Mofor Achu
Colorado Springs,CO
Summary
AWS Cloud Solutions and Security Architect with over Five 5+ years’ experience workings as a Cloud Solutions Architect, Information Security Specialist with passion for aligning security architecture plans and processes with security standards and business goals. Extensive experience developing and testing security framework for cloud-based software. Versed in robust network defense strategies helping several customers managing servers and data center operations. Building scalable, highly available and fault tolerant cloud security infrastructure across multiple platforms (Windows, Linux, Amazon Linux).
Overview
8
8
years of professional experience
1
1
Certification
Work History
AWS CLOUD SECURITY ENGINEER
Bank of America
Charlotte, NC
06.2020 - Current
- Conducted security audits to identify vulnerabilities.
- Encrypted data and erected firewalls to protect confidential information.
- Monitored use of data files and regulated access to protect secure information.
- Performed risk analyses to identify appropriate security countermeasures.
- Provisioned AWS Landing Zones to create a customized baseline of AWS accounts, networks, and security policies.
- Configured multi-account architecture, identity and access management, governance, data security, network design, and logging within provisioned AWS Landing Zones.
- Focused on building VPCs from scratch and using AWS CloudFormation, creating private and public subnets, security groups, network access lists, configuring internet gateways, OpenVPN, creating AMI, understanding of user access management/role based access/multi factor authentication, API access and, configuration of auto scaling group (ASG) and elastic load balancer (ELB) for scaling services.
- Assisted with configuration of SNS to send notifications and CloudWatch to collect logs and metrics.
- Worked with engineers and development teams to ensure that architecture solutions are compliant with security frameworks, such as NIST, FedRAMP, ISO 27001/27002, PCI.
- Researched, designed, and oversee implementation of information technology, systems, and policies for information security in support of business needs.
- Built and managed, stable & secure AWS cloud infrastructure/networking using cloud orchestration capabilities, scripting languages, and APIs to design, code, test, implement and support Infrastructure as Code (IaC).
- Designed, configured, deployed, maintained, and upgraded environments for customers in AWS.
- Led projects from end to end that produce new and improved service offerings.
- Meeting SLAs and managing communication in case of issues.
- Configured and maintained backup, monitoring, and alerting systems for multiple.
- Interacted with teams and customers in different time zones for ensuring 24×7 support in Linux/Windows administration in AWS.
- Focused on developing, implementing, and operationalizing cloud solutions that are highly available and resilient by utilizing best practices in systems engineering, network engineering, and multi-region design strategies.
- Partnered with multiple application teams within the organization enterprise to provide guidance and patterns for building and deploying cloud infrastructure, both PaaS and IaaS.
- Partnered with the Cyber Security team to ensure that cloud environments and patterns met the organizations security standards.
- Performed configuration, troubleshooting, and ongoing management of various cloud technologies in the customer's environment.
- Built infrastructure, networks, and systems for scalability, resiliency, availability, and recovery though infrastructure-as-code.
- Helped develop our self-service and automated tooling help applications team move fast yet provided the guardrails to ensure the quality and security of our systems.
- Stayed on top of industry trends and best practices to continually improve what we do, how we do it and ensured our internal customer experience is always improving.
- Working with ITIL processes such as Incident, Problem and Change management.
- Scheduled Pre-CAB meetings and attended Change Advisory Board (CAB) Meetings to provide approval for change management.
- Working with oversight committees and privacy, legal, and compliance stakeholders to develop enterprise-level information security compliance policies that address purpose, scope, and policy directives.
- Taking leads in developing and managing information security programs, including, but not limited to, information security awareness, vulnerability management, vendor risk management and risk management.
- Working directly with departments, clients, and management to achieve results aligned with organization goals and objective.
- Designed and contributed to security architecture processes that enable the enterprise to develop and implement secure solutions and capabilities that are clearly aligned with the business, technology, and threat drivers.
