Carlos Cisneros
San Diego,CA
Summary
I’m Carlos, a dedicated Cyber Security Engineer with over five years of experience specializing in application security, DevSecOps, and cloud security. I’ve had the opportunity to work with companies like Prime Therapeutics, Ford Motor Company, and Marathon Petroleum, where I’ve implemented security protocols, conducted vulnerability assessments, and managed cloud-based infrastructure across AWS, GCP, and Azure. My expertise includes containerization with Docker, CI/CD pipeline management, and IAM solutions, as well as hands-on scripting with Python and Bash. I hold certifications such as Security+, CCSK, and eJPT, and I’m passionate about staying ahead of emerging threats and continuously advancing my skills to provide top-tier security solutions.
Overview
6
6
years of professional experience
1
1
Certification
Work History
Cyber Security Engineer
Prime Therapeutics
12.2023 - Current
- As part of the application security team, I implement and manage security posture using Prisma, Docker, CyberArk, Salt Security, and OWASP ZAP ensuring comprehensive protection across all applications and infrastructure, implementing IAM, CSPM, SAST, SCA, DAST, IAST, RASP
- Established and maintained a strategic relationship with Salt Security vendors, overseeing the management of alerts in Salt Security and ServiceNow to streamline incident response
- Investigated and created business policies for generative AI platforms such as Azure OpenAI services and various models including GPT-4, Llama, Midjourney and the underlying technologies for safety and security risks
- Conducted in-depth vulnerability assessments using ZAP, identifying risks and implementing security measures within Docker containers to mitigate potential threats
- Wrote documentation on input validation, IAC, and AWS WAF, best practices and HTTP security headers, including X-Content-Type-Options, which became part of the organization's standard operating procedures, guided software engineering teams through security best practices and defining security requirements
- Presented penetration testing reports to cross-functional teams, highlighting critical vulnerabilities and recommending actionable mitigation strategies to fortify security posture, also used penetration testing tools such as Burp Suite, Metasploit, Nmap, and Wireshark.
Cyber Security Engineer / Application Security Engineer
Ford Motor Company
07.2023 - 12.2023
- Configured serverless functions with GCP Cloud Run or Cloud Functions, optimizing for scalability
- Set up logging and monitoring services using Dynatrace and GCP Ops Suite to ensure performance reliability
- Demonstrated deep technical knowledge of GCP, Azure, AWS, and SaaS-based application security protocols, including Auth0 and Azure AD
- Developed Python scripts to test API endpoints, consulting with engineering teams on security best practices
- Conducted risk assessments to identify vulnerabilities, reducing attack vectors by 30% through strategic CI/CD pipeline implementation
- Applied security best practices to meet industry compliance standards (e.g., SOC 2, PCI-DSS, HIPAA) and OWASP top 10 by having regular sessions with software engineers and explaining code best practices
- Integrated SAST, DAST and SCA tools like Veracode, Snyk, into CI/CD pipelines across multiple organizations using various platforms
- Explained common threats, actors and risks revolving Network, Cloud, Web and Application environments and designed mitigations for business needs
- Experienced performing Threat Analysis and modeling leveraging best in industry frameworks such as MITRE ATT&CK, Threat Modeling and in House Penetration Testing in dev environments for increase security posture in the company.
Security Consultant
2U Inc.
02.2019 - 10.2023
- Delivered hands-on training in bash, Python scripting, Linux administration, Ansible, Docker, and Azure cloud computing
- Designed and implemented IAM solutions on Active Directory (AD), SSO, and Okta/Auth0 Identity products
- Led vulnerability management and patch management training using Tenable/Nessus and Veracode, emphasizing offensive security techniques
- Managed virtual development environments with Linux and Vagrant, deploying on Azure and AWS, and automating provisioning using Ansible
- Containerized applications with Docker to enhance security and portability, and utilized SIEMs (Splunk, DataDog, ELK Stack) for incident detection and investigation.
