Cybersecurity Engineer - Cloud & IaC Security Expert
Resume:
Spurthy B
LinkedIn: https://www.linkedin.com/in/spurthy-bandarupalli-620255125/
Gmail: ***********@*****.***
Phone number: +1-814-***-****
Professional Summary
Result-oriented Cybersecurity Engineer with 9+ years of experience spanning Vulnerability Management, SOC Operations, DevSecOps, and Cloud Security.
Certified AWS Security Specialist skilled in designing, securing, and maintaining scalable cloud infrastructure solutions across AWS and Azure.
Proficient in cloud-native security tools, including AWS Guard Duty, Macie, Security Hub, Inspector, Config, and Microsoft Defender and Microsoft 365 workloads.
Strong expertise in encryption techniques, key management, and data protection for cloud, hybrid and Microsoft 365 environments.
Experienced in network and endpoint security, including firewalls, VPNs, routers, switches, and wireless access control.
Hands-on with SIEM platforms (Splunk, XSOAR), writing custom queries, and monitoring alerts for incident detection and response.
Practical experience with EDR and XDR solutions such as Carbon Black, Cortex XDR, and Tanium for advanced endpoint protection.
Skilled in IAM and PAM security implementations using CyberArk, Azure AD, Ping Federation, and Hashi Corp Vault.
Expertise in vulnerability management with Tenable Nessus, Qualys VMDR, and automated risk reporting.
Proficient in CSPM, CWPP, and CNAPP tools like Prisma Cloud, Wiz, Orca, and Qualys for continuous compliance monitoring.
Experienced in Policy-as-Code development, writing Prisma policies using RQL and YAML, and enabling auto-remediation in Prisma Cloud.
Strong understanding of DevSecOps and Infrastructure-as-Code (IaC) principles using Terraform, Azure ARM, and CloudFormation.
Skilled in CI/CD pipeline integration with Jenkins, GitLab, and GitHub to embed security controls into automated workflows.
In-depth knowledge of container and Kubernetes security, including image scanning, vulnerability management, and RBAC enforcement.
Familiar with MDM and SCCM tools for secure endpoint and mobile device management in Active Directory and Microsoft 365 environments.
Knowledgeable in network and protocol-level security (TCP/IP, DNS, DHCP) and OWASP Top 10 vulnerability mitigation.
Adept in data analysis, reporting, and dashboard creation using Excel and PowerPoint for executive presentations.
Experienced in scripting with Python and Bash for automation, compliance validation, and vulnerability reporting.
Actively monitors threat intelligence (CTI) and OSINT sources to identify and mitigate emerging cyber risks.
Recognized for strong organizational and leadership abilities, committed to driving innovation and continuous improvement in cloud security programs.
Good at end-to-end delivery of analytics and automation projects from scoping through deployment, applying Agile ceremonies, backlog grooming, and stakeholder demos to ensure alignment and delivery excellence.
Certifications:
Cyber Supply Chain Management - Department of Homeland Security
Incident Management Response - Department of Homeland Security
CompTIA Security+ - In Progress
Certified Cloud Security Professional (CCSP) – In Progress
AWS Security Specialty – In Progress
Technical Skills
Category
Skills
Cloud
AWS, Azure, GCP
Cloud Security
Wiz, Prisma, Orca, Aqua, Qualys
SIEM/SOAR
Splunk, Splunk SOAR, Palo Alto XSOAR
EDR/XDR
Carbon Black, Cortex XDR, Tanium
DevSecOps/IaC
Jenkins, GitLab/GitHub, Terraform (YAML), ARM, Containers (Docker/K8s)
Network/Security
AWS WAF, Wireshark, VPNs, Firewalls, TCP/IP, DNS, DHCP
IAM/PAM
CyberArk, Azure AD/Microsoft Entra, Ping, AWS IAM, Hashi Corp Vault
Professional Experience:
Senior Cloud Security Engineer
Lockheed Martin, Fort Worth, TX Mar 2024 – Present
Team: Cloud Security
Responsibilities:
Collected business and compliance requirements from security, cloud-ops, and DevOps teams before onboarding to Wiz CNAPP, ensuring alignment with Control Tower, Service Control Policies (SCPs), and NYDFS 23 NYCRR 500 regulatory controls for standardized governance.
