Cloud Security Engineer
2022 - 2022Hospitality Digital GmbH - Main Hospitality Digital GmbH- Performed a security gap analysis for the CI/CD process and procedure.
- Reviewed Kubernetes container security scanning, performing DAST, SAST, API security, and SCA.
- Created a playbook to support an incident response and requirement definition for SIEM deployment.
- Created a playbook and requirement definition for an IDS deployment and GCP Security Center.
Technologies: Google Cloud Platform (GCP), Application Security, Single Sign-on (SSO), SAML, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), APIs, Open Source, Incident Response, Containerization, Kubernetes, Secure Containers, SonarQube, SIEMSecurity Operations Engineer (Hourly/PT/FT)
2021 - 2022Anjuna - Main- Deployed and managed Okta, an Identity management service for clients which provided a trusted platform to secure identity with SSO, multi-factor authentication, lifecycle management, and Identity governance.
- Configured SSO on applications using Okta identity management.
- Reviewed security gaps with client infrastructure and provided a guideline for compliance.
Technologies: Python, Identity & Access Management (IAM), Okta, Single Sign-on (SSO), Authentication, Identity, SAML, SAML-auth, OAuth 2Security Engineer | Analyst
2021 - 2021ASU Pocket - Main- Reviewed the architecture of applications/systems deployed within the client infrastructure for security flaws.
- Managed the proof of concept for multiple system engineering deployment efforts with the university infrastructure.
- Was the subject matter expert on incident response issues affecting the university infrastructure.
Technologies: Amazon Web Services (AWS), Automation, AWS, Antivirus SoftwareSenior Cloud Security DevOps
2021 - 2021Digital Swiss Gold- Migrated applications and created mobile apps in Azure.
- Deployed Web Application Firewall (WAF), Microsoft Defender for Identity, Sentinel, Azure Security Center, Virtual Private Cloud (VPC), security groups, and subscription.
- Reviewed Federal Information Security Management Act (FISMA) compliance requirements—NIST SP 800-53 and PCI. Run security scans to determine the security vulnerabilities with the network.
Technologies: Amazon CloudFront CDN, Amazon Web Services (AWS), Azure, Azure VDI, Web Application Firewall (WAF), SEIM, Azure Security, Web Applications, Azure Application Gateway, Endpoint SecuritySenior Cloud Security Engineer
2020 - 2021ShorePoint- Reviewed security concepts and the architecture of applications and systems deployed with the infrastructure.
- Developed and reviewed functional requirements with end-users to determine if the systems met defined standards (NIST, SOX, and ISO 27001) and proposed enhancements.
- Supported evidence collection regarding various SEC compliance frameworks, such as NIST and ISO 27001.
- Updated changes within Firewall (Palo Alto and Juniper), WAF, and the IPS system (Firepower).
- Monitored the daily performance of networking systems, servers, and cloud application infrastructure with SolarWinds and Nagios.
- Implemented and configured DevSecOps tools, such as Git, GitHub, and Jenkins. Used a Python script to automate the infrastructure resource and monitoring and serverless and container infrastructure deployment with Python.
- Managed security alerts and reports from Prisma, AWS Cloud, Azure Security Center CloudWatch, and CloudTrail. Used AWS GuardDuty, Amazon Inspector, Amazon Macie, AWS Config, and Aqua Security (container security).
Technologies: Linux, Windows, Firewalls, Intrusion Prevention Systems (IPS), DevSecOps, Cloud Security, AWS, Application Security, Vulnerability Assessment, Vulnerability Management, Prisma, Azure, Palo Alto Networks, Jenkins, Git, GitLab, Web Application Firewall (WAF), Okta, Endpoint Security, FedRAMP, PythonSenior Cloud Security DevOps
2019 - 2020OneZero Solutions, LLC- Implemented security in all phases of the CI/CD pipeline for secure application development within the cloud.
- Designed and architected the AWS network using VPC, subnets, route tables, and security groups.
- Ensured code development and applications adhered to security compliance frameworks, including NIST, SOX, PCI-DSS, and ISO 27001.
