Mukesh Bhakar
Verified Expert in Engineering
Cloud Security Developer
Jaipur, Rajasthan, India
Toptal member since November 12, 2021
Mukesh is a professional with over 14 years of experience in cybersecurity. He has expertise in designing and implementing security solutions across multi-cloud platforms like AWS, Azure, and GCP. His background includes DevSecOps, GRC, security operations, cloud security assessment, endpoint security, and data security. Mukesh has worked in various roles, including individual contributor and leadership positions. He was selected as an AWS Community Builder.
Portfolio
Experience
- IT Security - 13 years
- Security - 13 years
- Cybersecurity - 13 years
- Security Architecture - 11 years
- Cloud Security - 7 years
- Microsoft Azure - 6 years
- Azure - 6 years
- DevSecOps - 4 years
Availability
Preferred Environment
Network Security, Application Security, Cloud Security, DevSecOps, Amazon Web Services (AWS), Security Architecture, SOC 2, Artificial Intelligence (AI), GRC, Cloud Infrastructure, Chief Security Officer (CSO), Microsoft Entra ID, ADF, CISO, Cybersecurity Operations, SOC Compliance, Microsoft Intune, Azure DevOps, VLANs
The most amazing...
...thing I've designed was a robust, scalable, and secure multi-cloud architecture, incorporating industry best practices to safeguard enterprise data and systems.
Work Experience
Compliance Specialist
Design Barn, Inc.
- Prepared SOC 2 Type 2 documentation using Vanta customized templates and documented tech stack for audit readiness. Collaborated with teams to address gaps, ensuring compliance and boosting credibility during pilot phases with potential clients.
- Streamlined SOC 2 compliance with Scrut, automating evidence collection and optimizing security processes. Documented internal controls, enhanced data security, and guided teams in achieving audit readiness, improving trust with B2B clients.
- Implemented Vanta to automate SOC 2 compliance monitoring. Developed scalable policies for data security, documented processes, ensured audit readiness, and supported future scaling with additional communication platforms.
- Developed and tested security baselines for managed devices, enhancing endpoint protection. Collaborated with cross-functional teams to support end-users and troubleshoot issues related to Intune enrollment and policy enforcement.
Cloud Security Specialist
West Roots LLC (Maptive)
- Ensured that the cloud architectures were designed with recommended security practices and standards following the principles of the Cloud Adoption Framework. Worked closely with application, network, and security teams.
- Assessed and mitigated risks associated with cloud services while ensuring compliance with relevant regulations and standards, such as CIS, NIST-CSF, ISO27001, SOC2, and other compliance requirements.
- Implemented static application security testing (SAST), dynamic application security testing (DAST), and software composition analysis (SCA) tools and methodologies.
- Designed IAM processes and procedures and translated high-level requirements into technical designs.
- Worked with the SIEM and SOAR technical teams to design new security use cases and provide functional requirements.
- Spearheaded the deployment of Wiz CSPM across multi-cloud infrastructures, enhancing security visibility and compliance through continuous monitoring and automated baseline configurations.
- Designed and implemented security baselines for diverse cloud environments, leveraging Wiz CSPM to ensure adherence to industry standards and regulatory requirements.
Manager | Solutions Architect
Garn Enterprise (Hong Kong) Limited
- Developed and implemented comprehensive cybersecurity policies, covering access controls, data protection, and incident response. Conducted staff training to ensure compliance and enhance overall security awareness across the organization.
- Designed and implemented a scalable AWS architecture utilizing EC2, S3, RDS, and VPC. Enhanced security through IAM roles, security groups, and encryption methods, ensuring a robust and reliable infrastructure.
- Conducted a thorough security assessment of the AWS environment, identifying and mitigating vulnerabilities. Implemented best practices and onboarded an AWS Managed Service Provider for ongoing management and security enhancement.
