Cloud Security | DevSecOps |AWS | Azure DevOps | GCP| Terraform | Kubernetes
Aktualisiert am 01.10.2024
Profil
Freiberufler / Selbstständiger
Remote-Arbeit
Verfügbar ab: 01.10.2024
Verfügbar zu: 100%
davon vor Ort: 0%
AWS
Terraform
Kubernetes
Azure
GCP
GitlabCI
Docker
bash
Python
Ansible
Flux
PowerShell
CircleCI
CI/CD
Cloud
DevOps
DevSecOps
Cloud-Native
GitOps
IT-Sicherheitsarchitektur
English
IELTS 8.0
German
B2, B1

Einsatzorte

Einsatzorte

Deutschland, Schweiz, Österreich
möglich

Projekte

Projekte

4 Jahre
2020-10 - heute

Cloud Infrastructure and Security Automation Project

Senior DevSecOps Engineer AWS Terraform Kubernetes ...
Senior DevSecOps Engineer
  • Designed and built from scratch AWS environments for dev, staging and prod using Terraform
  • Configured CircleCI pipelines for Docker build and Terraform deployment automation
  • Scripting with Python (boto3), Bash and Powershell for Lambda functions and userdata scripts
  • Deployed and managing EKS Clusters, ECR, RDS, DynamoDB, CloudFront, ACM, Route53 & WAF
  • Automated deployments to Kubernetes with GitOps using Flux and Helm
  • Implemented Single Sign-On, IAM, OAuth, Cognito, and Hashicorp Vault for auth, secrets store and SAML identity federation
  • Configured IPSec VPNs, BGP and TGW for secure connectivity between Cloud and on-premise networks
AWS Terraform Kubernetes Docker DevSecOps Python PowerShell Ansible
Trisor GmbH
Berlin
1 Jahr
2023-07 - 2024-06

Provided Cloud Security advisory to application teams

Cloud Security Consultant
Cloud Security Consultant
  • Provided Cloud Security advisory to application teams in the areas of DevSecOps, IT Risk and vulnerability management
  • Conducted pre-production security assessments and reviews of penetration tests for applications migrating to the Cloud
  • Reviewed container image vulnerabilities and Terraform IaC compliance with JFrog Artifcatory, SonarQube, Checkov and tftest
  • Investigated MSI (Market Sensitive Information) and CSI (Confidential Statistical Information) data flows across internal ECB and external ESCB (European System of Central Banks) communication systems
  • Provided support, and conducted workshops on the use of Prisma Cloud for landing zone and cloud security posture management
European Central Bank
Frankfurt, Germany
2 Jahre 1 Monat
2022-03 - 2024-03

Managed Azure Hubs

Azure Architect
Azure Architect
  • Managed Azure Hubs in 6 global regions (VNETs, Peerings, Firewalls, ExpressRoute, VPN Gateways, NSGs and UDRs) to provide Hybrid Cloud connectivity for 4000+ on-prem stores in 77 geographical and 60 online markets
  • Migrated Azure platform infrastructure code from ARM templates to Terraform
  • Configured and maintained Azure DevOps pipelines for the release of workloads to Test and Production environments
  • Supported Operations team in the deployment of Azure Firewall policies, IP Groups and the reliability of Active Directory Domain Controllers
  • Implemented Zscaler Private Access App Connectors in Azure Hubs, for Zero Trust Network Access (ZTNA) to SAP servers in spoke subscriptions
  • Monitored Azure cloud platform infrastructure with Azure Monitor, Alerts, and Log Analytics workspaces
H&M Group
Stockholm, Sweden
6 Monate
2023-01 - 2023-06

Developed and managed access control

AWS DevOps Engineer
AWS DevOps Engineer
  • Deployed AWS landing zones to development and production accounts using Terragrunt and Terraform
  • Supported a team of Data and AI Engineers with infrastructure provisioning and AWS service requests such as SFTP, Aurora RDS, S3 and Kafka
  • Developed and managed access control using AWS SSO, Okta, CloudFlare, IAM roles and policies
  • Provided support for microservices deployment to Kubernetes clusters using ArgoCD, Helm charts and manifest files
  • Automated IaC deployments to production using CodeCommit, CodeBuild, Gitlab registries and CI/CD pipelines
Allianz
Munich, Germany
6 Monate
2022-07 - 2022-12

