Cloud Security Engineer
Resume:
LARGO, MD, ***** • *********@*****.*** • +1-301-***-**** • LINKEDIN.COM.
ALAIN NJANG
Cyber/Cloud Security Engineer
PROFESSIONAL SUMMARY
Cyber/Cloud Security Engineer with 8+ years of experience in securing cloud infrastructures and managing threat landscapes across AWS, Azure, and GCP. Demonstrates expertise in IAM, encryption, and incident response, enhancing security protocols to align with standards like NIST, ISO 27001, and GDPR. Proficient in risk assessment and security policy development, committed to designing secure, compliant cloud environments that support business continuity and proactive threat defense. EMPLOYMENT HISTORY
CLOUD SECURITY ENGINEERJan 2021 - Present
Intel
Lead the design and implementation of secure cloud infrastructures across AWS, Azure, and GCP, ensuring robust security architecture that adheres to Intel's security policies and industry standards, resulting in compliance improvement.
Manage identity and access management (IAM) frameworks using tools such as AWS IAM, Azure AD, and Okta, enabling least-privilege access for over 1,000 users and securing sensitive data and resources.
Enhance real-time threat detection capabilities through advanced SIEM tools like Splunk, Microsoft Sentinel, and AWS GuardDuty, significantly reducing incident response times and bolstering overall security posture.
Conduct vulnerability assessments and penetration tests on cloud environments, using tools like Nessus, Qualys, and AWS Inspector to proactively identify and mitigate risks and vulnerabilities.
Automate security operations using Python, Terraform, and AWS CloudFormation, reducing manual workload and improving overall process efficiency for cloud security compliance.
Collaborate with cross-functional teams to ensure data protection practices, employing encryption techniques (AES, RSA) and AWS KMS for secure data storage and transmission across Intel's cloud environments.
Oversee the configuration and maintenance of firewalls and network security controls in cloud platforms, implementing advanced rules and policies that contribute to a 20-30% quarterly decrease in unauthorized access attempts.
Develop and maintain incident response plans and conduct regular security audits and training sessions, improving overall cloud security awareness and readiness among Intel employees.
Utilize DevSecOps practices and tools like Jenkins, Docker, and Kubernetes to integrate security within CI/CD pipelines, reducing deployment-related security risks.
Ensure compliance with regulatory requirements, including GDPR, PCI-DSS, and ISO 27001, by developing and enforcing security policies and conducting regular audits, maintaining 98% compliance across cloud environments.
Drive continuous improvement initiatives for cloud security posture, regularly analyzing logs and metrics from AWS CloudTrail, Azure Security Center, and GCP Security Command Center to identify trends and optimize security measures. CLOUD SECURITY ENGINEERNov 2019 - Dec 2021
Cisco
Designed and implemented secure cloud infrastructure on AWS and Azure, enhancing data protection across 200+ applications and reducing security incidents. The use of AWS GuardDuty, Azure Security Center, and automated IAM policies were employed.
Implemented comprehensive compliance frameworks aligned with industry standards, achieving near-perfect compliance rates in audits and minimizing data privacy risks.
Developed and enforced compliance frameworks aligned with NIST, ISO 27001, and PCI-DSS, for satisfactory compliance ratings in quarterly audits, which minimized data privacy risks across the organization.
Managed identity and access management (IAM) policies using Azure AD, Okta, and AWS IAM, increasing security posture by enforcing least privilege access and multi-factor authentication (MFA) for 1,000+ users.
Collaborated cross-functionally to implement network security best practices, configuring firewalls (Palo Alto, Fortinet), VPNs, and IDS/IPS solutions, which enhanced network resilience and minimized unauthorized access.
Implemented encryption and data loss prevention (DLP) strategies, including AES and TLS protocols, to safeguard sensitive data, resulting in zero data breaches over two years.
Spearheaded incident response initiatives, analyzing threats and leading recovery efforts that improved incident response, utilizing Microsoft Sentinel and CrowdStrike for faster threat identification.
Developed automated scripts in Python and PowerShell to streamline security monitoring and reporting, enhancing real-time insights and created efficiency by reducing manual monitoring efforts.
