Cloud Security Architect
Resume:
Chuk Amattah
• Seasoned Security Cloud Architect with extensive experience designing secure, multi-cloud infrastructures that support robust security governance and compliance. Proven expertise in cloud security, IAM architecture, secure coding, and implementing industry-standard security frameworks. Skilled in automating security processes, optimizing cloud costs, and leading cross-functional teams to enhance organizational security posture.
********@*******.*** 510-***-**** San Francisco, California
https://www.linkedin.com/in/amattahcj
WORK EXPERIENCE
Sigma Computing Inc.
Principal Security Cloud Architect August 2022 - Present
Cloud Security Architecture & Governance
•Designed and managed comprehensive security architectures across AWS, GCP, and Azure, implementing multi-account/multi-region solutions with robust governance and compliance controls
•Developed and maintained Cloud Security Policies, Standards, and Procedures aligned with AWS Security Pillar and GCP Architecture Framework
•Implemented and operationalized CSPM, CWPP, and CNAPP solutions, enhancing security visibility by 40%
•Conducted threat analysis and vulnerability assessments, reducing security incidents by 35%
Identity & Access Management
•Designed and managed enterprise-wide IAM architecture using Okta for SSO across cloud platforms and applications
•Implemented least privilege policies, reducing unauthorized access incidents by 30%
•Implemented comprehensive authentication solutions, such as MFA, PAM, and EMM, significantly enhancing system security and mitigating unauthorized access, which reduced security breaches by 30%.
•Established federated identity management systems for seamless and secure access
Security Automation & DevSecOps
•Leveraged Terraform to automate security infrastructure deployment and configuration, increasing efficiency and reducing manual errors.
•Integrated security controls throughout the CI/CD pipeline, securing code and infrastructure
•Automated network component provisioning (VPC, TGW, security groups, NACL, Route 53)
•Implemented static and dynamic code analysis, reducing vulnerabilities in production by 45%
Compliance & Risk Management
•Mapped security controls to industry standards (NIST 800-53, HIPAA, CIS, PCI DSS, SOC2)
•Performed formal security assessments on internal applications and third-party vendors
•Implemented data protection measures for sensitive information at rest and in transit
•Established security classification frameworks and minimized direct access to sensitive data
Monitoring & Incident Response
•Deployed comprehensive monitoring using Panther, Prisma Cloud, BigPanda, CloudWatch, and Azure Monitor
•Developed and executed incident response and disaster recovery plans, ensuring rapid recovery and continuity during security incidents.
•Authored blameless postmortems and implemented remediation strategies, fostering a culture of continuous improvement and accountability.
•Established security event logging and analysis capabilities for the SOC team.
Team Leadership & Collaboration
•Led and mentored a team of cloud security architects and engineers
•Collaborated with cross-functional teams to integrate security throughout the development lifecycle
•Provided security guidance and training to development and operations teams
•Communicated complex security concepts to executive stakeholders, facilitating informed decision-making and strategic planning.
Cost Optimization
•Implemented cloud cost optimization strategies while maintaining security standards, achieving cost savings, and ensuring robust security compliance.
•Reduced cloud security spending by 25% through resource optimization and automation
•Developed metrics and KPIs to track security ROI and operational efficiency.
Software Engineer V (Lead) January 2022 - August 2022
•Led and oversaw cloud engineering efforts, providing technical leadership and hands-on guidance to a growing team of developers, resulting in improved collaboration tools and products for Facebookers.
•Collaborated extensively with the production group within collaboration technologies to drive video production initiatives and other cloud-related projects.
•Aligned project goals and strategies with department objectives using NIST 800-53 standards, resulting in streamlined project execution and improved team focus.
•Drove new projects and provided ongoing support and improvements for existing cloud-based video production systems using Netskope, ensuring timely and effective solutions that enhanced system reliability.
•Engaged with cross-functional teams, including Collaboration Systems Engineering and multiple cloud-focused groups, to achieve project milestones.
•Led the primary Virtual Control Rooms project and prepared for additional projects, enhancing project readiness and strategic alignment.
•Identified, planned, and documented enhancements to existing security controls, ensuring continuous improvement and alignment with organizational needs.
Daybreak AI
Principal Engineer Cloud & IT November 2020 – January 2022
•Responsible for the uptime and reliability of infrastructure and applications.
•Manage events related to IT infrastructure elements (e.g., data centers, networks, servers, storage, operating systems, Internet security, and business applications).
