Cloud Security Engineer - Cloud/IAAC Automation Expert

MOHANA NITHESHA POTHINA

+1-469-***-**** **************@*****.***

PROFESSIONAL SUMMARY

Results-oriented Cloud Security Engineer focused on building resilient infrastructure, strengthening threat posture, and automat- ing defensive controls across enterprise environments. Expert in designing hardened cloud architectures, enforcing compliance guardrails, and implementing proactive monitoring to minimize exposure and accelerate secure delivery. Proven track record reducing operational risk through IaC, automated remediation, and cross-team collaboration while maintaining high availability and audit readiness.

TECHNICAL SKILLS

Cloud Security AWS IAM, GuardDuty, Security Hub, Config, CloudTrail, KMS, Secrets Manager, Azure IAM basics

Infrastructure as Code Terraform, CloudFormation

Observability CloudWatch, Grafana, Prometheus

Scripting & Automation Python, Bash, Boto3

Containerization & Orchestration Docker, Kubernetes (EKS), ECS Compliance NIST, FedRAMP-aligned controls

CI/CD & Tools Jenkins, Git, ArgoCD

Other Linux Hardening, VPC Networking, Splunk

WORK EXPERIENCE

Cloud Security Engineer May 2025 – Present

Charter Communications Connecticut

• Led assessment of multi-account security gaps, identifying overly permissive roles and public resources across hundreds of AWS accounts to establish baseline risk profile.

• Architected automated onboarding framework using Terraform modules with embedded SCPs, permission boundaries, and encrypted resource defaults for consistent secure account provisioning.

• Implemented GitOps security workflows with ArgoCD to apply policy-as-code updates across environments, enabling versioned control and rapid rollback of guardrail changes.

• Built event-driven response architecture with EventBridge, Lambda, and GuardDuty to automatically quarantine non- compliant resources and notify teams within minutes of detection.

• Hardened container workloads on EKS by enforcing IRSA, network policies, and image scanning gates in CI/CD pipelines to prevent vulnerable deployments.

• Configured centralized Security Hub and Config aggregators for organization-wide compliance monitoring, mapping findings to NIST controls and generating automated evidence packages.

• Developed Python/Boto3 scripts for proactive drift detection and remediation of security configurations across VPCs, IAM, and logging services.

• Optimized incident handling processes by integrating findings into ticketing systems and reducing average remediation time through targeted automation playbooks.

• Collaborated with platform teams to embed security reviews into change management, ensuring new services launch with least-privilege access and logging enabled.

• Technologies Used: Terraform, AWS IAM, GuardDuty, Security Hub, CloudTrail, Config, EventBridge, Lambda, Python, ArgoCD, EKS, Git

Cloud Security Engineer January 2024 – April 2025

UNFI inc Rhode Island

• Assessed identity and vulnerability exposure across large-scale AWS environments, prioritizing high-risk IAM roles and unpatched workloads for remediation planning.

• Designed centralized IAM governance model using AWS Organizations, permission boundaries, and delegated administra- tion roles to enforce least-privilege at scale.

• Automated secrets lifecycle management with Secrets Manager rotation schedules, KMS-backed encryption, and Lambda triggers for access revocation on employee offboarding.

• Integrated vulnerability scanning tools into IaC pipelines, blocking non-compliant Terraform applies and enforcing encryp- tion and network hardening standards.

• Implemented continuous Config rules for encryption, logging, and MFA enforcement, with automated Lambda remediation for violations and weekly compliance reporting.

• Built Grafana dashboards aggregating GuardDuty, Inspector, and Config metrics to provide executive visibility into security posture and open findings trends.

• Led root cause analysis for multiple security events, implementing preventive controls that reduced recurrence of similar incidents across accounts.

• Configured AWS Systems Manager for automated patching and configuration compliance checks across fleet, aligning instances to CIS benchmarks.

• Collaborated with application teams to secure data flows, implementing KMS customer-managed keys and private endpoint access for sensitive services.

• Technologies Used: AWS IAM, Secrets Manager, Config, GuardDuty, Terraform, Python, Grafana, Systems Manager, KMS, Qualys, Wiz

Cloud Support Engineer (Security Focus) January 2021 – June 2023 Cognizant India

• Assessed legacy on-premises and early cloud workloads for security gaps, documenting exposure in network access, authen- tication, and encryption practices.

• Designed secure VPC architectures with segmented subnets, custom NACLs, security groups, and flow logging to enable defense-in-depth for migrated applications.

• Hardened Linux and Windows EC2 instances by applying CIS benchmarks, disabling root SSH, enforcing key-based access, and configuring host-based firewalls.

• Automated IAM audits and remediation using Lambda and Config rules to detect and revoke unused credentials and overly permissive policies across accounts.

• Implemented hybrid connectivity solutions with Site-to-Site VPN and Direct Connect, securing traffic with IPsec and route propagation controls.

• Configured foundational logging and monitoring with CloudTrail, CloudWatch, and Config to establish audit trails and baseline alerting for anomalies.

• Developed Bash and Python scripts for automated backup verification, log rotation, and compliance artifact collection to support audit readiness.

• Supported lift-and-shift migrations by creating repeatable CloudFormation templates with embedded security controls and tagging enforcement.

• Collaborated with delivery teams to integrate security requirements into Agile sprints, reducing late-stage rework through early threat modeling.

• Technologies Used: AWS VPC, IAM, CloudTrail, Config, CloudFormation, Python, Bash, Linux, Direct Connect, CloudWatch

EDUCATION

Masters in Information systems and Technologies, Dallas Prominent coursework: Advanced Computer Networking, Cloud Computing. Prominent Bachelor’s coursework: in Electronics Networking and Communication and Telecommunications. engineering, India CERTIFICATIONS

AWS Certified Solutions Architect - Associate

AWS Certified Security – Specialty

Contact this candidate