DevSecOps Engineer (via Toptal)
Brandon Miles
- Designed a comprehensive security architecture for an enterprise application on Azure, ensuring robust protection and compliance and conducting a risk assessment to identify potential threats.
- Developed a robust CI/CD pipeline using GitHub Actions, integrating DevSecOps practices for secure and efficient development and deployment.
- Ensured compliance with Azure security best practices. Assessed and optimized identity management, network security, data protection, monitoring, and regulatory compliance, reducing vulnerabilities.
DevSecOps Engineer (via Toptal)
Green Line Inc
- Established and secured the technical infrastructure for Kinzy, an AI assistant for adult day care centers, during a 3-week discovery phase to integrate AI functionalities into Kinzy's MVP while ensuring security and reliability.
- Designed a secure and scalable GCP architecture incorporating IAM policies, network security, and data protection measures, enhancing system robustness.
- Performed a detailed security review of AI/ML models, identifying and addressing vulnerabilities and enhancing model security. Implemented differential privacy and data anonymization techniques, ensuring compliance.
DevSecOps Engineer (via Toptal)
Green Line Inc
- Made integration with GCP's CI/CD pipelines using Cloud Build and Cloud Functions for seamless vulnerability scanning and patch deployment.
- Created integration with GCP's security and compliance services, such as Cloud Security Command Center and Security Health Analytics, for comprehensive threat detection and response.
- Established automated DevSecOps pipelines using Cloud Build and Cloud Functions, enforced security controls, including vulnerability scanning and pand incident response, thereby maintaining a robust security posture in healthcare.
Platform Cloud Security Engineer
Commonwealth Financial Network
- Developed a multi-cloud security orchestration platform for managing security policies, identity management, and threat detection across AWS and Azure using CSPM.
- Implemented a comprehensive access governance solution, utilizing AWS SSO and Azure Active Directory for centralized user authentication and authorization.
- Designed and implemented a multi-account architecture in AWS, segregating workloads and applications into distinct AWS accounts using AWS SRA and Control Tower.
- Designed and implemented cloud governance, establishing policies, procedures, and controls for cloud framework using NIST 800-53, CIS, and PCI DSS.
- Implemented Zscaler Zero Trust SASE with Azure Cloud Infrastructure.
- Designed, deployed, and managed Intune policies to secure mobile devices, desktops, and applications. Implemented mobile device management (MDM) and mobile application management (MAM) configurations to protect corporate data.
- Monitored compliance and remediated non-compliant devices to ensure alignment with security standards.
- Set up Azure Virtual Network (VNet) with subnets for web, application, and database tiers.
- Implemented role-based access control (RBAC) and privileged identity management (PIM) for least privileged access.
- Deployed Azure Firewall to secure the network perimeter and enabled DDoS Protection to safeguard against distributed denial-of-service attacks.
Senior Cloud Security Architect
ValueLabs
- Performed security and privacy assessments, including vulnerability and penetration testing, to determine compliance and security posture in the cloud.
- Implemented AWS Security Hub, AWS Organizations, GuardDuty, SSO, WAF, and AWS native security tools.
- Conducted vulnerability assessment using Burp Suite Enterprise, Nmap, Nessus, OWASP ZAP, sqlmap, Scout Suite, and PACU.
- Automated cloud security controls, data, and processes to provide better metrics and operational support.
- Identified security threats and risks related to cloud infrastructure services and planned remediation activities.
- Led the implementation of a comprehensive compliance program to align with the Digital Operational Resilience Act (DORA) regulations introduced by the European Union (EU).
- Implemented a comprehensive GRC framework to enhance organizational governance, manage risks, and ensure regulatory compliance. The project aimed to create a centralized system to streamline processes, and mitigate potential risks.
Cloud Security Architect
Mundo Startel S.A.
- Designed secure cloud architecture using best practices.
- Audited and implemented compliance as per regulatory requirements.
- Designed, implemented, and maintained cloud infrastructure security, identified technical gaps, and provided solutions.
