Professional Documents
Culture Documents
I have over 10 years of combined IT experience, of which the last five years has been within Security and the
Devops realm. I am very passionate about new technologies, open-sources projects and knowledge sharing.
I’m particularly enthusiastic about the DevSecOps mindset, and automation methodology. For me DevOps is
first, a methodology to help company in their digital transformation.
As a DevSecOps specialist, coming from networking and security background, I believe I am a good fit for
helping companies make digital transition to the DevOps world/ecosystem which involves mindset,
methodologies, tools and practices.
Also, I improve end to end DevSecOps toolchain with CI/CD, Containerization, Container orchestration, GitOps,
Security, Infrastructure as Code and Observability.
My ultimate goal is to be a part of a group of motivated engineers creating secure applications, making sure
security is defined early in the #SDLC process; during requirement gathering, a process known as "shift left".
I am a leader, and very committed to excellence.
TECHNICAL SKILLS
Security: Advanced use of intrusion-detection, IDS/IPS, DLP, SIEM like Splunk, LogRhythm,
Ms Sentinel, etc. vulnerability-scanning like Qualys, antivirus tools like
Crowdstrike falcon, Symantec EDR, Ms Defender, etc.
AWS
Monitoring CloudWatch, CloudTrail, Promethus and Grafana.
Tools
PROFESSIONAL EXPERIENCE
Responsible for application build & release process which includes Code Compilation, Packaging, Security code
quality scanning, Deployment Methodology and Application Configurations.
Configure Jenkins jobs and pipelines using Git, Maven, SonarQube, Verracode, nexus artifactory.
Defining release process & policy for projects early in SDLC and responsible for source code build, analysis and
deploy configuration.
Extensively worked on Jenkins for continuous integration and for End-to-End automation for all build and
deployments. Implement CI-CD tools Upgrade, Plugin Management, Backup and Restore.
Created pipelines from the scratch and wrote Jenkins file using Groovy scripts.
Set up Kubernetes (k8s) Clusters for running microservices and pushed microservices into production with
Kubernetes backed Infrastructure. Development of automation of Kubernetes clusters via playbooks in
Ansible.
Use Kubernetes to deploy scale, load balance, scale and manage Docker containers with multiple namespace
versions.
Use SonarQube for code quality review that yields speedier deployments and cleaner code.
Automate build and deployment using Jenkins, Docker and Kubernetes to reduce human error and speed up
production processes.
Monitoring/Incident Handling
Monitored the security of critical systems and SIEM infrastructure (e.g. Web applications, database
servers, email servers, etc.) to ensure appropriate incidence response in line with administrative
policies.
Conducted network vulnerability scanning using tools like Qualys and Crowdstrike falcon to evaluate
attack vectors, identify system vulnerabilities and develop remediation plans and security programs.
Conducted routine social engineering tests and clean-desk audits to determine efficiency and
optimization of the system and identify and mitigate security violations.
Investigated potential or actual security violations or incidents to identify issues and areas that require
updated security measures or policy changes, driving it to the end in line with incident
handling/response methodologies.
Monitored and reviewed alerts on Splunk ES, Palo Alto FWs, and Cisco Stealth watch, categorize alerts,
and take actionable remediation steps.
Saved the organization thousands of dollars by containing and diffusing a security incident/breech.
Strategy Development
Researched new developments in IT security to recommend, develop, and implement new security
policies, standards, procedures in line with the company’s policies and security standards.
Coordinated with third parties, Vendors, to perform vulnerability tests and create security
authorization agreements and standards.
• Spread awareness and knowledge of good Information Security practices in development teams.
• Collaborated with multiple departments across the organization to conduct 3rd Party cybersecurity risk
assessments before onboarding vendors.
• Automated the deployment of security solutions as required to effectively detect, analyze, contain, and
eradicate security incidents while collaborating with key stakeholders (Network admin, Devops engineer,
developer etc.) and other members of the security team.
• Developed and maintained system security plans, information security policies, procedures, and guidelines.
• Performed security compliance checks and vulnerability assessments on our client’s infrastructure using
Qualys.
• Participated in security risk assessments and recommend mitigations and countermeasures to address risks,
vulnerabilities, and threats to our client’s enterprise infrastructure.
• Performed formal security reviews of application designs and deployments as required, covering web
application, APIs, mobile applications, and networks.
Certifications
CISSP – Certified Information Systems AWS-CSA – AWS Solutions Architect-
Security Professional. Associate
CCNP – Cisco Certified Network Professional CEH – Certified Ethical Hacker
NSE 4 – Network Security Expert (Fortinet)