Cloud Security Incident Response
Resume:
HARRIET ASAMOAH
*************@*****.*** 862-***-**** LinkedIn Columbus, OH
PROFESSIONAL SUMMARY
Dedicated Cybersecurity Professional with 4+ years of progressive experience in threat detection, cloud security, and regulatory compliance across AWS enterprise environments. Proven expertise in implementing SIEM, CSPM, IAM, and vulnerability management frameworks to strengthen enterprise security posture and ensure alignment with NIST 800-53, SOC 2, ISO 27001, PCI-DSS, and GDPR. Skilled in incident response coordination, compliance audits, and policy enforcement, driving measurable reductions in risk exposure and operational downtime. Adept at collaborating with GRC, IT, and development teams to build secure-by-design architectures, achieve continuous compliance, and enhance organizational resilience against emerging threats. EXPERIENCE
Associate Security Analyst, DiaspoCare (Remote) Aug 2023 – Present
(Cloud Security – Jan 2025 to Present Threat Detection – Aug 2023 to Dec 2024)
Designed and enforced Zero Trust architecture across AWS hybrid infrastructure, reducing unauthorized access incidents by 40% through tighter IAM controls and VPC isolation.
Implemented and fine-tuned SIEM platforms (Splunk, QRadar, ELK) to enhance visibility into network threats, improving detection and correlation rates by 65%.
Managed vulnerability scanning and remediation for 500+ cloud assets using Nessus, Qualys, and AWS Inspector, cutting vulnerability closure times from weeks to days.
Maintained CSPM frameworks enforcing encryption, MFA, and least privilege, achieving full SOC 2 and ISO 27001 audit compliance.
Coordinated incident response and digital forensics investigations using Wireshark, Autopsy, and AWS CloudTrail logs, reducing average containment time by 30%.
Integrated compliance validation checkpoints into CI/CD pipelines, preventing deployment of 200+ high-risk misconfigurations through automated control enforcement.
Partnered with GRC and compliance stakeholders to align cloud policies with HIPAA, GDPR, and NIST 800- 53 standards, ensuring ongoing certification and audit readiness.
Delivered security awareness programs and phishing simulations, improving end-user reporting rates and reducing social engineering success by 24%.
Cybersecurity Engineer, Spectrum Business – Charlotte, NC Jun 2022 – Jul 2023
Deployed and managed SIEM and SOAR platforms to monitor enterprise assets, improving incident correlation and escalation efficiency by 55%.
Enhanced security governance by mapping control frameworks (SOC 2, PCI-DSS, ISO 27001, NIST 800-53) to organizational processes, reducing audit preparation time by 40%.
Automated patch compliance verification and evidence collection using Ansible and PowerShell, ensuring faster audit readiness with full documentation traceability.
Implemented Zero Trust segmentation and MFA enforcement aligned with CIS Level 2 benchmarks, reducing lateral movement risk across user networks.
Produced risk posture dashboards in Power BI for leadership, improving insight into control maturity, compliance gaps, and audit tracking.
Collaborated directly with auditors during internal and external assessments, presenting evidence and remediation timelines to demonstrate continuous control enforcement. Cybersecurity Analyst, Bongalo – Dallas, TX Jun 2020 – May 2022
Performed risk and compliance assessments aligned with ISO 27001 and NIST 800-53, achieving two consecutive clean external audits.
Monitored Splunk dashboards for anomalies across endpoints and cloud assets, reducing false positives by 35% through tuned correlation logic.
Developed and maintained incident response and business continuity playbooks, standardizing procedures under NIST 800-61 and SOC 2 Type II frameworks.
Partnered with development teams to embed OWASP Top 10 security checks in SDLC pipelines, reducing application-layer vulnerabilities by 50%.
Automated daily compliance and vulnerability reports with Python and PowerShell, reducing manual reporting time by 70% and improving audit traceability. TECHNICAL SKILLS
Security & Compliance Frameworks: NIST 800-53, ISO 27001, SOC 2 Type II, PCI-DSS, HIPAA, GDPR, CIS Controls, COBIT, FedRAMP, ITIL 4, Zero Trust Architecture, Risk Management Framework (RMF) Security Tools & Platforms: Splunk, QRadar, ELK Stack, Qualys, Nessus, AWS Security Hub, GuardDuty, CrowdStrike, Wireshark, Snort, Palo Alto, Fortinet, CIS-CAT Pro DevSecOps & Cloud Automation: AWS (EC2, S3, IAM, EKS, Lambda, CloudTrail, Config), Terraform, Jenkins, Docker, Kubernetes, CI/CD Pipelines, GitHub Actions, CloudFormation, Ansible Identity, Access, & Governance: Active Directory, Azure AD, Okta, SSO, MFA, RBAC, IAM Policy Design, Privileged Access Management (PAM): Vulnerability & Threat Management Nessus, Qualys, AWS Inspector, OpenVAS, Patch Automation, Threat Modeling, Penetration Testing, Risk Assessments, CVSS Scoring
Programming & Automation: Python, PowerShell, Bash, YAML, JSON, REST API Integration, Log Parsing, Compliance Reporting Automation
Reporting & Documentation: ServiceNow, Jira, Confluence, Audit Evidence Management, Policy Documentation, KPI & Metrics Dashboards, Audit-Ready Reports
EDUCATION & CERTIFICATIONS
Bachelor of Science (B.S.) in Cybersecurity and Information Assurance Western Governors University — Dec 2024
Information Technology Certificate
Eretmis Academy, New York, NY — May 2022
CompTIA CySA+ (Cybersecurity Analyst)
CompTIA Security+
CompTIA Network+
CompTIA A+
CompTIA PenTest+
Qualys Vulnerability Management Specialist
ITIL 4 Foundation
Linux Essentials
CISA (Certified Information Systems Auditor) — In Progress / Completed
Contact this candidate