Hassan Mahmood
Gainesville,Virginia
Summary
Senior Cloud & Product Security Engineer with 15+ years of experience driving DevSecOps initiatives and modernizing complex, cloud-based infrastructures. Adept at orchestrating CI/CD pipelines, implementing infrastructure-as-code (IaC), and embedding SAST/DAST security checks throughout the SDLC.
Overview
16
16
years of professional experience
1
1
Certification
Work History
Sr. Product Security Engineer
Smarsh Inc.
REMOTE
06.2024 - 01.2025
- Conducted comprehensive threat modeling (including STRIDE and Cornucopia) for the API Gateway (Kong, Keycloak), leveraging Miro for collaborative brainstorming and Lucidchart for detailed architecture diagrams, identifying and prioritizing critical vulnerabilities that significantly improved the platform's security posture
- Deployed and managed full HashiCorp Vault clusters using Terraform, Terragrunt, and custom user-data scripts that automated certificate deployment and Vault modules
- This facilitated OLE deployments and the creation of Vault namespaces for both single-tenant and multi-tenant BYOKMS/BYOHSM configurations, ensuring compliance with stringent financial regulations for Fortune 50 banking clients
- Led weekly vulnerability reviews, highlighting newly identified critical and high-severity issues for immediate triage, while scheduling remediation for lower-priority findings based on risk tolerance
- Maintained a weekly on-call rotation with OpsGenie SINC Cat alerts for immediate incident response, minimizing breach impact and safeguarding critical operations
- Executed targeted penetration tests with Cobalt, remediating vulnerabilities, refining code quality, and embedding robust security across the SDLC
- Managed vulnerability triage and response via Tenable, SecureWorks Taegis XDR, Snyk, and BitSight, substantially reducing detection-to-remediation times
- Migrated from manually exporting Excel pivot tables in Tenable during weekly vulnerability reports to an automated Vulcan Cyber workflow, generating findings, creating campaigns, and running granular custom reports (e.g., last seen 7 days, asset tag, source) for streamlined vulnerability management
- Managed project work in Jira by participating in bi-weekly sprints and backlog refinement with the Security Engineering Manager and Deputy CISO, employing SMART checklist acceptance criteria and structured templates to streamline ticket prioritization and ensure actionable results
- Implemented granular IAM policies with AWS Identity Center, Terraform, and CloudFormation StackSets, leveraging Concourse pipelines to enforce least-privilege access across multi-account AWS environments
- Managed an extensive IAM setup across 50+ AWS accounts by deploying root and management accounts through AWS Control Tower, leveraging Terraform and CloudFormation StackSets to provision user groups, permission sets, and least-privilege policies at scale
- Evaluated and onboarded new security tools (e.g., DarkTrace, Tufin, EndorLabs) through proof-of-concept initiatives
- Oversaw vendor evaluations and PoC trials for firewall management (e.g.,Tufin), aligning new solutions with organizational objectives and compliance requirements
Sr. Cloud/Product Security Engineer
ID Dataweb Inc.
