Jose Obando

Feb 2023 - Present

SVP, Cloud Incident Response Technical Program Manager

• Lead the Cloud Incident Response Tech Program, defining the strategic roadmap for Citi’s global hybrid cloud while serving as the active Lead Incident Responder for North America.
• I bridge the gap between executive strategy and technical ground truth, ensuring that detection capabilities scale at the speed of the cloud.
• Runbooks as Code (Jupyter): Architected interactive incident response playbooks using Jupyter Notebooks, enabling responders to execute Python-based containment scripts and live data analysis directly within the investigation flow.
• AI Security Strategy: Led the technical evaluation of emerging AI SaaS platforms, identifying critical detective signals and defining the log ingestion patterns required to safely onboard GenAI tools into the SOC monitoring ecosystem.
• Program Strategy & Architecture: Executed the "Detection as Code" strategy, shifting from reactive manual processes to proactive, CI/CD-driven threat detection pipelines aligned with the MITRE ATT&CK framework.
• Operational Leadership: Orchestrate technical response for high-severity incidents across AWS, GCP, and Azure, leading cross-functional engineering teams through containment and eradication.
• Stakeholder Management: Translated complex technical incident data into clear business context for the CISO and senior stakeholders, ensuring executive alignment on security risks and investments.

May 2019 - Feb 2023

Senior Security Consultant

• Delivered comprehensive cloud security consulting for global financial clients, with a focus on security compliance, risk management, and governance across AWS environments.
• Developed incident response automation solutions, leveraging AWS tools (AWS Config, IAM, CloudTrail) to enhance security posture and reduce manual intervention.
• Published three high-impact security articles with an average monthly viewership exceeding 700 and co-hosted the AWS LATAM Security Podcast, reaching 90,000+ listeners across 42 countries.
• Led the “Security Area of Depth” mentorship program, training over 10 consultants in advanced AWS security practices.
• Integrated third-party vendor solutions into client environments using AWS Lambda and REST APIs, enabling custom auditing solutions tailored to client needs.
• Maintained AWS Rule Development Kit (RDK) and trained Peers and customers on its implementation.
• Volunteered for AWS Zipline (Incident Response Team) and Amazon Security Certifier Program (Internal Security program)

Apr 2018 - May 2019

Information Security Architect

• Automated compliance and evidence gathering using Python and APIs.
• Designed a custom Python solution leveraging FireEye, xMatters, and ServiceNow APIs to fully automate ticket creation and engineer paging, reducing mean time to acknowledge (MTTA).
• Coordinated Governance and Compliance Audits throughout different company branches for regulatory requirements including PCI DSS.

Oct 2017 - Apr 2018

Professional Services Engineer

• Policy Optimization: Engineered scalable frameworks for a global automobile manufacturer to automate firewall policy analysis, drastically reducing rule bloat.
• Vulnerability Management: Identified and remediated critical visibility gaps during complex network re-architectures.

Jan 2015 - Oct 2017

Senior System Security Engineer

• Infrastructure Automation: Deployed Firemon and Tufin to audit security policies, using Bash scripts and APIs to automate rule recertification.
• Global Perimeter Security: Managed the firewall estate (Palo Alto, Checkpoint, Cisco) for 40+ sites worldwide.

Jan 2014 - Jan 2015

Network Engineer

• Focused on the packet-level fundamentals of network security. provided deep-dive engineering support for complex Cisco security architectures.
• Perimeter Security: Configured and troubleshot Cisco ASA firewalls, Zone-Based Firewalls, and Site-to-Site VPNs for enterprise clients.
• Intrusion Detection: Managed IPS/IDS signatures and tuning to block active network threats.
• Access Control: implemented RADIUS authentication and strict ACLs to enforce network segmentation.

Dec 2011 - May 2013

IT Operations & Support

Oversaw identity management and role-based access control (RBAC) for employees and contractors.