•Architect, implement, manage, and expand the endpoint management ecosystem using JAMF Pro and MS Intune MDM to securely and scalably manage the growing fleet of applications and users (application packaging, configuration, deployment, and management).
•AWS Cloud Manager for SageMaker & Databricks deployment and management.
•Monitor and respond to events, incident management, problem management, change management activities, KPI reporting, and CMDB management.
•Systematic problem-solving approach coupled with solid communication skills and a sense of ownership and drive.
•Troubleshoot infrastructure and application issues. Work with other engineering teams to ensure maximum network and application uptime and swift resolution of all problems.
•Maintain services once they are live by measuring and monitoring availability, latency, and overall system health.
•Scale systems sustainably through automation and evolve systems to improve reliability and velocity.
•Manage, provision, and service data centers and cloud servers (AWS, GCP, and Azure).
•Responsible for identifying problem incidents and driving them to resolution.
•Responsible for driving root cause analysis (RCA) for high-priority incidents.
•Install and maintain security information, event management (SIEM), and other security tools in cloud environments.
•AWS cost optimization and management.
•Create and manage IAM, Security Hub, Trusted Advisor, VPC, ALB, S3, CloudWatch, KMS, RDS, Codepipeline, CloudFront, Autoscaling, Load Balancing, RDS, RedShift, DynamoDB, CloudTrail, and CloudFormation/Terraform.
•Experience provisioning cloud automation and infrastructure as code through Docker, Kubernetes, Terraform, and AWS CloudFormation.
•Experience supporting web applications and backend APIs using the AWS tech stack, including EC2, ELBs, Lambda, and Gateway APIs.
•AWS security architecture and management.
•Implement and manage IAAS, PAAS, and SAAS in a multi-cloud environment.
•Security roadmap and implementation of SecDevOps toolchain and processes (SSO, IAM policies and roles, AWS Lambda, Central Logging, Dome9, Evident.io, AWS Inspector, AWS Trusted Advisor, AWS System Manager, Qualys, Golden AMI, encryption using KMS, incident response plans and playbooks, Splunk, Qualys, AWS GuardDuty, Security Hub, Shield, WAF, CloudFront, AWS Macie, and AWS Config).
•Design a central logging solution for AWS CloudTrail, CloudWatch, VPC flow logs, and system logs.
•Implement high availability/disaster recovery best practices for our infrastructure.
Michael Raymond
Principal AWS Security Architect, January 2020 – October 2020
•Develop security automation and APIs in the public cloud for the critical security pillars (e.g., IAM, CI/CD Security, Security Logging, Incident Response, Data Protection, Compliance Validation).
•Assess, design, implement, automate, and document solutions leveraging Amazon Web Services (AWS) and other third-party solutions.
•Migration of on-premises servers & data to AWS using DMS, Snowball, AWS Server Migrations (SMS), CloudEndure, and AWS Storage Gateway.
•Install and maintain security information, event management (SIEM), and other security tools in cloud environments.
•Design and implement solutions for enhanced monitoring & better visibility into cloud infrastructure.
•In-depth knowledge of tools and technologies used in the cloud environment to provide security controls and assessments of the applications.
•I serve as a senior cybersecurity consultant for various lines of business by providing subject matter expertise related to new cloud platforms and emerging cloud technologies.
•Educate and communicate cloud security compliance, policies, standards, and procedures to business and internal stakeholders regarding projects and strategic initiatives.
•Conducted security architecture reviews of planned cloud migration initiatives across the organization and produced high-quality threat models for cloud environments, clearly articulating risks.
•Accountable for functional architectures, design specifications, and implementation plans for required documents, architectural diagrams, solution designs, and other written and verbal information for cloud initiatives.
•Cloud Security: Expertise in designing and implementing secure AWS architectures.
•Identity and Access Management (IAM): Proficient in configuring and managing IAM policies for secure access.
•Security Compliance: Ensuring adherence to industry standards and regulatory requirements.
•Threat modeling: Identifying and mitigating potential security threats in AWS environments.
•Encryption: Implementing robust encryption mechanisms for data protection.
•Network security: Designing secure and resilient network architectures in AWS.
•Incident Response: Leading and coordinating incident response activities.
•Security Automation: Utilizing AWS tools for automated security measures.
•Security Best Practices: Implementing and promoting security best practices across AWS environments.
•Collaboration: Working closely with cross-functional teams for holistic security solutions.
•Continuous Monitoring: Establishing monitoring mechanisms for real-time threat detection.
•Security Audits: Conducting regular security audits and assessments.
•Emerging Technologies: Staying updated on the latest AWS security features and advancements.
•Weigh business needs against security concerns and provide risk-based recommendations to enhance cloud-based information systems security. This will allow the lines of business to make informed risk decisions about cloud platforms.
Verizon
Principal Cloud Security Architect (Cybersecurity Manager) June 2019 – January 2020
•Develop security automation and APIs in the public cloud for the critical security pillars (e.g., IAM, CI/CD Security, Security Logging, Incident Response, Data Protection, Compliance Validation).
•Configure and manage AWS accounts using the CIS benchmark & security best practices to meet compliance requirements.
•Architect, build, and operate AWS environments with well-established best practices.
•Create and manage IAM, VPC, EC2, ALB, S3, CloudWatch, KMS, RDS, Codepipeline, CloudFront, Autoscaling, Load Balancing, RDS, RedShift, DynamoDB, CloudTrail, and CloudFormation/Terraform.
•On-premises to AWS migration (CloudEndure, DMS, and AWS Server Migrations).
•Linux and Windows administration via automated scripting of operations within those OS environments.
•Review and evaluate technical risk materials (i.e., vulnerability and configuration scans) and work with the information system stewards to process technical risk issues.
•Manage the configuration management process and conduct technical change impact assessments.
•Provide security expertise and recommendations to the system owner and perform risk management tasks throughout the lifecycle phase of the system (categorize, select, implement, and assess).
•Ensure that the system's appropriate technical security posture is always maintained.
•Collaborate with Security Platform and Services Teams to build and integrate existing security solutions.
•Manage cloud security vendor products (e.g., Evident.io, Dome9, Qualys, etc.) for associated IT portfolios.
•Assist in the implementation of formalized information security awareness offerings.
•Work closely and collaboratively with Information Security Officers (ISOs), IT portfolios, and business units to support their needs.
•Act as an advocate of information security policies and standards, and as a mechanism to enable the business to operate effectively while managing risk appropriately.
•Partner with enterprise teams to establish preventative controls to support compliance via automation.
•Gain deep security-level knowledge of cloud environments and continuous monitoring solutions to understand and explain security risks and mitigation techniques.
•Assist in the implementation of formalized information security awareness offerings.
•Drive the mitigation of reported risks from continuous monitoring solutions.
•I represent the Security Automation team with various stakeholders, including App.
Development, Compliance, Legal, and Cloud Engineering, to gather requirements, negotiate acceptance of security controls, and influence stakeholders to adopt them.
•Engage with all levels of leadership to gather requirements and build appropriate cloud security technology roadmaps and implementation plans.
Window Book Inc.
AWS SysOps Engineer March 2018 – March 2019
•I design, deploy, and manage EC2, VPC, RDS, DynamoDB, CDN, S3, VPN, CloudWatch, Cloud Trail, AWS Trusted Adviser, ELB (Classic, Application, and Network), ASG, AWS Auto Scaling Group, Route 53, etc.
•Create and manage users, groups, policies, & roles in Identity & Access Management (IAM).
•Ensure technical oversight, review, and quality control of AWS services throughout the project.
•Design and manage Windows, Linux, and Apache web servers.
•I focused on designing, installing, and managing the configuration of the development and production environments on the AWS platform using the console, Terraform/CloudFormation.
•Design a highly resilient and scalable multi-tier architecture on AWS.
•Supervise client-facing technical activities to ensure the required business value is delivered.
•Migration of on-premises servers & data to AWS using DMS, Snowball, S3 Accelerator, and AWS Storage Gateway.
•Use Terraform to configure and manage the production and development environments.
•Use Docker and Kubernetes for container orchestration.
Wipro Limited
Senior Systems Engineer March 2017 - February 2018
•Migration of on-premises services to AWS and setting up disaster recovery plans.
•Create and manage access controls for users, groups, policies, and roles in Identity and Access Management (IAM).
•Administration of Linux and Windows servers using automated scripting.
•Onboard and offboard users, including managing Active Directory infrastructure and executing Level 3 global support.
•Create and manage virtual machines, shared folders, and DFS servers.
•Implement and manage IAAS, PAAS, and SAAS in a multi-cloud environment.
•Configure and manage domain and standalone DFS servers.
•Backup and restore data using Tivoli, Symantec, and Arc servers.
•Maintained over 80 members and 50+ controller servers, scheduling backups and restoring data.
•Create templates and VMs from templates, configuring data stores on the ESXi server.
•Manage ESX host from Virtual Center and Putty, including tasks like ESXi host configuration, VM provisioning, and resource planning.
•Monitor and manage the performance of ESXi servers and virtual machines.
Atos IT Solutions and Services
Server Administrator November 2015 – February 2017
•Rack, cable, build, install, provision, and manage HP servers.
•Install, configure, and manage printer servers and network printers on Windows Server 2012.
•Install, user creation, configure file servers, AD backup, BIOS settings, and management of Active Directory on Windows 2012 Server.
•Install, configure, and manage web servers (Apache/Nginx) on Linux servers.
•Configure group policies, FTP server, disk quotas, IIS, DNS, and DHCP servers on Windows Server 2012.
•Experience with automation configuration management tools (Puppet, Ansible, and Kubernetes).
•VPN server installation and configuration on Windows Server 2012.
•WSUS server configuration and shared folder permissions set up on Windows Server 2012.
•Install MS SQL, Oracle databases, server operating systems, applications, and configuration of server iLO on Windows Server 2008/2012 (R2).
•Run and supervise weekly and monthly database backups using ARC-Serve and Storage HP.
•Maintain AD policies, groups, and business applications.
•Cisco CLI switches and Cisco CLI router configuration.
IBM Bluemix
Datacenter Technician (Technical Support) March 2015 – October 2015
•Design, provision, and manage Windows/Unix servers and troubleshoot any unforeseen issues during and after deployment.
•Professionally resolve hardware and operating system issues through trouble tickets.
•Supervise over 10,000+ servers, conducting daily walkthroughs in the data center to maintain cleanliness and organization.
•Provide remote assistance to affiliated data centers using PuTTY, RDP, troubleshooting tickets, email, and chat systems (Spark).
•Build racks for future server deployments, run SFP, Fiber Optics, Ethernet cables, and rack/mount layer-2 Cisco switches.
•Assist NOC with troubleshooting fiber optics, load balancers, hardware firewalls, and network routers/switches.
•Experience with Jira escalations and escalating tickets to different departments.
•I installed Microsoft Windows Server 2012 R2 (installation & administration), web server, and database.
•Rack, build, cable, configure, and provision Intel and AMD servers.
•Troubleshoot and conduct quality assurance testing for server hardware (walkthrough).
Michael Raymond
Cloud Solution Architect November 2011 – August 2014
•Designed and implemented AWS solutions on the AWS platform, including Route53, EC2, S3, CloudFront, Autoscaling, Load Balancing, RDS, RedShift, DynamoDB, EMR, VPC, etc.
•Design of highly resilient and scalable websites on AWS.
•Lead client-facing technical activities to ensure the required business value is delivered.
•Provide technical oversight, review, and quality control of AWS services throughout the project.
•Oversee the transition of projects from delivery into the service management function.
•Contribute to developing AWS standards, best practices, and organizational capability.
•Act as an escalation point for AWS technical issues and decisions.
•Configuration of File Server on Windows Server 2012.
•Installed and configured a Linux Server, LDAP/Active Directory Backup on Windows Server 2012.
•Configuration and Application of BIOS Settings.
•Install Windows Server 2012 (R2) and AD on a virtual cloud.
•Configuration of Group Policy and User Creation in Active Directory on Windows Server 2012.
•FTP Server Installation and Configuration on Windows Server 2012.
EDUCATION St Thomas University
Doctor of Business Administration (Cybersecurity Management)
Northeastern State University
August 2027
Master of Business Administration (MBA), Business Analytics - 3.83 GPA
University of the People
August 2022
Bachelor of Science, Computer Science - 3.71 GPA
August 2020
Associate of Science, Computer Science - 3.6 GPA
University of Nigeria, Nsukka
August 2018
Bachelor of Engineering, Mechanical Engineering
June 2010
SKILLS
Cloud Platforms: AWS, GCP, Azure, Security Tools: Wiz, Lacework, Prisma Cloud, Netskope,
Panther, CloudWatch, Azure Monitor, BigPanda, Snowflake, IAM Solutions: Okta, AWS IAM, Azure AD, Security Frameworks: MITRE ATT&CK, NIST, OWASP, Network Security: Firewalls, VPNs, IPS/IDS, WAF, SASE, ZTNA, Container Security: Kubernetes, Docker, Infrastructure as Code:
Terraform, CloudFormation, Programming: Python, Go, Compliance: NIST 800-53, HIPAA, PCI DSS, SOC2, CIS.
Contact this candidate