Houston, Texas, United States
Highly skilled Senior Cloud DevSecOps Engineer with 8+ years of experience securing AWS, Azure, and GCP environments. Expertise in cloud security architecture, infrastructure as code (Terraform, CloudFormation), Kubernetes security, IAM, and CI/CD pipeline security. Skilled in designing and enforcing security controls, automating compliance (SOC 2, ISO 27001, NIST, HIPAA), and driving risk reduction across multi-cloud platforms. Proven ability to deliver scalable, resilient, and complia
Led security assessments and audits, ensuring compliance with industry standards (SOC 2, PCI DSS, NIST, GDPR) using CSPM Prisma Cloud’s policy engine. Used Prisma Cloud contextual risk analysis to prioritize security issues based on severity, business impact, and exploitability. Automated vulnerability remediation and security tasks using Terraform and Ansible, enhancing operational efficiency and reducing manual interventions. Implemented tools like tfsec to scan Terraform code for security misconfigurations. Integrated AWS Organizations with other AWS services like Security Hub, Access Analyzer, Detective, GuardDuty, Config, Inspector, and Macie for centralized monitoring. Deployed AWS Control Tower to establish a secure, multi-account environment with automated guardrail enforcement. Collaborated with development and DevOps teams to integrate container security into the CI/CD pipeline, using SAST, DAST, and SCA to identify security flaws in code and containers early in the development lifecycle. Enforced least-privilege access for developers and CI/CD pipelines to push or pull images. Created unified dashboards using SIEM tools (e.g., Splunk, Azure Sentinel) to track policy compliance and threat activity across cloud platforms Integrated Kubernetes security tools (e.g., Aqua Security, Sysdig, Kube-bench, Kube-hunter) to perform regular security assessments and identify vulnerabilities in containerized workloads. Configured Kubernetes Network Policies to enforce pod-to-pod and pod-to-service communication restrictions. Periodically rotated cluster certificates and kubeconfig files to reduce attack exposure. Integrated Kubernetes Role-Based Access Control (RBAC) with IAM to manage access to EKS cluster resources.
Developed reusable Terraform modules to standardize resource provisioning across AWS, Azure and GCP environments. Integrated Terraform with CI/CD pipelines for infrastructure-as-code deployments. Integrated AWS IAM Identity Center (SSO) with Active Directory for seamless user authentication. Integrated Python with security tools (SIEM, scanners) for real-time data processing and alerting. Configured SCIM provisioning for automatic user management across cloud platforms. Developed automated solutions using Ansible and Python to streamline security patching and remediation processes across cloud and on-prem environments. Enabled S3 server access logging to track requests made to buckets and detect unauthorized access. Ensured state file security by encrypting backend storage and using remote backends like S3 with DynamoDB for state locking. Enforced security best practices, including the use of multi-factor authentication (MFA), encryption, and secure VPC configurations.
● Devised a FedRAMP system security strategy integrating specific FedRAMP details, such as revising control implementation statements and composing security control implementation statements. ● Collaborate and confer with other Security leadership, including Information Security, Security Advisory & Analytics, and IT Risk & Compliance, to establish Security Standards and Procedures and integrate security considerations within the software development lifecycle. ● Serve as the expert in cloud security and related tools such as Security Information and Event Management (SIEM), access control mechanisms, Intrusion Detection, and Intrusion Prevention Systems (IDS/IPS). ● Utilized Remedy and ServiceNow to document and track vulnerabilities and security incidents, ensuring compliance with government security frameworks (FISMA, NIST). ● Designed and managed secure VPC architectures, including private subnets, NAT gateways, and security groups. ● Designed and deployed secure AWS infrastructure using Terraform, integrating VPC, ECS, EC2, ALB, CloudFront, and Route 53 with security best practices. ● Deployed Web Application Firewall (WAF) with CloudFront for enhanced application security against OWASP Top 10 vulnerabilities. ● Designed and implemented key rotation policies using AWS KMS to ensure encryption key security and compliance. ● Enforced HTTPS connections on ALB using SSL/TLS certificates from AWS Certificate Manager (ACM). ● Enforced security best practices in AWS, including two-factor authentication, access key rotation, encryption using KMS, firewalls - security groups and NACLs, S3 bucket policies and ACLs, mitigating Distributed Denial of Service (DDOS) attacks, etc. ● Participated in vendor risk management, application development, network, cloud-based services, and platform (operating system) initiatives, aiding compliance with enterprise and IT security policies, industry regulations, and best practices.