Summary
Overview
Work History
Education
Skills
Work Preference
Certification
Timeline
Generic

BLAISE WANGMENI

CLOUD SECURITY ENGINEER
Austin,TX

Summary

With over 7+ years of experience, I excel in architecting secure and compliant cloud environments across AWS and Azure. I specialize in implementing advanced solutions that bolster cloud security, optimize operations, and ensure strict adherence to industry-leading compliance standards such as NIST, SANS, ISO 27001/27002, and PCI.A collaborative professional, I adeptly foster security-first cultures within cross-functional teams, mitigating risks, and ensuring unwavering compliance. My strength lies in translating intricate technical concepts into actionable insights for stakeholders, facilitating informed decision-making.Eager to leverage my dynamic expertise in cloud security, architecture, and compliance within an innovative, growth-oriented organization.

Overview

6
6
years of professional experience

Work History

Lead Cloud Security Engineer

DELL TECHNOLOGIES
AUSTIN, TX
03.2022 - Current
  • Implemented and managed Palo Alto Networks' Prisma Cloud, including cloud security posture management (CSPM) and cloud workload protection platform (CWPP) capabilities, to enhance cloud security, compliance, and threat visibility
  • Designed VPCs from scratch and using AWS CloudFormation, creating private and public subnets, security groups, network access lists (NACL), configuring internet gateways, OpenVPN, creating AMI, understanding of user access management/role-based access/multi factor authentication (MFA), API access and, configuration of auto scaling group (ASG) and elastic load balancer (ELB) for scaling services
  • Deployed and utilized Datadog for comprehensive monitoring and analytics of cloud-scale applications
  • Leveraging Datadog, I have successfully gained valuable insights into performance, infrastructure, and application health
  • This includes creating custom dashboards, setting up alerts, and optimizing the platform to ensure seamless operations and rapid issue resolution
  • Designed the configuration of SNS to send notifications and CloudWatch to collect logs and metrics
  • Managed and optimized oa secure and compliant multi-account AWS environment at GM, leveraging pre-implemented AWS Landing Zone and AWS Control Tower
  • Led the design and enforcement of custom guardrails, integrated core security services, and provided ongoing governance and security enhancements
  • Worked with engineers and development teams to ensure that architecture solutions are compliant with security frameworks, such as NIST, SANS, FedRAMP, ISO 27001/27002, PCI, etc
  • Created and maintained CloudFormation and Terraform scripts, automating manual processes, and generating deployment pipelines
  • Partnered with the Cyber Security team to ensure that cloud environments and patterns met the organizations security standards
  • Deep knowledge of Splunk frontend and backend, Utilize Splunk for comprehensive monitoring and vulnerability management, leveraging its powerful capabilities to enhance security and streamline operations."
  • Utilized secure coding standards, frameworks (e.g., OWASP, SEI CERT), and SAST/DAST tools to proactively identify and address software vulnerabilities
  • Collaborated with development teams to integrate these tools into the development lifecycle, ensuring timely vulnerability detection and remediation
  • Implemented comprehensive security measures for Amazon S3 (Simple Storage Service) to safeguard sensitive data, including access control policies, bucket policies, and encryption using IAM and KMS
  • This has ensured data confidentiality, integrity, availability, and compliance with industry standards
  • Experienced in deploying and managing Zscaler, a top-tier cloud security platform, in conjunction with VPN solutions
  • Designed and secure the oversight of next-generation firewalls, intrusion prevention systems (IPS) and IDS, DDoS solutions, SSL-terminating load balancers, WAF, security groups and NACL
  • Deployed and configured OKTA for identity and access management, with a particular focus on seamless integration with AWS Identity and Access Management (IAM) using SAML 2.0, ensuring secure and efficient user authentication, authorization, and single sign-on (SSO) across cloud environments
  • I have used AWS Identity and Access Management (IAM), AWS Key Management Service (KMS), AWS Web Application Firewall (WAF), and AWS Security Hub, to establish robust security measures and maintain compliance standards within our cloud environment
  • Performed security monitoring, security event triage, and incident response, coordinate with other team members and management to document and report incidents
  • Created a case to increase AWS Workspaces to 150 for a Manufacturing team and deployed all 120 Workspaces for the teams end users offshore and nearshore in Mexico
  • Designed and implemented monitoring and protection capabilities to help identify and protect against DoS attacks, MITM, EC2 instance compromise, secret compromise, etc
  • Led root cause analysis, debugging, support, and postmortem analysis for security incidents and service interruptions
  • Enabled Cloud Trail across all geographic regions and AWS services to prevent activity monitoring gaps
  • Enabled Cloud Trail log file validation so that any changes made to the log file itself after it has been delivered to the S3 bucket is trackable to ensure log file integrity
  • Enabled access logging for Cloud Trail S3 bucket so that you can track access requests and identify potentially unauthorized or unwarranted access attempts
  • Designed and configured Intrusion Prevention Systems and passive Intrusion Detection Systems in AWS leveraging AWS Guard Duty
  • Used Security Groups, Network ACLs, Internet Gateways, NAT instances and Route tables to ensure a secure zone for organizations in AWS public cloud
  • Written Terraform scripts to automate AWS services which include ELB, CloudFront distribution, RDS, EC2, database security groups, Route 53, VPC, Subnets, Security Groups, and S3 Bucket and converted existing AWS infrastructure to AWS Lambda deployed via Terraform and AWS CloudFormation
  • Skills: Prisma cloud, Datadog, Grafana, Amazon Web Services (EC2, EBS, S3, IAM, AMI, VPC, VPC Peering, NACL, Security Groups, Route53, Auto Scaling Group, ELB, SNS, CloudWatch, Elastic Beanstalk, CloudFormation Lambda, AWS Amplify, AWS Resource Manager, Cloud Security Visibility and Compliance, AWS Guard Duty, VPC Flow logs
  • AWS WAF, Control Tower, AWS Security Guardrails, AWS Landing Zones, Splunk, Security Hub.

