Security Engineer Cybersecurity

Michael Lawrence

Senior Security Engineer

Profile

Highly skilled Cybersecurity Engineer with 7 years of experience safeguarding organizations from cyber threats. Demonstrated results include:

● Reduced security incidents by 20% through proactive threat mitigation.

● Achieved a 15% reduction in critical vulnerabilities within 3 months.

● Maintained compliance with [NIST, CIS, ISO], improving scores by 40%.

● Decreased incident response time by 40% for swift threat resolution.

● Elevated security maturity by 20% through framework implementation.

● Integrated threat intelligence, boosting threat detection by 30%.

● Enhanced employee cybersecurity awareness, reducing human errors by 60%.

● Optimized security tools, improving detection accuracy by 20%.

● Collaborated cross-functionally for 20% reduction in security incidents.

● Streamlined reporting, increasing accuracy and efficiency by 20%. Dedicated to fortifying organizations against cyber risks, I bring measurable results to protect critical assets and ensure compliance. Employment History

Senior Cloud Security Engineer at Indicina, Lagos

January 2022 — Present

● Conducted security audits to identify vulnerabilities.

● Encrypted data and erected firewalls to protect confidential information.

● Monitored use of data files and regulated access to protect secure information.

● Performed risk analyses to identify appropriate security countermeasures.

● Provisioned AWS Landing Zones to create a customized baseline of AWS accounts, networks, and security policies.

● Configured multi-account architecture, identity and access management, governance, data security, network design, and logging within provisioned AWS Landing Zones.

● Focused on building VPCs from scratch and using AWS CloudFormation/Terraform, creating private and public subnets, security groups, network access lists, configuring internet gateways, OpenVPN, creating AMI, understanding of user access management/role-based access/multi factor authentication, API access and, configuration of auto scaling group (ASG) and elastic load balancer (ELB) for scaling services.

● Assisted with configuration of SNS to send notifications and CloudWatch to collect logs and metrics.

● Worked with engineers and development teams to ensure that architecture solutions are compliant with security frameworks, such as NIST, ISO 27001/27002, PCI, etc.

● Researched, designed, and oversees implementation of information technology, systems, and policies for information security in support of business needs.

● Built and managed, stable & secure AWS cloud infrastructure/networking using cloud orchestration capabilities, scripting languages, and APIs to design, code, test, implement and support Infrastructure as Code (IaC).

● Designed, configured, deployed, maintained, and upgraded environments for customers in AWS.

● Created and maintained CloudFormation scripts, automating manual processes, and generating deployment pipelines.

● Led projects from to end to end that produce new and improved service offerings.

Details

+447*********

ad5dc4@r.postjobfree.com

m

Links

LinkedIn

Skills

• AWS, Azure

• VPC, EC2, S3, IAM,

RDB, Lambda,

Route53, AMI, AWS,

Snapshot,

• Yaml, Jason,

Terraform, Jenkins,

GitHub

• Ansible,

CloudFormation,

CloudTrail, Tomcat,

CloudWatch, CI/CD

Pipelines

• Kali Linux

• Security hub, Subnet,

DNS, VPN, WAF,

Firewall

• ISO27001, NIST 800-

53, FISMA

• Designing Security

Controls

• NAT gateway,

Internet gateway

● Meeting customer SLAs and managing communication in case of issues

● Configured and maintained backup, monitoring, and alerting systems for multiple clients.

● Interacted with teams and customers in different time zones for ensuring 24 7 support in Linux/Windows administration in AWS.

● Focused on developing, implementing, and operationalizing cloud solutions that are highly available and resilient by utilizing best practices in systems engineering, network engineering, and multi-region design strategies.

● Partnered with multiple application teams within the customer enterprise to provide guidance and patterns for building and deploying cloud infrastructure, both PaaS and IaaS.

● Partnered with the Cyber Security team to ensure that cloud environments and patterns met the customer's security standards.

● Performed configuration, troubleshooting, and ongoing management of various cloud technologies in the customer's environment.

● Built infrastructure, networks, and systems for scalability, resiliency, availability, and recovery though infrastructure-as-code.

● Helped develop our self-service and automated tooling help applications team move fast yet provided the guardrails to ensure the quality and security of our systems.

● Stayed on top of industry trends and best practices to continually improve what we do, how we do it and ensured our internal customer experience is always improving.

● Working with ITIL processes such as Incident, Problem and Change management.

● Scheduled Pre-CAB meetings and attended Change Advisory Board (CAB) Meetings to provide approval for change management.

● Working with oversight committees and privacy, legal, and compliance stakeholders to develop enterprise-level information security compliance policies that address purpose, scope, and policy directives.

● Taking leads in developing and managing information security programs, including, but not limited to, information security awareness, vulnerability management, vendor risk management and risk management.

● Working directly with departments, clients, management to achieve results aligned with organization goals and objective.

● Designed and contributed to security architecture processes that enable the enterprise to develop and implement secure solutions and capabilities that are clearly aligned with the business, technology, and threat drivers

● Participated in application and infrastructure projects and other business initiatives to provide security-planning guidance with the following drivers: reduce risk, protect business applications while ensuring the highest level of data and infrastructure (endpoints, servers, networks, data center, cloud) security

● Reviewed and evaluated current access routes, sites, vendor integration points, and security platform v integrations; recommended improvements and develop corrective strategies to improve security prior to implementation

● Assisted with designed and security oversight of next-generation firewalls, intrusion prevention systems, DDoS solutions, SSL-terminating load balancers, WAF, security groups and NACL

● Recommended and managed transmission protection requirements for all environments (systems, applications, containers, etc.) such as VPC peering best practices, SSL certificate management, key pairs, etc.