- Gained extensive experience in cloud-based DDoS protection services such as AWS Shield Advanced.
Application Security Engineer
Ericsson
- Developed processes and implemented tools and techniques to perform ongoing security assessments of the environment.
- Analyzed security test results, drew conclusions from results, and developed targeted testing as deemed necessary.
- Collaborated with external vendors to perform penetration tests on network devices, operating systems, databases, and applications as necessary.
Security Engineer
Vodafone Idea
- Conducted vulnerability assessments of IT infrastructure for government agencies and private companies. Identified and prioritized vulnerabilities based on risk assessment and provided recommendations for remediation.
- Audited organizations processing credit card data to ensure compliance with the Payment Card Industry Data Security Standard (PCI DSS). Identified and reported non-conformities and provided guidance on remediation measures.
- Conducted a financial institution's comprehensive IDS/IPS vulnerability assessment, identifying misconfigurations and tuning recommendations to optimize threat detection accuracy and minimize false positives.
Senior Engineer
Vodafone Idea
- Performed manual, external, and internal penetration testing.
- Collaborated with external vendors to perform penetration tests on network devices, operating systems, and databases.
- Provided assistance to system users regarding information system security.
- Performed routine vulnerability scans against specified systems, analyzed the results, and worked with business units to remediate systems.
IT Security Engineer
Huawei Technologies Co.
- Implemented data loss prevention (DLP) policies and technologies to prevent unauthorized data exfiltration and ensure compliance with data privacy regulations.
- Designed and deployed secure network segmentation strategies to minimize the attack surface and limit the potential impact of security breaches.
- Conducted physical security assessments to identify vulnerabilities in physical access controls and recommend improvements.
Cybersecurity Analyst
Ericsson
- Assessed and optimized the existing vulnerability management program, identifying gaps and inefficiencies.
- Implemented vulnerability scanning tools on various platforms (endpoints, network devices, applications) and prioritized identified vulnerabilities based on risk assessment.
- Automated vulnerability patching processes and tracked remediation progress across different systems.
Experience
Implementation of AWS Security Architecture
Protection Against Ransomware
AWS Organization Multi-account Architecture Implementation
Digital Operational Resilience Act (DORA) Compliance Program Implementation
• Developed and implemented policies and procedures for ICT risk management, incident reporting, digital operational resilience testing, and 3rd-party risk management, aligned with DORA requirements.
• Conducted a risk assessment to identify potential ICT threats and vulnerabilities.
• Implemented appropriate controls to mitigate identified risks.
• Defined and implemented an incident response plan for managing cyber threats and disruptions.
Business Continuity Planning and Implementation
RISK ASSESSMENT AND BUSINESS IMPACT ANALYSIS
• Conducted a thorough risk assessment to identify potential threats and vulnerabilities.
• Performed a business impact analysis (BIA) to prioritize critical business functions and assess the financial and operational impact of disruptions.
BCP DEVELOPMENT AND DOCUMENTATION
• Collaborated with department heads and stakeholders to create a comprehensive business continuity plan.
• Documented detailed procedures for each critical business function, outlining steps for activation and recovery.
AI Adult Health Care
SOC 2 Type 2 Compliance Certification
Key achievements:
• Automated 80% of evidence collection, reducing manual effort.
• Successfully passed the external SOC 2 Type II audit within six months.
• Established a scalable and repeatable compliance framework for future audits.
Deployment of a Secure 3-Tier Application in Azure Landing Zone
KEY ACHIEVEMENTS
• Deployed a scalable 3-tier application across web, application, and database layers, ensuring high availability and resilience.
• Implemented comprehensive security measures, including WAF, NSGs, and encryption, to safeguard data and resources.
• Established a Hub-Spoke Network Topology with secure connectivity using private endpoints, achieving a scalable and modular architecture.