Integrated WIZ with AWS, Azure and GCP by onboarding cloud accounts and configured project structure by using Org tags and metadata.
Planned and executed migration of 1,000 + Kubernetes clusters into Wiz using GitLab pipelines, by strengthening container security posture.
Administered Zscaler Internet Access (ZIA) policies for SSL inspection, URL filtering, malware sandboxing, and endpoint security to protect outbound traffic across hybrid environments.
Implemented encryption in transit and at rest using KMS-managed keys and enforced TLS 1.2/1.3 for all inbound connections across services.
Integrated AWS Security Hub and GuardDuty findings into Splunk dashboards, improving mean time to detect (MTTD) and mean time to respond (MTTR), and tracked findings against NYDFS 23 NYCRR 500 compliance requirements.
Validated security controls for GovCloud regions (US East/West) against FedRAMP, CIS benchmarks, and NYDFS 23 NYCRR 500 regulatory requirements.
Designed an API security framework for container registries to detect and block unverified images before deployment, incorporating OAuth 2.0 and OpenID Connect (OIDC) protocols for secure token-based authentication and authorization across APIs.
Integrated Zscaler Digital Experience (ZDX) with Splunk and Wiz for end-to-end traffic analytics and latency monitoring, improving mean time to troubleshoot (MTTT) by 30%.
Leveraged Falcon Shield to monitor and secure AWS IAM identities and permissions, as well as SaaS application accounts, ensuring least-privilege access across cloud and enterprise environments.
Implemented enterprise-wide phishing simulation campaigns using Proofpoint/Cofense to reduce phishing susceptibility across departments.
Integrated phishing campaign results into security awareness reporting dashboards for executive leadership.
Implemented AWS Direct Connect and failover to IPSec VPNs for hybrid cloud workloads, improving network availability and bandwidth optimization.
Planned and executed data migration of sensitive workloads to Snowflake, implementing role-based access control (RBAC) and encryption at rest to ensure HIPAA/GDPR compliance.
Configured Guard Duty and Macie to detect anomalies, data exposure, and vulnerabilities in S3, EC2, and EKS workloads, integrating results into Splunk for incident tracking.
Provided training sessions for security and DevOps teams on Azure security monitoring, Azure Sentinel, Microsoft 365 security best practices, and endpoint hardening.
Identified and remediated over-permissioned IAM roles, inactive accounts, and misconfigured policies in AWS using insights from Falcon Shield dashboards integrated with SaaS identity data.
Migrated classified Kubernetes workloads into a secure CNAPP framework using Wiz and Terraform pipelines, enforcing account-level SCP’s across multiple AWS accounts for compliance and risk mitigation.
Automated the generation of security and compliance reports in Power BI, highlighting misconfigurations, identity changes, and threat events mapped to NYDFS 23 NYCRR 500 standards for executive and operational stakeholders.
Implemented Palo Alto Global Protect VPNs alongside ZPA for hybrid user access, enforcing SSL inspection and MFA for endpoint connectivity.
Implemented container image security controls, including vulnerability scanning, artifact signing, and RBAC enforcement for registries (ECR/Docker Hub).
Developed custom APIs and scripts to manage firewall rules, access controls, and security configurations on both cloud and on-prem systems.
Built Python-based tools to analyze container images, enforce RBAC policies, and integrate security findings into SIEM dashboards (Splunk).
Performed performance tuning, log monitoring, and troubleshooting for RHEL hosts supporting containerized and hybrid cloud workloads.
Conducted simulated phishing campaigns via KnowBe4, analyzed results, and provided actionable recommendations to improve security posture.
Automated cloud security monitoring and remediation workflows using Azure Functions, Lambda Functions, Python and Wiz APIs, reducing manual effort and improving time-to-detect for compliance deviations.
Implemented and managed security policies, NAT rules, application-based controls (App-ID), User-ID, and Content-ID to enforce zero-trust network access.
Enabled and tuned Threat Prevention profiles, including anti-Spyware, anti-Virus and Vulnerability Protection to block malware and advanced threats.
Tracked and reported on training completion and phishing simulation metrics using KnowBe4 dashboards, presenting insights to senior leadership.
Have Good knowledge on WIZ architecture including WIZ outpost and WIZ sensors.
