Cloud Security Engineer
Resume:
PAUL AWEMU
Email: *******@*****.*** Cell: 571-***-**** Stafford, VA. 22025
www.linkedin.com/in/paul-awemu/
Professional Summary
I am a highly skilled results-oriented cloud security/cloud engineer with over 8 years of hands-on experience, designing, implementing, and managing cloud infrastructure. Demonstrated expertise in utilizing cloud-native security tools and integrating third-party solutions to create secure, compliant, and resilient cloud environments. As a detail-oriented, resilient, and passionate engineer, I aim to leverage my knowledge and experience to transform clients' IT infrastructure, operations, and applications into innovative, scalable, highly available, secure, cost-effective, and fault-tolerant systems. This includes integrating industry-leading cloud security tools and third-party solutions to achieve optimal results.
Technical skills and Stack set
Cloud Platforms: AWS and Microsoft Azure
Security & Governance: AWS Organizations, AWS Service Control Policies (SCPs), AWS Control Tower
Cloud Orchestration/Automation: AWS CloudFormation, AWS Lambda, AWS Systems Manager, AWS
Security Tools:
•Cloud Security: Wiz, CloudTrail, AWS Config, Azure Security Center, Guard duty, AWS Security Hub, Azure firewall, Azure Security Center, Defender for Cloud
•SIEM: Splunk, IBM QRadar, Microsoft Sentinel
•Vulnerability Management: Qualys, Tenable
•Identity & Access Management: CyberArk, AWS IAM, Azure Entra ID, AWS Identity Center.
•Prisma cloud.
Security Compliance & Frameworks: NIST, ISO 27001, GDPR, HIPAA, SOC 2, PCI-DSS
Automation & Scripting: Python, PowerShell, Bash
Compliance Frameworks: GDPR, HIPAA, PCI-DSS, SOC 2, NIST, ISO 27001
DevOps Tools: GitHub Actions, Jenkins, Docker, Kubernetes
Infrastructure as code: CloudFormation, Terraform
Professional Experience
Cloud Security Engineer/ Cloud Engineer
Elevance Health
Indianapolis, 220 Virginia Ave February 2023 – present.
•Enabled organization-wide AWS CloudTrail with multi-region logging and log file integrity validation, ensuring complete audit trails for all API calls and management actions, facilitating thorough incident investigation and compliance reporting.
•Deployed and configured Wiz.io to secure the organization’s cloud environments, including AWS, Azure,
•Implemented Least privilege principle by creating granular IAM policies, ensuring each user and role had only the necessary permissions to perform their tasks, minimizing the risk of privilege escalation or unauthorized access.
•Automated compliance checks for frameworks like SOC 2, HIPAA, and PCI DSS, ensuring audit readiness and reducing manual effort by 50%.
•Utilized Wiz for cloud security posture management (CSPM) to identify misconfigurations and compliance violations.
•Collaborated with DevSecOps teams to embed Wiz.io into development workflows, enhancing security in pre-deployment stages.
•Configured automated backups, multi-AZ failover, and database auditing with AWS CloudWatch and AWS Config, ensuring real-time monitoring, logging, and alerting for suspicious activity and unauthorized access to maintain database integrity and availability.
•Implement robust compliance frameworks, ensuring adherence to industry regulations such as GDPR, HIPAA, and PCI-DSS, enhancing organizational audit readiness.
•Utilized Azure Security Center and Azure Sentinel to monitor, detect, and respond to security threats, ensuring compliance with regulatory requirements and improving incident response capabilities.
•Manage and remediate vulnerabilities using Wiz’s risk-based vulnerability management tool.
•Monitored and analyzed security events using AWS Guard Duty and Azure Sentinel, identifying and mitigating potential threats in real-time.
•Implemented AWS WAF and Azure Firewall to protect web applications from DDoS attacks and common web exploits.
Collaborated with DevOps teams to integrate security into CI/CD pipelines using Terraform and Ansible.
•Utilized Splunk for comprehensive log analysis, enabling the detection and rapid response to security incidents, and ensuring adherence to compliance regulations across distributed systems.
•Secured ECS clusters by implementing IAM roles and policies with least privilege access, ensuring that ECS tasks, services, and container instances had the appropriate permissions to interact with other AWS services, enhancing overall security and minimizing unauthorized access risks.
•Implemented encryption mechanisms for S3 buckets using server-side encryption (SSE-S3, SSE-KMS) and client-side encryption, ensuring that sensitive data at rest is protected with strict access controls and automatic key rotation via AWS KMS.
•Integrated third-party security tools like Splunk, QRadar, and Qualys for advanced threat detection, vulnerability management, and log analysis.
•Launched AWS Shield Advanced to protect mission-critical applications, utilizing automatic DDoS mitigation, real-time attack visibility, and cost protection against unexpected increases in traffic due to attacks, ensuring 99.99% uptime.
Rural Sourcing
Buffalo New York
Cloud Engineer January 2021 to February 2023
•Deployed Azure Sentinel, integrating it with Splunk for centralized log management and threat detection.
•Completed a major application migration project (MGN) to AWS (Amazon Web Services) cloud environment, securing cost savings, eliminating unnecessary servers, maximizing resource use, and improving scalability. Completed the estimated 12-month project in 6 months.
•Assigned Identity and Access Management (IAM) Roles and Policies for improved security and access, ultimately safeguarding the cloud environment.
•Designed and secured cost-optimized, highly available, and fault-tolerant architecture designs and infrastructures in AWS using CloudFormation templates and Terraform modules.
•Increased security posture for authentication, authorization, monitoring, auditing, encryption, and data path security by leveraging cloud security principles, AWS service implementation, and AWS Control Tower (to set up and govern a secure, multi-account AWS environment).
•Automate provisioning of cloud infrastructure using CloudFormation, terraform; and application configuration and deployment using Terraform and Ansible.
•Implemented Jenkins, GitHub, and Git for version control, code build, testing, release, and CI/CD.
Monitored end-to-end infrastructure using CloudWatch and SNS for notification.
Used AWS system manager to automate operational tasks across AWS resources.
•Implemented Identity and Access Management (IAM) solutions, including role-based access control (RBAC) and privileged access management (PAM) using CyberArk.
•Developed landing zones with AWS control tower for account best practices and maintenance.
Dell Technologies
Irving Texas
Cloud Engineer september2017 -December 2020
•Designed and developed infrastructure using Terraform and cloud formation and automated end-to-end transit hub connectivity resource deployment in AWS via Terraform.
•Design, develop, and implement high availability, backup, and recovery strategies for applications and databases.
•Optimized the cloud environment while controlling costs and balancing performance and spending.
oConfigured Dev, State, and QA AWS environments, including VPC, subnets, security groups, EC2 instances, load balancer, RDS, Redis, and Route 53
oInstituted EC2 right sizing, S3 storage/lifecycle policies, reserved instances, and autoscaling.
EDUCATION
University of Yaoundé 1 Yaoundé, Cameroon
Bachelor of Economics and Statistics 10/2004 - 2007
CERTIFICATIONS and TRAINING.
•AWS Certified Solutions Architect Associate
•CompTIA Security+
•CGRC – Certified in Governance, Risk and Compliance.
•AWS Certified Security - Specialty
•Microsoft Certified: Azure Security Engineer Associate
Contact this candidate