Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Your Name

Summary

AWS Cloud Solutions and Security Architect with over Five (5)+ years experience workings as a Cloud Solutions Architect, Information Security Specialist with passion for aligning security architecture plans and processes with security standards and business goals. Extensive experience developing and testing security framework for cloud-based software. Versed in robust network defense strategies helping several customers managing servers and data center operations. Building scalable, highly-available and fault tolerant cloud security infrastructure across multiple platforms (Windows, Linux, Amazon Linux).

Overview

8
8
years of professional experience
1
1
Certification

Work History

AWS Solutions Architect /Cloud Security Engineer

Hitachi Data Systems
Seattle, WA
05.2018 - 01.2021
  • Conducted security audits to identify vulnerabilities.
  • Encrypted data and erected firewalls to protect confidential information.
  • Monitored use of data files and regulated access to protect secure information.
  • Performed risk analyses to identify appropriate security countermeasures.
  • Provisioned AWS Landing Zones to create a customized baseline of AWS accounts, networks, and security policies.
  • Configured multi-account architecture, identity and access management, governance, data security, network design, and logging within provisioned AWS Landing Zones.
  • Focused on building VPCs from scratch and using AWS CloudFormation, creating private and public subnets, security groups, network access lists, configuring internet gateways, OpenVPN, creating AMI, understanding of user access management/role-based access/multi factor authentication, API access and, configuration of auto scaling group (ASG) and elastic load balancer (ELB) for scaling services.
  • Assisted with configuration of SNS to send notifications and CloudWatch to collect logs and metrics.
  • Worked with engineers and development teams to ensure that architecture solutions are compliant with security frameworks, such as NIST, FedRAMP, ISO 27001/27002, PCI, etc.
  • Researched, designed, and oversees implementation of information technology, systems, and policies for information security in support of business needs.
  • Built and managed, stable & secure AWS cloud infrastructure/networking using cloud orchestration capabilities, scripting languages, and APIs to design, code, test, implement and support Infrastructure as Code (IaC).
  • Designed, configured, deployed, maintained, and upgraded environments for customers in AWS.
  • Created and maintained CloudFormation scripts, automating manual processes, and generating deployment pipelines.
  • Led projects from to end to end that produce new and improved service offerings.
  • Meeting customer SLAs and managing communication in case of issues
  • Configured and maintained backup, monitoring, and alerting systems for multiple clients.
  • Interacted with teams and customers in different time zones for ensuring 24×7 support in Linux/Windows administration in AWS.
  • Focused on developing, implementing, and operationalizing cloud solutions that are highly available and resilient by utilizing best practices in systems engineering, network engineering, and multi-region design strategies.
  • Partnered with multiple application teams within the customer enterprise to provide guidance and patterns for building and deploying cloud infrastructure, both PaaS and IaaS.
  • Partnered with the Cyber Security team to ensure that cloud environments and patterns met the customer's security standards.
  • Performed configuration, troubleshooting, and ongoing management of various cloud technologies in the customer's environment.
  • Built infrastructure, networks, and systems for scalability, resiliency, availability, and recovery though infrastructure-as-code.
  • Helped develop our self-service and automated tooling help applications team move fast yet provided the guardrails to ensure the quality and security of our systems.
  • Stayed on top of industry trends and best practices to continually improve what we do, how we do it and ensured our internal customer experience is always improving.
  • Working with ITIL processes such as Incident, Problem and Change management.
  • Scheduled Pre-CAB meetings and attended Change Advisory Board (CAB) Meetings to provide approval for change management.
  • Working with oversight committees and privacy, legal, and compliance stakeholders to develop enterprise-level information security compliance policies that address purpose, scope, and policy directives.
  • Taking leads in developing and managing information security programs, including, but not limited to, information security awareness, vulnerability management, vendor risk management and risk management.