Environment: AWS (GovCloud US East/West), Azure Government, Wiz CNAPP, Terraform, GitLab CI/CD, Python, Azure Monitor, AWS CloudTrail / CloudWatch Logs, Kubernetes (EKS/AKS), FedRAMP, CIS Benchmarks, Splunk, Docker, API Security Gateways, RBAC Policies.
Senior Cloud Security Engineer 7-Eleven, Inc., Irving, TX Oct 2022 – Feb 2024
Team: Cloud Security
Responsibilities:
Defined a two-phase remediation plan for 5k + misconfigurations using Security Hub, Macie, and CloudWatch.
Built Splunk dashboards for real-time alerting of IAM changes, network traffic anomalies, and policy drift, leveraging CloudWatch metrics, centralized Control Tower governance, and NYDFS 23 NYCRR 500 compliance tracking.
Built interactive Power BI dashboards by integrating Azure Monitor, Azure Storage, and Snowflake data sources to provide centralized visibility into security posture and compliance metrics.
Authored and deployed custom YAML/RQL policies in Prisma and Wiz to automatically flag non-compliant resources across AWS accounts governed by SCPs and Control Tower guardrails, ensuring adherence to NYDFS 23 NYCRR 500 requirements.
Implemented AWS WAF and GuardDuty integrations for web application threat protection and traffic logging.
Deployed AWS Network Firewall within VPCs to inspect traffic at layer-7 and enforce compliance with NIST and CIS benchmarks.
Configured and managed Palo Alto Next-Generation Firewalls (NGFWs) for traffic segmentation, SSL decryption, and application-layer threat prevention.
Integrated Palo Alto Panorama with AWS Firewall Manager for centralized firewall policy orchestration, reducing misconfigurations across multiple accounts.
Supported multi-account AWS Organizations governance, ensuring alignment with Control Tower guardrails, Service Control Policies (SCPs), and standardized security baselines before onboarding into Wiz.
Have Good knowledge on WIZ architecture including WIZ outpost and WIZ sensors.
Worked on Wiz Code for scanning Terraform code used to build infrastructure.
Develop and maintain automation to streamline configuration, reporting, and integration tasks using WIZ API’s.
Implemented layered web protection by associating AWS WAF web ACLs with Application Load Balancers and API Gateways, defining rate-based and geo-restriction rules.
Implemented fine-grained SSO integrations using OAuth 2.0 and OpenID Connect (OIDC) for secure application authentication, along with KMS encryption keys to control privileged access and enforce key rotation across multiple AWS accounts.
Centralized Palo Alto and Zscaler traffic logs via Syslog integration with Splunk for network visibility, anomaly detection, and compliance audits.
Developed IAM and access control strategies leveraging OAuth 2.0 flows and JWT-based token validation across applications and cloud platforms to ensure GDPR-compliant handling of user data.
Conducted weekly IAM access reviews across Azure AD, CyberArk, Ping Federation, and AWS IAM.
Collaborate with cloud security and security teams to ensure consistent alignment with cloud security best practices and governance standards
Supported incident response by correlating alerts between SIEM, EDR, and cloud security platforms.
Automated VPC provisioning and subnet configuration using Terraform/CloudFormation templates for consistent infrastructure deployment.
Conducted Azure-specific threat modeling and risk assessments, mapping findings to NIST CSF v2 and organizational risk registers.
Generated executive-level reports from Falcon Shield dashboards, providing visibility into user access trends, policy violations, and remediation status.
Designed multi-VPC topologies using Transit Gateway, VPC peering, and PrivateLink endpoints to enable secure inter-region routing and controlled egress via Zscaler.
Analyzed KnowBe4 campaign results including click rates, report rates, and remediation actions, providing actionable insights to management.
Configured automated phishing campaigns, including frequency, difficulty levels, and scenario types, to sustain long-term awareness.
Partnered with developers to embed Wiz CNAPP policies in CI/CD workflows for continuous compliance, incorporating NYDFS 23 NYCRR 500 regulatory checks.
Developed and enforced cloud security policies and IAM procedures across multi-account AWS Organizations, and integrating Zscaler Private Access (ZPA) with OAuth 2.0.
Monitored phishing simulation completion rates and trends to evaluate program effectiveness.
Produced KPI and performance reports highlighting improvements, high-risk areas, and training impact.
