Oluwagbemiga Joseph
Verified Expert in Engineering
Security Architect Developer
Dubai, United Arab Emirates
Toptal member since November 22, 2022
Oluwagbemiga is a lead cybersecurity architect proficient in digital computing security and engineering with a particular interest in information security, vulnerability assessment, penetration testing, risk management, security operations center, cloud security, DevSecOps, and open banking.
Portfolio
Experience
- Web Security - 8 years
- Azure - 8 years
- Cybersecurity - 8 years
- Security Software Development - 6 years
- Cloud Security - 6 years
- Information Technology - 5 years
- Amazon Web Services (AWS) - 4 years
- Security Engineering - 4 years
Availability
Preferred Environment
GitHub, Azure, Amazon Web Services (AWS), Identity & Access Management (IAM), OWASP, Firewalls, DevSecOps, Application Security, Infrastructure as Code (IaC), Microsoft 365
The most amazing...
...consulting I've done is for a global cryptocurrency exchange delivering a secured platform. The external assessor gave it the go-ahead on first-time validation.
Work Experience
Senior Security Architect
Emirates NBD
- Configured periodic scans on all cloud services by enabling Azure security center and AWS security hub. The score is a threshold of 85%, as anything below that is termed unacceptable.
- Configured cloud and enterprise communications via only a private endpoint, leveraging the site-to-site virtual network configuration.
- Performed periodical gap analysis on the cloud service capabilities. This helps to benchmark the cloud platform's maturity, transparency, and compliance with enterprise security standards like ISO 27001 and regulatory standards, namely PCI DSS.
- Strove to discover the security mechanisms, including key management and data encryption, if or when available, and tune it to meet standards and policies.
- Advised the application and infrastructure team on how to fix emerging vulnerabilities on time.
- Enabled end-to-end applications logging of all security events, which helped create an end-to-end transaction view with non-repudiation characteristics.
- Configured and maintained tools for web application firewall, data loss protection, file integrity monitoring, IAM, and database activity monitoring.
Penetration Tester
Analytics Simplified
- Conducted vulnerability assessments and risk analysis of client's web application. Utilized industry-standard tools and methodologies to identify security weaknesses.
- Performed black box penetration testing on the client's web application with a focused reference to the SAML SSO functionality.
- Documented findings in detailed reports, including the nature of vulnerabilities, potential impact, and recommended remediation steps. Presented findings and recommendations to technical and non-technical stakeholders.
Senior CloudOps Engineer
Foundever
- Deployed Keycloak instances using Terraform and Helm.
- Installed, configured, and managed Keycloak instances using infrastructure as a code. Integrated Keycloak with various applications and services, ensuring seamless authentication and authorization.
- Ensured security best practices were followed in Keycloak configurations and implementations. Updated Keycloak configurations to address security vulnerabilities and compliance requirements.
Azure Security Engineer
Outdoor Living Supply
- Implemented best practices for Azure service principal, Key Vault, and identity and access management (IAM).
- Evaluated the use of privileges, credentials, and secrets to support the development of Power Automate workflows and Dataverse, as well as Power BI workflows and Power Apps development.
- Documented and enforced security best practices around the usage of service accounts and service principals in an enterprise setting.
Google Workspace and Hosting Expert
Peacock Media
- Carried out the clean up of an unused domain. Reviewed the client's Google Workspace to find anomalous activities. Assisted with the domain transfer from register to Azure DNS.
- Reviewed Google Drive to check for unauthorized activities, reviewed profile sync settings and start up configurations, filtered admin logs for email recovery action and inaction, and discovered some disparity in Google logs presentation.
- Completed the security review and concluded the SOW around security optimization of the entire client's Google Workspace.
SecOps Engineer | White Hat Hacker
DadGum Marketing, LLC
- Conducted security audits of cloud configurations to ensure compliance with security best practices.
- Evaluated the security of cloud-based systems and infrastructure. Introduced cloud tooling to protect organizations against DOS and DDOS attacks.
- Prepared detailed reports outlining vulnerabilities, risks, and recommended remediation strategies.
- Worked closely with the DevOps engineer and lead software developer to address security concerns and implement solutions.
Cloud Solutions Engineer
UWS ie Ltd.
- Deployed Prometheus/Grafana and ELK, mainly for back-end services.
- Created backup and redundancy for the services, like AKS and Datastores, for high availability and fault tolerant systems.
- Enforced security advisory recommendations and improved security score from 42% to 85%.
Senior Security Analyst
Bitso
- Developed tools for automated build, test, deployment, and management of the platform.
- Improved continuous integration and delivery systems by adopting a shift left security framework.
- Monitored system events to ensure health, maximum system availability, and service quality. Performed system and application patching.
- Designed, built, deployed, and maintained AWS resources, including VPC, security groups, IAM, AWS Inspector and Detective, CloudFront, GuardDuty, CloudTrail, CloudWatch, S3, AWS Security Hub, AWS Shield, AWS, and AWS Secrets Manager.
- Participated in the definition of standards, guidelines, and best practices.
Information Security Architect
Standard Bank South Africa
- Sourced and implemented new security solutions to better protect the organization.
- Enforced security standards by adopting spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege (STRIDE) and ISO 27001 SOC2 type 2 regulations and frameworks.
