Security Engineer Cloud
Resume:
SALMAN TABREZ MOHMAD
Chicago, IL +1-773-***-**** ***************@*****.*** Linkedin
Summary
Experienced Cloud Security Engineer with 5+ years of experience in designing secure systems and implementing compliance automation. Proven ability to expedite FIPS 140-3 certification and reduce risks through encryption technologies and zero-trust architectures. Expertise in vendor collaboration and aligning security practices with industry and regulatory standards.
Professional Experience
AVS LLC May 2025 - Present
Cloud Security Engineer Chicago, IL
• Designed zero-trust architectures with VPC Service Controls, Private Google Access, and granular IAM roles for secure GCP deployments, incorporating data encryption management best practices that contributed to a 45% reduction in lateral movement risks.
• Integrated Google SecOps SIEM (Chronicle) to enable real-time log correlation and map adversarial TTPs to the MITRE ATT&CK framework, achieving 60% faster threat detection.
• Automated CIS benchmark enforcement, firewall rule management, and secure API provisioning using Terraform and custom scripts, reducing compliance gaps by 40% and supporting encryption compliance protocols.
• Conducted targeted penetration testing, secured BigQuery datasets, and remediated overprivileged IAM roles to eliminate 85% of critical misconfigurations and strengthen overall enterprise security.
• Accelerated FIPS 140-3 certification timelines by drafting Security Policies, coordinating CAVP algorithm testing, aligning configurations with NIST SP 800-53 and NIAP standards, and ensuring alignment with encryption management and compliance best practices. Cloud Tech Team Sep 2024 - May 2025
Cloud Security Engineer Chicago, IL
• Deployed OAuth 2.0 authorization frameworks and SAML 2.0 SSO to enforce strict authentication and token-based access control policies, thereby improving cloud-native API security.
• Authored FIPS 140-3 and Common Criteria certification deliverables, including security test plans and vulnerability mitigation strategies, reducing compliance violations by 40%.
• Implemented Istio service mesh with mTLS to secure microservices communications, ensuring zero-trust compliance and protecting sensitive workloads.
• Deployed CrowdStrike EDR solutions to detect malicious activities and automate threat isolation across hybrid cloud environments, enhancing endpoint security by 70%.
• Developed automated playbooks and SecOps workflows using Python, PowerShell, and Bash, achieving 50% faster incident response times through improved threat containment and recovery efficiency.
Think and Learn Oct 2020 - Aug 2022
Cloud Security Team Lead Hyderabad, India
• Hardened GKE clusters and applied Istio service mesh policies to increase Kubernetes workload security by 50%, while designing network segmentation strategies with targeted firewall controls.
• Optimized IAM roles using IAM Recommender and enforced least-privilege access controls to reduce identity-related risks by 70%.
• Automated SOAR workflows and integrated Security Health Analytics alerts with Chronicle SIEM, improving incident response accuracy by 55%.
• Implemented BeyondCorp Enterprise and Identity-Aware Proxy (IAP) to establish a robust zero-trust security posture, ensuring secure context-aware access across enterprise workloads.
• Achieved a 60% reduction in sensitive data exposure by deploying Google DLP APIs with tokenization policies and fortifying encryption using TLS 1.3 and Cloud KMS workflows, thereby reinforcing compliance with data encryption standards. Pianalytix Oct 2017 - Sep 2020
Cloud Security Engineer Hyderabad, India
• Configured AWS WAF and Cloud Armor rules to block SQL injection, XSS, and credential-stuffing attacks, minimizing API exploitation risks across hybrid cloud workloads.
• Embedded secure coding practices into Jenkins CI/CD pipelines, enforcing image scanning and runtime protection for containerized deployments to strengthen pipeline security.
• Integrated FIPS-compliant cryptographic algorithms and performed CAVP testing, which facilitated faster security certification approvals through detailed, evidence-ready reports.
• Automated compliance checks using Terraform and Python scripting to reduce misconfiguration risks by 55%, ensuring adherence to CIS benchmarks and industry security standards.
• Hardened GKE clusters with Pod Security Policies, RBAC, and Istio-based network segmentation, improving Kubernetes security by 65% and preventing unauthorized lateral movement within workloads.
Certifications
• AWS Certified Solutions Architect - Professional:Validation ID: de549b84ba6f40b7aed892a4d53b339c
• Google Cloud Certified Professional Cloud Security Engineer:Validation ID: de2661efab354cb854e6f1ed2163975 Core Skills
• Threat Modeling & Risk Analysis: MITRE ATT&CK, PASTA, DREAD, STRIDE, CWE Top 25, OWASP Top 10, Analytical Skills, Risk Management
• Cloud Security (GCP/AWS): Security Command Center, Cloud Armor, VPC-SC, Google SecOps (SIEM/SOAR), YARA-L 2.0, BeyondCorp Enterprise, IAM Conditions, Private Google Access, SAML 2.0, OAuth 2.0
• DevSecOps & Automation: Terraform, Jenkins, CI/CD pipeline security, Python, Bash, PowerShell scripting
• Network Security: Palo Alto, FortiGate, Check Point, Zero Trust Architecture (ZTA), IDS/IPS, network segmentation, firewall rule optimization
• Container & Kubernetes Security: GKE hardening, Istio service mesh, Pod Security Policies, RBAC, Network Policies
• Threat Detection & Response: EDR solutions (CrowdStrike, Microsoft Defender), SOAR workflows, SIEM integration (Chronicle, Splunk), log correlation
• Compliance & Encryption: PCI DSS, HIPAA, ISO 27001, NIST CSF, CIS Benchmarks, Cloud KMS, TLS 1.3, Security Engineer
• Logging & Monitoring: BigQuery Analytics, Cloud Logging, Security Health Analytics, VPC Flow Logs Education
Governors State University Aug 2021 - May 2023
Master of Science, Information Technology University Park, IL
• GPA: 3.8
Osmania University Aug 2013 - May 2017
Bachelor of Engineering Hyderabad, India
• GPA: 3.8
Contact this candidate