ELVIS MENGNJO

CLOUD SECURITY ENGINEER / CLOUD SECURITY CONSULTANT / AWS SOLUTIONS ARCHITECT

CERTIFIED: AWS CSS, CCSP, CISM, PMP

Location: Sugarland, TX Email: ad2r7b@r.postjobfree.com Phone: +1-832-***-****

Professional Summary:

As a seasoned professional with over 5 years of experience, I am a highly skilled Cloud Security Engineer, Cloud Security consultant and Cloud Solutions Architect. I specialize in crafting and implementing robust security strategies for cloud environments, ensuring the confidentiality and integrity of systems. My expertise extends to architecting scalable and resilient cloud solutions, utilizing advanced knowledge of leading platforms. I excel in conducting risk assessments, implementing security best practices, and ensuring compliance with industry standards. With a proven track record, I am adept at balancing security requirements with business objectives, fostering optimal and secure cloud infrastructures. My strong communication and collaboration skills contribute to effective cross-functional teamwork and successful client engagement.

Professional Expertise:

Security Architecture:

• Expert in Designing and implementing secure, available, fault tolerant and scalable cloud architectures that align with business objectives and Understanding cloud-specific security features and tools.

• Extensive experience in Leveraging cloud-native services for optimal performance and efficiency using services such as EC2, S3, VPC, RDS, IAM, etc.

• Proven experience in Integrating cloud solutions with existing on-premises systems and third-party services like Datadog and Okta.

• Proficient in Defining standard concepts, practices, and procedures for cloud technology, including Software as a Service (SaaS), Platform as a Service (PaaS), or Infrastructure as a Service (IaaS).

Identity and Access Management (IAM):

• Strong knowledge in Configuring and managing IAM users, groups, policies, roles, and permissions thereby Implementing strong authentication and authorization mechanisms.

• Demonstrated ability in Implementing a robust access control mechanisms to manage user permissions and privileges. Setting-Up Multi-Factor Authentication (MFA) to enhance the overall security posture of the AWS environment.

• Experience in Developing and Testing custom IAM policies, including attribute-based access control.

• Established Cross-Account Access Successfully between the "Development" and "Production" AWS accounts and Implementing AWS Organizations and Identity Center to centralize management of multiple AWS accounts.

• Skilled in Integrating AWS Single Sign-On (AWS SSO) Configured AWS SSO and integrated it with Okta and Regularly analyze user access patterns using IAM Access Advisor and modified IAM policies.

• Generated and analyzed credential reports to review and monitor IAM users' access and security status.

Network Security:

• Proficient in designing, configuring, and managing cloud networking resources, including VPCs, subnets, routing tables, and security groups. Ability to optimize network performance and security for cloud-based applications.

• Expert in Implementing firewalls to monitor and control incoming and outgoing network traffic and divide the network into segments to restrict lateral movement of attackers.

• Proven experience in Securing wireless networks with strong encryption (WPA3) and unique passphrases and Deploying network monitoring tools to detect unusual patterns or activities.

• Skilled in Configuring DNS security features to prevent DNS-related attacks and Secure routers, switches, and other network devices with strong passwords.

• Establish processes for conducting network forensics to investigate security and Implement redundancy and failover mechanisms to ensure network availability.

Encryption and Key Management:

• Expert in Implementing encryption for data at rest and in transit and managing key lifecycle and ensuring secure key storage.

• Proficient in Implementing hardware security modules (HSMs) for secure key storage and establishing secure channels for distributing keys to authorized entities.

• Skilled in Implementing key exchange protocols that provide confidentiality and integrity during key distribution and regularly rotating encryption keys to limit the exposure of sensitive data. Develop processes for revoking compromised or compromised keys.

• Develop a robust key backup strategy to prevent data loss in case of key corruption or loss.

Security Monitoring and Incident Response:

• Demonstrated ability in Implementing continuous monitoring for security threats and developing a comprehensive incident response plan (IRP) that outlines roles, responsibilities, and procedures.

• Proven experience in Implementing monitoring tools and technologies like Cloud Watch, Cloud Trail, AWS Config and Amazon Inspector to detect potential security incidents.

• Established communication protocols for reporting incidents to relevant and Isolated affected systems and networks to prevent further damage.

• Experience in Identifying and removing the root cause of the incident and restore affected systems and services to normal operation.

Compliance and Governance:

• Demonstrated ability to navigate and implement compliance frameworks, including HIPAA, GDPR, and PCI DSS. Skilled in establishing governance models to enforce best practices ensuring compliance with industry standards and regulations. Implementing governance frameworks for cloud security.

• Clearly communicate data protection policies to stakeholders.