- Supported the DevSecOps pipeline that performs quality assurance and validation using Compliance-as-code files.
- Acted as a cybersecurity technical lead in product and vendor selection, providing the security evaluation of products, options, and responses to tenders.
- Protected the organization's cloud and on-premises infrastructures, monitored data to identify suspicious activity, and identified and mitigated risks before a breach occurred.
- Identified current and emerging technology issues, including security trends, vulnerabilities, and threats.
- Performed vulnerability assessment and penetration testing on computer systems, networks, and applications, generally in a vacuum.
Enterprise Integration and Security Architect
Fidelity Investments
- Enforced secure coding standards by adopting the Open Web Application Security Project (OWASP) and assisted in threat modeling activities using STRIDE and MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Standards.
- Drove the adoption of CI/CD, Azure DevSecOps, using the Agile Scrum Framework across all the software development teams of the bank.
- Managed CI/CD efforts for cloud application development and deployment.
- Designed, built, deployed, and maintained the cloud stack, including Azure VMs and Kubernetes, integrated solely into the Azure DevOps release pipelines.
- Guided development teams with suggestions for frameworks, architecture, and other technologies.
- Engineered and tuned the cloud security solutions for enrollments, monitoring, alerting, and maintaining defined security posture in Azure and AWS.
- Planned and executed the migration of legacy applications to the cloud and engineered the API manager of the bank leveraging Azure.
Network Security Engineer
IHS Holding
- Installed and configured computer networks and systems.
- Monitored the performance of systems and services, documented trends, and initiated action.
- Identified and solved any problems that arose with computer networks and systems.
- Monitored computer networks and systems to identify how performance could be improved.
- Configured firewalls, routers, switches, and rules of the access control list (ACL).
Experience
Digital Banking Application
The system was built on a microservice pattern, orchestrated with Azure Kubernetes service, and managed databases in a cloud environment. Other endpoints and integration via APIs to third-party are also enabled on a subscription basis via a developer portal.
Corporate Banking App
Developer Portal for Open Banking
Education
Master's Degree in Information and Communication Technology
Bayero University Kano - Kano, Nigeria
Bachelor's Degree in Computer Engineering
Federal University of Technology - Minna, Nigeria
Certifications
Microsoft Certified: Azure Solutions Architect Expert
Microsoft
Certified Information Systems Security Professional (CISSP)
isc2
API Security Architect
API Academy
Certified Information Security Auditor (CISA)
ISACA
Certified Information Security Manager (CISM)
ISACA
AWS Certified Security | Specialty
Amazon Web Services
Foundations of Operationalizing MITRE ATT&CK
AttackIQ
Aviatrix Certified Engineer | Multicloud Network Associate
aviatrix
Microsoft Certified: Azure Security Engineer Associate
Microsoft
AWS Solutions Architect Associate
Amazon Web Services
CompTIA Security+ Certification
CompTIA
Skills
Libraries/APIs
React
Tools
Azure Network Security Groups, Google Workspace, Shell, Keycloak, CloudOps, Terraform, Auth0, GitHub, AWS IAM, Azure Kubernetes Service (AKS), Logging, Azure Monitor, VPN, Azure Key Vault
Paradigms
Security Software Development, Penetration Testing, DevSecOps, DevOps, Azure DevOps
Platforms
Amazon Web Services (AWS), Azure, Azure PaaS, Azure IaaS, Linux, Kali Linux, Windows, Google Cloud Platform (GCP), Webflow, Oracle, Kubernetes, SharePoint
Industry Expertise
Cybersecurity, Network Security
Storage
Database Security, MongoDB, On-premise
Languages
SAML, JavaScript, Python, SQL, Embedded C, TypeScript
Other
Web Security, IT Security, Identity & Access Management (IAM), Cisco, Cloud Security, Cloud, OWASP, Threat Modeling, Security, Authentication, SecOps, Architecture, Security Architecture, Security Engineering, Cloudflare, Azure Cloud Security, Antivirus Software, Monitoring, OWASP Top 10, Application Security, Compliance, Risk Assessment, ISO 27001, CI/CD Pipelines, Endpoint Security, Encryption, Data Governance, IT Audits, IT Operations Management (ITOM), Identity, Access Control, Vulnerability Assessment, EVoting, Networking, Cryptography, Red Teaming, NIST, APIs, PCI, Risk Management, Communication, Information Technology, OAuth, IDS/IPS, SOC 2, Okta, Security Audits, Information Assurance, Stakeholder Management, Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), Email, Azure VDI, Asset Protection, Zero-day Vulnerabilities, Vulnerability Management, System-on-a-Chip (SoC), GitHub Actions, Aviatrix, IT Manufacturing, Palo Alto Networks, IoT Security, Informatica Cloud, Cryptographic Protocols, Algorithms, Programming, Cyber Forensics, Data-level Security, MITRE ATT&CK, Cybersecurity Operations, Firewalls, API Gateways, Incident Management, Information Security, CISSP, CISM, Infrastructure as Code (IaC), Microsoft 365, Prometheus, GitOps, Application Monitoring, Certified Ethical Hacker (CEH), Business Services, Gmail, STRIDE, Argo CD, SAML-auth, Single Sign-on (SSO)
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring