Cloud Architect Information Technology
Resume:
Chuk Amattah
• Accomplished Cybersecurity and Cloud Architect with over 15 years of experience in Information Technology. Proven expertise in designing and implementing robust security architectures, leading incident response initiatives, ensuring regulatory compliance, and managing diverse teams. Adept at fortifying organizational defenses and navigating dynamic cyber threats, seeking a challenging role to leverage expertise in enhancing cybersecurity postures and contributing to organizational success.
********@*******.*** 510-***-**** San Francisco, California https://www.linkedin.com/in/amattahcj/
WORK EXPERIENCE
Sigma Computing Inc.
Principal Security Cloud Architect August 2022 - Present
• Design and manage comprehensive security architectures, policies, and procedures
• Conduct threat analysis and vulnerability assessments, recommending appropriate security measures.
• Implement multi-account/multi-region solutions with a focus on governance and compliance.
• Managed IAM architecture and access control across various cloud platforms.
• Enhanced security posture by implementing IAM solutions that reduced unauthorized access incidents by 30%.
• Automate security processes and network component provisioning like VPC, TGW, TGW attachments, security groups, NACL, Route 53, and inbound and outbound resolver endpoints.
• Implement and maintain cloud-native security platforms (CNAPP, CSPM, DSPM)
• Develop and execute incident response and disaster recovery plans
• Optimize cloud costs and resource usage while maintaining security standards
• Design, optimize, and manage network boundary protections and secure sensitive data flows using tools such as firewalls, VPNs, IPS/IDS, CASB, SIEM, DLP, Privilege Access, MITRE, NIST,
& OWASP frameworks, DAST, SAST, WAF, IPS/IDS, Email Security, URL Filtering, Container Security, wireless security, network access controls, and solutions.
• A key contributor to multi-account/multi-region solutions with a focus on solid governance compliance and security best practices, including the design, translation, and implementation of security controls mapped to industry standards and regulatory frameworks (e.g., NIST 800-53, HIPAA, CIS, PCI DSS, SOC2), and the ability to implement and maintain security controls to meet these requirements.
• Design, develop, & manage IAM architecture, Federated/SSO authentication, and access control using Okta for various applications, AWS, GCP, and Azure accounts to ensure proper authentication and authorization.
• Implement and support Single Sign-On (SSO), privileged access management (PAM), multi-factor authentication (MFA), enterprise mobility management (EMM), security certificates, and SIEM solutions.
• Identify and manage IT security risks by performing formal assessments on internally developed applications, external partner connectivity, and third-party vendors that may store, process, or transmit organization data.
• Implement, manage, and maintain the Cloud-Native Application Protection Platforms (CNAPP), Cloud security posture management (CSPM), and Data security posture management (DSPM) platforms.
• Strong hands-on security tooling and cloud experience, including cloud security, vulnerability
& risk management, malware detection and analysis, SIEM, DLP, CASB, SASE, ZTNA, privilege access, MITRE, NIST, & OWASP frameworks, DAST, SAST, WAF, IPS/IDS, firewalls, email security, URL filtering, container security, AWS, GCP, MS Azure, and Terraform.
•
Ability to manage cloud costs effectively (cost optimization), optimize resource usage, and implement cost-saving strategies.
• Design and implement scalable, high-performance cloud architectures that align with organizational goals.
• Expertise in utilizing tools like Panther, Prisma Cloud, BigPanda, CloudWatch, and Azure Monitor for effective monitoring and logging, ensuring system control, health, and prompt issue resolution.
• Incident Response Planning: Develop and maintain incident response plans to ensure a timely and effective response to security incidents.
• Disaster Recovery: Knowledge of disaster recovery best practices and the ability to set up backup, redundancy, and fault-tolerant solutions.
Meta (Facebook)
Software Engineer V (Lead) January 2022 - August 2022
• I lead and oversee cloud engineering efforts, providing technical leadership and hands-on guidance to a growing team of developers to create tooling and products to enable and improve collaboration for Facebookers.
• I collaborate extensively with the production group within collaboration technologies to drive video production initiatives and other cloud-related projects.
• I align project goals and strategies with department objectives.
• Drive new projects and ongoing support and improvements for existing cloud-based video production systems, ensuring timely and effective solutions.
• I engage with cross-functional teams, including Collaboration Systems Engineering and multiple cloud-focused groups, to achieve project milestones.
• I spearhead the primary Virtual Control Rooms project while preparing for and participating in additional projects currently in the planning phase.