AWS Cloud Engineer

BCBS/LUCAS GROUP, KORN
FRISCO, TX
12.2020 - 03.2022
  • Proficient in designing and implementing cloud landing zones, creating well-structured and secure foundations for cloud workloads, with a focus on best practices for scalability, security, and compliance in AWS and other cloud environments
  • Provisioned and administered EC2 instances and configuring EBS, Simple Storage(S3) cross region replication, Elastic Load Balancer, configure Auto scaling, setting up CloudWatch alarms, Virtual Private Cloud (VPC), mapping with multi-AZVPC instances and RDS, based on architecture
  • Configured Amazon S3, Elastic Load Balancing, IAM and Security Groups in Public and Private Subnets in VPC, created storage cached and storage volume gateways to store data and other services in the AWS
  • Responsible for creating, configuring, and utilizing AWS VPC to host clients computing services, virtual networking devices, database (RDS) environment and security configuration
  • Responsible for configuration and spin-up of AWS compute, storage, and messaging services such as EC2, S3, EBS, EFS and SNS
  • Enabled CloudTrail log file validation so that any changes made to the log file itself after it has been delivered to the S3 bucket is trackable to ensure log file integrity and identify potentially unauthorized or unwarranted access attempts
  • Turned on Redshift audit logging to support auditing and post-incident forensic investigations for a given database
  • Worked on EC2, VPC, S3, IAM, Volume and Snapshot, RDS, SNS, CloudWatch, CloudTrail and other services
  • Worked on High availability solutions in AWS Cloud Infrastructure using Route 53, ELB Service and worked on server related task like managed EC2 instances, creating AMI, snapshots, changing instance type, Key Pairs, creating new instance from AMI
  • Worked on network related task like setup of VPC, subnet both public and private, route table, internet gateway, enable DNS hostname's, security groups, elastic IP
  • Monitored related task like Creating alarms in CloudWatch for real time alerting
  • Build, deploy and tune processes for scalable systems to automate security event detection, response, and repeatable tasks
  • Kept up to date on emerging vulnerability, response, mitigation, threat landscape trends and use this knowledge to drive proactive threat monitoring
  • Provided expertise to client's early adoption strategy such as end user training, evangelizing cloud solutions, bringing experience and best-practice in the AWS cloud ecosystem
  • Proactively monitor resources and applications using AWS Cloud Watch including creating alarms to monitor metrics such as EBS, EC2, ELB, RDS, S3, SNS and configured notifications for the alarms generated based on events defined
  • Established monitoring and alerting of solution events related to performance, scalability, availability, and reliability
  • Experience in deploying and monitoring applications on various platforms using Elastic Beanstalk, setting up the life cycle policies to back the data from AWS S3 to AWS Glacier
  • Skills: AWS, GitHub, EC2, ELB, RDS, S3, SNS, AWS Cloud Watch, Elastic Beanstalk, Redshift, Route 53, ELB