- Tested services and architecture required to build secure cloud computing platforms, especially using encryption for data at rest and in transit.
- Monitored the networking system, servers, and cloud application infrastructure with tools like Datadog and SonarQube.
- Integrated Checkmarx and Fortify (static and dynamic analysis) in the SDLC process. Reviewed code and application for possible OWASP vulnerability (XSS and injection), CVSS, and CWE.
- Used Python scripts to automate the infrastructure resource and monitor, and handled serverless and container infrastructure deployment with Python.
Technologies: Jenkins, Git, Kubernetes, Secure Containers, Scanning, Source Code Control System (SCCS), DevSecOps, Application Security, AWS, Azure, Linux, Windows, Vulnerability Assessment, Vulnerability Management, GitLab, Kibana, Endpoint Security, FedRAMP, PythonSenior Security Engineer
2017 - 2019Pinnacle, LLC- Deployed multiple threat management, security event and correlation monitoring, and IDS and NAC devices for a client.
- Deployed applications within AWS Cloud, including AWS CloudTrail, AWS Firewall Manager, and Amazon GuardDuty.
- Managed the application scanning and vulnerability management for the entire enterprise.
- Managed the monitoring of the networking system, servers, and cloud application infrastructure.
- Managed the Crowdstrike Endpoint Protection Platform for protecting Cloud workload, data, and endpoints, providing next-generation antivirus, endpoint detection and response (EDR), and a 24/7 threat hunting service.
Technologies: Application Security, AWS, Azure, Scanning, Vulnerability Management, Firewalls, Intrusion Prevention Systems (IPS), Network Access Control, SonarQube, Elastic, Kibana, Endpoint SecuritySenior Security Ops Engineer
2015 - 2017ManTech International- Provided technical assistance for the security threat management with infrastructure.
- Performed the administration and management of complex application security tools, including Sourcefire, FireEye, Splunk, NetWitness, Nessus, Palo Alto, ForeScout, RSA Security Analytics, and malware and APT analysis tools.
- Installed and configured operating systems to meet hardening requirements and standards, such as ISO 20071, NIST, CIS, and HIPAA.
- Configured and updated changes within the firewall.
Technologies: Application Security, Network Access Control, Intrusion Prevention Systems (IPS), Windows, Linux, SIEM, Vulnerability Management, Vulnerability Assessment, Splunk, ISO 27001, NIST, Threat Analytics, Threat Intelligence, AWSInformation Security Consultant
2011 - 2015Accenture- Managed security risk assessment audit for multiple clients' IT infrastructure (PaaS and AWS managed services). Managed development, design, and implementation of a large enterprise security architectural detailed design.
- Deployed multiple threat management, security event and correlation monitoring, IDS, and WAF devices and application tools.
- Managed enterprise-level configuration management and vulnerability assessment.
- Managed the evidence collection with regards to various security compliance frameworks, including NIST, PCI-DS, and ISO 27001.
- Provided support on ongoing compliance activities and monitored different regulations and GRC standards like SOX, HIPAA, PCI, FedRAMP, and ISO.
- Designed and implemented complex enterprise anti-virus and malware architecture, detailed design, security information, and event management.
Technologies: Application Security, IT Security, Vulnerability Assessment, McAfee ePolicy Orchestrator (ePO), Vulnerability Management, Firewalls, Palo Alto Networks, Data Loss Prevention (DLP), Nessus, SIEM, Splunk, Linux, Windows, NIST, ISO 27001, ISO 9001, HIPAA Compliance, SOX Compliance, PCI, AWS, Web Application Firewall (WAF), DocumentationSecurity Operations Engineer
2011 - 2011State of Maryland- Performed application and code scanning to identify vulnerabilities.
- Conducted threat management procedures, vulnerability scans, and penetration testing to identify system vulnerabilities.
- Managed security operations, reviewing and analyzing malicious traffic.
- Reviewed and tracked security patch levels of the servers, workstations, and network devices.
Technologies: Windows, Linux, Application Security, Vulnerability Assessment, Vulnerability Management, Penetration Testing