Lucky Onoriode

On DevSecOps Engineering Role:

• Collaborated with Agile development teams to design, implement, and maintain a secure software development lifecycle aligned with Agile principles.
• Integrated security best practices into CI/CD pipelines, including code scanning, static analysis, and vulnerability assessments, to ensure secure and rapid application delivery.
• Assisted application teams with onboarding of adopted security tools/technologies; working with vendors to troubleshoot the platform and issues related to such integrations.
• Actively participated in Agile ceremonies, such as sprint planning, stand-ups, and retrospectives, to align DevSecOps efforts with development goals.
• Advocated for software engineering practices such as unit testing, code reviews, full build testing, quality engineering practices, and requirements capturing techniques to the teams to improve end-to-end secure delivery practices.
• Identified and implemented automation that will improve the performance and reliability of the pipelines including scripting, integration, problem resolution, and configuration management.
• Troubleshooted automation issues and when required, engaged the resources to find practical solutions that move projects forward in a timely manner.
• Built DevSecOps Strategy and Solutions to integrate cybersecurity into the organizational adoption and improvement of agile practices.
• Partnered with Engineering team leads to create, implement, and apply DevSecOps principles, processes, and culture that are consumed by corporate delivery teams.

On Cloud Security Engineering Role:

• Coordinated with stakeholders to drive remediation of vulnerabilities in compliance with company policy and applicable regulatory requirements such as PCI and SOX.
• Building Secure Clouds: Actively designed and implemented robust security infrastructures for cloud-based systems, creating fortresses in the sky.
• Thriving Under Attack: Routinely performed vulnerability and penetration testing, turning potential weaknesses into unbreachable strengths.
• Digital Lifeguard: Implemented advanced disaster recovery strategies, ensuring business continuity by restoring and recovering data post-crisis.
• Cybersecurity Educator: Conducted engaging hands-on training sessions for team members on cloud security best practices, fostering a culture of cybersecurity awareness.
• Guarding the Gate: Develop and enforce stringent access control measures, ensuring only authorized personnel can access sensitive cloud resources.
• Real-Time Responder: Rapidly identified and mitigated security incidents, actively reducing potential damage and downtime.
• Security Artist: Designed and maintained security architecture for cloud systems, treating every policy and protocol as a masterpiece.
• Compliance Champion: Ensured all cloud operations aligned with industry regulations and standards, from GDPR to ISO 27001, protecting the organization from potential legal pitfalls, leveraging Dome9-CloudGuard by Checkpoint and AWS Security Hub.
• Innovator of Intrusion Detection: Develop and refine cutting-edge intrusion detection systems, keeping a watchful eye on all network activity.
• Data Encryption Enthusiast: Implemented strong encryption techniques for data-at-rest and data-in-transit, wrapping sensitive information in an impenetrable layer of protection.

• Worked daily to generate scan reports from Rapid7 InsightVM.
• Generated Scorecard reports on all AWS Accounts based on severity level in Rapid7 Divvy Cloud Scorecards.
• Contacted asset owners whose host "Project ID" is found in the scorecard report to fix their vulnerability.
• Monitored automatic weekly scans by Rapid7 to verify remediation efforts.
• Attended meetings with several teams in Europe/New Zealand to provide guidance or direction where needed.
• Configured and manage tools to support vulnerability management (such as Tenable and Rapid7).
• Worked with cross-functional teams including Engineering, Security Engineering, SOC, IT, and GRC teams to address vulnerability.
• Measured the effectiveness of defense-in-depth architecture against known vulnerabilities and processes that enable the organization to make informed decisions regarding remediation.
• Conducted vulnerability management scans, supporting vulnerability management tooling, reporting, and capturing metrics of data.
• Managed the lifecycle of vulnerabilities: identification, evaluation, prioritization, and reporting.
• Conducted vulnerability scans of servers, applications, infrastructure, and EC2s.
• Implemented automated monitoring and alerting on scanning tools and processes in Rapid7 InsightVM.
• Developed tools, documentation, processes, and techniques in our Jira/Confluence to assist in the remediation of security vulnerabilities.
• Conducted vulnerability scans of the Customer's systems, networks, endpoints, and applications.
• Conducted vulnerability scans, analyzed reports, and validated potential findings.
• Coordinated PCI-DSS vulnerability scans and remediation efforts with the Cloud Security Team.
• Tracked and provided metrics and insights on vulnerabilities and remediation's within the Org.
• Continuously monitored corporate networks and systems for ransomware, cyber espionage, and insider sabotage.
• Worked closely with management teams to plan, develop, coordinate, and execute technical strategies aligned with the client's vision, mission, and purpose.