  • Working directly with departments, clients, management to achieve results aligned with organization goals and objective.
  • Designed and contributed to security architecture processes that enable the enterprise to develop and implement secure solutions and capabilities that are clearly aligned with the business, technology, and threat drivers
  • Participated in application and infrastructure projects and other business initiatives to provide security-planning guidance with the following drivers: reduce risk, protect business applications while ensuring the highest level of data and infrastructure (endpoints, servers, networks, data center, cloud) security
  • Reviewed and evaluated current access routes, sites, vendor integration points, and security platform v integrations; recommended improvements and develop corrective strategies to improve security prior to implementation
  • Assisted with designed and security oversight of next-generation firewalls, intrusion prevention systems, DDoS solutions, SSL-terminating load balancers, WAF, security groups and NACL
  • Recommended and managed transmission protection requirements for all environments (systems, applications, containers, etc.) such as VPC peering best practices, SSL certificate management, key pairs, etc.
  • Performed security monitoring, security event triage, and incident response, coordinate with other team members and management to document and report incidents.
  • Participated in deep architectural discussions to build confidence and ensure customer success when building new and migrating existing applications, software, and services on AWS platform.
  • Technical liaison between the customer's service engineering & support teams.
  • Created a case to increase AWS Workspaces to 150 for a customer and Deployed all 120 Workspaces for customer's end users offshore and nearshore in Mexico.
  • Experienced with "on-premises to cloud" migrations and IT transformations with the aid of AWS solutions.
  • Designed and implemented monitoring and protection capabilities to help identify and protect against DoS attacks, MITM, EC2 instance compromise, secret compromise, etc.
  • Developed tactical response procedures for security incidents
  • Performed security monitoring, security event triage, and incident response, coordinate with other team members and management to document and report incidents.
  • Operational experience with network security appliances with a clear understanding of the architecture behind secure networks, DMZ's, NAT's, rule placement, VPN setup, and system maintenance.
  • Led root cause analysis, debugging, support, and postmortem analysis for security incidents and service interruptions.
  • Enabled Cloud Trail across all geographic regions and AWS services to prevent activity monitoring gaps.
  • Enabled Cloud Trail log file validation so that any changes made to the log file itself after it has been delivered to the S3 bucket is trackable to ensure log file integrity.
  • Enabled access logging for Cloud Trail S3 bucket so that you can track access requests and identify potentially unauthorized or unwarranted access attempts
  • Analyzed current technologies used within the company and determine ways to improve
  • Documented and monitored requirements needed to institute proposed updates.
  • Worked closely with System Engineers within the company to ensure hardware is available for projects and working properly.
  • Proposed and established IT/Cloud security framework for necessary contributions from various departments.
  • Accounted for possible project challenges on constraints including, risks, time, resources, and scope.
  • Worked closely with project coordinator, customers, and our engineers to successfully monitor progress of projects and company initiatives.
  • Define clear goals for all aspects of a project and manage their proper execution.
  • Designed network and application vulnerability assessment programs and testing methodologies.
  • Performed technical risk assessments for enterprise systems and report gaps and remediation actions.
  • Designed and configured Intrusion Prevention Systems and passive Intrusion Detection Systems in AWS leveraging AWS Guard Duty.
  • Created and test custom signatures based on emerging threats or business needs.
  • Performed signature updates and reviews and tuning of sensors. Configure automated reporting and develop escalation procedures.
  • Configured IBM Qradar SIEM (Security Information and Event Management) platforms to include obtaining data from endpoints and network devices and generating reports.
  • Created automated workflow to address security related incidents.
  • Performed regulatory compliance audits including SOX, PCI, and HIPAA.
  • Reported findings and advise on remediation efforts.
  • Assisted in preparing business application owners prior to external audits.