Implemented SSO integrations using Ping Federate, Ping Access, and Azure AD for multi-cloud and enterprise applications.
Environment: AWS (Security Hub, Guard Duty, Macie, Config), Azure (Security Center/Defender, AD), GCP (Security Command Center), Wiz, Prisma Cloud, Splunk Enterprise, CyberArk, Ping Federate, Lambda, Azure Functions, Python, PowerShell, Jenkins, Terraform, PCI-DSS, SOX, NIST 800-53.
DevSecOps Engineer
Palo Alto Networks, Santa Clara, CA Jul 2021 – Sep 2022
Team: Product Development & Integration
Responsibilities:
Participated in initial product requirements gathering for new CSPM features requested by enterprise clients.
Converted security standards into policy-as-code templates using RQL and YAML for Prisma Cloud.
Created and tested auto-remediation scripts to close high-severity alerts detected during policy validation.
Coordinated with QA to design test plans and simulate multi-cloud attack scenarios to verify policy accuracy.
Integrated Aqua and Prisma with CI/CD tools (GitLab, Jenkins) for automated build and scan pipelines.
Deployed Kubernetes test clusters to validate network and IAM rules before public release.
Captured customer feedback through beta programs and refined config policies based on real-world findings.
Established IAM and access control strategies across Azure resources and M365 workloads to ensure GDPR-compliant data handling.
Developed KQL queries in Microsoft Sentinel to detect anomalies, perform threat hunting, and generate actionable security alerts.
Built incident detection and response workflows using EventBridge, Lambda, and SNS, integrating OAuth 2.0 token validation mechanisms for secure API-to-API communication and access control in automated workflows.
Collaborated with the documentation team to publish implementation guides and troubleshooting steps.
Automated VPC Flow Log analysis with Python and AWS Lambda functions to identify abnormal traffic patterns and policy violations.
Proficient in Kusto Query Language (KQL) for analyzing Azure logs, correlating multi-source events, and detecting security threats.
Integrated VPC metrics with SIEM platforms (Splunk, Sentinel) to correlate traffic anomalies and accelerate incident triage.
Prepared deployment runbooks and supported roll-outs to enterprise clients.
Designed, deployed, and validated Kubernetes clusters on AWS EKS, using Helm charts, embedding network policies, RBAC, and image scanning controls to align with organizational security baselines.
Measured policy coverage improvements and reported monthly defect closure rates to product management.
Environment: Prisma Cloud (CSPM / CWPP), Aqua Security, AWS / Azure / GCP Sandboxes, GitLab / Jenkins Pipelines, Terraform, YAML/RQL Policy-as-Code, Kubernetes Test Clusters, Python, Docker, FedRAMP Controls, Confluence, JIRA
Vulnerability Management
SISA Information Security, Bengaluru Apr 2020 – Mar 2021
Team: Cloud & Application Security
Responsibilities:
Assessed client infrastructure and defined secure CI/CD architecture for AWS and Azure projects.
Part of the vulnerability management team, overseeing the identification, classification, and remediation of security vulnerabilities across the organization.
Worked on Qualys VMDR and Tenable Nessus, Wiz for finding potential vulnerabilities in cloud like Amazon Web Services (AWS), Azure, and GCP, endpoints of mobile and desktop applications, and Active Directory.
Established IAM and access policies to enforce data governance principles, ensuring controlled access to sensitive datasets across cloud and on-prem systems.
Collaborate with IT and development teams to address Rapid7, Qualys, and Nessus vulnerabilities and improve security measures.
Leveraged KQL to analyze, correlate, and visualize security telemetry from Azure and on-prem environments for rapid incident response.
Performed risk assessments on alerts generated from Rapid7, Qualys, and Nessus to prioritize vulnerabilities based on potential impact and likelihood of exploitation.
Stay up to date on the latest vulnerability trends, cyber threats, and mitigation strategies. This could involve attending security conferences, participating in online communities, and subscribing to relevant security alerts or newsletters.
Designed, implemented, and managed Identity and Access Management (IAM)solutions incorporating CyberArk Privileged Access Management (PAM), Microsoft Entra, Azure AD, and Ping Identity to provide secure access to critical resources and applications.
synchronized user identities and access policies across, incorporating CyberArk Privileged Access Management (PAM), Azure AD, Microsoft Entra, and Ping Identity platforms, ensuring consistent access controls and user experiences.
