Cloud Security Architect
Resume:
SUNDAY OKUNROBO
Email: *********@*******.*** 281-***-****
PROFESSIONAL SUMMARY
Accomplished Cloud Security Architect with over nine years of progressive experience in cybersecurity, specializing in securing complex cloud-native and hybrid infrastructures—most notably within Microsoft Azure environments. I bring a strong foundation in security architecture, threat detection, vulnerability management, and compliance frameworks, combined with a deep, hands-on command of cloud-native tools, Infrastructure as Code (IaC), and DevSecOps practices.
Throughout my career, I have demonstrated a consistent ability to design and implement scalable, secure architectures across enterprise cloud platforms. Whether it's embedding security into CI/CD pipelines, enforcing Zero Trust policies across Azure tenants, or leading vulnerability remediation initiatives for regulated industries, I have been at the forefront of building resilient security postures that meet both technical and regulatory demands.
I thrive in cross-functional settings, working alongside DevOps, legal, product, and compliance teams to translate security principles into actionable solutions that protect sensitive data, reduce risk, and enable business agility. I’m now seeking to bring this experience to a forward-thinking organization, where I can contribute to building modern, cloud-native security programs that evolve with today’s threat landscape.
CERTIFICATIONS
Certified Information Systems Security Professional (CISSP)- In- progress
AWS Certified Security – Specialty
AWS Solutions Architect – Associate
Microsoft Certified: Azure Security Engineer Associate (AZ-500)
CompTIA Security+
TECHNICAL STRENGTHS & COMPETENCIES
Cloud Security Architecture (Azure Focused)
Architected secure Azure environments with robust network segmentation, NSGs, VNets, private endpoints, and Azure-native firewall implementations.
Administered and hardened Microsoft Entra ID (Azure AD), enforcing Conditional Access, MFA, and Just-in-Time access via PIM.
Applied Zero Trust principles across Azure workloads, ensuring identity-centric security and comprehensive visibility.
Infrastructure as Code (IaC) & DevSecOps
Developed secure infrastructure using Terraform, Bicep, and ARM templates—embedding security controls by design.
Secured CI/CD pipelines by integrating SAST/DAST tooling (e.g., Checkmarx, GitHub Security) and IaC scanning.
Collaborated with engineering teams to codify guardrails and policies as reusable technical patterns.
CNAPP, Monitoring & Cloud-native Automation
Deployed and operationalized CNAPP capabilities (CSPM, DSPM, CIEM) using Prisma Cloud and Microsoft Defender for Cloud.
Built automation workflows using PowerShell, Azure Logic Apps, and Sentinel playbooks to remediate risks in real time.
Continuously assessed cloud environments, delivering real-time visibility into misconfigurations and risks.
Governance, Risk & Compliance
Mapped controls across compliance frameworks (ISO 27001, NIST 800-53, CIS, FedRAMP) using tools like eMASS and ServiceNow GRC.
Conducted internal and third-party audits; created security documentation including System Security Plans (SSPs) and risk treatment strategies.
Led security posture improvement projects that resulted in measurable gains in compliance scores and audit readiness.
Incident Response & Threat Management
Spearheaded cloud-specific incident response workflows, integrating with Azure Sentinel, Splunk, and Cortex XSOAR.
Investigated cloud access anomalies, data exfiltration attempts, and identity misuse—followed by post-mortem analysis and root cause remediation.
PROFESSIONAL EXPERIENCE
Cloud Security Architect
CVS Health – May 2024 to Present
In my current role at CVS Health, I lead the development and continuous evolution of a secure cloud architecture across enterprise-wide Azure environments. Working alongside cloud engineering and DevOps teams, I implement hardened infrastructure patterns that align with Zero Trust principles and meet rigorous healthcare compliance standards.
My responsibilities include performing threat modeling, securing cloud identity configurations, automating remediation using Microsoft Sentinel playbooks, and optimizing our CNAPP capabilities. I also established Terraform-based blueprints for provisioning secure workloads, which significantly reduced configuration drift and improved policy enforcement.
Key Achievements:
Improved Azure CIS compliance score from 68% to 94% within six months.
Reduced incident response times by 40% through integration of Sentinel with automated remediation logic.
Co-led the deployment of a centralized CNAPP platform, increasing visibility into misconfigurations, data exposures, and policy violations.
Cloud Security Architect
Chevron – April 2022 to April 2024
At Chevron, I was responsible for building a secure and scalable cloud architecture to support the organization’s global operations. I championed the shift from reactive security practices to proactive controls embedded in the development lifecycle, leading initiatives to secure CI/CD pipelines, modernize IAM configurations, and improve infrastructure security posture.
Key contributions included:
Deploying Prisma Cloud to operationalize CSPM and DSPM modules across multiple Azure subscriptions.
Enforcing RBAC, Conditional Access, and Identity Governance in Entra ID, reducing excessive privilege by 60%.
Designing IaC pipelines in Terraform and Bicep for consistent, secure deployments—integrated with GitHub Actions for automated security checks.
Application Security Architect
Memorial Hermann – Feb 2020 to March 2022
As part of the application security team, I focused on embedding security into development pipelines and cloud-hosted applications. I conducted regular code reviews, threat modeling sessions, and penetration testing while also leading efforts to adopt DevSecOps practices using Azure DevOps and GitHub workflows.
Projects included securing APIs, implementing encryption at rest and in transit, and enforcing least privilege access to sensitive patient data. My work directly contributed to the successful compliance audit for HIPAA and HITRUST certifications.
Cybersecurity Analyst
Clean-Co Systems – March 2016 to Dec 2019
This role formed the foundation of my security journey, where I led vulnerability assessments, incident response efforts, and third-party security evaluations. I built foundational processes for IAM governance, enforced DLP controls, and performed forensic investigations into breaches involving misconfigured cloud storage and unauthorized access.
EDUCATION
Bachelor of Science in Computer Science & Information Systems
University of Benin, Nigeria 2007 – 2011
TOOLS & TECHNOLOGIES
Cloud Platforms: Microsoft Azure, AWS
IaC & Automation: Terraform, Bicep, ARM Templates, PowerShell
Identity & Access: Entra ID (Azure AD), Conditional Access, PIM, RBAC, CyberArk
Security Platforms: Microsoft Defender for Cloud, Prisma Cloud, Zscaler, Azure Sentinel, eMASS
DevSecOps: GitHub Security, Checkmarx, OWASP ZAP, Burp Suite
Compliance & GRC: NIST 800-53, ISO 27001, FedRAMP, CIS Controls, ServiceNow GRC
Networking & Remote Security: Azure VNets, NSGs, VPNs, Azure Firewall, SASE
SIGNATURE PROJECT
Enterprise Azure Security Hardening Initiative
Challenge: Azure environments were misconfigured, non-compliant, and lacked centralized visibility.
Approach: Designed and implemented security baselines using Azure Policy and Terraform modules; integrated Prisma Cloud for CSPM and DSPM coverage; automated remediation using Sentinel and Logic Apps.
Impact:
Improved compliance scores by over 25% across business units.
Reduced mean time to detect misconfigurations by 60%.
Established IaC-based governance framework adopted enterprise-wide.
Contact this candidate