Azure / AWS Cloud DevOps Engineer

NTT DATA /CITI BANK
PLANO, TX
09.2017 - 11.2020
  • As a DEVSECOPS Engineer with experience in Azure, TFS, Kubernetes and JFrog Artifactory, I have:
  • Implemented and configured Azure security services such as Azure Security Center, Azure Sentinel (SOAR), and Azure Advanced Threat Protection to proactively detect and mitigate security threats
  • Implemented a CI/CD pipeline with Docker, Jenkins (TFS Plugin installed), Team Foundation Server (TFS), GitHub and Azure Container Service, whenever a new TFS/GitHub branch gets started, Jenkins, our Continuous Integration (CI) server, automatically attempts to build a new Docker container from it
  • Solid experience in securing sensitive data through services like Azure Key Vault, Azure Information Protection, and Azure Confidential Computing, ensuring data confidentiality and integrity
  • Enhanced network security with Azure Firewall and Azure DDoS Protection, safeguarding Azure assets against unauthorized access and distributed denial-of-service (DDoS) attacks
  • Configured pipelines to run SonarQube, NexusIQ and Black Duck security scans to ensure secure software releases
  • Deployed applications to Kubernetes clusters on-premises and in the cloud using Helm charts
  • Maintained and managed highly available monitoring infrastructure to monitor different application servers like JBoss, Apache Tomcat, and its components using Nagios
  • Configured Jira as the defect tracking system and integrated it with Jenkins and GitHub for efficient bug tracking
  • Deployed artifacts to JFrog Artifactory and monitored system performance using Nagios, making sure that LDAP users are including data consolidation
  • Designed various Jenkins jobs to continuously integrate the processes and executed CI/CD pipeline using Jenkins, Ansible Playbooks and Ansible Tower
  • Used Git version control to manage the source code and integrating Git with Jenkins to support build automation and integrated with Jira to monitor the commits
  • Acted as build and release engineer, deployed the services by TFS (Azure DevOps) pipeline
  • Created and Maintained pipelines to manage the IAC for all the applications
  • Assigned RBAC Roles using Organization Active Directory Confidential the Subscription Level to grant accesses only to required members based on Least-Access Privileges

Education

MSc - Computer Information System

University of Houston
01.2023

BSc. Computer Science - undefined

University of Houston
12.2018

CERIFICATIONS Certified Information Systems Security Professional (CISSP)-In Progress CompTIA Security + AWS Certified Security – Specialty AWS Certified DevOps Engineer – Professional AZ-305: Designing Microsoft Azure Infrastructure Solutions AWS Cloud Security Foundations AWS certified Solutions Architect Associate AWS certified Cloud Practitioner - undefined