On Cloud Security Engineering Role: (AWS & Azure environment)

• Architected and integrated third-party and cloud-native security information and event management (SIEM) systems, such as IBM Qradar, along with threat intelligence platforms, security automation, orchestration solutions, intrusion detection/prevention systems (IDS/IPS), file integrity monitoring (FIM), data loss prevention (DLP), and other monitoring tools to bolster Volkswagen's security infrastructure.
• Contributed to the implementation and automation of detective controls within Volkswagen's Cloud Environment, utilizing Amazon GuardDuty to promptly detect and alert critical security issues. Deployed Azure Information Protection (AIP).
• Successfully implemented a range of network and system security tools within the Cloud, including network firewalls, IDS/IPS, anti-malware solutions, vulnerability scanning, encryption mechanisms, monitoring capabilities, and Identity, Credential, and Access Management (ICAM) systems, all aimed at safeguarding Volkswagen's digital assets.
• Took ownership of formulating and guiding the overarching IT enterprise security strategy and vision, encompassing product security, vulnerability management, and incident management. This role also included the creation and upkeep of comprehensive security policies and procedures.
• Oversaw the administration of crucial security services, including antivirus software, IDS/IPS tools, data loss prevention measures, and security monitoring systems, with a focus on ensuring continuous protection for the customer.
• Provided Identity and Access Management (IAM) solutions to regulate and ensure appropriate access to sensitive data, including personally identifiable information (PII).
• Collaborated effectively with product and engineering teams to embed security practices into the development lifecycle. This involved conducting routine vulnerability assessments, as well as coordinating third-party penetration testing exercises.
• Independently deployed various Palo Alto security solutions, such as Prisma Access, Prisma Cloud, Cortex, VM-Series 1 & 2, and Palo Alto VM-300 Bundle 2, in both AWS and Microsoft Azure environments for Volkswagen Credit.
• Engaged closely with the engineering team to identify and resolve deployment-related challenges, highlighting a proactive approach to problem-solving.

On DevSecOps Engineering Role: (AWS & Azure environment)

• Designed and implemented secure, scalable, and automated cloud-based solutions on Microsoft Azure to support application deployment and management.
• Led the implementation of DevSecOps practices, including continuous integration, continuous delivery (CI/CD), and automated security testing, tailored for the Azure cloud environment.
• Collaborated with software development teams to integrate security controls and best practices into the application development process.
• Implemented monitoring, logging, and alerting systems to ensure the security and availability of cloud-based infrastructure.
• Managed the configuration and infrastructure as code (IaC) using tools such as Terraform, and Ansible, with a strong emphasis on security config.
• Conducted security assessments, and vulnerability testing, and ensured compliance with industry standards and regulatory requirements.
• Worked closely with stakeholders to define and enforce security policies and access controls in the Azure environment.
• Developed and maintained documentation for security processes, procedures, and configuration management.
• Responsible for setup, configuration, and maintenance of our Cloud and Secure SDLC toolsets, including SCM (GitHub), SCA (Blackduck), SAST, CI/CD (CircleCI, Azure DevOps), artifact repositories (Docker Hub, JFrog, Cloud), Cloud (GCP, Azure, AWS) and associated tooling.
• Worked with the other DevOps teams to monitor and optimize the use of these Pipeline and Cloud services and provide example solutions for integrating tools into the development workflows.
• Partnered with all teams across the global Digital Asset org, particularly Engineering, Product, and Enterprise Support, to ensure the security of our SDLC Pipeline provides business value and is cost-effective.
• Accessed and regularly interacts with, senior members of multiple customer organizations, as well as industry partners, at the strategic level on topics including, but not limited to, the budget, requirements, command vision and priorities, training, and team mission readiness activities.

