Lacbane Lima
Cloud Security Engineer
Summary
Accomplished Cloud Security Engineer/DevSecOps professional with a proven track record in fortifying cloud infrastructure and driving robust security strategies. Adept at spearheading enterprise security baselines, orchestrating multi-account AWS strategies, and ensuring compliance with stringent regulatory standards such as FISMA/FedRAMP. Proficient in developing and implementing security controls across diverse cloud providers, automating processes for enhanced efficiency, and conducting rigorous vulnerability assessments. Skilled in incident response, hazard analysis, and threat modeling within healthcare systems. Demonstrated expertise in leveraging cutting-edge tools for malware analysis, coupled with a proactive approach to staying abreast of emerging cybersecurity threats and best practices. A visionary leader adept at transforming security paradigms into consumable services, catalyzing organizational resilience, and safeguarding critical assets.
Overview
8
8
years of professional experience
Work History
Cloud Security Engineer/DevSecOps
Capital One Bank
, TX
04.2022 - Current
- Spearheaded security strategies for public and private cloud solutions, establishing enterprise security baselines and technical direction
- Led the development and implementation of security controls across various cloud infrastructure providers, ensuring vulnerability management and proactive risk mitigation
- Expertise in AWS technologies like VPC, EC2, S3, IAM, RDS, Route 53, and Redshift, orchestrating multi-account strategies and security configurations
- Ensured compliance with FISMA/FedRAMP controls, driving ATO accreditation, and managing cloud cost estimation and optimization
- Proficient in implementing and managing infrastructure as code (IAC) using Terraform to automate the provisioning, configuration, and deployment of cloud resources, ensuring consistency and scalability
- Adept at securing and orchestrating containerized applications within Kubernetes clusters, bolstering the security posture of cloud-based environments while optimizing resource utilization and enhancing deployment agility
- Proficient in crafting and enforcing AWS Service Control Policies (SCPs), establishing robust landing zones, and leveraging AWS Control Tower to design and implement well-architected multi-account AWS environments
- Skilled in creating and applying SCPs to govern permissions, establish guardrails, and ensure compliance across diverse AWS accounts, enabling centralized security management and adherence to organizational policies
- Key Achievements: - Codified security processes, transforming security into a consumable service
- Supported regulatory compliance for ISO, NIST, PCI, and other industry standards
- Automated security configurations, enhancing efficiency and audit readiness.
Cybersecurity Analyst
Abet HealthCare
Franklin, TX
12.2019 - 04.2022
- Investigated security events, conducted vulnerability assessments, and led incident response operations, containing breaches and preventing data loss
- Utilized tools like Qualys, Snyk, Wireshark, and sandbox environments for malware analysis and threat detection
- Collaborated cross-functionally to enforce security policies and procedures, ensuring compliance with industry standards
- Applied STAMP and STRIDE frameworks for hazard analysis and threat modeling in critical projects and healthcare information systems
- Forensic Analysis and Incident Reconstruction: Conducted comprehensive forensic analysis following security incidents, utilizing advanced tools and techniques to reconstruct incident timelines, identify attack vectors, and determine the extent of data compromise
- Provided detailed reports and recommendations for remediation, contributing to improved incident handling and prevention strategies
- Compliance and Regulatory Adherence: Played a pivotal role in ensuring compliance with industry standards and regulations such as ISO, NIST, and HIPAA within healthcare information systems
- Actively contributed to the development and enforcement of security policies and procedures, ensuring alignment with regulatory requirements and bolstering data protection measures
- Key Achievements: - Led major incident response, containing security breaches and minimizing potential data compromise
- Implemented frameworks for systemic hazard analysis and threat modeling in healthcare systems.