Education
Master's Degree in Cyber Security
Southern New Hampshire University - New Hampshire
Bachelor's Degree in Electronics and Communication Engineering
University of Rajasthan, Jaipur - Jaipur, India
Certifications
Certified Information Security Manager (CISM)
ISACA
Microsoft Certified: Cybersecurity Architect Expert
Microsoft
Certified Kubernetes Security Specialist (CKS)
The Linux Foundation
Microsoft Certified: Azure Security Engineer Associate
Microsoft
Certificate of Cloud Security Knowledge (CCSK)
CSA
AWS Certified Security – Specialty
Amazon Web Services
CKA: Certified Kubernetes Administrator
The Linux Foundation
AWS Certified Solutions Architect Associate
AWS
ITIL
Axelos
Skills
Tools
Metasploit, AWS IAM, Sentinel, Azure Key Vault, VPN, GCP Security, Amazon Cognito, Amazon Virtual Private Cloud (VPC), Microsoft Identity Manager, Microsoft Intune, AWS CloudFormation, Terraform, Boto 3, Jira, Confluence
Frameworks
ADF, AWS Well-Architected Framework
Paradigms
Penetration Testing, DevSecOps, DevOps, Azure DevOps
Platforms
Azure, AWS Lambda, AWS ALB, Amazon Web Services (AWS), Microsoft, AWS Elastic Beanstalk, Amazon EC2, Docker, Kubernetes, Google Cloud Platform (GCP), Vanta
Industry Expertise
Network Security, Cybersecurity, Enterprise Security
Storage
Azure Active Directory, Amazon S3 (AWS S3), Datadog, Microsoft Entra ID
Languages
Python 3
Other
OWASP Top 10, Application Security, Cloud Security, Networking, Computer Science, Security Architecture, AWS Certified Solution Architect, IT Service Management (ITSM), Security, Kubernetes Security, AWS Organizations, Security Hub, GaurdDuty, Single Sign-on (SSO), Amazon Route 53, Cyber Threat Hunting, SecOps, Architecture, Identity & Access Management (IAM), IT Security, OWASP, CISO, Web Security, Vulnerability Management, Security Audits, Okta, Microsoft Azure, Technical Hiring, Source Code Review, Interviewing, Task Analysis, Cloud, APIs, Team Management, Compliance, Consulting, Data Protection, GDPR, Ethical Hacking, Hacking, NIST, Security Management, Microsoft 365, Identity, Security Analysis, Business Continuity Planning (BCP), Disaster Recovery Plans (DRP), Information Security Management Systems (ISMS), SOC 2, CISM, Azure Resource Manager (ARM), Networks, Data Loss Prevention (DLP), IDS/IPS, Firewalls, Threat Intelligence, Linux Administration, Vulnerability Assessment, Network Architecture, Network Engineering, Team Leadership, Network Design, Network Monitoring, Endpoint Detection and Response (EDR), SIEM, Audits, Leadership, SaaS Security, Web Application Firewall (WAF), Monitoring, GRC, Documentation, Cloud Infrastructure, Infrastructure, Infrastructure Security, Endpoint Security, Managed Detection and Response (MDR), Chief Security Officer (CSO), Active Directory (AD), AWS Cloud Security, Cybersecurity Operations, SOC Compliance, Mobile Device Management (MDM), Azure Cloud Security, VLANs, Solution Architecture, Container Security, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), CI/CD Pipelines, Web App Security, ISO 27001, Threat Modeling, Risk Management, Infrastructure as Code (IaC), Artificial Intelligence (AI), Secure Containers, Secure Access Service Edge (SASE), HITRUST Certification, AWS Control Tower, AWS WAF, Risk Assessment, Information Security, Security Operations Centers (SOC), Patch Management, Managed Security Service Providers (MSSP), Enterprise Cybersecurity, Minimum Viable Product (MVP), System Administration, Systems Monitoring, Log Management, Data Governance, Enterprise Risk Management (ERM), CISSP
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring