• Designed and built from scratch AWS environments for dev, staging and prod using Terraform.
• Configured CircleCI pipelines for Docker build and Terraform deployment automation.
• Scripting with Python (boto3), Bash and Powershell for Lambda functions and userdata scripts.
• Deployed and managing EKS Clusters, ECR, RDS, DynamoDB, CloudFront, ACM, Route53 & WAF.
• Automated deployments to Kubernetes with GitOps using Flux and Helm.
• Implemented AWS Single Sign-On (SSO), IAM, OAuth, Cognito, and Hashicorp Vault for SAML identity federation, management, authentication and secrets storage.
• Configuring Palo Alto Firewalls with Ansible, and IPSec VPNs, BGP and Transit Gateway route tables for secure connectivity between Cloud and on-premise networks.
• Ensuring SRE with autoscaling, read-replicas, automated backups for DR and monitoring with CloudWatch and Instana.

Evaluated current and alternative solutions for SAST, DAST, IAST, SCA and container security by comparing tools such as SonarQube, NetSparker, NexusIQ and Aqua, against Veracode, Checkmarx, Synopsys, and Synk.
Conducted workshops for application teams to assess their implementation of container security and worked with them to reduce the overall organizational container security vulnerabilities by 28%.
Reviewed Dockerfiles and Azure DevOps build pipelines for the implementation of container security best practices.
Scanned container images for vulnerabilities in applications and third-party libraries with Aqua.
Provided recommendations for updating base images to minor releases of less vulnerable ones based on CVSS scores.
Investigated application security standards such as OWASP Application Security Verification Standard (ASVS), SANS Security Web Application Technologies (SWAT) Checklist, and the NIST Secure Software Development Framework (SSDF) for mapping against DevSecOps security tools.

• Performed security audits on EKS clusters to identify issues relating

  to cluster, node and application security.

• Reviewed AWS IRSA authentication, Kubernetes cluster RBAC

  Roles, RoleBindings, Service Accounts, Signed Certificate holders

  and ConfigMaps.

• Investigated container runtime security, mutating and validating

  webhooks, admission controllers, network policies, privileged access

  and security contexts.

• Evaluated security of the DevOps lifecycle, CI/CD deployment

  pipelines, Helm charts and supply chain security.

  Proposed an implementation of OPA Gatekeeper Admission

  Controller and OPA agents for whitelisting of container registries

• Performed automated cluster security assessments with Falco,

  Kubescape, and Kube-bench tools against CIS Benchmarks.

• Proposed an implementation of security best practises in

  Kubernetes for cluster access control, image and container

  vulnerability scanning, and audit logging.

• Deployed Conftest for static analysis of Dockerfiles and Kubernetes

  YAML manifests, and writing rules using rego commands

• Proposed an implementation of hardened docker images for Debian

  and Alpine.

• Designed cloud architecture and event-driven security on the Nokia Hybrid Cloud (AWS & Azure).
• Performed CI / CD data builds, and cloud automation with GitLab CI, Terraform and Python scripts.
• Managed PrivateLinks, VPC / VNet Peering, TGW and DX links on the Nokia Internal Network.
• Managed IAM service role creation, federated logins, cross-account access and alarm configs.
• Managed cloud security with AWS Security Hub, GuardDuty, Inspector and Azure Security Center.
• Performed Hybrid Cloud services consulting, security assessments and compliance audits.

• Providing managed cloud services for customers on the Nokia Worldwide IoT Network Grid (WING)
• Supported cloud migration and on-boarding of customer VNFs and applications
• Monitored Telco Cloud infrastructure (OpenStack, VMware, KVM) with Zabbix, Nagios and Ganglia
• Performing incident management and resolution of customer trouble tickets through Nokia GDC

• Alcatel-Lucent SPOC for infosec management and design on the NITA e-Government Project
• Managed ArcSight SIEM, TippingPoint IPS, Radware WAFs and Mail Filters, and HP Firewalls
• Initialized, lead and coordinated project security requirements of risk assessments, audits, security policies, acceptance testing, business continuity and crisis management planning

• Provided MPLS backbone support as part of a 24/7 NOC team for customer wide area networks
• Managed Point-to-Point (PTP) links, 4G Radio, WiMAX, LTE and VSAT satellite transmissions
• Monitored network performance and KPIs with PRTG, Cacti, Solarwinds and WhatsUp Gold tools
• Conducted failover to DR and Business Continuity Process (BCP) tests on the NOC infrastructure