AWS Cloud Solutions Architect

The Washington Post
City, STATE
04.2015 - 05.2018
  • Collaborated with the appropriate departments to assess and recommend technologies that support company organizational needs.
  • Participated in the creation and maintenance of development, test, and production environments with a goal of high availability, fault-tolerance, and scalability.
  • Responsible for creating, configuring, and utilizing AWS VPC to host clients computing services, virtual networking devices, database (RDS) environment and security configuration.
  • Responsible for configuration and spin-up of AWS compute, storage, and messaging services such as EC2, S3, EBS, EFS and SNS.
  • Presentation skills with a high degree of comfort speaking with executives, IT Management, and developers; strong communication skills with an ability to right level conversations.
  • Assisted with launching new start up programs working closely with personnel to perform suitability reviews by learning and implementing protocols and engaging client awareness.
  • Enabled CloudTrail log file validation so that any changes made to the log file itself after it has been delivered to the S3 bucket is trackable to ensure log file integrity.
  • Turned on Redshift audit logging in order to support auditing and post-incident forensic investigations for a given database.
  • Worked on EC2, VPC, S3, IAM, Volume and Snapshot, RDS, SNS, CloudWatch, CloudTrail and other services.
  • Worked on High availability solutions in AWS Cloud Infrastructure using Route 53, ELB Service and worked on server related task like managed EC2 instances, creating AMI, snapshots, changing instance type, Key Pairs, creating new instance from AMI.
  • Worked on network related task like setup of VPC, subnet both public and private, route table, internet gateway, enable DNS hostname's, security groups, elastic IP.
  • Monitored related task like Creating alarms in CloudWatch for real time alerting.
  • Worked on Database related task like changing instance type of RDS, monitoring, and backing up of RDS, storage task such as disk addition, increase & decrease of existing disk using EBS volume and, S3 bucket to store object like data.
  • Created several AWS Data Migration jobs ordering AWS Snowball edge and moving data from data center of customer into AWS leveraging AWS S3 bucket in a secured manner, data encrypted in transit and at rest.
  • Operational experience with network security appliances with a clear understanding of the architecture behind secure networks, DMZ's, NAT's, rule placement, VPN setup, and system maintenance.
  • Led root cause analysis, debugging, support, and postmortem analysis for security incidents and service interruptions.
  • Enabled Cloud Trail across all geographic regions and AWS services to prevent activity monitoring gaps.
  • Enabled Cloud Trail log file validation so that any changes made to the log file itself after it has been delivered to the S3 bucket is trackable to ensure log file integrity.
  • Enabled access logging for Cloud Trail S3 bucket so that you can track access requests and identify potentially unauthorized or unwarranted access attempts.
  • Assisted in the build, deploy and tune process of scalable systems that automate security event detection, response, and repeatable tasks.
  • Kept up to date on emerging vulnerability, response, mitigation, threat landscape trends and use this knowledge to drive proactive threat monitoring.
  • Participated in creating innovative ways to use a wide range of security event data to advance detection methods.
  • Introduced, provided, and reviewed architectural work in local projects in a joint approach with the local companies based on secured architecture development method
  • Made recommendations, gains approval, and develops implementation strategies for new technologies based on necessity.
  • Conducted large scale projects and research through all stages: concept formulation, definition of metrics, determination of appropriate methodology, research evaluation and final research report.
  • Provided expertise to client's early adoption strategy such as end user training, evangelizing cloud solutions, bringing experience and best-practice in the AWS cloud ecosystem.
  • Proactively monitor resources and applications using AWS Cloud Watch including creating alarms to monitor metrics such as EBS, EC2, ELB, RDS, S3, SNS and configured notifications for the alarms generated based on events defined.
  • Established the appropriate monitoring and alerting of solution events related to performance, scalability, availability, and reliability.
  • Experience in deploying and monitoring applications on various platforms using Elastic Beanstalk, setting up the life cycle policies to back the data from AWS S3 to AWS Glacier.

