Cloud Security Engineer - AWS-Azure IAM & Automation Expert
Resume:
Purav Maloo
Cloud Security Engineer
**********@*****.*** 507-***-**** Dallas, TX US Citizen
SUMMARY
Cloud security engineer with hands-on experience improving security posture, automating operations, and strengthening cloud and identity controls. Reduced critical vulnerabilities across 140+ endpoints, built AWS-hosted operational tools, and deployed IoT monitoring systems that improved efficiency and reduced manual work. Brings a track record of identifying gaps, automating fixes, and measuring outcomes. AWS, Azure, and CompTIA certified with hands-on experience in threat detection, IAM governance, and compliance-focused security operations. Combines technical execution with strong operational and business perspective.
WORK EXPERIENCE
Log(N) Pacific, Cybersecurity Support Analyst (Intern) 09/2025 – Present Plano, TX
•Spearheaded vulnerability management across 140 servers and workstations using Tenable and DISA STIG assessments, driving a 30% reduction in critical and high-severity findings.
•Engineered four PowerShell automation scripts to remediate recurring misconfigurations and harden security baselines across 20+ Windows and Linux servers, eliminating hours of manual effort per cycle.
•Triaged and investigated 40+ Microsoft Defender for Endpoint alerts weekly, identifying indicators of brute-force attacks, early-stage ransomware behavior, and potential data exfiltration attempts.
•Built three Microsoft Sentinel dashboards and KQL queries to surface high-priority security events, improving SOC triage visibility and response efficiency.
•Authored a Python script to parse and prioritize Tenable scan outputs into structured remediation reports, streamlining the vulnerability review cycle.
•Collaborated with network engineering to implement firewall and NSG rule hardening that reduced brute-force login attempts by 30%, strengthening perimeter defense posture. Baskin Robbins, Franchise Owner & Operations Manager 05/2022 – 08/2025 Plano, TX
•Founded and operated a pilot franchise in North Texas with full P&L responsibility, managing vendors and a 9-person team while sustaining profitability over three years.
•Deployed an internal operations web app on AWS (EC2, S3, Route 53) used by four shift leads for checklists, SOPs, and task tracking, driving near-100% completion of opening and closing procedures.
•Designed IoT LoRaWAN sensor infrastructure for automated temperature and equipment monitoring, saving about
$3,500 annually by eliminating roughly 45 minutes of manual logging per shift.
•Built data-driven hiring, training, and scheduling processes, reducing turnover and improving shift coverage.
•Implemented a cloud cost monitoring dashboard using AWS Cost Explorer to track and optimize infrastructure spending. SAPTech Integrators, SAP Security Intern 05/2024 – 08/2024 Richardson, TX
•Administered identity and access controls for SAP ECC and S/4HANA, enforcing least-privilege access and segregation of duties (SoD) in finance and operations modules.
•Partnered with SAP Basis, security architects, and business process owners to design compliant role structures and conduct access risk and SoD conflict analysis.
•Resolved access requests, password resets, and role change tickets within SLA, ensuring audit traceability and compliance documentation.
•Executed periodic access reviews to identify and rectify excessive permissions and SoD conflicts in high-risk transactions.
•Completed SAP GRC governance training and applied insights to align security practices with enterprise-wide GRC standards.
SpreadWeb, Search Engine Optimization Consultant 03/2020 – 11/2021 Houston, TX
•Delivered comprehensive technical SEO audits and data-driven optimization strategies for 14 business clients across diverse industries, leveraging Google Search Console, Screaming Frog, and SEMrush to identify and resolve crawlability, indexation, and on-page performance gaps.
•Achieved an average 30% increase in organic search traffic and measurable ranking improvements for all 14 client engagements through systematic technical fixes, content optimization, and structured data implementation.
•Managed multiple concurrent client engagements, presenting audit findings and strategic recommendations to stakeholders ranging from small business owners to marketing teams. Men's Wearhouse, Edge Fitness, Paragon Theaters, Sales & Customer Service
2016 – 2019 Rochester, MN
•Built strong client relationships and consistently exceeded sales performance targets across three high-volume, customer-facing roles in retail and entertainment.
•Developed communication, negotiation, and operational execution skills in fast-paced, high-pressure environments. EDUCATION
Bachelor of Science in Cloud & Network Engineering, Western Governors University Specialized in hybrid cloud infrastructure, network security, and automation. Completed real-world hands-on projects leveraging AWS and Azure environments, IAM, and security implementations. SKILLS
Security Operations & Compliance
Azure AD, AWS IAM, SAP ECC roles and profiles, RBAC, least privilege access, MFA, Conditional Access, SSO/ SAML, SoD analysis.
Cloud & Infrastructure
AWS (IAM, S3, EC2, VPC), Azure AD, NSGs, SSH, firewall rules, encryption in transit and at rest.
Enterprise Applications
SAP ECC and S/4HANA security administration, SAP GRC governance frameworks, access governance, compliance controls.
SecOps
Tenable/Nessus, DISA STIG scans, SIEM (Microsoft
Sentinel), EDR (Microsoft Defender for Endpoint), KQL, basic threat hunting, incident response.
Automation & Scripting
PowerShell, Bash, KQL (Kusto Query Language), JSON/ YAML, Azure Runbooks, task automation.
Additional Tools & Platforms
Service desk/ticketing systems, Git/GitHub, Microsoft 365. PROJECTS & HOME LABS
Azure IoT Monitoring Lab
Built an Azure IoT security lab where a Raspberry Pi Pico W device published actuator state to Azure IoT Hub over MQTT/TLS using SAS authentication. Stored encrypted telemetry in Azure Storage and Log Analytics and created alerting for abnormal command frequency and failed authentications. Secure Cloud File-Upload Pipeline
Designed and deployed a secure file-upload workflow with TLS in transit and server-side encryption at rest. Implemented least-privilege IAM policies, expiring pre-signed upload URLs, and validation scripts to verify encryption and access controls.
Azure NSG Threat Detection & Incident Response
Configured Azure NSGs and NSG Flow Logs in Network Watcher to analyze traffic for internet-facing workloads. Built KQL queries and Sentinel alerts to detect port scanning and suspicious denied traffic, then refined NSG rules and documented a lightweight incident notification workflow.
CERTIFICATIONS
CompTIA Security+ Network+ Cloud+ A+ (Core 1 & 2) Project+ AWS Certified Solutions Architect - Associate Microsoft Certified: Azure Administrator (AZ-104) ITIL 4 Foundation
Contact this candidate