Profiles search
Jarrod Petrovics, CISSP
Director of Information Security at Tilled
Birmingham, AL, United States
Details
Experience:
Head of Information Security and IT
2021 : Present
Tilled
Director of Information Security
First security engineer hired at Shipt, Inc.; a wholly owned independent subsidiary of Target Stores, Inc. Built and developed Shipt's information security program and team.
• Established and championed a risk-based approach to information security that empowered the company to maintain their existing trust-centric culture and continue moving at a ‘start-up pace’ post-acquisition during a time of incredible growth and a nation-wide expansion.
• Served as functional CISO by leading and representing the technology organization on all matters concerning information security while also serving in a heavily technical role as lead engineer and architect.
• Successfully led Shipt to level 1 PCI Compliance and unqualified (no material findings) SOC-2 Type-2 report within the first 2 years of the program’s inception and annually thereafter.
• Developed, deployed, and/or managed the deployment of all technical security controls and operational tooling throughout Shipt’s office networks, end-user devices, application delivery pipelines, and enterprise-level cloud infrastructure.
• Transformed Shipt’s manual access provisioning process into an automated, HR-driven, end-to-end user lifecycle management system; streamlining the enforcement of least-privilege principles and role-based access control based on user data in Shipt’s HR Management System.
• Designed and developed a cross-functional third-party risk management team with Shipt’s legal team and architected the procedure for assessing third party vendor risk internally.
• Overhauled Shipt’s existing bug bounty program (HackerOne) from a small private program to a mature and fully public program; increasing participation and valid security bug findings by over 200% while maintaining all report response SLAs.
• Built Shipt’s dynamic perimeter enumeration and vulnerability scanning automation.
• Partnered with back-end engineering to design and develop Shipt’s internal fraud automation service.
2020 : 2021
Shipt
Director of Information Security
2019 : 2020
Shipt
Lead Security Engineer
2018 : 2019
Shipt
Sr. Security Engineer
Served as team-lead and sr. engineer on a team of 5 application security and vulnerability management engineers that provided proactive and reactive cyber threat intelligence services to protect Regions' public-facing and internal infrastructure, mobile and web applications, data, and brand reputation.
Primary responsibilities include :
• Conduct vulnerability assessments and penetration testing on internal and external facing networks, systems and applications using tools such as Rapid7 Nexpose, Tripwire, HP Fortity/Webinspect, Metasploit, Burp Suite Enterprise, NMAP, SQL Map, and other Kali Linux distro tools.
• Provide threat identification and analysis by monitoring for relevant risks like malicious code, vulnerabilities or attacks and by reviewing potential and current threats in a large enterprise environment.
• Create detailed risk assessment reports that explain identified security weaknesses, describe potential business risks, present prioritized recommendations, and estimate effort levels for remediation.
• Provide technical proof of concepts (POCs) to demonstrate attack exploitability, complexity, and over-all risk of potential vulnerabilities in the context of Regions’ environment.
• Assist in the evaluation, development, and implementation of emerging data access control technologies.
• Contribute to the ongoing enhancement of the company’s vulnerability assessment capabilities through the architecture and development of improved methodology, processes, infrastructure, tools, and deliverables.
• Present and clearly communicate findings and recommendations to senior management, business stakeholders, security team members, and IT resources.
• Leverage Python, VB, and Ruby scripting to improve and automate vulnerability management and life-cycle tracking processes.
• Implement and support key, high-profile cyber security related activities and projects including enterprise exercise, education and awareness programs.
2016 : 2018
Regions Bank
Sr. Information Security Engineer - Team Lead : Vulnerability Management and Penetration Testing
2021 : Present
Tilled
Director of Information Security
First security engineer hired at Shipt, Inc.; a wholly owned independent subsidiary of Target Stores, Inc. Built and developed Shipt's information security program and team.