DevSecOps Engineer
Marathon Petroleum
08.2022 - 05.2023
- Configured deployment groups in Azure DevOps and managed on-premise migration to AWS, successfully testing deployment strategies
- Investigated incidents using Datadog, creating monitoring and logging alarms using AWS EC2, Lambda, S3 Buckets, AWS GuardDuty, and AWS Athena with CloudTrail logging
- Built and maintained repositories with Terraform and Ansible, and managed CI/CD pipelines across multiple environments
- Performed vulnerability assessments using SonarQube and Veracode, ensuring compliance with cloud security frameworks such as SOC 2 and PCI DSS
- Created documentation and established 30+ CI/CD pipelines for various Azure resources.
Software Engineer
ClinicSource Therapy Practice Management Software
08.2018 - 01.2019
- Managed ElasticSearch SIEM, installed Filebeat logs, and analyzed log data across servers
- Performed system audits, ensuring compliance with HIPAA, PCI-DSS, PII, and NIST standards
- Handled P1, P2, and P3 incidents, closing tickets within SLA, and implemented application performance monitoring
- Analyzed Rapid7 and Nessus scans, managing CVEs through patch management on CENTOS environments
- Implemented Okta's IAM solution, streamlining user authentication and SSO processes.
Education
Bachelor of Science - Information Technology
Western Governors University
Utah01.2025
Skills
Cyber Security, Application Security, DevSecOps, Cloud Security, Network Security, IAM Solutions, Vulnerability Management, SIEM Tools, Threat Detection, Risk Assessment, Bash Scripting, Python Scripting, Linux Administration, Ansible, Docker, Azure Cloud, CI/CD Pipelines, Incident Response, Active Directory, SSO, Okta, CyberArk, Prisma Cloud, OWASP Top Ten, SAST/DAST, Security Engineer, Security Consultant, DevSecOps Engineer, Cloud Security Architect, Security Monitoring, Zero Trust Architecture, Penetration Testing, Cloud Workload Protection, Kubernetes Security, Security Orchestration and Automation (SOAR), Endpoint Detection and Response (EDR), Data Encryption, Security Operations Center (SOC), API Security, Compliance Auditing (SOC 2, PCI DSS, HIPAA), Multi-Factor Authentication (MFA), Infrastructure as Code (IaC), AWS Security, GCP Security, Microsoft Defender, Sentinel, Security CoPilot, Threat Hunting, Firewall Management, Identity Governance and Administration (IGA), Secure Software Development Lifecycle (SDLC)
Certification
- Certificate of Cloud Security Knowledge - Cloud Security Alliance, Jan 2023
- CompTIA Security+ ce Certification, Mar 2023
- ElearnSecurity Junior Penetration Tester
- Amazon Web Services Certified Cloud Practitioner
- Azure Fundamentals (AZ-900)
Timeline
Cyber Security Engineer
Prime Therapeutics
12.2023 - Current
Cyber Security Engineer / Application Security Engineer
Ford Motor Company
07.2023 - 12.2023
DevSecOps Engineer
Marathon Petroleum
08.2022 - 05.2023
Security Consultant
2U Inc.
02.2019 - 10.2023
Software Engineer
ClinicSource Therapy Practice Management Software
08.2018 - 01.2019
Bachelor of Science - Information Technology
Western Governors University
- Certificate of Cloud Security Knowledge - Cloud Security Alliance, Jan 2023
- CompTIA Security+ ce Certification, Mar 2023
- ElearnSecurity Junior Penetration Tester
- Amazon Web Services Certified Cloud Practitioner
- Azure Fundamentals (AZ-900)
Similar Profiles
Anthony CleekAnthony Cleek
Clinical Pharmacy Technician at Prime TherapeuticsClinical Pharmacy Technician at Prime Therapeutics
Jacob MckimJacob Mckim
Supervisor, Contact Center at Prime TherapeuticsSupervisor, Contact Center at Prime Therapeutics
JASMINE C BROOKSJASMINE C BROOKS
GP Skill Member Services Spec at Prime TherapeuticsGP Skill Member Services Spec at Prime Therapeutics