REMOTE
01.2018 - 06.2024
- Architected and deployed a next-generation identity verification platform used by Fortune 100 customers (e.g., MetLife, Roche) and government clients (e.g., State of Colorado), ensuring strict compliance and scalability
- Orchestrated multi-region AWS rollouts for MetLife across North and South America, preparing expansions into EMEA to support global identity verification requirements
- Integrated Facetec (facetec.com) for advanced liveness detection, leveraging passive and active facial recognition flows to strengthen user authentication and reduce fraud
- Collaborated with ID providers (Ping, Okta, ForgeRock) and credit bureaus (Experian, Equifax) to validate attributes in real time, delivering seamless onboarding and KYC compliance
- Managed large-scale containerization efforts (Tomcat to Docker/Kubernetes), orchestrating YAML manifest files via Helm, Kustomize, and Argo CD as IaC to minimize downtime for high-traffic enterprise customers
- Optimized a variety of key AWS services (Route 53, EC2, S3, CloudWatch, API Gateway, Redis, Lambda, DynamoDB, RDS, IAM, ACM, KMS, VPC) for scalability, reliability, and cost-effectiveness, standardizing configurations and deploying automated guardrails to ensure secure, high-performance operations across multiple environments
- Transitioned CI/CD pipelines from Bamboo to Jenkins, then GitHub Actions, embedding SonarQube and Rapid7 for SAST/DAST scans, catching vulnerabilities early in the SDLC
- Employed Terraform/Terragrunt to standardize AWS provisioning across multiple accounts and regions, enforcing consistent security baselines for healthcare, finance, and government clients
- Fully automated WAF, Shield, GuardDuty, and Inspector deployments, enabling continuous threat monitoring and real-time mitigation of suspicious activities
- Adopted Azure AD SCIM within AWS Identity Center, synchronizing global user directories and imposing strict access controls for developer and administrator roles
- Defined granular IAM policies for dozens of backend developers (Java, Node.js, JavaScript, React), ensuring least-privilege access to AWS while aligning with PCI and SOC2 frameworks
- Implemented short-lived tokens using AWS STS, removing static credentials from codebases and reducing the likelihood of credential leaks
- Devised a zero-downtime migration strategy to containerize Nginx/Tomcat servers behind ALBs, preventing service interruptions during critical ID checks
- Deployed Anchore for container image scanning, rejecting any builds with severe CVEs and integrating results into GitHub PR checks
- Coordinated external pentests with Qualys and White Hat Security, triaging findings for Fortune 100 banks and healthcare partners, then tracking fixes in Jira
- Instituted robust logging across Java, Node.js, and React services, consolidating logs in Datadog (post-ELK) for centralized visualization and faster incident response
- Integrated OAuth 2.0 and OIDC flows, partnering with multiple attribute providers (AP) to ensure secure session management and user data validation
- Strengthened threat detection by enabling AWS GuardDuty, Shield Advanced, and WAF across production environments, blocking malicious traffic in real-time
- Managed multiple EKS cluster nodes deployed into dev, test, preprod, and prod environments for high-profile clients (MetLife, Roche, State of Colorado)
- Performed repeated performance and load tests on clusters (using JMeter)
- Collaborated with the State of Colorado to introduce digital driver's license verification, verifying liveness with FaceTec and binding user data to official records
- Established pre-commit hooks on 100+ GitHub repos, enforcing code formatting, SAST scans, and vulnerability checks for all microservices and infrastructure code
- Adopted a zero-trust VPC design (segregated subnets, strict Security Group
Sr. Cloud/Product Security Engineer
TechTrend Inc.
ARLINGTON, VIRGINIA
11.2017 - 08.2018
- Upgraded and standardized a legacy AWS environment by adopting CloudFormation, streamlining infrastructure provisioning and enabling Jenkins-based automated builds and deployments
- Migrated CI/CD pipelines from Bamboo to Jenkins, integrating Git for version control, accelerating release cycles, and improving overall traceability
- Implemented container orchestration using Docker and Kubernetes to enhance application consistency, scalability, and reliability across diverse environments
- Strengthened security posture through AWS WAF and integrated intrusion detection tools, proactively identifying and mitigating threats at both the application and network layers
- Authored and managed RFP responses, collaborating with technical and business stakeholders to craft compelling proposals that secured key contracts
- Coordinated project tasks in Jira, ensuring transparent sprint planning, timely issue resolution, and efficient cross-functional collaboration
- Facilitated continuous improvements to build, deployment, and security processes by gathering feedback from operations and development teams, driving higher reliability and compliance
- Engineered secure, scalable AWS infrastructures utilizing EC2, S3, SQS, RDS, and IAM, ensuring high availability and strict adherence to security best practices
- Established Infrastructure-as-Code workflows with Chef, standardizing environment provisioning, eliminating configuration drift, and expediting deployments
- Developed Jenkins CI/CD pipelines fully integrated with GitHub, automating builds, tests, security scans, and deployments for rapid, reliable software delivery
- Implemented DevSecOps principles by embedding SonarQube for static code analysis, container scanning, and automated vulnerability checks into the CI/CD pipeline, ensuring issues were identified and addressed early
- Adopted GitOps methodologies, storing infrastructure and application configurations in version control, streamlining change management and enabling peer-reviewed updates
- Managed AWS WAF for enhanced web application security, effectively mitigating common threats and protecting critical endpoints
- Collaborated with developers to maintain coding standards, conduct regular compliance checks, and drive continuous improvements in cloud security posture
Sr. Cloud/Product Security Engineer
GDIT Inc.
