Summary
Overview
Work History
Education
Skills
Certification
Work Availability
Professional Development
Timeline
SeniorSoftwareEngineer

Devon Blackshear, CISSP

Security Leader
Los Angeles,CA

Summary

Senior/Principal Security Engineer with 14+ years of hands-on and leadership experience designing, building and operating security programs for cloud-native and hybrid enterprises. Proven track record of incident command, detection engineering, and cloud security architecture across AWS, Azure, GCP, Kubernetes and multi-cloud/hybrid environments. Adept at translating complex risk into clear business language and driving secure-by-design culture.

Overview

14
14
years of professional experience

Work History

Director, Security Engineering

FabFitFun
Los Angeles, CA
02.2024 - Current
  • Promoted after driving enterprise-wide incident command; set investigation direction, exit criteria, and executive communications for cloud and e-commerce breaches.
  • Built unified detection stack—AWS, Kubernetes and Datadog log ingestion, CrowdStrike EDR, Sumo Logic correlation, and Python/Terraform ATT&CK-mapped detections.
  • Orchestrate cross-functional containment and remediation with PR, Legal, HR, Engineering and AWS; mentor engineers and refine response playbooks.
  • Championed DevSecOps by embedding Snyk SCA, Checkov IaC scanning and Aqua CSPM into Argo CD workflows.
  • Established privacy & data-protection program aligned to CCPA and GDPR, integrating OneTrust assessments and automated data-subject workflows.

Lead Information Security Engineer

FabFitFun (E-Commerce)
Los Angeles, California
01.2023 - 02.2024
  • Implemented access control measures such as authentication mechanisms, encryption technologies, two-factor authentication, to protect data from unauthorized access.
  • Coordinated with vendors on evaluating third-party software for compliance with internal security policies.
  • Created security reports for management on system vulnerabilities, patch levels, malware incidents and other security issues.
  • Performed regular vulnerability scans using automated tools such as Nessus or Qualys.
  • Deployed anti-virus software across all endpoints within the organization's network.
  • Conducted risk assessments to identify threats and vulnerabilities in computer networks.
  • Evaluated new security products before deployment into production environment.
  • Designed solutions for securing sensitive information such as credit card numbers or personal health records.
  • Assisted with incident response activities such as forensic analysis, root cause analysis, containment strategies and remediation plans.
  • Developed and maintained security policies, standards, procedures and guidelines to ensure the secure operation of information systems.

Lead Security Operations Engineer

SpotHero
Chicago, IL
01.2020 - 02.2023
  • Served as SpotHero’s first dedicated security engineer—defined the security vision, multi‑year roadmap, policy framework, and budget while advising executives on risk and compliance.
  • Implemented a “Detection as Code” program in Sumo Logic and AWS GuardDuty, integrating GitHub Actions, Terraform, and Tines to codify alerts and automate response.
  • Led incident response as Incident Commander for CodeCov and Log4j campaigns, orchestrating SRE, Legal, and Leadership teams for swift containment and transparent communications.
  • Embedded Snyk SCA, Qualys VM, Aqua Trivy container scans, and Checkov IaC checks into CI/CD pipelines, strengthening build‑time security across microservices.
  • Migrated monitoring to AWS GuardDuty, Security Hub, and CloudTrail Lake and founded a security‑champions guild to uplift secure‑coding practices for 60+ engineers.

Senior Cyber Intelligence & Response Analyst

Cubic Corp.
San Diego, CA
08.2017 - 04.2020
  • Delivered continuous monitoring, threat intelligence and incident response for global AWS and on-prem fleets facing APT-level adversaries.
  • Deployed CrowdStrike Falcon and Proofpoint TAP, integrating alerts into Splunk and Jira workflows; collaborated with DevOps to embed security gates in Jenkins pipelines.
  • Conducted memory forensics with LiME and reverse engineering in Ghidra to generate IOCs and detection content feeding the DevSecOps feedback loop.

Security Operations Engineer Team Lead

Relativity
Chicago, IL
04.2018 - 01.2020
  • Architected detection engineering platform on Splunk Enterprise Security and Carbon Black Response, automating SOC playbooks in Palo Alto Cortex XSOAR; built a Network Security Monitoring/IDS solution with Bro (Zeek), Snort.
  • Directed security incidents end-to-end as Incident Commander and established a digital forensics lab; partnered with DevOps to embed Anchore scans, Terraform guardrails and Prisma Cloud policies into Azure DevOps pipelines.
  • Authored Sigma and YARA rules mapped to MITRE ATT&CK and championed IaC-based 'Detection as Code' methodology across engineering teams.
  • Integrated Fortify SCA and SonarQube analysis into CI workflows, shifting application security left across core .NET services.
  • Collaborated with GRC to align controls with SOC 2, ISO 27001, and FedRAMP Moderate; automated evidence collection and policy updates.

