Security Engineer Cloud
Resume:
Zephaniah Tita Taku
240-***-**** / *************@*****.***
Hyattsville MD, 20785
Professional Summary
I am a highly skilled Cloud Security Engineer and DevOps professional with close to a decade’s experience securing multi-cloud environments across AWS, Azure, and GCP. Adept at leveraging a diverse set of tools and cloud-native services to enforce robust security measures across infrastructures, including EKS, IAM, Kubernetes, Terraform, and CI/CD pipelines. Expertise in automating security policies, vulnerability scanning, and compliance monitoring to ensure adherence to industry standards such as SOC 2, PCI DSSS, HIPAA, and GDPR.
With hands-on experience in implementing cloud-native security tools like AWS IAM, AWS KMS, CloudTrail, Shield Advanced, and Systems Manager, I specialize in securing containerized environments (including Docker and EKS), enforcing network policies, and enhancing security posture through proactive monitoring and incident response. I am skilled in configuring and managing multi-cloud environments, securing APIs, and improving threat detection using platforms like AWS Security Hub, Guard Duty, Prisma Cloud, and third-party tools such as Splunk.
I bring deep expertise in Infrastructure as Code (IaC), particularly with Terraform, automating infrastructure deployments and incorporating security checks to ensure compliance and scalability. Known for driving risk reduction through security automation, I play a pivotal role in establishing secure and compliant CI/CD pipelines, fostering a culture of security within development teams.
Experience
HESS Corporation, Houston TX November 2021 to present
Cloud Security Engineer
Integrated AWS Organizations with other AWS services like Security Hub, Access Analyzer, Detective, Guard Duty, Config, Inspector, and Macie for centralized monitoring.
Deployed AWS Control Tower to establish a secure, multi-account environment with automated guardrail enforcement.
Applied Service Control Policies (SCPs) to restrict access to specific AWS services and enforce the principle of least privilege across accounts.
Ensured adherence to regulatory standards like SOC 2, NIST, and GDPR by leveraging Cloud Security Posture Management (CSPM) tool pre-built compliance policies.
Created unified dashboards using SIEM tools (e.g., Splunk, Azure Sentinel) to track policy compliance and threat activity across cloud platforms.
Configured SCIM provisioning for automatic user management across cloud platforms.
Correlated data from VPC Flow Logs, CloudTrail logs, and Guard Duty findings in Detective for comprehensive threat investigation.
Enabled AWS Shield Advanced for Load Balancers, API Gateway, and CloudFront to provide DDoS protection.
Implemented IAM least privilege access policies for services.
Created CloudWatch alarms for critical security events such as unauthorized access or resource misconfigurations.
Used Prisma Cloud contextual risk analysis to prioritize security issues based on severity, business impact, and exploitability.
Configured Prisma Cloud to detect misconfigured IAM roles, public-facing resources, and overly permissive security groups.
Enabled S3 server access logging to track requests made to buckets and detect unauthorized access.
Ensured state file security by encrypting backend storage and using remote backends like S3 with DynamoDB for state locking.
Integrated GitHub Actions with SonarQube to correlate SAST and DAST findings, ensuring comprehensive security coverage.
Integrated SAST (static application security testing) workflows in GitHub Actions to automate code scanning for vulnerabilities during every pull request and code commitment.
Automated DAST (dynamic application security testing) workflows in GitHub Actions using tools like OWASP ZAP, Burp Suite, and Nikto to scan web applications for runtime vulnerabilities.
Kaiser Permanente Washington, DC April 2018 – October 2021
Sr Cloud/DevOps Engineer
Deployed Prisma Cloud to monitor containers, Kubernetes clusters, and serverless environments for vulnerabilities and runtime threats.
Used Amazon Inspector to scan container images for vulnerabilities before deployment to EKS.
Periodically rotated cluster certificates and kubeconfig files to reduce attack exposure.
Integrated Kubernetes Role-Based Access Control (RBAC) with IAM to manage access to EKS cluster resources.
Integrated EKS logs with AWS OpenSearch or third-party tools like Splunk for advanced monitoring and analysis.
Enabled Shield Advanced for DDoS protection of EKS public endpoints.
Configured Kubernetes Network Policies to enforce pod-to-pod and pod-to-service communication restrictions.
Configured CloudTrail to log ECR API activity for auditing and compliance purposes.
Enabled Amazon CloudWatch Container Insights to monitor EKS cluster and application performance metrics.
Enabled Amazon Inspector for automated vulnerability scanning of container images stored in ECR.
Ensured all ECR repositories are encrypted at rest using AWS KMS-managed keys.
Implemented tagging strategies to identify image versions (e.g., dev, staging, production) and avoid deploying unverified images.
Enabled cross-account access to ECR repositories using resource policies while enforcing strict conditions.
TD Bank June 2015 to April 2018
Cloud Engineer
Integrated Terraform with CI/CD pipelines for infrastructure-as-code deployments.
Implemented tools like tfsec to scan Terraform code for security misconfigurations.
Developed reusable Terraform modules to standardize resource provisioning across AWS and Azure environments.
Designed CI/CD pipelines using GitHub Actions, Jenkins, and AWS Code Pipeline with integrated security checks.
Enforced least-privilege access for developers and CI/CD pipelines to push or pull images.
Integrated Prisma Cloud with CI/CD pipelines to perform pre-deployment security checks for Infrastructure as Code (IaC) templates.
Enforced security policies and compliance frameworks like CIS Benchmarks, PCI DSS, HIPAA, and GDPR using CSPM solutions.
Used Prisma Cloud to monitor DNS requests, traffic flows, and application logs for signs of compromise or malicious activity.
Deployed Web Application Firewall (WAF) with CloudFront for enhanced application security against OWASP Top 10 vulnerabilities.
Configured WAF rules to block suspicious patterns and common attack vectors targeting APIs and applications.
Enforced HTTPS with ACM certificates for CloudFront distributions and ALB so end users can access our application in a secure manner.
Integrated KMS with various AWS services like S3, RDS, and Lambda to enforce data encryption.
Designed and implemented key rotation policies using AWS KMS to ensure encryption key security and compliance.
Set up IAM authentication for secure database access, minimizing the need for hardcoded credentials.
Education
University of Buea, Cameroon, Computer Science
Bachelor’s Degree, Logistics and Transport Management, University of Bamenda, Cameroon
Active Certifications
CompTIA CompTIA Sec+
Professional Scrum Master I
AWS Solution Architect
AWS Cloud Practitioner
Azure Associate
Technical skills
● AWS Security & Networking: CloudFront, AWS Lambda, S3, VPC Flow Logs, EC2, ELB, RDS, SNS, SQS, SES, Route53, AWS Auto Scaling, Trusted Advisor, CloudWatch, CloudTrail, AWS Config, AWS Shield, AWS Cloud, Guard Duty, AWS Organization, AWS IAM, AWS AD Connector, Active Directory, VPC, IGW, NGW, AWS System Manager, Patch Manager, etc.
● DevSecOps/Container Security: Git Secret, SonarQube, AWS Code Commit, Code Pipeline, Code Build, Code Deploy, ECR, EKS, ECS, SSM (systems manager), Palo Alto Prisma, Veracode, Snyk, Jira, Bitbucket, wiz, GitHub actions.
● Programming/Scripting: Bash Shell, Python, Linux.
Contact this candidate