Keenan R.

Professional Algo Trader

Stafford, Virginia, United States

About

Experience

  • Professional Trader at Sirius Algo

  • Cloud Security Engineer at BGI

     Administered and Managed M365 E5 Licensing (Security & Compliance Suite)  Designed and enforced IAM policies, RBAC roles, and Conditional Access policies in Azure.  Integrated Microsoft Entra ID IAM with on-premises Active Directory for seamless identity management across hybrid environments.  Collaborated in migrating on-premises applications using Microsoft Entra ID Enterprise Application/App Registration, ensuring secure and compliant access for users.  Implemented Defender for Cloud and Microsoft Sentinel for threat detection and response.  Deployed and configured Azure Disk Encryption with BitLocker for FIPS 140-compliant security.  Automated and deployed remediation scripts using Intune, PowerShell, ARM Templates, and Terraform.  Conducted monthly M365 security audits and reporting for technical/non-technical stakeholders.  Designed custom KQL queries for Microsoft Sentinel to monitor Conditional Access policy violations, failed MFA attempts, and risky user activity.  Built Azure Monitor Workbooks using KQL to track Defender for Cloud alerts, monitor audit logs, and generate compliance reports.

  • Remote Azure Cloud Engineer (Freelancer) at Sirius Innovation LLC

    Sirius Innovation LLC | Azure Cloud Freelancer | Sept 2019 – Present  Conduct NIST 800-171 / CMMC 2.0 compliance assessments and security audits.  Developed Terraform templates to automate Azure Resource Groups, VMs, VNets, Key Vault, Network Security Groups (NSG), Subnets, Firewall Policies, and Storage Accounts provisioning.  Integrated Terraform with Azure Key Vault to securely store credentials and enforce compliance.  Implemented RBAC using Terraform, ensuring least-privileged access across Azure environments.  Configured Microsoft Entra ID (Azure AD): • MFA, SSO, and Conditional Access Policies for secure authentication across hybrid environments. • Hybrid Azure AD Join (HAAD-J) & Intune for device onboarding/offboarding.  Deployed and managed Microsoft Defender for Office 365 (EOP) policies: • Safe links, Safe Attachments, Anti-malware, Anti-phishing, anti-spam, connection filtering, and automated investigation/remediation.  Created DLP and Sensitivity Policies in Microsoft Purview to enforce FIPS 140-compliant encryption.  Configured and optimized Microsoft Sentinel & KQL queries for SIEM monitoring, security incidents/threat detection, and incident response, including anomalous sign-ins, impossible travel, brute-force attempts, and phishing attacks.  Performed Advanced Hunting in Microsoft Defender using KQL to analyze endpoint security alerts, identify suspicious PowerShell executions, and detect lateral movement across enterprise devices.  Automated BitLocker encryption, Windows LAPS, and CVE patching using Microsoft Intune.  Provided L3 support for cloud security incidents, eDiscovery, malware remediation, and compliance enforcement.

  • Cloud Cyber Engineer at Chenega Decision Science

     Led FedRAMP cloud security efforts for DISA and USMC.  Configured Azure Key Vault for secure cryptographic key storage and TLS protocol enforcement.  Developed security automation scripts in Python for vulnerability scanning and log analysis.  Monitored and responded to cloud security incidents in Microsoft Defender for Cloud & Sentinel.  Investigated phishing attacks, malicious domains, and APT threats using Threat Intelligence tools.  Performed annual security testing and continuous monitoring services for information systems.  Performed vulnerability, configuration, and web applications assessment using tools (Nessus, Nmap, Burp Suite, Wireshark, Network Watcher, etc.) for Federal Information Systems Security Testing.

  • Cloud Security Engineer at Chenega Logistics

     Designed, managed, and maintained tools to automate operational backup processes for creating Amazon Machine Images (AMIs), Auto scaling, and Snapshots. Designed, deployed, encrypted, and managed AWS Simple Storage Services (S3) Buckets for MS SQL Database Tables and Fields, and Application Web Configuration Files.  Created and implemented data archive automation and retention standards using AWS Amazon Glacier. Added and removed AWS Elastic Block Storage (EBS) for virtual instances such as (Centos 5 Servers- Linux, Windows 2016 R2 Servers, and MS SQL 2008r2 Databases, etc.) upon management’s request. Designed and deployed AWS Elastic Load Balancers (ELBs) to DevOps and Production Web Servers.  Supported all Cloud Platform as a Service (PaaS) Break/Fix, software implementations, server and OS migrations, security, and service pack/patch management. Implemented and managed systems/applications (Centos 5 Servers- Linux, Windows 2008r2, 2012r2, MS SQL 2008r2, MS Office 365 Product Suites, etc.), service packages, patches, and hotfixes for high availability, scalable, and self-healing on AWS platforms.  Performed nightly backups on AWS instances using cron jobs created from the Centos 5 Linux Server. Coordinated and conducted monthly patching on Linux backup servers.  Performed monthly web application security scans (i.e., Burp Suite and Qualys SSL Labs) for testing, discovering, and mitigating website/application code flaws, vulnerabilities, and exploits.  Performed monthly Nmap/Zenmap and Wireshark Network Protocol analyses on Amazon Web Services (AWS) virtualized networks and ports.  Investigated alerts generated by IDS/IPS, including malicious file uploads, compromised servers, SQL injections, and port scanning.  Managed and monitored antivirus and firewall security logs using Windows Defender and Symantec Endpoint Protection (SEPP).