• I identify, plan, and document enhancements to existing security controls, ensuring continuous improvement and alignment with organizational needs. Noodle Analytics Inc.
Principal Engineer Cloud & IT November 2020 – January 2022
• Responsible for the uptime and reliability of infrastructure and applications.
• Manage events related to IT infrastructure elements (e.g., data centers, networks, servers, storage, operating systems, Internet security, and business applications).
• Architect, implement, manage, and expand the endpoint management ecosystem using JAMF Pro and MS Intune MDM to securely and scalable manage the growing fleet of applications and users (application packaging, configuration, deployment, and management).
• AWS Cloud Manager for Sage Maker & Databricks deployment and management.
• Monitor and respond to events, incident management, problem management, change management activities, KPI reporting, and CMDB management.
• Systematic problem-solving approach coupled with solid communication skills and a sense of ownership and drive.
• Troubleshoot infrastructure and application issues. Work with other engineering teams to ensure maximum network and application uptime and swift resolution of all problems.
• Maintain services once they are live by measuring and monitoring availability, latency, and overall system health.
• Scale systems sustainably through automation and evolve systems to improve reliability and velocity.
• Manage, provision, and service data centers and cloud servers (AWS, GCP, and Azure).
• Responsible for identifying problem incidents and driving them to resolution.
• Responsible for driving root cause analysis (RCA) for high-priority incidents.
• Install and maintain security information, events management (SIEM), and other security tools in cloud environments.
• AWS cost optimization and management.
• Create and manage IAM, Security Hub, Trusted Advisor, VPC, ALB, S3, CloudWatch, KMS, RDS, Codepipeline, CloudFront, Autoscaling, Load Balancing, RDS, RedShift, DynamoDB, CloudTrail, and CloudFormation/Terraform.
• Experience provisioning cloud automation and infrastructure as code through Docker, Kubernetes, Terraform, and AWS CloudFormation.
• Experience supporting web applications and backend APIs using the AWS tech stack, including EC2, ELBs, Lambda, and Gateway APIs.
• AWS security architecture and management.
• Implement and manage IAAS, PAAS, and SAAS in a multi-cloud environment.
• Security roadmap and implementation of SecDevOps toolchain and processes (SSO, IAM policies and roles, AWS Lambda, Central Logging, Dome9, Evident.io, AWS Inspector, AWS Trusted Advisor, AWS System Manager, Qualys, Golden AMI, encryption using KMS, incident response plans and playbooks, Splunk, Qualys, AWS GuarDuty, Security Hub, Shield, WAF, CloudFront, AWS Macie, and AWS Config).
• Design a central logging solution for AWS CloudTrail, CloudWatch, VPC flow logs, and system logs.
• Implement high availability/disaster recovery best practices for our infrastructure. Michael Raymond
Principal AWS Security Architect January 2020 – October 2020
• Develop security automation and APIs in the public cloud for the critical security pillars (e.g., IAM, CICD Security, Security Logging, Incident Response, Data Protection, Compliance Validation).
• Assess, design, implement, automate, and document solutions leveraging Amazon Web Service (AWS) and other third-party solutions.
• Migration of on-premises servers & data to AWS using DMS, Snowball, AWS Server Migrations
(SMS), CloudEndure, and AWS Storage Gateway.
• Install and maintain security information, events management (SIEM), and other security tools in cloud environments.
• Design and implement solutions for enhanced monitoring & better visibility into cloud infrastructure.
• In-depth knowledge of tools and technologies used in the cloud environment to provide security controls and assessments of the applications.
• I serve as a senior cyber security consultant for various lines of businesses by providing subject matter expertise related to new cloud platforms and emerging cloud technologies.
• Educate and communicate cloud security compliances, policies, standards, and procedures to business and internal stakeholders regarding projects and strategic initiatives.
• Conducted security architecture reviews of planned cloud migration initiatives across the organization and produced high-quality threat models for cloud environments clearly articulating risks.
• Accountable for functional architectures, design specifications, and implementation plans for required documents, architectural diagrams, solution designs, and other written and verbal information for cloud initiatives.
• Cloud Security: Expertise in designing and implementing secure AWS architectures.
• Identity and Access Management (IAM): Proficient in configuring and managing IAM policies for secure access.
• Security Compliance: Ensuring adherence to industry standards and regulatory requirements.
• Threat modeling: Identifying and mitigating potential security threats in AWS environments.
• Encryption: Implementing robust encryption mechanisms for data protection.
• Network security: Designing secure and resilient network architectures in AWS.
• Incident Response: Leading and coordinating incident response activities.