Implemented multi-factor authentication (MFA) and single sign-on (SSO) solutions using Ping Identity with OAuth 2.0 and OIDC integrations to enhance security, enable delegated access, and improve user convenience.
Developed custom integrations with various applications, databases, and systems using CyberArk's APIs and connectors.
Enforced zone-to-zone access controls by validating that only required ports and protocols were allowed between environments.
Environment: AWS (ECS, ECR, Secrets Manager), Azure (ARM Templates, Key Vault), Jenkins, GitLab CI, Aqua Security, Checkmarks, Hashi Corp Vault, Terraform, Splunk, IBM QRadar, OWASP ZAP, Python, Bash, CIS Benchmarks.
Security Engineering Analyst
Network Intelligence India (NII), Mumbai Sep 2018 – Mar 2020
Team: Security Engineering
Responsibilities:
Maintained Splunk Enterprise and Cloud platforms; handled version upgrades and patching schedules.
Integrated SIEM with AWS, Azure, GCP, and on-prem firewalls to achieve complete log coverage.
Managed and updated firewall rules on on-prem appliances by reviewing access requests, validating required ports, and ensuring changes aligned with security policies.
Designed custom dashboards and correlation rules for network anomalies and login abnormalities.
Automated incident triage using SOAR (XSOAR and Splunk SOAR), cutting average response time by 30 %.
Performed rule reviews to identify unused, risky, or overlapping firewall entries and worked with application teams to clean up and tighten access.
Deployed XDR and EDR tools to reduce endpoint noise and improve threat detection accuracy.
Rolled out MDM and SCCM policies for mobile and desktop devices to enforce encryption and password controls.
Supported 5+ enterprise clients with SIEM/SOAR automation and KPI reporting.
Troubleshot traffic drops by analyzing firewall logs, NAT policies, and zone-based rules to restore connectivity while maintaining security boundaries
Conducted risk assessments using STRIDE and PASTA methods and documented remediation plans.
Analyzed NTA/UEBA data and adjusted IPS signatures to reduce false positives.
Delivered root-cause analysis reports for recurring incidents and implemented preventive actions.
Presented quarterly metrics on incident trends and response effectiveness to client CISO teams.
Scheduled and executed simulated incident response drills to test SOAR playbook accuracy.
Aligned Splunk data-retention and log-rotation policies with client compliance mandates.
Mentored junior analysts on correlation logic, dashboard customization, and KPI tracking.
Environment: Splunk Enterprise / Cloud, Palo Alto XSOAR, Cortex XDR, QRadar, AWS / Azure / GCP Log Ingestion, Firewalls (Cisco, Fortinet), MDM/SCCM, Wireshark, Python, PowerShell, MITRE ATT&CK, NIST Risk Framework.
SOC Analyst
Inspira Enterprise India Pvt Ltd., Hyderabad May 2016 – Aug 2018
Team: Vulnerability Management & IAM
Responsibilities:
Conducted daily vulnerability scans with Qualys VMDR and Nessus and coordinated fixes with system owners.
Categorized and prioritized findings using CVSS scores and business impact ratings.
Implemented CyberArk PAM and Ping SSO/MFA with OAuth 2.0 token-based authorization.
Developed API integrations between CyberArk and internal ticketing systems for password rotation.
Managed secrets via Hashi Corp Vault and AWS Secrets Manager and audited access logs regularly.
Assisted incident-response teams with forensic data and patch status validation.
Performed sandbox testing of new policies before production roll-out.
Ensured alignment with NIST, CIS, ISO, PCI, and FedRAMP controls during audits.
Delivered monthly executive reports summarizing open vulnerabilities and closure progress.
Participated in client onboarding sessions to define escalation paths and SLAs for incident handling.
Verified vulnerability remediation by rescanning assets and validating patch signatures.
Created a centralized knowledge base documenting recurring incident patterns and mitigation steps.
Environment: Qualys VMDR, Nessus, CyberArk PAM, Ping Federate, Hashi Corp Vault, AWS Secrets Manager, Splunk Enterprise, SIEM Connectors, Windows / Linux Servers, TCP/IP Networking, NIST, CIS, ISO 27001.
EDUCATION: Bachelor's in IT, GITAM University, Hyderabad, 2016
Contact this candidate