Engineered robust cloud security solutions on AWS and Azure, significantly reducing security incidents and enhancing data protection across numerous applications.
CYBERSECURITY (SOC)Sep 2017 - Oct 2019
Truist Bank
Implemented advanced endpoint protection and Intrusion Detection/Prevention Systems (IDS/IPS), reducing malware infections and strengthening the organization’s threat detection and response capabilities.
Conducted comprehensive penetration tests across 30+ applications and network segments, identifying critical vulnerabilities and collaborating with engineering teams to remediate security flaws, which enhanced overall security posture.
Developed and managed a proactive threat-hunting program, leveraging advanced analytics, machine learning, and real-time data monitoring to detect and mitigate Advanced Persistent Threats (APTs), reducing security incidents.
Established and enforced a governance framework to ensure compliance with legal and regulatory requirements, significantly reducing compliance-related issues and aligning security operations with business objectives.
Led compliance programs across ISO, SOC 2, and GDPR, conducting regular audits and collaborating with external auditors, which increased audit success rates and minimized non-compliance penalties.
Enhanced security awareness within the organization by developing and delivering training sessions on cybersecurity best practices.
Created and maintained documentation for security policies, procedures, and incident response processes, which streamlined operations and ensured consistent security practices across departments. SYSTEM ADMINISTRATORSep 2016 - Sep 2017
Metro Homes
Streamlined security operations, resolving 100+ incidents through in-depth log analysis. Implemented IDS/IPS to enhance threat detection capabilities.
Conducted system audits ensuring policy compliance. Provided technical support for 200+ users while contributing to network security tasks.
Drove reduction in system vulnerabilities through proactive vulnerability scans and patch management, maintained comprehensive security documentation, and educated junior analysts on security best practices and threat.
Responded to security incidents in real-time using Security Information and Event Management (SIEM) tools. EDUCATION
BACHELOR OF SCIENCE: COMPUTER SCIENCESJun 2009 - Sep 2011 University of SUOB
COURSES
SECURITY+ CERTIFIED SPLUNK ADMIN CERTIFIED AWS ASSOCIATE CERTIFIED AWS CERTIFIED SECURITY – SPECIALTY
MICROSOFT CERTIFIED: SECURITY OPERATIONS ANALYST ASSOCIATE GOOGLE CHRONICLE
SKILLS
AWS, Azure, GCP, IAM, Encryption, NIST, ISO 27001, GDPR, Okta, OAuth, SAML, Firewalls, VPN, IDS/IPS, Splunk, Python, PowerShell, Terraform, Docker, Kubernetes.
Cloud Platforms: AWS (IAM, S3, CloudTrail, GuardDuty), Microsoft Azure (Security Center, Key Vault), Google Cloud Platform (GCP Security Command Center, Cloud Armor)
Security and Compliance: NIST, ISO 27001, GDPR, HIPAA, SOC 2, PCI-DSS, CIS Benchmarks Identity & Access Management: Okta, Microsoft Azure AD, AWS IAM, OAuth 2.0, SAML, OpenID Connect, Single Sign-On (SSO), Privileged Access Management (PAM)
Network Security: Firewalls (Palo Alto, Fortinet), VPN, Intrusion Detection and Prevention (IDS/IPS), AWS Security Hub, Azure Sentinel, Network Security Groups (NSG)
Data Protection: Encryption (TLS, AES, RSA), Key Management (AWS KMS, Azure Key Vault), Data Loss Prevention (DLP), Masking, Anonymization, Backup and Recovery (AWS Backup, Azure Recovery) Threat Intelligence & SIEM: Splunk, AWS GuardDuty, Microsoft Sentinel, IBM QRadar, Sumo Logic, CrowdStrike, Carbon Black, Threat Detection, Threat Intelligence, Incident Response
Automation & Scripting: Python, PowerShell, Bash, Terraform, AWS CloudFormation, Ansible, JSON, YAML Collaboration & Management: Trello, Slack, Jira, Confluence, Asana, ServiceNow DevSecOps & CI/CD: Docker, Kubernetes, Jenkins, GitHub Actions, GitLab CI/CD, Infrastructure as Code (IaC), Continuous Monitoring
Contact this candidate