SOC Analyst II
Shell Tech Center
Houston, TX
01.2016 - 12.2019
- Monitored security alerts and conducted in-depth analysis of potential security incidents, collaborating with response teams for timely resolution
- Led vulnerability assessments, aided in policy development, and remained updated with emerging cybersecurity threats and best practices through ongoing professional development
- Threat Intelligence Integration: Integrated external threat intelligence feeds and actively participated in threat sharing communities to stay abreast of emerging cybersecurity threats, vulnerabilities, and incident response techniques
- Applied these insights to fortify defense mechanisms and proactively mitigate potential risks
- Incident Response Enhancement: Collaborated cross-functionally to refine incident response procedures, contributing to the development and enhancement of incident response plans
- Played a key role in conducting tabletop exercises and simulations, ensuring team readiness and efficiency during security incidents
- Continuous Improvement Initiatives: Spearheaded initiatives focused on continuous improvement within the SOC environment
- Introduced and implemented new tools, methodologies, or workflows to enhance detection capabilities, streamline analysis, or optimize response times, resulting in increased operational efficiency and effectiveness in threat detection and response
- Key Achievements: - Contributed to incident response planning and execution, ensuring effective containment and resolution of security threats
- Enhancements: - Achievements Stand Out: Highlight key accomplishments in each role to draw attention to your impact
- Clean Formatting: Use bullet points for clarity and easy readability
- Emphasis on Skills: Emphasize specific technical skills and frameworks used
- Quantify Impact: Whenever possible, quantify achievements to demonstrate the scope of your contributions.
Education
BSc. - Computer Science
University of Buea
CompTIA Security + AWS Certified Security Specialty AWS Certified Solution Architect-Associate Microsoft Certified: Azure Security Engineer Associate Microsoft 365 Certified: Security Administrator Associate - undefined
Skills
- Skills Summary
- Certifications & Experience:
- Certified AWS Solutions Architect with over 8 years of IT operations experience and 6 years specializing in architecting and administrating self-healing, highly scalable, fault-tolerant, performant, and secure cloud-based services across PaaS, IaaS, and SaaS environments using Amazon AWS services
- Technical Proficiency:
- Proficient in AWS services including Elastic Compute Cloud (EC2), Simple Storage Service (S3), CloudFormation, CloudWatch, CloudFront, Lambda, Route 53, Auto Scaling, ELB, RDS, AMI, IAM, VPC, Elastic Beanstalk, and KMS Strong experience in Linux, JSON, RDS Databases, and Containers
- Security Expertise: Extensive hands-on experience in AWS and Azure security services such as AWS S3, EC2, Glacier, RDS, VPC, SNS, SQS, Elastic Beanstalk, CloudWatch, CloudFormation, CloudFront, Route53, Trusted Advisor, IAM, Lambda, Security Hub, alongside Azure services like MS Defender for Cloud, Azure PIM, KV, Azure AD, and Azure Sentinel
- Methodologies: Well-versed in Safe/Agile methodologies, DevSecOps practices, Agile tools like JIRA, and traditional waterfall methodologies
- Interpersonal & Leadership Skills: Excellent interpersonal and communication skills, coupled with strong problem-solving abilities and leadership capabilities
- TECHNICAL PROFICIENCES
- Area of Expertise
- Enterprise Cloud Information Security, Compliance, Monitoring, forensic investigation, vulnerability management
- Languages
- SQL, PL/SQL, UNIX shell Scripting, Python, JSON, YAML
- Tools
- Prisma Cloud, GitHub, JIRA, ServiceNow, Terraform, Ansible, Quayio, Prowler, RSA, DigiCert, Alert Logic, Abnormal Security, SecurEnds, Wiz
- Solutions
- Cloud Application and Database Migration, IAAS, PAAS, DRAAS, SAAS, CI/CD Pipeline
- Databases
- Aurora MySQL, HBase, SQL Server, Oracle, DynamoDB, Redshift, Postgres, RDS
- Cloud
- AWS, Azure
- Operating System
- Windows OS, Ubuntu, Amazon, Linux
- CICD
- CloudFormation, Terraform, Jenkins, Git, Docker, Kubernetes, nexus, Jfrog
- Scripting
- Python Json, yaml, AWS CLI
- Project Management/Methodologies
- Agile, SDCL, Scrum, Jira, Kanban
- Networking
- VPC, SG, TCP/IP, NACL, LB(ALB/NLB), RDP, SSH, API, IAM, KMS, SSO
- Monitoring And Logging
- Cloud Watch, Cloud Trail, Dynatrace, Splunk, Elastic Search
- Incident Response
- Training Junior Team Members
- Disaster Recovery Planning
Work Preference
Work Type
Full TimePart TimeContract WorkLocation Preference
RemoteHybridTimeline
Cloud Security Engineer/DevSecOps
Capital One Bank
04.2022 - Current
Cybersecurity Analyst
Abet HealthCare
12.2019 - 04.2022
SOC Analyst II
Shell Tech Center
01.2016 - 12.2019
BSc. - Computer Science
University of Buea