• Security Automation: Utilizing AWS tools for automated security measures.
• Security Best Practices: Implementing and promoting security best practices across AWS environments.
• Collaboration: Working closely with cross-functional teams for holistic security solutions.
• Continuous Monitoring: Establishing monitoring mechanisms for real-time threat detection.
• Security Audits: Conducting regular security audits and assessments.
• Emerging Technologies: Staying updated on the latest AWS security features and advancements.
• Weigh business needs against security concerns and provide risk-based recommendations to enhance cloud-based information systems security. This will allow the lines of business to make informed risk decisions about cloud platforms.
Verizon
Principal Cloud Security Architect (Cybersecurity Manager) June 2019 – January 2020
• Develop security automation and APIs in the public cloud for the critical security pillars (e.g., IAM, CICD Security, Security Logging, Incident Response, Data Protection, Compliance Validation).
• Configure and manage AWS accounts using the CIS benchmark & security best practices to meet compliance requirements.
• Architect, build, and operate AWS environments with well-established best practices.
• Create and manage IAM, VPC, EC2, ALB, S3, CloudWatch, KMS, RDS, Codepipeline, CloudFront, Autoscaling, Load Balancing, RDS, RedShift, DynamoDB, CloudTrail, and CloudFormation/Terraform.
• On-premises to AWS migration (CloudEndure, DMS, and AWS Server Migrations).
• Linux and Windows administration via automated scripting of operations within those OS environments.
• Review and evaluate technical risk materials (i.e., vulnerability and configuration scans) and work with the information system stewards to process technical risk issues.
• Manage the configuration management process and conduct technical change impact assessments.
• Provide security expertise and recommendations to the system owner and perform risk management tasks by the lifecycle phase of the system (categorize, select, implement, and assess).
• Ensure that the system's appropriate technical security posture is always maintained.
• Collaborate with Security Platform and Services Teams to build and integrate existing security solutions.
• Manage cloud security vendor products (e.g., Evident.io, Dome9, Qualys, etc.) for associated IT portfolios.
• Assist in the implementation of formalized information security awareness offerings.
• Work closely and collaboratively with Information Security Officers (ISOs), IT portfolios, and business units to support their needs.
• Act as an advocate of information security policies and standards and as a mechanism to enable the business effectively while managing risk appropriately.
• Partner with enterprise teams to establish preventative controls to support compliance via automation.
• Gain deep security-level knowledge of cloud environments and continuous monitoring solutions to understand and explain security risks and mitigation techniques.
• Assist in the implementation of formalized information security awareness offerings.
• Drive the mitigation of reported risks from continuous monitoring solutions.
• I represent the Security Automation team with various stakeholders, including App Development, Compliance, Legal, and Cloud Engineering, to gather requirements, negotiate acceptance of security controls, and influence stakeholders to adopt them.
• Engage with all levels of leadership to gather requirements and build appropriate cloud security technology roadmaps and implementation plans.
Window Book Inc.
AWS SysOps Engineer March 2018 – March 2019
• I design, deploy, and manage EC2, VPC, RDS, DynamoDB, CDN, S3, VPN, CloudWatch, Cloud Trail, AWS Trusted Adviser, ELB (Classic, Application, and Network), ASG, AWS Auto Scaling Group, Route 53, etc.
• Create and manage users, groups, policies, & roles in Identity & Access Management (IAM).
• Ensure technical oversight, review, and quality control of AWS services throughout the project.
• Design and manage Windows servers, Linux servers, Apache webservers, etc.
• I focused on designing, installing, and managing the configuration of the development and production environments on the AWS platform using the console Terraform/CloudFormation.
• Design of highly resilient and scalable multi-tier architecture on AWS.
• Supervise client-facing technical activities to ensure required business value is delivered.
• Migration of on-premises servers & data to AWS using DMS, Snowball, S3 Accelerator, and AWS Storage Gateway.
• Use Terraform to configure and manage the production and development environments.
• Use Docker and Kubernetes for container orchestration. Wipro Limited
Senior Systems Engineer March 2017 - February 2018
• Migration of on-premises services to AWS and setting up disaster recovery plans.
• Create and manage access controls for users, groups, policies, and roles in Identity and Access Management (IAM).
• Administration of Linux and Windows servers using automated scripting.
• Onboard and offboard users, including managing Active Directory infrastructure and executing Level 3 global support.
• Create and manage virtual machines, shared folders, and DFS servers.
• Implement and manage IAAS, PAAS, and SAAS in a multi-cloud environment.