• Assess and manage the compliance posture of third-party vendors and service providers.

• Skilled in Engaging the board of directors in cybersecurity governance, implementing risk management framework to identify, assess, and manage cybersecurity risks.

• Conduct regular internal and external audits to assess compliance and governance effectiveness.

Scripting and Automation:

• Expert in Leveraging tools like Terraform or CloudFormation for declarative infrastructure management and familiar with other automation tools like Ansible, Puppet, Chef.

• Proficiency in scripting languages (e.g., Python, Bash PowerShell) for automation.

• The ability to choose the appropriate scripting language based on the task and platform.

• Implement IaC principles to define and manage infrastructure through code.

• Use version control systems (e.g., Git) for tracking changes to scripts and automation code.

• Proven experience in Automating configuration changes and updates to ensure uniformity and incorporating robust error-handling mechanisms into scripts and automation code.

Cloud Security Consultant:

• Conducting risk assessments and vulnerability assessments.

• Providing risk mitigation strategies and recommendations.

• Performing security audits of cloud environments.

• Advising clients on security best practices for cloud adoption.

• Assessing the security posture of cloud service providers.

• Communicating technical solutions to non-technical stakeholders.

Data Base Expertise:

• Expert in Database Management Systems (DBMS). Proficiency in popular DBMS platforms such as MySQL, PostgreSQL, Oracle, Microsoft SQL Server, or MongoDB and Experience with cloud-based database services (e.g., Amazon RDS, Azure SQL Database, Google Cloud SQL).

• Skilled in Implementing effective indexing strategies to speed up data retrieval and Regular testing of backup and restore processes to ensure data integrity.

• Familiarity with data warehousing concepts for handling large volumes of data.

• Proficient in database administration tasks such as installation, configuration, and maintenance.

Cloud Architecture:

AWS Cloud Formation, AWS CloudFormation Designer, AWS Service Catalog, AWS Marketplace, AWS Well-Architected Framework, CART, AWS ADS, Cloud Endure, AWS SMS, AWS DMS, AWS SCT, AWS DataSync, AWS Security Hub, AWS Guard Duty, AWS Secret Manager, AWS Shield, VPC Flow Logs, Security, Groups, NACLs

Cloud Migration:

AWS Migration Hub, AWS Application Discovery Service, AWS Server Migration Service (SMS), AWS Data Migration Service (DMS), AWS Snowball, AWS Systems Manager, Lifecycle Manager, Autoscaling

Cloud Security:

AWS Identity and Access Management (IAM), AWS CloudTrail, AWS CloudWatch, AWS Security Groups, AWS VPC Security Groups, AWS Key Management Service (KMS), AWS Inspector, Trusted Advisor, AWS Control Tower, AWS Single Sign-On, AWS Certificate Manager, AWS KMS, Compliance and Governance. Threat Detection and Incident Response, Security Automation,

Cloud Cost Management:

AWS Budgets, AWS Cost Explorer, AWS Cost Allocation Tags, AWS CloudTrail, AWS Config, AWS Savings Plans, CloudFront, AWS Transit Gateway, VPC Endpoint, S3, EC2, EKS, ELB, ACM, RDS, Landing Zone

Cloud Automation and DevOps:

AWS CodePipeline, AWS CodeBuild, AWS CodeDeploy, AWS CloudFormation, AWS CLI, AWS SDKs, AWS CodeDeploy, Terraform, AWS CLI, Docker, Kubernetes, AWS Cloud Watch, AWS SNS

Cloud Networking and Infrastructure:

AWS Virtual Private Cloud (VPC), Amazon Virtual Private Cloud (VPC) peering, AWS Transit Gateway, AWS Direct Connect, AWS Route 53, AWS Application Load Balancer (ALB), AWS Network Load Balancer (NLB)

Cloud Application Development and Deployment:

AWS Lambda, AWS API Gateway, AWS Amplify, Serverless Framework, Docker, Kubernetes

Communication, Problem Solving, and Decision Making,

JIRA, Confluence, Slack, Zoom, Microsoft Teams, Visual Studio Code, IntelliJ IDEA, Git, GitHub

Programming Language:

JSON, YAML, Linux Servers

• Use ETL (Extract, Transform, Load) processes for seamless data integration and plan and execute data migration between different database systems or versions.

Professional Experience

DELL Technologies: February 2020 – Present

Role: Cloud Security Engineer/Architect

• Designing Secure multi-Cloud Architecture:

I design and implement secure cloud architectures, ensuring that the organization's cloud infrastructure follows industry best practices for security.

• Identity and Access Management (IAM):

I established and maintained IAM policies to enforce the principle of least privilege, regularly auditing and optimizing access permissions.