CHANTILLY, VIRGINIA
02.2017 - 11.2017
- Upgraded and standardized a legacy AWS environment by adopting CloudFormation, streamlining infrastructure provisioning and enabling Jenkins-based automated builds and deployments
- Migrated CI/CD pipelines from Bamboo to Jenkins, integrating Git for version control, accelerating release cycles, and improving overall traceability
- Implemented container orchestration using Docker and Kubernetes to enhance application consistency, scalability, and reliability across diverse environments
- Strengthened security posture through AWS WAF and integrated intrusion detection tools, proactively identifying and mitigating threats at both the application and network layers
- Authored and managed RFP responses, collaborating with technical and business stakeholders to craft compelling proposals that secured key contracts
- Coordinated project tasks in Jira, ensuring transparent sprint planning, timely issue resolution, and efficient cross-functional collaboration
- Facilitated continuous improvements to build, deployment, and security processes by gathering feedback from operations and development teams, driving higher reliability and compliance
- Engineered secure, scalable AWS infrastructures utilizing EC2, S3, SQS, RDS, and IAM, ensuring high availability and strict adherence to security best practices
- Established Infrastructure-as-Code workflows with Chef, standardizing environment provisioning, eliminating configuration drift, and expediting deployments
- Developed Jenkins CI/CD pipelines fully integrated with GitHub, automating builds, tests, security scans, and deployments for rapid, reliable software delivery
- Implemented DevSecOps principles by embedding SonarQube for static code analysis, container scanning, and automated vulnerability checks into the CI/CD pipeline, ensuring issues were identified and addressed early
- Adopted GitOps methodologies, storing infrastructure and application configurations in version control, streamlining change management and enabling peer-reviewed updates
- Managed AWS WAF for enhanced web application security, effectively mitigating common threats and protecting critical endpoints
- Collaborated with developers to maintain coding standards, conduct regular compliance checks, and drive continuous improvements in cloud security posture
Sr. Cloud/Product Security Engineer
L3 Communications Inc.
CHANTILLY, VIRGINIA
08.2015 - 02.2017
- Engineered secure AWS C2S infrastructure, configuring EC2, S3, and RDS to meet ICD 503 standards, and implemented IAM and VPC for robust access control in classified environments
- Developed and deployed AWS Lambda functions for serverless compute tasks, leveraging event-driven architectures to automate operational processes and enhance efficiency in high-security AWS deployments
- Pioneered containerized application deployments in C2S using Docker Compose, bolstering security and streamlining resource utilization within classified infrastructures
- Configured network security groups and enforced encryption protocols, protecting sensitive data in compliance with stringent government regulations and risk management frameworks
- Automated security monitoring through AWS-native services like CloudWatch and CloudTrail, delivering real-time visibility into system performance and threats
- Conducted comprehensive cloud security audits and vulnerability assessments, proactively identifying risks and guiding remediation efforts to maintain accreditation
- Collaborated with cross-functional teams to integrate cloud solutions seamlessly, ensuring alignment with mission objectives and adherence to compliance standards
- Spearheaded Windows Server environment upgrades, leveraging bash and python scripting to optimize performance, reduce manual workloads, and enhance reliability
- Developed and deployed advanced automation scripts (bash, python) that streamlined routine system administration tasks, reducing errors and boosting efficiency
- Implemented Virtual Desktop Infrastructure (VDI) solutions using VMware Horizon and Citrix XenDesktop, enabling secure, scalable remote access for distributed teams
- Managed Linux server environments (RHEL, Ubuntu Server, CentOS), performing routine maintenance and ensuring consistent performance, security, and compliance
- Deployed Chef for configuration management and infrastructure orchestration, promoting consistency and reducing configuration drift across the enterprise
- Collaborated with cross-functional teams to align infrastructure changes with organizational goals, minimizing downtime and ensuring seamless transitions
- Led large-scale server migrations from legacy Windows environments to VMware and Hyper-V, enhancing overall scalability and infrastructure resilience
- Configured, deployed, and managed Citrix Virtual Desktops, delivering secure remote access and boosting end-user productivity across diverse work scenarios
- Implemented and maintained auditing and monitoring tools (Splunk, and AD Audit), ensuring comprehensive oversight, security compliance, and real-time incident detection
- Provided Tier 3 support for Windows environments, resolving complex technical issues and optimizing system performance to minimize downtime
- Collaborated with cross-functional teams to streamline migration processes, ensuring minimal disruption to critical operations and effective knowledge transfer
- Developed and enforced best practices for virtualization resource allocation, performance tuning, and capacity planning, maximizing return on infrastructure investments
- Automated routine tasks using scripting, reducing administrative overhead, mitigating errors, and expediting system management activities
Principal Systems Engineer
Bit Systems Inc.