• Configure and manage domain and standalone DFS servers.
• Backup and restore data using Tivoli, Symantec, and Arc servers.
• Maintain over 80 member servers and 50+ controller servers, scheduling backups and restoring data.
• Create templates and VMs from templates, configuring data stores to the ESXi server.
• Manage ESX host from Virtual Center and Putty, including tasks like ESXi host configuration, VM provisioning, and resource planning.
• Monitor and manage the performance of ESXi servers and virtual machines. Atos IT Solutions and Services
Server Administrator November 2015 – February 2017
• Rack, cable, build, install, provision, and manage HP servers.
• Install, configure, and manage printer servers and network printers on Windows Server 2012.
• Install, user creation, configure file servers, AD backup, BIOS settings, and management of Active Directory on Windows 2012 Server.
• Install, configure, and manage web servers (Apache/Nginx) on Linux servers.
• Configure group policies, FTP server, disk quotas, IIS, DNS, and DHCP servers on Windows Server 2012.
• Experience with automation configuration management tools (Puppet, Ansible, and Kubernetes).
• VPN server installation and configuration on Windows Server 2012.
• WSUS server configuration and shared folder permissions set up on Windows Server 2012.
• Install MS SQL, Oracle databases, server operating systems, applications, and configuration of server iLO on Windows Server 2008/2012 (R2).
• Run and supervise weekly and monthly database backups using ARC-Serve and Storage HP.
• Maintain AD policies and groups and business applications.
• Cisco CLI switches and Cisco CLI router configuration. IBM Bluemix
Datacenter Technician (Technical Support) March 2015 – October 2015
• Design, provision, and manage Windows/Unix servers and troubleshoot any unforeseen issues during and after deployment.
• Professionally resolve hardware and operating system issues through trouble tickets.
• Supervise over 10,000+ servers, conducting daily walkthroughs in the data center to maintain cleanliness and organization.
• Provide remote assistance to affiliated data centers using PuTTY, RDP, troubleshooting tickets, email, and chat systems (Spark).
• Build racks for future server deployments, run SFP, Fiber Optics, Ethernet cables, and rack/mount layer-2 Cisco switches.
• Assist NOC with troubleshooting fiber optics, load balancers, hardware firewalls, and network routers/switches.
• Experience with Jira escalations and escalating tickets to different departments.
• I installed Microsoft Windows Server 2012 R2 (installation & administration), web server, and database.
• Rack, build, cable, configure, and provision Intel and AMD servers.
• Troubleshoot and conduct quality assurance testing for server hardware (walkthrough). Michael Raymond
Cloud Solution Architect November 2011 – August 2014
• Designed and implemented AWS solutions on the AWS platform, including Route53, EC2, S3, Cloud Front, Autoscaling, Load Balancing, RDS, RedShift, DynamoDB, EMR, VPC, etc.
• Design of highly resilient and scalable websites on AWS.
• Lead client-facing technical activities to ensure required business value is delivered.
• Provide technical oversight, review, and quality control of AWS services throughout the project.
• Oversee the transition of projects from delivery into the service management function.
• Contribute to developing AWS standards, best practices, and organizational capability.
• Act as an escalation point for AWS technical issues and decisions.
• Configuration of File Server on Windows Server 2012.
• Installed and configured Linux Server, LDAP/Active Directory Backup on Windows Server 2012.
• Configuration and Application of BIOS Settings.
• Install Windows Server 2012 (R2) and AD on a virtual cloud.
• Configuration of Group Policy and User Creation in Active Directory on Windows Server 2012.
• FTP Server Installation and Configuration on Windows Server 2012. EDUCATION
St Thomas University
Doctor of Business Administration (Cybersecurity Management) August 2027 Northeastern State University
Master of Business Administration (MBA), Business Analytics - 3.83 GPA August 2022 University of the People
Bachelor of Science, Computer Science - 3.71 GPA August 2020 Associate of Science, Computer Science - 3.6 GPA August 2018 University of Nigeria, Nsukka
Bachelor of Engineering, Mechanical Engineering June 2010 SKILLS
AWS, GCP, Microsoft Azure, OCI, Cloud Platform Expertise, Security Design and Architecture, Cybersecurity and Compliance, Networking and Security Protocols, Automation and DevSecOps, Threat Intelligence and Risk Management, Programming and Scripting, Leadership and Collaboration, Emerging Technologies and Trends, Terraform, Wiz, Lacework, Prisma observability, and management., Docker, Kubernetes, Network Security, Cloud Security, Corporate Security
Contact this candidate