Senior Cyber Security Analyst

Mosaic451 (Cedars-Sinai)
Los Angeles, CA
04.2016 - 07.2017
  • Led migration from IBM QRadar to Splunk Enterprise Security and enterprise deployment of Tanium; executed M&A security assessments for multiple hospitals.
  • Developed Sigma and Zeek hunts to detect lateral movement in clinical networks and collaborated with DevOps teams to integrate security scans into Ansible and Jenkins pipelines.
  • Partnered with HIPAA teams to map controls to NIST 800-53 and PCI, resolving audit findings and enhancing compliance posture.

Information Security Operations Analyst

Citibank
Irving, TX
06.2015 - 03.2016
  • Investigated malware (enterprise Dridex detection) and won multiple 'Boss of the SOC' competitions.
  • Built automated phishing triage integrating EDR, VirusTotal and Abuse.ch feeds into Splunk SOAR playbooks.
  • Wrote Splunk detections for SWIFT and payment-fraud patterns, enhancing monitoring for high-risk banking processes.

Information Security Consultant (Contract)

AIG
Houston, TX
11.2014 - 02.2015
  • Analyzed enterprise security posture and streamlined incident workflows with ServiceNow and Phantom SOAR integrations.
  • Conducted NIST CSF gap assessment and delivered remediation roadmap to leadership.
  • Integrated Qualys Insights vulnerability data into Power BI executive dashboards, enabling risk-based patch prioritization.

IT Information Security Analyst

Aramco Services Company
Houston, TX
01.2013 - 10.2014
  • Built an in-house incident ticketing system and uncovered steganography-based malware campaigns impacting remote workers.
  • Deployed Snort and Suricata sensors and tuned rules for OT/ICS networks, improving refinery threat visibility.
  • Led security awareness and phishing-resilience program across the enterprise.

Network Security Analyst

Alert Logic
Houston, TX
10.2011 - 01.2013
  • Monitored security alerts and contributed to development of an internal SIEM solution for managed-security clients.
  • Authored IDS signatures and YARA rules for emerging threats, expanding the managed service detection catalogue.
  • Mentored junior analysts and created runbooks that streamlined triage workflows.

Education

Bachelor of Business Administration - Cybersecurity

University of Texas At San Antonio
San Antonio, TX

Skills

  • Incident Response
  • Cloud Security
  • Application Security
  • DevSecOps
  • Threat Intelligence
  • Security Architecture
  • Vulnerability management
  • Risk Analysis

Certification

  • CISSP
  • PMI Project Management Professional (PMP, In progress)
  • AWS Certified Security – Specialty
  • Security+
  • Network+
  • Splunk Core Certified User
  • Splunk Core Certified Power User
  • SplunkCore Certified Advanced Power User
  • Google Professional Cloud Security Engineer

Work Availability

monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse

Professional Development

  • LifeLabs Learning (Influential Communication, Adaptability & Resilience)
  • Leading Remote Teams
  • Difficult Conversations for Managers

Work Type

Full Time

Work Location

Remote

Timeline

Director, Security Engineering

FabFitFun
02.2024 - Current

Lead Information Security Engineer

FabFitFun (E-Commerce)
01.2023 - 02.2024

Lead Security Operations Engineer

SpotHero
01.2020 - 02.2023

Security Operations Engineer Team Lead

Relativity
04.2018 - 01.2020

Senior Cyber Intelligence & Response Analyst

Cubic Corp.
08.2017 - 04.2020

Senior Cyber Security Analyst

Mosaic451 (Cedars-Sinai)
04.2016 - 07.2017

Information Security Operations Analyst

Citibank
06.2015 - 03.2016

Information Security Consultant (Contract)

AIG
11.2014 - 02.2015

IT Information Security Analyst

Aramco Services Company
01.2013 - 10.2014

Network Security Analyst

Alert Logic
10.2011 - 01.2013

Bachelor of Business Administration - Cybersecurity

University of Texas At San Antonio
Devon Blackshear, CISSPSecurity Leader
Profile created at Resume-Now.com