Conducted workshops

DevSecOps Consultant - Container Security
DevSecOps Consultant - Container Security
  • Evaluated current and alternative solutions for SAST, DAST, IAST, SCA and container security by comparing tools such as SonarQube, NetSparker, NexusIQ and Aqua, against Veracode, Checkmarx, Synopsys, and Snyk
  • Conducted workshops for application teams to assess their implementation of container security and worked with them to reduce the overall organizational container security vulnerabilities by 28%
  • Reviewed Dockerfiles and Azure DevOps build pipelines for the implementation of container security best practices
  • Scanned container images for vulnerabilities in applications and third-party libraries with Aqua
  • Provided recommendations for updating base images to minor releases of less vulnerable ones based on CVSS scores
  • Investigated application security standards such as OWASP Application Security Verification Standard (ASVS), SANS Security Web Application Technologies (SWAT) Checklist, and the NIST Secure Software Development Framework (SSDF) for mapping against DevSecOps security tools
Swiss Re
Zurich, Switzerland
4 Monate
2021-10 - 2022-01

Kubernetes Security Project

Kubernetes Security Expert Kubernetes Docker Cloud-Native ...
Kubernetes Security Expert
  • Performed security audits on EKS clusters to identify issues relating to cluster, node and application security
  • Reviewed AWS IRSA authentication, Kubernetes cluster RBAC Roles, Role Bindings, Service Accounts, Signed Certificate holders and ConfigMaps
  • Investigated container runtime security, mutating and validating webhooks, admission controllers, network policies, privileged access and security contexts.
  • Evaluated security of the DevOps lifecycle, CI/CD deployment pipelines, Helm charts and supply chain security
  • Proposed an implementation of OPA Gatekeeper Admission Controller and OPA agents for whitelisting of container registries
  • Performed automated cluster security assessments with Falco, Kubescape, and Kube-bench tools against CIS Benchmarks
  • Proposed an implementation of security best practises in Kubernetes for cluster access control, image and container vulnerability scanning, and audit logging.
  • Deployed Conftest for static analysis of Dockerfiles and Kubernetes YAML manifests, and writing rules using rego commands
  • Proposed an implementation of hardened docker images for Debian and Alpine
E-Commerce
Kubernetes Docker Cloud-Native DevSecOps Security Architecture AWS
About You GmbH
Hamburg
1 Jahr 8 Monate
2019-05 - 2020-12

Hybrid Cloud Architecture Design and Security automation

Cloud Security Lead AWS Azure GitLab ...
Cloud Security Lead
  • Designed cloud architecture and event-driven security on the Nokia Hybrid Cloud (AWS & Azure)
  • Performed CI / CD data builds, and cloud automation with GitLab CI, Terraform and Python scripts
  • Managed PrivateLinks, VPC / VNet Peering, TGW and DX links on the Nokia Internal Network
  • Managed IAM service role creation, federated logins, cross-account access and alarm configs
  • Managed cloud security with AWS Security Hub, GuardDuty, Inspector and Azure Security Center
  • Performed Hybrid Cloud services consulting, security assessments and compliance audits
AWS Azure GitLab Terraform
Nokia Solutions & Networks
Accra, Ghana
2 Jahre 6 Monate
2016-12 - 2019-05

Providing managed cloud services

Cloud Operations Engineer
Cloud Operations Engineer

  • Providing managed cloud services for customers on the Nokia Worldwide IoT Network Grid (WING)
  • Supported cloud migration and on-boarding of customer VNFs and applications
  • Monitored Telco Cloud infrastructure (OpenStack, VMware, KVM) with Zabbix, Nagios and Ganglia
  • Performing incident management and resolution of customer trouble tickets through Nokia GDC

Nokia Solutions & Networks
Accra, Ghana
2 Jahre 8 Monate
2014-04 - 2016-11

Alcatel-Lucent SPOC

Network Security Engineer
Network Security Engineer

  • Alcatel-Lucent SPOC for infosec management and design on the NITA e-Government Project
  • Managed ArcSight SIEM, TippingPoint IPS, Radware WAFs and Mail Filters, and HP Firewalls
  • Initialized, lead and coordinated project security requirements of risk assessments, audits, security policies, acceptance testing, business continuity and crisis management planning

Alcatel-Lucent (Nokia)
Accra, Ghana
1 Jahr
2013-05 - 2014-04

Provided MPLS backbone support

Senior Network Engineer
Senior Network Engineer

  • Provided MPLS backbone support as part of a 24/7 NOC team for customer wide area networks
  • Managed Point-to-Point (PTP) links, 4G Radio, WiMAX, LTE and VSAT satellite transmissions
  • Monitored network performance and KPIs with PRTG, Cacti, Solarwinds and WhatsUp Gold tools
  • Conducted failover to DR and Business Continuity Process (BCP) tests on the NOC infrastructure