• Designed cloud security Reference Architectures to support customers' cloud environment.
• Developed logical & technical cloud security architectures, data governance designs, and functional requirements for secure cloud environments.
• Reviewed technical processes, specifically focused on cybersecurity and data (vulnerability management, disaster recovery, data protection, software development), and updated these to be effective in a cloud environment.
• Palo-Alto Firewall Migration from On-Premises to AWS Cloud and Panorama. Managed Dome9 Infra Security Assessment program.
• Benchmarked and modeled cloud security capability maturity against industry, regulatory standards, and frameworks (NIST CSF, NIST 800-53, Cloud Security Alliance, ISO 27000).

• Assessed and correlated existing security gaps with current global threats and created cybersecurity countermeasures that mitigate potential attack vectors.
• As a last line of defense against a compromised account, I ensured all IAM users have multi-factor authentication activated for their accounts and limited the number of IAM users with administrative privileges.
• Proactively monitored resources and applications using AWS CloudWatch including creating alarms to monitor metrics such as EBS, EC2, ELB, RDS, S3, and SNS and configured notifications for the alarms generated based on events defined.
• Third-Party Vendor engagement and coordination to customer site for Demo and POC.
• Architected and operated solutions built on the AWS Platform.
• Created business continuity/disaster recovery, fail-over, and runbook documentation.
• Ensured security was integrated into all cloud architecture solutions built for Jefferies's several internal customers.
• Responsible for creating VPCs for the Dev/test team, simulating a production environment for web/application servers and database traditional servers in public and private subnets, respectively.

• Exhibited presentation skills with a high degree of comfort speaking with executives, IT Management, and developers, strong communication skills with an ability to have right-level conversations.
• Created life cycle policies to back the data from AWS S3 to AWS Glacier in line with business compliance and need.
• Created business continuity/disaster recovery, failover, and runbook documentation.
• Ensured security is integrated into all cloud architecture solutions built.
• Provisioned and updated web application with AWS CloudFormation, using Auto Scaling groups, Amazon Elastic Cloud Compute (EC2) instances, and Elastic Load Balancer.
• Developed and owned Key Performance Indicators (KPIs) to ensure performance is measured against expected business outcomes.
• Developed and implemented a comprehensive cybersecurity program that balances the requirements of Walgreen's healthcare research environment with cyber protections.
• Performed Cloud and Cyber security monitoring, vulnerability assessment, incident response, forensic analysis, intrusion detection/prevention, and resolution of cybersecurity incidents.

• Participated in deep architectural discussions to build confidence and ensure customer success when building new or migrating existing applications, software, and services on the AWS platform.
• Architecting/operating solutions built on the AWS Platform.
• Leveraged Identity Access Management features to set up Multi-Factor Authentication (2FA) for added security layer to the root account, enterprise, and user account, and assigning roles based on principles of least privileges to users.

• Reviewed and Identify vulnerabilities identified by scanning tools.
• Established a plan of resolution for vulnerabilities along with timelines.
• Worked with the Incident Management and Response Team to respond to incidents.
• Build Incident response processes, and procedures and maintained security documentation.
• Established and Maintained DR procedures for current and new technologies.
• Producing metrics and reports on the state of system security, threat, vulnerability, and patch management.
• Built effective relationships with key stakeholders who own and support IT infrastructure, applications, processes, and operations.
• Demonstrated experience working with senior management on highly sensitive projects that require the utmost discretion and maintaining strict confidentiality on all data, records, and tasks as required.
• Issued thousands of PKI certificate, for internal and external host.
• Brief technical risks and issues to executives and business leaders.