Skills

  • TECHNICAL SKILS
  • Public/Private Cloud
  • AWS , Azure , GCP
  • Operating System
  • Windows (Server 2016, 2012), Ubuntu, Amazon Linux
  • DevOps/CICD
  • CloudFormation, Terraform ,Jenkins, Ansible, Git ,GitHub, Gitlab, Docker, Kubernetes ,nexus ,JFrog, SAST
  • Languages
  • Python, Json, Yaml, AWS CLI,SQL
  • Project Management
  • Safe Agile, SDLC, Scrum, JIRA, Kanban
  • Networking/Security
  • VPC,SG,TCP/IP, NACL, LB(ALB/NLB), SSH, RDP, API Gateway, SAST,DAST
  • Monitoring /logging
  • Prometheus Grafana, ,cloud Watch ,cloud trail, Dynatrace, Elasticsearch, Splunk, Datadog, Prowler
  • Vulnerability Mgmt
  • CNAPP (Palo alto-Prisma Cloud), Twist Lock, Taegis XDR, Splunk, Coverity, Tenable Nessus
  • AWS SEC Services
  • Security Hub, Guard Duty, Config, WAF, Shield, Macie, Cloud trail, IAM, Control Tower, Landing Zones, VPC
  • Azure Sec Services
  • Sentinel ,Security Centre ,Azure AD, Azure Firwall, DDoSProtection, KeyVault, Azure Policy
  • Environment: -
  • AzureDevops, TFS, Docker Nexus, JFrog Artifactory, Terraform, Chef, Ansible, Docker, Jenkins, Git, Jira, Jenkins, Kubernetes, Maven, Nagios, ELK, , SonarQube, Shell, Bash, Python, DynamoDB, Cassandra, SDLC, SDLC, Scrum, JIRA, ITIL

Work Preference

Work Type

Full TimePart TimeContract Work

Work Location

RemoteHybrid

Important To Me

Company CultureWork-life balanceCareer advancement401k matchStock Options / Equity / Profit SharingPersonal development programsHealthcare benefits

Certification

· CompTIA Security +

· AWS Certified Security – Specialty

· AWS Certified DevOps Engineer – Professional

· AZ-305: Designing Microsoft Azure Infrastructure Solutions

· AWS Cloud Security Foundations

· AWS certified Solutions Architect Associate

· AWS certified Cloud Practitioner

Timeline

Lead Cloud Security Engineer

DELL TECHNOLOGIES
03.2022 - Current

AWS Cloud Engineer

BCBS/LUCAS GROUP, KORN
12.2020 - 03.2022

Azure / AWS Cloud DevOps Engineer

NTT DATA /CITI BANK
09.2017 - 11.2020

MSc - Computer Information System

University of Houston

BSc. Computer Science - undefined

University of Houston

CERIFICATIONS Certified Information Systems Security Professional (CISSP)-In Progress CompTIA Security + AWS Certified Security – Specialty AWS Certified DevOps Engineer – Professional AZ-305: Designing Microsoft Azure Infrastructure Solutions AWS Cloud Security Foundations AWS certified Solutions Architect Associate AWS certified Cloud Practitioner - undefined

Similar Profiles

  • Reventh Raj Yata

    Reventh Raj YataReventh Raj Yata

    SENIOR PRINCIPAL BUSINESS INTELLIGENCE MANAGER at DELL Technologies (DELL EMC + Dell Entities)SENIOR PRINCIPAL BUSINESS INTELLIGENCE MANAGER at DELL Technologies (DELL EMC + Dell Entities)

  • Taarun RajBhalan

    Taarun RajBhalanTaarun RajBhalan

    Principal Software Engineer – Performance Engg at Dell Technologies Inc, Dell International ServicesPrincipal Software Engineer – Performance Engg at Dell Technologies Inc, Dell International Services

  • M.Banu Prakash

    M.Banu PrakashM.Banu Prakash

    Senior Analyst, Sales at Dell International Services (Dell Technologies)Senior Analyst, Sales at Dell International Services (Dell Technologies)

  • Reginald Wilkinson

    Reginald WilkinsonReginald Wilkinson

    Quality Engineer at DELL TECHNOLOGIES / DELL EMCQuality Engineer at DELL TECHNOLOGIES / DELL EMC

  • Tatiana T. Torres

    Tatiana T. TorresTatiana T. Torres

    Senior Enlisted Advisor at U. S. Navy, Recruit Training CommandSenior Enlisted Advisor at U. S. Navy, Recruit Training Command

CREATE PROFILE
BLAISE WANGMENICLOUD SECURITY ENGINEER