Cloud Security Engineer with Zero Trust Focus
Resume:
Ahmed Mujtaba Bhatti Security Engineer
*****@***********.*** 571-***-**** USA LinkedIn
Summary
Security Engineer with 2+ years of strong expertise in cloud security, threat detection, identity and access management, and infrastructure hardening. Experienced in designing secure systems across hybrid environments using industry-leading tools and best practices. Adept at collaborating with cross-functional teams, conducting security audits, and applying automation for scalable, compliant solutions. Proven ability to enhance security posture, reduce risk, and support organizational goals through proactive engineering, continuous monitoring, and security training initiatives. Committed to advancing cybersecurity resilience and operational efficiency. Technical Skills
Cloud Platforms: AWS (IAM, GuardDuty, Macie, CloudTrail, PrivateLink, Organizations), Microsoft Azure (Azure Sentinel, Azure Monitor), Oracle Cloud
Security Engineering: ZTA, Mutual TLS, VPC Endpoints, RBAC, ABAC, SIEM Tuning, Threat Intelligence (IBM X-Force, STIX/TAXII)
Tools & Technologies: IBM QRadar, Splunk, Logstash, Winlogbeat, syslog, Terraform, AWS CloudFormation, Cisco ASA, ServiceNow
Security Domains: Cloud Infrastructure Hardening, Identity & Access Management, Threat Detection & Response, Compliance Automation
Collaboration & Methodologies: Agile Scrum, Requirement Gathering, Cross-functional Team Collaboration (IT, DevOps, SOC, Compliance)
Training & Enablement: Security Workshops, Secure Coding Practices, Incident Investigation, Dashboard & Rule Creation Professional Experience
Security Engineer, Venmo 03/2024 – Present Boston, USA
Worked on Cloud Infrastructure Hardening & Zero Trust Implementation, team up with Cloud, Security, and IT teams in Agile sprints, led requirement gathering sessions to align goals and improved overall project delivery accuracy and stakeholder alignment by 95%.
Audited AWS infrastructure and enforced hardened IAM policies, integrating AWS GuardDuty and Macie, reducing misconfigurations and cloud vulnerabilities by 70%, enhancing data sorting and real-time threat detection for critical services and user environments.
Designed and deployed Zero Trust Architecture using mutual TLS, AWS PrivateLink, and secure VPC endpoints, resulting in 80% improvement in secure inter-service communication and minimizing attack vectors across Venmo’s internal microservices network.
Imposed RBAC and ABAC for all production and development systems, ensuring steady identity-based access limits and achieving 90% policy compliance across environments via automated governance and constant monitoring tools united with AWS Organizations.
Collaborated with DevOps and Infrastructure teams to automate hardened infrastructure deployments via Terraform and CloudFormation, reducing manual configuration errors and increasing provisioning speed and policy enforcement efficiency by 85% across all AWS accounts.
Led hands-on security workshops on Zero Trust, CloudTrail, and Splunk, increasing incident response accuracy and secure engineering adoption by 60%, while improving detection and investigation workflows across engineering and security operations teams. Associate Security Engineer, Soneri Bank 01/2021 – 08/2022 Karachi, Pakistan
Directed the Security Information and Event Management (SIEM) Implementation project using IBM QRadar, integrating data sources from core banking systems, ATM infrastructure, firewalls, and Active Directory, achieving 85% centralized visibility into security events across environments.
Conducted extensive requirement gathering sessions with IT, compliance, and risk teams to identify critical log sources and define use cases, ensuring 100% alignment with State Bank of Pakistan's cybersecurity regulatory requirements.
Developed and implemented log ingestion pipelines using syslog, Winlogbeat, and Logstash for Windows Servers, Linux hosts, and Cisco ASA firewalls, resulting in 95% successful log collection across all identified assets.
Utilized Microsoft Azure Monitor and Azure Sentinel alongside QRadar for cloud log collection and hybrid visibility, increasing detection coverage across cloud workloads by 60% and enhancing incident context enrichment.
Collaborated with the SOC, Infrastructure, and Application teams to define alert workflows, automated ticketing, and escalation processes via ServiceNow, improving response efficiency by 40%.
Performed ongoing SIEM tuning by reducing false positives and integrating threat intelligence from IBM X-Force and STIX/TAXII, which improved detection accuracy by 70% over baseline.
Trained SOC analysts and IT administrators through technical workshops on log analysis, rule tuning, and investigation practices, achieving 90% skill uplift and ensuring effective use of the SIEM post-deployment. Education
Master of Science in Cybersecurity 01/2023 – 12/2024 Marymount University Virginia, USA
Bachelor of Business Administration 09/2017 – 12/2021 Iqra University Karachi, Pakistan
Certificates
Azure Fundamentals: Network-Based Threats & Mitigations, Cloud Governance
Cisco Certification: Network Packet Tracer, Cybersecurity Essentials
AWS Security Fundamentals
Oracle Cloud Infrastructure: Cybersecurity Best Practices
Department of Defense: Cyber Awareness Challenge 2023.
SD-WAN Training: Basics of SD-WAN architecture, secure connectivity, and performance optimization
Contact this candidate