- Participated in application and infrastructure projects and other business initiatives to provide security-planning guidance with the following drivers: reduce risk, protect business applications while ensuring the highest level of data and infrastructure (endpoints, servers, networks, data center, cloud) security.
- Reviewed and evaluated current access routes, sites, vendor integration points, and security platform v integrations; recommended improvements and developed corrective strategies to improve security prior to implementation.
- Assisted with designed and security oversight of next-generation firewalls, intrusion prevention systems, DDoS solutions, SSL terminating load balancers, WAF, security groups and NACL.
- Recommended and managed transmission protection requirements for all environments (systems, applications, containers, etc.) such as VPC peering best practices, SSL certificate management, key pairs.
- Performed security monitoring, security event triage, and incident response, coordinate with other team members and management to document and report incidents.
- Participated in deep architectural discussions to build confidence and ensure customer success when building new and migrating existing applications, software, and services on AWS platform.
- Experienced with "on-premises to cloud" migrations and IT transformations with the aid of AWS solutions.
- Developed tactical response procedures for security incidents.
- Performed security monitoring, security event triage, and incident response, coordinate with other team members and management to document and report incidents.
- Operational experience with network security appliances with a clear understanding of the architecture behind secure networks, DMZ's, NAT's, rule placement, VPN setup, and system maintenance.
- Led root cause analysis, debugging, support, and postmortem analysis for security incidents and service interruptions.
- Enabled Cloud Trail across all geographic regions and AWS services to prevent activity monitoring gaps.
- Enabled Cloud Trail log file validation so that any changes made to the log file itself after it has been delivered to the S3 bucket is trackable to ensure log file integrity.
- Enabled access logging for Cloud Trail S3 bucket so that you can track access requests and identify potentially unauthorized or unwarranted access attempts.
- Analyzed current technologies used within the company and determined ways to improve.
- Documented and monitored requirements needed to institute proposed updates.
- Worked closely with System Engineers within the company to ensure hardware is available for projects and working properly.
- Proposed and established IT/Cloud security framework for necessary contributions from various departments.
- Designed and configured Intrusion Prevention Systems and passive Intrusion Detection Systems in AWS leveraging AWS Guard Duty.
- Developed procedures for securely deploying applications on the cloud platform.
- Implemented identity and access management solutions in order to protect sensitive data stored in the cloud.
- Maintained up-to-date knowledge of emerging threats facing cloud environments, including malware, ransomware, phishing attacks.
- Evaluated existing IT architecture against industry standards such as NIST Cybersecurity Framework.
- Collaborated with architects and engineers to design networks, systems and storage environments that reflected business needs, security specifications and service level requirements.
Cyber Security Specialist
McDonald's
Chicago, IL
02.2018 - 06.2020
- Developed and implemented security policies, procedures and standards to protect the organization's information systems from unauthorized access, modification and destruction.
- Performed security assessments on new technologies to identify potential threats and vulnerabilities in the system.
- Maintained up-to-date knowledge of cyber security trends and best practices.
- Monitored network traffic for malicious activity, identified abnormal behavior, and responded accordingly.
- Conducted regular audits of IT systems to ensure compliance with corporate data security policies.
- Implemented firewalls, intrusion detection systems, anti-virus software and other related technology to protect organizational assets.
- Investigated computer security incidents as they occurred, analyzed root cause of incidents, documented findings and recommended corrective actions.
- Provided technical advice on secure coding practices for development teams.
- Created detailed reports outlining current cyber security measures in place across the organization.
- Performed vulnerability scans using automated tools such as Nessus or QualysGuard to detect any weaknesses in the system that could be exploited by attackers.
- Encrypted data and erected firewalls to protect confidential information.
- Developed plans to safeguard computer files against modification, destruction or disclosure.
- Reviewed violations of computer security procedures and developed mitigation plans.
- Provided guidance on cyber security awareness training for employees at all levels of the organization.
- Researched emerging technologies that can improve the overall level of protection against cyber attacks.