IT Consultant / Cyber Security Analyst

Washington Adventist University
City, STATE
03.2013 - 01.2016
  • Monitored computer virus reports to determine when to update virus protection systems.
  • Encrypted data and erected firewalls to protect confidential information.
  • Developed plans to safeguard computer files against modification, destruction or disclosure.
  • Reviewed violations of computer security procedures and developed mitigation plans.
  • Monitored use of data files and regulated access to protect secure information.
  • Performed risk analyses to identify appropriate security countermeasures.
  • Conducted security audits to identify vulnerabilities.
  • Researched and developed new computer forensic tools.
  • Participated in creation of device hardening techniques and protocols.
  • Managed relationships with third-party intrusion detection system providers.
  • Created cybersecurity best practice communications to educate staff against known threats and potential vectors of attack.
  • Use Spiceworks ticketing Software to log inventory, monitor, update ticket, report and Troubleshoot issues experienced by our faculties, staffs, and students.
  • Take apart and reassemble computer parts to fix broken computers.
    Assisted in maintenance of hardware and OS for approximately 20 Microsoft Windows and Linux servers.
  • Manage the University’s Computer Lab facility operations.
  • Purchase office goods and equipment’s as required and process invoices.
  • Escalated issues to the proper help desk associate when necessary and followed up on any escalated issues, all within a timely manner.
  • Communicated thoroughly with client representatives and customers, enabling effective information exchange and efficient process management.
  • Documented all inquiry activities in the appropriate reporting system.
  • Provided responses to inquiries in writing using professional email skills.
  • Installed Windows XP/Vista/7 and Server 2008 R2.
  • Installed, repaired, maintained, and upgraded Windows desktop and Windows notebook computers.
  • Worked the Help Desk providing PC and Mobile support, diagnosing, troubleshooting and resolving client issues with hardware maintenance, installations and upgrade.
  • Responsible for assessing projects for compliance with Cybersecurity Policies and, analyze risk of assessment results.
  • Identified and recommended functional, technological and/or control solutions.
  • Worked on multiple projects as part of a Cybersecurity Risk Management team to include enterprise initiatives and minor efforts.
  • Acted as a subject matter expert (SME) for one or more risk management areas for consultation.
  • Consulted with other Cybersecurity teams to ensure compliant solutions are delivered for implementation.
  • Actively contributed to the administration, maintenance and improvements of Common Spirit Health’s risk assessment program.
  • Partnered with cross-functional departments in IT and organization to foster a culture of security and compliance.
  • Performed other duties as required.

Education

Bachelor of Science - Computer Science

Washington Adventist University
Takoma Park, MD
05.2018

Certificate of Completion - Cloud Security Architecture And Operations

The SANS Technology Institute
WASHINGTON, D.C
06.2018

Skills

Information Protection and Analysis Governance, Risk & Compliance (GRC) AWS, Azure, Google Cloud, BCP & DRP, PKI, Database Querying Languages; MySQL, NOSQL/DynamoDB, Palo Alto Prisma, Cortex, Twist lock Palo Alto BPA, Prisma AWS Firewall (Security Group and NACL) AWS WAF, Control Tower, AWS Security Guardrails, AWS Landing Zones, Security Hub

Amazon Web Services (EC2, EBS, S3, IAM, AMI, VPC, VPC Peering, NACL, Security Groups, Route53, Auto Scaling Group, ELB, SNS, CloudWatch, Elastic Beanstalk, CloudFormation) CloudPassage, F5, Barracuda Security Guardian, Jira, Confluence, F5, Palo Alto Panorama, Expedition, Guardrails Configuration, IAM, Lambda, AWS Amplify, AWS Resource Manager etc Cloud Security Visibility and Compliance; Checkpoint Dome9, AWS GuardDuty, VPC Flow logs

Certification

  • AWS Certified Cloud Practitioner - Certified
  • AWS Certified Solutions Architect Associate - Certified
  • AWS Certified Developer Associate - Certified
  • AWS Certified Security Specialty - Certified
  • Security+ (COMPTIA)
  • Scrum Master Certificate
  • Certified Software Tester
  • John Maxwell Leadership Certification Program

Timeline

AWS Solutions Architect /Cloud Security Engineer

Hitachi Data Systems
05.2018 - 01.2021

AWS Cloud Solutions Architect

The Washington Post
04.2015 - 05.2018

IT Consultant / Cyber Security Analyst

Washington Adventist University
03.2013 - 01.2016

Bachelor of Science - Computer Science

Washington Adventist University

Certificate of Completion - Cloud Security Architecture And Operations

The SANS Technology Institute

Similar Profiles

CREATE PROFILE