Implemented multi-factor authentication (MFA) and single sign-on (SSO) solutions to enhance user authentication.

My responsibilities include implementing and managing robust identity and access controls to ensure proper authentication and authorization mechanisms.

I established access levels and permissions using least privilege, integrated with Okta. Used Okta as a cloud-based identity and access management (IAM) platform to provides secure access to various applications, data, and services. Used Okta to centralize and manage user authentication, authorization, and account information.

• Automation: Terraform:

Designed, implemented, and managed Infrastructure as Code (IAC) using Terraform to automate cloud infrastructure provisioning and management, ensuring scalability, security, and reliability.

I created reusable modules, managing state, and deploying resources across multiple cloud environments.

• Conducting Risk Assessments:

I conduct comprehensive risk assessments to identify potential vulnerabilities and threats in the cloud environment, prioritizing and mitigating risks accordingly.

Request and review Scan results for common Vulnerabilities such as Missing Patches, weak Password settings, Unnecessary services not Disabled and weak Configurations.

• Monitoring and Incident Response:

I set up and manage security monitoring tools to detect and respond to security incidents in real-time, and I develop incident response plans for effective resolution.

• Ensuring Security Compliance:

I work to ensure compliance with relevant security standards, regulations, and industry best practices, conducting regular audits and assessments to verify adherence.

Assessed FEDRAMP systems and provided assessments results to the cloud service providers.

• Security Automation and DevSecOps:

Automation is a key focus, and I use scripting and coding skills to implement security controls and enhance efficiency, reducing the risk of manual errors.

Pioneered the integration of security practices into the DevOps pipeline, implementing automated security testing and compliance checks.

Developed custom security automation scripts, resulting in a 20% reduction in manual security tasks.

• Vulnerability Management:

Regular vulnerability assessments are conducted to identify and remediate security weaknesses, and I devise patch management strategies to keep cloud systems up to date.

• Providing Training and Awareness:

I deliver training programs to educate employees on cloud security best practices, fostering a security-aware culture within the organization.

• Collaborating with IT and Development Teams:

Collaboration with IT and development teams is crucial. I work closely with them to integrate security into the DevOps lifecycle, ensuring secure coding practices and a holistic approach to security.

IMPACT ENTERPRISE: Jan 2018 – Feb 2020

Role: Cloud Security Consultant

Security Assessments:

• Performing ongoing RMF/A&A/ATO projects in support of client security systems using NIST SP 800-37 Rev 1 and NIST SP 800-53A Rev 4 as a guide.

• I conduct comprehensive security assessments, evaluating the organization's existing security measures and identifying potential vulnerabilities.

• Assessed FEDRAMP systems and provided assessments results to the cloud service providers.

• Reviewing Privacy Impact Assessment (PIA) documents after a positive PTA is created and ensuring that PII findings are recorded in the System of Record Notice (SORN).

Risk Analysis and Mitigation:

• My role involves analyzing security risks and developing strategies to mitigate and manage those risks effectively.

Security Policy Development:

• I contribute to the development and enhancement of security policies, ensuring they align with industry best practices and regulatory requirements.

Incident Response Planning:

• I assist in the creation of incident response plans, defining procedures for handling security incidents to minimize impact and downtime.

Security Awareness Training:

• Providing security awareness training to employees is part of my responsibilities to ensure a security-conscious culture within the organization.

• Schedule kick off meetings with system owners to help identify assessment scope, system boundary, the information systems category, attain any artifacts needed in conducting the assessment and provide an overview of the assessment schedule and approach.

Security Audits and Compliance:

• I conduct security audits to assess compliance with industry standards, regulations, and internal security policies.

Security Architecture Review:

• I review and provide recommendations for the security architecture of systems, networks, and applications, ensuring they meet security standards.

Security Technology Evaluation:

• Assessing and recommending security technologies, tools, and solutions that align with the organization's security requirements is part of my role.

Collaboration and Advisory:

• I collaborate with various teams within the organization, providing expert advice on security matters and ensuring that security considerations are integrated into projects and processes.

• Document and generate assessment findings in the Security Assessment Report (SAR) and recommend remediation actions for vulnerabilities and failed controls.

• Created and finalized Security Assessment Report (SAR) and gave recommendations to ISSO on how to mitigate or remediate reported weaknesses and vulnerabilities.

EDUCATION

Master of Science (MSc.) Information Technology Management

University of Dschang Cameroon (2015-2018)

B.Sc. Public Service and Administration

University of Bamenda (2004-2007)

B.Sc. Business Management

Bamenda University of Science and Technology (BUST) Cameroon. (2008-2011)

Contact this candidate