- Analyzed malware samples using automated tools such as VirusTotal or Cuckoo Sandbox to determine its intent and possible methods of mitigation and prevention.
- Worked closely with other members of the IT team to ensure proper implementation of new hardware and software solutions into production environments is completed securely.
- Used penetration testing tools to identify weaknesses in security systems.
- Updated computer security policies and procedures upon learning of new risks.
- Learned about latest security threats from blogs and online publications.
- Collaborated with stakeholders to implement and update disaster recovery plans.
- Worked closely with fellow security personnel to remedy and alleviate technology issues.
- Researched and designed advanced computer forensic tools.
AWS Cloud Engineer
MC2 Bank
Bamenda, Cameroon
10.2015 - 01.2018
- Performed analysis of existing cloud environment and developed strategies for migrating workloads to AWS Cloud.
- Managed the development and implementation of infrastructure automation solutions using AWS technologies such as EC2, S3, ECS, EKS, Lambda.
- Monitored application performance metrics in order to identify potential areas of improvement within the cloud environment.
- Deployed applications on AWS Cloud using services like Elastic Beanstalk, CloudFormation and OpsWorks.
- Created IAM policies for users and groups with proper access control levels according to organizational security requirements.
- Configured backup plans for data stored in Amazon S3 buckets by scheduling regular backups and establishing retention periods.
- Developed scripts in Python or Bash to automate routine tasks related to AWS Cloud operations.
- Implemented best practices for cost optimization across multiple projects running on AWS cloud resources.
- Integrated third-party services with the help of APIs into the existing architecture running on AWS Cloud Platforms.
- Involved in troubleshooting issues related to serverless architectures running on AWS Lambda functions or API Gateway endpoints.
- Provided technical support to customers regarding their queries about deploying applications on Amazon Web Services.
- Optimized storage costs by configuring lifecycle rules for objects stored in S3 buckets according to their usage patterns.
- Configured monitoring tools such as CloudWatch Logs, Metrics and Alarms for tracking resource utilization across various cloud deployments.
Education
Bachelor of Science - Computer Science
University of Buea
Buea, Cameroon04-2014
Skills
- Patch Management
- Application Security
- Penetration Testing
- Firewall Configuration
- Data Migration
- AWS, AZURE, GOOGLE CLOUD
- CloudFormation, Terraform, Jenkins, Git, Docker, Kubernetes, Nexus, Jfrog
- Windows OS, Ubuntu, Amazon, Linux
- Python Json, yaml, AWS CLI
- Cloud Watch, Cloud Trail, Dynatrace, Splunk, Elastic Search
- Palo Alto Prisma, Cortex, security hub
- Load Balancing
Certification
- AWS Certified Cloud Practitioner - Certified
- CompTIA Security+
- AWS Certified Solutions Architect Associate - Certified
- AWS Certified Security Specialty - Certified
- Certified Information Systems Security Professional (CISSP)-In Progress
Timeline
AWS CLOUD SECURITY ENGINEER
Bank of America
06.2020 - Current
Cyber Security Specialist
McDonald's
02.2018 - 06.2020
AWS Cloud Engineer
MC2 Bank
10.2015 - 01.2018
Bachelor of Science - Computer Science
University of Buea
Similar Profiles
Sabien Brown Jr.Sabien Brown Jr.
Business Banking Centralized Specialist at Bank of AmericaBusiness Banking Centralized Specialist at Bank of America
Nicholas ShakanNicholas Shakan
Vice President, Portfolio Manager at Bank of America Private BankVice President, Portfolio Manager at Bank of America Private Bank
Junicha Petit-FrereJunicha Petit-Frere
Finance Intern at Bank of AmericaFinance Intern at Bank of America
ROSEMARY LOPEZROSEMARY LOPEZ
Customer Service Representative at Bank of AmericaCustomer Service Representative at Bank of America
Dee JonesDee Jones
Workplace Planning Consultant II at Fidelity InvestmentsWorkplace Planning Consultant II at Fidelity Investments