● Performed security monitoring, security event triage, and incident response, coordinate with other team members and management to document and report incidents.

● Participated in deep architectural discussions to build confidence and ensure customer success when building new and migrating existing applications, software, and services on AWS platform.

● Technical liaison between the customer's service engineering & support teams.

● Experienced with "on-premises to cloud" migrations and IT transformations with the aid of AWS solutions.

● Designed and implemented monitoring and protection capabilities to help identify and protect against DoS attacks, MITM, EC2 instance compromise, secret compromise, etc.

● Developed tactical response procedures for security incidents

● Performed security monitoring, security event triage, and incident response, coordinate with other team members and management to document and report incidents.

● Operational experience with network security appliances with a clear understanding of the architecture behind secure networks, DMZ's, NAT's, rule placement, VPN setup, and system maintenance.

● Led root cause analysis, debugging, support, and postmortem analysis for security incidents and service interruptions.

● Enabled Cloud Trail across all geographic regions and AWS services to prevent activity monitoring gaps.

● Enabled Cloud Trail log file validation so that any changes made to the log file itself after it has been delivered to the S3 bucket is trackable to ensure log file integrity.

● Enabled access logging for Cloud Trail S3 bucket so that you can track access requests and identify potentially unauthorized or unwarranted access attempts

● Analyzed current technologies used within the company and determine ways to improve

● Documented and monitored requirements needed to institute proposed updates.

● Worked closely with System Engineers within the company to ensure hardware is available for projects and working properly.

● Proposed and established IT/Cloud security framework for necessary contributions from various departments.

● Accounted for possible project challenges on constraints including, risks, time, resources, and scope.

● Worked closely with project coordinator, customers, and our engineers to successfully monitor progress of projects and company initiatives.

● Define clear goals for all aspects of a project and manage their proper execution.

● Designed network and application vulnerability assessment programs and testing methodologies.

● Performed technical risk assessments for enterprise systems and report gaps and remediation actions.

● Designed and configured Intrusion Prevention Systems and passive Intrusion Detection Systems in AWS leveraging AWS Guard Duty.

● Created and test custom signatures based on emerging threats or business needs.

● Performed signature updates and reviews and tuning of sensors. Configure automated reporting and develop escalation procedures.

● Configured IBM Qradar SIEM (Security Information and Event Management) platforms to include obtaining data from endpoints and network devices and generating reports.

● Created automated workflow to address security related incidents.

● Performed regulatory compliance audits including SOX, PCI, and HIPAA.

● Reported findings and advise on remediation efforts.

● Assisted in preparing business application owners prior to external audits.

● Implemented Static Application Security Testing (SAST) tools, reducing code vulnerabilities by 30% across multiple projects.

● Introduced Dynamic Application Security Testing (DAST) processes, resulting in a 25% decrease in application-layer vulnerabilities.

●

Security Engineer at Deimos, Cape Town

April 2020 — December 2021

● Conducted security assessments and audits, identifying security gaps and recommending remediation actions.

● Assisted in the development of disaster recovery plans and participated in tabletop exercises.

● Collaborated with cross-functional teams to define security requirements for new cloud projects.

● Managed AWS security groups, network ACLs, and identity and access management (IAM) policies to control access to cloud resources, adhering to NIST and ISO27001 standards.

● Developed and implemented security monitoring and alerting solutions using AWS CloudWatch and AWS CloudTrail, aligning them with NIST and ISO27001 requirements.

● Conducted security assessments and audits, identifying security gaps and recommending remediation actions in compliance with NIST and ISO27001 standards.

● Assisted in the development of disaster recovery plans and participated in tabletop exercises, ensuring alignment with relevant standards.

● Collaborated with cross-functional teams to define security requirements for new cloud projects, taking into consideration NIST, PCIDSS, and ISO27001 guidelines.

● Assisted in the development of security awareness and training programs for employees, emphasizing NIST and ISO27001 compliance.

● Assisted in the development of security awareness and training programs for employees.

Enterprise Security Engineer (Lead) at Konga Online shopping (E- Commerce), Lagos

August 2017 — March 2020

● Threat modeling of the Project by involving before development and improving the security at the initial phase

● Performed functional testing of security solutions like RSA two factor authentication, Novel single sign on, DLP and SIEM

● Training the development team on the most common vulnerabilities and common code review issues and explaining the remediation

● Create ISO 27001:2013 internal audit reports in accordance with ISO/IEC 27001 requirements and internal processes

● Monitors, analyzes, and remediates IT security risk and vulnerabilities by adhering to defined operating procedures; reviewing metrics to identify outliers, inefficiencies, and non-standard actions.

● Applied leading theories and concepts to development, maintenance and implementation of information security standards, procedures and guidelines.

Education

Masters In Cybersecurity, University of Sunderland, Sunderland September 2023 — Present

Bachelor of Science, Crawford University, Nigeria

2008 — 2012

Contact this candidate