Summary
Overview
Work History
Education
Skills
Certification
Accomplishments
Timeline
Generic

Chaitanya Kumar Yandrathi

Memphis

Summary

Dynamic Senior SOC Analyst at Cigna with expertise in automating IaC security checks and implementing secure CI/CD pipelines. Proven track record in enhancing compliance readiness and stakeholder engagement. Skilled in Terraform and risk management, driving significant improvements in security posture and operational efficiency.

Overview

9
9
years of professional experience
1
1
Certification

Work History

Senior SOC Analyst

Cigna
Memphis
11.2023 - Current
  • Developed policy-as-code templates and automated IaC security checks using Terraform and Python.
  • Implemented secure CI/CD pipelines with integrated vulnerability scanning and secrets management.
  • Conducted stakeholder sessions on DevSecOps enablement and compliance readiness.
  • Embedded security controls into DevOps pipelines using tools like SonarQube and Snyk.
  • Built and enforced Terraform modules for compliant AWS resource provisioning (VPC, IAM, S3, RDS).
  • Developed automated secrets management with Vault and AWS KMS to reduce key exposure risk.
  • Collaborated with application teams to adopt secure coding guidelines and remediate OWASP Top 10 findings.
  • Introduced infrastructure vulnerability scanning and integrated with Jira for remediation tracking.

Security Analyst

Charter Communnications
Stamford
04.2022 - 11.2023
  • Delivered security consulting for development teams to embed secure coding practices and integrate threat modeling into design phases.
  • Partnered with GRC to align technical controls with enterprise risk frameworks and regulatory requirements.
  • Conducted technical risk assessments and internal audits across hybrid cloud and on-prem infrastructure.
  • Evaluated and improved controls aligned with HIPAA and HITRUST CSF, ensuring continuous readiness for audits.
  • Streamlined third-party vendor risk assessment processes, cutting review cycles by 30%.
  • Created client-facing security artifacts and responses for HIPAA and SOC2 due diligence questionnaires.
  • Supported implementation of SecureFrame for GRC automation and evidence collection.

Penetration Tester

Wells Fargo
Dallas
03.2019 - 12.2021
  • Executed comprehensive penetration tests on applications, network devices, and cloud infrastructures to identify vulnerabilities.
  • Designed and conducted simulated social engineering attacks to evaluate resilience against human-targeted threats.
  • Developed automated testing methodologies to enhance efficiency of penetration testing processes.
  • Performed comprehensive vulnerability assessments by leveraging advanced tools and techniques to identify security gaps, including open port scans and weak password detection.
  • Delivered detailed vulnerability reports with actionable recommendations to system owners, enhancing overall cybersecurity posture.

Data Analyst

S&P Global
Hyderabad
09.2016 - 03.2019
  • Ensured SQL server instances are configured optimally and performed regular maintenance tasks including patches and upgrades.
  • Managed User roles and permissions to ensure only authorized people can access the database.
  • Designed and implemented backup strategies and recovery plans to both avoid data loss and restore quickly in case of disasters.
  • Implemented high availability and minimized downtime by enabling clustering, replication and utilizing availability groups.

Education

Masters - Mobile Computing

Christian Brothers University
Memphis, TN
01-2023

Skills

  • Cybersecurity Strategy & Governance
  • Risk & Compliance (GRC)
  • Risk Management
  • Threat Modeling
  • Zero Trust Architecture
  • Policy & Controls
  • Security Governance
  • Audit Readiness
  • SIEM/EDR
  • Splunk
  • QRadar
  • SentinelOne
  • CrowdStrike
  • Third-Party Risk
  • Vendor Assessments
  • Due Diligence
  • Security Awareness
  • Leadership
  • Team Building
  • Mentorship
  • Stakeholder Engagement
  • Identity & Access Management
  • Okta
  • CyberArk
  • SailPoint
  • Security Policy as Code
  • Compliance Automation
  • SOC2
  • SOX
  • Security Monitoring
  • Incident Response
  • XDR
  • Threat Intelligence
  • Secure SDLC
  • Secure Coding
  • SAST
  • DAST
  • SCA
  • Checkmarx
  • SonarQube
  • Trivy
  • Cloud Security Architecture
  • AWS
  • Azure
  • GCP
  • IaC Security
  • Zero Trust Framework
  • IAM
  • PAM
  • SSO
  • RBAC
  • MFA
  • Security Governance & Compliance
  • NIST
  • ISO 27001
  • PCI-DSS
  • HIPAA
  • HITRUST
  • DevSecOps
  • CI/CD Security Integration
  • IaC
  • Terraform
  • LLM/GenAI Risk Governance
  • Security Automation
  • Python
  • Bash
  • PowerShell

Certification

  • CISM, Certified Information Security Manager
  • CISSP, Certified Information Systems Security Professional, In Progress

Accomplishments

  • Improved audit readiness score from 68% to 92% within 6 months.
  • Reduced cloud security vulnerabilities by 60% through automated security policy enforcement and compliance monitoring.
  • Led a large-scale cloud security transformation that improved compliance and reduced security risks by 40%.
  • Implemented a Zero Trust security model, enhancing network security and reducing unauthorized access risks.
  • Designed and implemented policy-as-code frameworks using Terraform and scripting (Python), ensuring consistent enforcement of security standards across cloud and hybrid environments.
  • Integrated security controls into CI/CD pipelines (SAST, DAST, SCA), enhancing SDLC security posture and reducing risk of release vulnerabilities.
  • Built and enforced policy-as-code frameworks, aligning with NIST 800-53 and ISO 27001.
  • Developed and maintained security design patterns and best practices documentation for DevOps and development teams.
  • Provided security architecture guidance to product and engineering teams, aligning with NIST, ISO 27001, and Cybersecurity directives.
  • Served as a primary security liaison during client security assessments and audits; authored detailed security responses for RFPs and due diligence reviews.
  • Mentored junior engineers in secure coding, DevSecOps practices, and risk-based decision-making.

Timeline

Senior SOC Analyst

Cigna
11.2023 - Current

Security Analyst

Charter Communnications
04.2022 - 11.2023

Penetration Tester

Wells Fargo
03.2019 - 12.2021

Data Analyst

S&P Global
09.2016 - 03.2019

Masters - Mobile Computing

Christian Brothers University

Similar Profiles

CREATE PROFILE
Chaitanya Kumar Yandrathi