into infrastructure vulnerabilities, application security findings, and misconfigurations across 20,000+ assets.
  • Engineered automated vulnerability/risk ingestion, enrichment, and triage workflows using Python, Tines, Apache Airflow, and BigQuery, enabling scalable onboarding of security detection sources beyond native vendor integrations.
  • Built exposure dashboards consolidating findings from infrastructure, application security, and cloud scanning platforms to provide prioritized remediation guidance for engineering teams and leadership.
  • Implemented a CTEM-driven exposure lifecycle including discovery, prioritization, validation, and remediation tracking, enabling continuous reduction of the organizational attack surface.
  • Reduced critical cloud misconfigurations by 40% through automation-driven remediation workflows and continuous exposure monitoring.
  • Integrated application security findings (SAST/SCA) and infrastructure vulnerabilities into centralized exposure reporting to improve cross-team remediation coordination.
  • Embedded vulnerability detection into CI/CD pipelines and infrastructure provisioning workflows, aligning exposure management with secure SDLC practices.
  • Implemented Wiz CNAPP across multi-cloud environments, dramatically improving visibility into misconfigurations, runtime exposure risks, and container vulnerabilities.
  • Developed automation frameworks to correlate vulnerability telemetry with asset context, exploit intelligence, and business risk indicators.
  • Mentored engineers and provided hands-on technical leadership in security automation, exposure analytics, and detection engineering.

Manager, Security Control Effectiveness

LexisNexis Risk Solutions
San Diego, CA
01.2020 - 01.2022
  • Led initiatives to improve enterprise exposure visibility and security control validation across regulated healthcare and financial environments.
  • Built automated compliance validation pipelines using Python and JAMF aligned with CIS benchmarks and regulatory control frameworks.
  • Consolidated security telemetry across endpoint protection, vulnerability scanning, and cloud security platforms to support unified exposure reporting.
  • Implemented continuous monitoring of security controls aligned with ISO 27001, SOC 2, and HIPAA requirements.
  • Developed enterprise security reporting integrating vulnerability telemetry with threat intelligence to improve remediation prioritization.
  • Improved detection capabilities through advanced SIEM analytics and correlation of security telemetry.

Senior Security Engineer

ID Analytics
San Diego, CA
01.2019 - 01.2020
  • Focused on enterprise vulnerability lifecycle management and cloud security architecture.
  • Managed vulnerability detection and remediation processes across hybrid infrastructure environments.
  • Implemented vulnerability scanning, CSPM, and endpoint telemetry integration to improve exposure visibility.
  • Conducted security architecture reviews for cloud-native and containerized environments.
  • Supported regulatory compliance initiatives including SOC 2 and ISO 27001 through implementation of security controls and exposure monitoring.

Manager, Security Engineering

ODME Solutions, LLC
San Diego, CA
01.2017 - 01.2019
  • Led security engineering initiatives supporting DoD systems operating under NIST 800-53 accreditation requirements.
  • Established and operationalized the vulnerability management capability for accredited environments using Tenable SecurityCenter, defining scanning cadence, remediation workflows, and POA&M integration.
  • Implemented Checkmarx application security scanning within development pipelines to identify code vulnerabilities and support secure SDLC practices.
  • Owned continuous vulnerability detection and remediation guidance across infrastructure and application environments aligned with NIST 800-53 continuous monitoring (CA-7) and vulnerability management (RA-5) requirements.
  • Led a team of engineers delivering six concurrent DoD Authority-to-Operate (ATO) programs, implementing and validating security controls across tactical systems.
  • Architected secure infrastructure-as-code standards using Terraform, Ansible, and CloudFormation.
  • Hardened Kubernetes, Docker, and OpenShift platforms supporting mission-critical DoD systems.

Security Engineer

ID Analytics
San Diego, CA
01.2013 - 01.2017
  • Built foundational enterprise security capabilities across detection, vulnerability management, and compliance.
  • Managed SIEM, endpoint protection, and network security platforms across enterprise infrastructure.
  • Conducted vulnerability assessments and security risk reviews for cloud and application environments.
  • Acted as liaison with auditors and regulatory stakeholders during security compliance reviews.
  • Implemented security monitoring improvements to strengthen enterprise threat detection capabilities.

Education

Bachelor of Science - Information Systems Security

University of Phoenix
San Diego, CA
10.2013

Skills

Exposure Management & Security Platforms
Wiz (CNAPP / Wiz Code), Tenable SecurityCenter, Cycode, SonarQube, Checkmarx, SentinelOne
Automation & Engineering
Python, Tines, Apache Airflow, Bash
Cloud & Container Security
AWS, Azure, GCP, Kubernetes, Docker
Security Analytics & Data Platforms
BigQuery, Snowflake, Looker Studio, Splunk, Google Chronicle, Cribl
Infrastructure & Automation
Terraform, Ansible, CloudFormation
Security Frameworks
NIST 800-53, NIST CSF, ISO 27001, SOC 2, HIPAA, HITRUST, PCI DSS

Certification

  • GIAC Security Essentials (GSEC)
  • GIAC Certified UNIX Security Administrator (GCUX)
  • SANS SEC504 — Hacker Tools, Techniques, and Incident Handling
  • SANS FOR578 — Cyber Threat Intelligence
  • Former Top Secret Clearance

Timeline

Staff Security Engineer

Reltio
01.2022 - Current

Manager, Security Control Effectiveness

LexisNexis Risk Solutions
01.2020 - 01.2022

Senior Security Engineer

ID Analytics
01.2019 - 01.2020

Manager, Security Engineering

ODME Solutions, LLC
01.2017 - 01.2019

Security Engineer

ID Analytics
01.2013 - 01.2017

Bachelor of Science - Information Systems Security

University of Phoenix
Gary Rich