Joseph Fernandes

Results-driven professional with a strong background in information security and IT support. Seeking a challenging position in a company that values continuous professional development and provides opportunities to leverage my skills to contribute to organizational growth.

Senior Security Analyst - Smith's News

(2021-08)

• Designed and implemented an enterprise information security framework, maintaining secure configuration baselines across systems.
• Managed the full vulnerability management lifecycle, ensuring effective identification, risk-based prioritization, and timely remediation of security vulnerabilities.
• Ensured security best practices were incorporated into business solutions.
• Performed regular audits of controls, user access, and administrative access.
• Coordinated with the patching team to ensure system are updated and compliant.
• Facilitated pen-test activities and managed subsequent remediation efforts.
• Handled change management approvals and provided security-centric solutions.
• Conduct malware analysis.
• Led investigation and management of security incidents following established Incident Response procedures.
• Developed and managed the refinement of IT security policies.
• Authored comprehensive security documentation including standard operating procedures (SOPs) and response playbooks.
• Oversaw antivirus alert monitoring, compliance reporting, and investigation of security incidents to ensure effective threat detection and response.
• Investigate suspicious phish emails that are reported to SOC.
• Conducted threat hunting activities aligned with MITRE ATT&CK framework.
• Designed and executed phishing simulation campaigns to evaluate user susceptibility and strengthen organisational security awareness.
• Contributed to the implementation of the O365 project.
• Played a key role in achieving Cyber Essential Plus certification.
• Stayed up to date with the latest security threats, vulnerabilities, and industry trends to proactively enhance the organization's security posture.
• Worked closely with HR to develop security training modules aimed at improving employee awareness and reducing human-related security risks

Security Lead - Nationwide Building Society

(2019-01 - 2021-08)

• Work independently and collaboratively to meet deadlines and objectives.
• Developed processes, implemented tools, and performed security assessments.
• Provided solutions and recommendations for identified vulnerabilities.
• Managed vulnerabilities through dispensations or risk registers.
• Standardized processes and procedures.
• Offered subject matter expertise in operating systems, networks, and hardware.
• Provided security architect-centric solutions to mitigate risks.
• Conducted technical research and market analysis of vendor solutions.
• Managed change management approvals and split passwords through Cyber ARK.
• Stayed up to date with vulnerabilities, attacks, and countermeasures.
• Conducted network and application vulnerability assessments.
• Analyzed vulnerability results and engaged with technology partners for timely resolutions.
• Implement approaches for addressing vulnerabilities, including patching and infrastructure changes.
• Reported vulnerabilities through bug bounty programs.
• Familiarity with AWS and/or Azure Cloud technology.

Desktop/Network security Analyst - Innovate UK/UKRI

(2014-11 - 2019-01)

• Provided 2nd and 3rd line user and infrastructure support.
• Reviewed and monitored network and server logs, persecurity monitoring and alerting.
• Managed antivirus checks, Windows updates, and conducted vulnerability assessments.
• Performed phishing exercises.
• Temporarily managed a team of 5.
• Administered SharePoint 2013.
• Delivered IT training to new joiners and existing staff.
• Created documentation for different IT Processes.

IT Support Engineer - Buro Happold

(2014-09 - 2014-10)

• Provided 2nd line IT support within service level agreements (SLAs).
• Deployed and imaged new and existing PCs using SCCM.

IT Service Desk Analyst - Great Western Hospital

(2014-04 - 2014-05)

• Provide 1st line IT support to users.
• User Management.

IT Engineer - Stone King Solicitor

(2014-03 - 2014-04)

• Provide 2nd line IT support to users (Software and Hardware).
• User Management.

Technology Administrator - Ernst & Young

(2008-07 - 2014-02)

• Provided 2nd, and 3rd line infrastructure support.
• Delivered IT training to new joiners and existing staff.
• Managed IT asset purchasing and inventory.
• Set up and maintained a test lab for application and security policy testing.

Bachelor of Computer Application - Software programming - University of Goa, India (2007)