STERLING, VIRGINIA
07.2015 - 08.2015
- Company Overview: (a CACI owned company)
- (a CACI owned company)
Principal Systems Engineer
MacAulay-Brown Inc.
WARRENTON, VIRGINIA
09.2014 - 07.2015
Senior Network Engineer
Digital Management (DMI) Inc.
TYSONS CORNER, VIRGINIA
07.2012 - 09.2014
IT Engineer
Defense Engineering (DEI) Inc.
ARLINGTON, VIRGINIA
06.2010 - 07.2012
IT Engineer
Sapphire Technologies
WASHINGTON, DC
01.2009 - 02.2010
- Company Overview: (a Randstad USA owned company)
- (a Randstad USA owned company)
Education
Bachelor of Science - Cloud Computing
Purdue Global University
12.2025
Skills
- Github Actions
- Github
- AWS
- Terraform
- Terragrunt
- Kubernetes
- Helm
- Docker
- Jenkins
- Python
- Bash
- Security
- Cloud Architecture
- Infrastructure as Code
- Containerization
- Data Warehousing
- ETL
- Networking
- Windows Server
- Linux
- Virtualization
- Tenable
- Synk
- Secureworks Taegis XDR
- SentinelOne
- Vulcan
- Darktrace XDR
- Threat Modeling
- Penetration Testing
- Security Compliance
- Incident Response
- Key Management
- Risk Assessment
- Automated Testing
- Rundeck
- HashiCorp Vault
- Concourse Pipelines
Certification
- Computer Hacking Forensics Investigator at EC-Council
- Security+CE and CASP+CE at CompTIA
- Certified Mobility Specialist at Citrix
References
Brigadier General Mark Martins, United States Department of Defense
Timeline
Sr. Product Security Engineer
Smarsh Inc.
06.2024 - 01.2025
Sr. Cloud/Product Security Engineer
ID Dataweb Inc.
01.2018 - 06.2024
Sr. Cloud/Product Security Engineer
TechTrend Inc.
11.2017 - 08.2018
Sr. Cloud/Product Security Engineer
GDIT Inc.
02.2017 - 11.2017
Sr. Cloud/Product Security Engineer
L3 Communications Inc.
08.2015 - 02.2017
Principal Systems Engineer
Bit Systems Inc.
07.2015 - 08.2015
Principal Systems Engineer
MacAulay-Brown Inc.
09.2014 - 07.2015
Senior Network Engineer
Digital Management (DMI) Inc.
07.2012 - 09.2014
IT Engineer
Defense Engineering (DEI) Inc.
06.2010 - 07.2012
IT Engineer
Sapphire Technologies
01.2009 - 02.2010
Bachelor of Science - Cloud Computing
Purdue Global University
- Computer Hacking Forensics Investigator at EC-Council
- Security+CE and CASP+CE at CompTIA
- Certified Mobility Specialist at Citrix
Similar Profiles
Sharmistha NathSharmistha Nath
Lead Data Engineer /Technical Project Manager at SmarshLead Data Engineer /Technical Project Manager at Smarsh
CHRISTINE DANIELSONCHRISTINE DANIELSON
Vice President Customer Success – Archiving & Compliance at SmarshVice President Customer Success – Archiving & Compliance at Smarsh
Dilip ShialDilip Shial
Project Manager at SmarshProject Manager at Smarsh
Christian RoussetChristian Rousset
Quality Assurance Inspector at U.S Navy Active DutyQuality Assurance Inspector at U.S Navy Active Duty
Kali CampoKali Campo
Hostess and Server at Firebirds Wood Fired GrillHostess and Server at Firebirds Wood Fired Grill