Holistic Cloud Security thought leader, cloud security evangelist, Cloud Security professional committed to formulating innovative solutions to challenges while optimizing processes. Polished in developing and implementing security strategy, plans, and procedures to develop strategic response to recover from security breaches where it's impossible to keep the attackers out indefinitely. I have a strong passion for governance, execution of corporate strategy, and solutions to helping a business thrive.
Skills
Deep expertise in AWS services for managing data at speed and scale (e.g. Kinesis, S3, Athena, Glue, EMR, Redshift, Step Functions), MySQL, NOSQL/DynamoDB, Strong time management skills, Excellent communication, both verbal and written, Complex problem-solving and ability to work well under minimal supervision, Ability to work in a fast paced and changing environment.
Ability to influence without authority and work in a matrix organizational environment. Amazon Web Services (EC2, EBS, S3, IAM, AMI, VPC, VPC Peering, NACL, Security Groups, Route53, Auto Scaling Group, ELB, SNS, CloudWatch and Cloud Formation) AWS Inspector, AWS Shield, Macie, Guard Duty, Cloud Passage, F5, Barracuda Guardian Angel, Antivirus for Amazon S3, Trend Micro Cloud One.
Assisted the CIO of a Black and Decker in creating security policy, developing security awareness training, and developing an enterprise-wide security infrastructure.
Researched and provided security patches for a Web server in a cloud environment.
Managed the company's security solution portfolio with application deployment, automation, security monitoring.
Worked with our internal security group to create policies, procedures, and trainings to keep our data secure in the face of physical, social, and technological attacks.
Developed an internal security policy for the company, including user security, network security, and system security.
Reviewed and implemented new security measures for the cloud environment, including application controls, access control, and data loss prevention.
Designed and implemented a security solution to the cloud, configured the security to a tiering model and communicated security policies to development and QA teams.
Designed and implemented Amazon Web Services cloud security architecture that is scalable, secure, and efficient for Amazon fleet of cloud servers.
Conducted penetration tests, developed security assessments, and helped develop, implement, and train security policies to improve security posture.
Worked with a team of systems engineers to design and build a SaaS solution that securely stores and distributes data across a multi-tier cloud infrastructure.
Created new vulnerability scanning tool, implemented security assessment tools to automate penetration testing, provided security and threat intel and threat analysis and threat response to customers and industry.
Designed and developed new security features for cloud-based systems for new product launch.
Participated in technical architecture / design review and in the development and implementation of cloud security solution.
Provided technical support to large number of users on AWS platform.
Worked in a team of two engineers to assist in the development of a comprehensive, scalable, and easy-to-use security solution for AWS.
Increased the number of service availability instances in the AWS cloud, helped to ensure security of sensitive data including customer credit card numbers.
Properly performed and tracked all security tasks and implemented and managed security policy, including PCI compliance, in partnership with senior management; assisted in the implementation of a network security policy, including the security policy design and the implementation of an effective firewall.
Conducted network vulnerability assessments, conducted penetration tests, conducted general code reviews, conducted code reviews of open-source code, conducted vulnerability scans of entire network, conducted penetration tests on individual services.
Designed, implemented, and maintained security policies to protect customer information.
Designed and implemented an AWS security policy to ensure compliance with compliance requirements, standard security practices, and industry best practices.
Developed security solutions for AWS infrastructure.
Responsible for continuous monitoring of AWS accounts to identify vulnerabilities and prevent abuse.
Managed security vulnerability lifecycle from detection to notification and closure within the customer security engineering team.
I proactively identified security threats in public cloud infrastructure.
Met with variety of stake holders weekly to prioritize and remediate vulnerabilities for the customer.
Identified gaps in vulnerability management tooling and worked with our technical partners and clients to assist with remediation of cloud vulnerabilities.
Monitored and reviewed Cloud vulnerability and compliance scan results and determined best strategy to drive remediation.
Performed research and analysis of cloud vulnerability assessments to meet with industry best practices.
Maintained core body of knowledge on emerging cloud security risks and vulnerabilities.
Analyzed penetration test results and engaged with technology partners and business units to resolve identified vulnerabilities.
Engaged with application and product teams to improve DevOps hygiene as it relates to application and vulnerability management.
Provided input and feedback on security architectures and employed automation for security controls where possible to improve process efficiency, effectiveness, and response.
Ensured appropriate operational hygiene is in place for OS/Application patching and vulnerability remediation, adoption of latest images and more.
Defined, accessed, and reported vulnerability and threat program roadmap, status, and metrics.
Worked with the product team to develop the security strategy for our new AWS environment.
Liaised with third parties to respond to security events and understand threat landscape.
Engaged business and technology stakeholders to gather goals and requirements.
Created policies and procedures for emerging security technologies and proposals.
Developed security metrics and technical analysis to give insight into performance and trends.
Used metrics to monitor application and infrastructure performance.
Partnered with infrastructure teams on evaluation and feasibility assessments of new systems and technologies.
Understood client needs and objectives by conducting proactive customer and data analysis.
Worked with cloud architect to generate assessments and develop and implement actionable recommendations based on results and reviews.
12/2016 to 11/2019
Cloud Security EngineerLeidos – Santa Cruz, CA,
Designed and implemented an automated system to detect and stop malicious exposure of corporate data on cloud services (S3 Bucket ACL Policies, Security Group lock down using Dome9, AWS Security Hub, and leveraging AWS Guard Duty and VPC Flow logs).
Analyzed network security, gathered component level metrics, and conducted security audits on the network.
Managed network infrastructure and infrastructure security for a global, distributed, cloud-based data center, set up and maintained systems to minimize risk for data loss and threats, and performed network monitoring and vulnerability assessments.