• Established and championed a risk-based approach to information security that empowered the company to maintain their existing trust-centric culture and continue moving at a ‘start-up pace’ post-acquisition during a time of incredible growth and a nation-wide expansion.
• Served as functional CISO by leading and representing the technology organization on all matters concerning information security while also serving in a heavily technical role as lead engineer and architect.
• Successfully led Shipt to level 1 PCI Compliance and unqualified (no material findings) SOC-2 Type-2 report within the first 2 years of the program’s inception and annually thereafter.
• Developed, deployed, and/or managed the deployment of all technical security controls and operational tooling throughout Shipt’s office networks, end-user devices, application delivery pipelines, and enterprise-level cloud infrastructure.
• Transformed Shipt’s manual access provisioning process into an automated, HR-driven, end-to-end user lifecycle management system; streamlining the enforcement of least-privilege principles and role-based access control based on user data in Shipt’s HR Management System.
• Designed and developed a cross-functional third-party risk management team with Shipt’s legal team and architected the procedure for assessing third party vendor risk internally.
• Overhauled Shipt’s existing bug bounty program (HackerOne) from a small private program to a mature and fully public program; increasing participation and valid security bug findings by over 200% while maintaining all report response SLAs.
• Built Shipt’s dynamic perimeter enumeration and vulnerability scanning automation.
• Partnered with back-end engineering to design and develop Shipt’s internal fraud automation service.
2020 : 2021
Shipt
Director of Information Security
2019 : 2020
Shipt
Lead Security Engineer
2018 : 2019
Shipt
Sr. Security Engineer
Served as team-lead and sr. engineer on a team of 5 application security and vulnerability management engineers that provided proactive and reactive cyber threat intelligence services to protect Regions' public-facing and internal infrastructure, mobile and web applications, data, and brand reputation.
Primary responsibilities include :
• Conduct vulnerability assessments and penetration testing on internal and external facing networks, systems and applications using tools such as Rapid7 Nexpose, Tripwire, HP Fortity/Webinspect, Metasploit, Burp Suite Enterprise, NMAP, SQL Map, and other Kali Linux distro tools.
• Provide threat identification and analysis by monitoring for relevant risks like malicious code, vulnerabilities or attacks and by reviewing potential and current threats in a large enterprise environment.
• Create detailed risk assessment reports that explain identified security weaknesses, describe potential business risks, present prioritized recommendations, and estimate effort levels for remediation.
• Provide technical proof of concepts (POCs) to demonstrate attack exploitability, complexity, and over-all risk of potential vulnerabilities in the context of Regions’ environment.
• Assist in the evaluation, development, and implementation of emerging data access control technologies.
• Contribute to the ongoing enhancement of the company’s vulnerability assessment capabilities through the architecture and development of improved methodology, processes, infrastructure, tools, and deliverables.
• Present and clearly communicate findings and recommendations to senior management, business stakeholders, security team members, and IT resources.
• Leverage Python, VB, and Ruby scripting to improve and automate vulnerability management and life-cycle tracking processes.
• Implement and support key, high-profile cyber security related activities and projects including enterprise exercise, education and awareness programs.
2016 : 2018
Regions Bank
Sr. Information Security Engineer - Team Lead : Vulnerability Management and Penetration Testing
Company:
Tilled
About
• Certified Information Systems Security Professional (CISSP) - ISC2
• Certified Network Vulnerability Assessment Professional (CNVP) - CompTIA
• Certified Ethical Hacker (C|EH) - EC-Council
* Certified Blockchain Security Professional (CBSP) - Blockchain Training Alliance
• PenTest+ | CE Certification - CompTIA
• Security+ | CE Certification - CompTIA
• Certified Cyber Security Architect (CCSA)
* Okta Certified Administrator, Professional
• SumoLogic Certified - Security Analytics & Monitoring
• AlienVault Certified Security Engineer (AVSE) - AT&T Cyber Security
• Microsoft Certified Professional (MCP)
Profile Photo
