Cloud Security Cybersecurity Engineer

Tahirou Kone

*****************@*****.***

Summary

Cybersecurity Engineer with 10+ years of progressive IT experience, including 5 years securing healthcare systems, 3 years building secure DevOps pipelines at Sparksoft, and 2 years in network support at Moov Technology. Skilled in cloud security, infrastructure hardening, threat detection, and compliance with regulatory frameworks like HIPAA, NIST, and ISO 27001. Strong track record in DevSecOps automation, SIEM analysis, and vulnerability management in complex enterprise environments.

Core Competencies

• Cybersecurity Architecture & Engineering

• DevSecOps & Secure CI/CD Pipelines

• Cloud Security (AWS)

• Threat Detection & Incident Response

• Vulnerability Assessment (Nessus, OpenVAS, Burp suite, Nmap, Metasploit, Trivy)

• SIEM Tools (Splunk, New Relic)

• Identity & Access Management (IAM, RBAC)

• Firewalls & Network Security (Palo Alto, Fortinet, WAF)

• Infrastructure as Code (Terraform)

• Compliance: GRC, HIPAA, NIST 800-53, 37 RMF,800-171 ISO 27001/27002, PCI-DSS, GDPR, SOX

• Third-Party Risk Management

• GRC Platforms: RSA Archer, ServiceNow GRC, Risk Rhino

• IDS/IPS (Snort, Suricata, Security Onion)

• Patch management

• Active Directory Security

• Ticketing Systems: JIRA, ServiceNow

Professional Experience

Sparksoft / Columbia

Cybersecurity Engineer

11/2020 - Current

• Secured sensitive patient data and ensured HIPAA compliance across healthcare infrastructure.

• Led threat modeling and implemented multi-layered defense strategies, reducing risk exposure by 40%.

• Managed endpoint security and DLP systems to prevent data breaches and insider threats.

• Conducted regular risk assessments and collaborated with GRC teams on third- party vendor reviews.

• Automated vulnerability scanning, patching, and reporting processes using Nessus Tenable and PowerShell scripts.

• Integrated SIEM (Splunk) alerts with incident response playbooks to enhance detection speed and reduce false positives.

• Administered IAM policies across cloud and on-prem environments.

• Conducted regular access reviews and enforce least privilege principles.

• Managed Single Sign-On (SSO), Multi-Factor Authentication (MFA), and RBAC.

• Conducted security training and phishing simulations for staff.

• Collaborated with cross-functional teams on risk assessments, system hardening, and architecture reviews.

• Provided technical guidance on secure system and software design.

• Integrated security checks into CI/CD pipelines using SAST, DAST, and secret scanning tools.

• Collaborated with developers to fix security issues in code repositories.

• Automated compliance checks using Terraform, Docker or Kubernetes policies. Sparksoft / Columbia

DevSecOps/ AWS Engineer

02/2017 - 10/2020

• Designed secured, cost-optimized, highly available, and fault- tolerant infrastructure in AWS.

• Architected and configured Dev/Stage/QA environments in AWS (VPC, subnets, security groups, EC2 instances, load balancer, RDS, route53, etc.)

• Implemented security best practices in AWS, including multi-factor authentication, access key rotation, role-based permissions, enforced strong password policy, configured security groups and NACLs, S3 bucket policies, and ACLs.

• Optimized cost through reserved instances, selection, and changing of EC2 instance types based on resource need, S3 storage classes, and S3 lifecycle policies, leveraging Autoscaling, etc.

• Leveraged EC2 Create Snapshot API calls to create snapshots of EBS Volumes on scheduled intervals

• Configured CloudWatch alarm rules for operational and performance metrics for our AWS resources and applications.

• Set up and configure log files for detailed monitoring and alert notification when changes are made.

• Deployed and configured infrastructure using Terraform.

• Architected and implemented CI/CD continuous integration and deployment pipelines using Jenkins and other

Moov Technology

Network Engineer Support

Jan 2015 – Feb 2017

• Provided network monitoring, troubleshooting, and L2/L3 support for enterprise systems.

• Configured routers, switches, and firewalls to maintain secure and efficient communication channels.

• Supported VPN and secure remote access solutions for corporate and client systems.

• Documented system topologies, performed firmware updates, and maintained service availability.

• Monitored traffic using Wireshark and configured IDS/IPS for proactive threat detection.

Education

Baltimore City Community College

Associate Degree in Cyber Security and Assurance

12/2021

ESCAM

Bachelor of Science in Computer Networking

10/2011

Certification

• CompTIA Security+

• Cyber Security and Assurance

• CompTIA Network+

• AWS Certified Security Specialty

Projects & Achievements:

• Automated Cloud Security Compliance: Developed Lambda functions to enforce AWS security policies, reducing misconfigurations by 40%.

• Security Incident Response Framework: Designed an AWS-native security incident response automation using GuardDuty and AWS Lambda.

• Zero Trust Implementation: Led the implementation of a Zero Trust architecture using AWS IAM and Network ACLs.

• Privileged Access Management (PAM) Implementation: Designed and implemented an AWS IAM permission boundary strategy to limit privileged access and enforce least privilege.

• Automated Compliance Auditing: Created AWS Config custom rules to automate compliance audits against CIS benchmarks, reducing audit preparation time by 60%.

• Developed and launched a vendor risk management framework using NIST SP 800-53 and HIPAA guidelines. Performed risk assessments for 30+ vendors, created risk profiles, and tracked remediation activities. Integrated assessments into OneTrust for continuous monitoring.

Contact this candidate