Researched and tested cloud security tools to identify security gaps in the cloud environment and mitigate known security issues.
Conducted security assessments of various network devices and applications.
Became a key contributor to multi-account/inter-region multi-cloud solutions with focus on strong governance compliance and security best practices including the design, translation, and implementation of security controls mapped to industry standards and regulatory frameworks (e.g., NIST 800-53, AWS Foundational, CIS, PCI DSS, SOC2, HiTrust, etc.).
Developed a web application to help control access to a cloud resource, and to provide a centralized view of the user access to a cloud resource.
Defined and implemented a security strategy for the company’s cloud-based services and secure environment.
Established process to remediate vulnerabilities, deployed defense in depth strategies, and educated clients on security best practices.
Worked on several assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes (secure software development, application security, OWASP), data protection, cryptography, key management, identity, and access management (IAM, OAuth, OpenID, Okta, etc.), network security (NGFW, WAF, IDPS) within SaaS, IaaS, PaaS and other cloud environments for the customer.
Built expertise and eye towards finding suspicious activities (threat modeling, identification of layered security and compliance controls (directive, detective, preventative, and corrective) and their applicability to a variety of cloud services guided by the customer's business strategy.
Drove proof of concepts that assess the suitability of solutions and demonstrate to our product partners how technology can be leveraged, e.g., Palo Alto VM-Series 1, F5 Big-IP LTM, Checkpoint Dome9, Cloud Passage, Fortinet, Aviatrix Transit Gateway solutions etc.
Developed and implemented a security framework to enable secure architectural components and architectures, including the development and integration of security controls such as network segmentation, DMZs, traffic monitoring, monitoring/filtering, logging, patch management, intrusion detection, vulnerability patching, and so forth.
Designed and implemented a security and privacy solution for an enterprise and its cloud hosted applications.
Designed and implemented a data-driven security program to inspect and protect sensitive data.
01/2015 to 11/2016
IT /AWS Cloud AdministratorLuminant – City, STATE,
Provisioned and managed infrastructure as well as applications in cloud environments, preferably in AWS.
Worked effectively with both business and technical stakeholders.
Performed cloud performance analysis and optimize distributed cloud systems.
Built extensive technical knowledge of virtual machines and applications operating in AWS IaaS, PaaS and SaaS environments.
Set up administrator and service accounts, maintaining system documentation, tuning system performance, troubleshooting, installing system wide software, and addressing mass storage space requirements.
Made recommendations to integrate new custom and cloud software, coordinated installation and support operations.
Assisted with application integration and troubleshooting in this infrastructure for a complex application environment, including management of dependencies on services, platforms, and other applications within the cloud infrastructure.
Troubleshooted across multiple applications and create run books and playbooks for each event with the necessary escalation paths established.
Tested, evaluated, and recommended next generation software applications and virtualized services for suitability for deployment on managed cloud systems.
Upgraded and maintain operating systems and application software on LINUX (RHEL, CentOS, Linux) and Microsoft Windows (2008 R2, 2012 R2) platforms.
Performed software installations, including support for Open-Source tools, AWS Marketplace tools & COTS applications.
Maintained system security strategies, policies, and procedures in support of Approval to Operate (ATO) certifications.
Trained other team members in the day-to-day operational support duties related to cloud infrastructure administration and management.
Performed high-level, day-to-day operational administration of complex multi-user cloud-based computing systems including user management, audits, patches, and upgrades.
Coordinated, schedule and perform software installations to cloud based operating systems, layered software packages, and databases.
Supported applications hosted in an AWS cloud environment, including deployments, patches, security checks, and maintenance.
Daily monitored network, servers, cloud, and applications to ensure full availability and optimum performance while utilizing software tools and logs to monitor network and system health.
Tracked and managed system certificates, privileged accounts, and database passwords.
Created and updated documentation, including standard operating procedures, administrative instructions, after action reports for system outages, task status updates, and customer reports.
02/2011 to 12/2014
IT Security AnalystTexas Instruments – City, STATE,
Analyzed data to identify costs associated with IT costs.
Managed network security, provided information security support to the global operation team, built automation for identifying vulnerabilities, and assisted with implementing new security measures.
Researching and analyzing key vulnerabilities to our infrastructure and products, coordinating with project teams to develop security fixes, and implementing changes to the infrastructure to remediate vulnerabilities leveraging a "continuous feed" model.
Identified source of compromised accounts, blocked the attacks, and notified clients of the breach.
Created penetration testing program to scan the network for security vulnerabilities and did penetration testing of client's network systems to verify that they were secure.
helped implement security strategies to secure company infrastructure and data, maintained the existing infrastructure and performed security audits on new systems.
Developed an anti malware framework and implemented a threat detection and response plan for the organization's software and hardware assets.
Identified and mitigated security threats through development of web application firewall rules, intrusion detection system, and configuration review.
Hacked into various websites and servers and performed full site penetration test with SQLi, reverse shell, exploit, etc.
Helped secure the company's network and applications and handled security incidents, both in-house and on the field.
Monitored computer virus reports to determine when to update virus protection systems.
Reviewed violations of computer security procedures and developed mitigation plans.
Encrypted data and erected firewalls to protect confidential information.
Recommend improvements in security systems and procedures.
Conducted security audits to identify vulnerabilities.
Monitored use of data files and regulated access to protect secure information.
Engineered, maintained and repaired security systems and programmable logic controls.
Led projects and analyzed data to identify opportunities for improvement.
Education
Expected in
Bachelor of Science: Education University of Istag - Overseas, GPA:
Any information uploaded, such as a resume, or input by the user is owned solely by the user, not LiveCareer. For further information, please visit our Terms of Use.