STL Group
Accra, Ghana
2 Monate
2013-02 - 2013-03

IT Risk and Assurance | Advisory Services

Intern - IS Auditor
Intern - IS Auditor
  • Performed IS Audits for client companies to support EY's assurance financial statements
  • Used IT general controls (ITGCs) and application controls to perform security reviews and assurance
EY Ghana

Aus- und Weiterbildung

Aus- und Weiterbildung

1 Monat
2020-08 - 2020-08

AWS Certified Solutions Architect - Professional

Cloud - AWS
Cloud - AWS
1 Monat
2020-08 - 2020-08

Microsoft Certified Azure Administrator - Associate

Cloud - Azure
Cloud - Azure
1 Monat
2020-07 - 2020-07

Microsoft Certified Azure Solutions Architect - Expert

Cloud - Azure
Cloud - Azure
1 Monat
2020-06 - 2020-06

Microsoft Certified Azure Security Engineer - Associate

Cloud - Azure
Cloud - Azure
1 Monat
2020-05 - 2020-05

Microsoft Certified Azure Fundamentals

Cloud - Azure
Cloud - Azure
1 Monat
2019-06 - 2019-06

AWS Certified Security - Specialty

Cloud - AWS
Cloud - AWS
1 Monat
2019-05 - 2019-05

AWS Certified Developer - Associate

Cloud - AWS
Cloud - AWS
1 Monat
2019-04 - 2019-04

AWS Certified Advanced Networking - Specialty

Cloud - AWS
Cloud - AWS
  • AWS Certified Solutions Architect - Associate
1 Monat
2016-09 - 2016-09

Certified Ethical Hacker (CEH)

Security
Security
1 Monat
2016-08 - 2016-08

Certified Information Systems Auditor (CISA)

Security
Security
1 Monat
2016-07 - 2016-07

Certified Information Systems Security Professional (CISSP)

Security
Security
3 Jahre 11 Monate
2007-08 - 2011-06

Computer Science

Bachelor of Science (BSc.), Kwame Nkrumah University of Science and Technology, Kumasi, Ghana
Bachelor of Science (BSc.)
Kwame Nkrumah University of Science and Technology, Kumasi, Ghana

Position

Position

  • Cloud Security
  • DevSecOps
  • DevOps
  • Cloud Architect
  • Cloud Engineer
  • Cloud Migration
  • Security Architect
  • Independent Consultant

Kompetenzen

Kompetenzen

Top-Skills

AWS Terraform Kubernetes Azure GCP GitlabCI Docker bash Python Ansible Flux PowerShell CircleCI CI/CD Cloud DevOps DevSecOps Cloud-Native GitOps IT-Sicherheitsarchitektur

Produkte / Standards / Erfahrungen / Methoden

Linux
Python
Bash Scripting
Networking
Docker / Helm
Kubernetes
Terraform
AWS/Azure/GCP
Flux /ArgoCD
GitLab/CircleCi
Azure DevOps
SIEM
ISO 27001
Incident Response
Security Auditing
PenTesting
OpenStack
Profile:

  • A Hybrid and Multi-Cloud (AWS/Azure/GCP) Solutions Architect with expertise in DevSecOps, container security, CI/CD pipelines, Kubernetes and cloud automation using Terraform
  • I have experience providing innovative Managed Security and Cloud-based solutions for Start-Up, Government and Enterprise


Personality:

  • Team Player
  • Creativity
  • Goal Oriented
  • Communication
  • Leadership
  • Innovation
  • Analysis
  • Time Management


Internship

02/2013 - 03/2013

Role: Intern

Customer: EY Ghana, Accra, Ghana


Tasks:

  • Performed IS Audits for client companies to support EY's assurance financial statements
  • Used IT general controls (ITGCs) and application controls to perform security reviews and assurance

Einsatzorte

Einsatzorte

Deutschland, Schweiz, Österreich
möglich

Projekte

Projekte

4 Jahre
2020-10 - heute

Cloud Infrastructure and Security Automation Project

Senior DevSecOps Engineer AWS Terraform Kubernetes ...
Senior DevSecOps Engineer
  • Designed and built from scratch AWS environments for dev, staging and prod using Terraform
  • Configured CircleCI pipelines for Docker build and Terraform deployment automation
  • Scripting with Python (boto3), Bash and Powershell for Lambda functions and userdata scripts
  • Deployed and managing EKS Clusters, ECR, RDS, DynamoDB, CloudFront, ACM, Route53 & WAF
  • Automated deployments to Kubernetes with GitOps using Flux and Helm
  • Implemented Single Sign-On, IAM, OAuth, Cognito, and Hashicorp Vault for auth, secrets store and SAML identity federation
  • Configured IPSec VPNs, BGP and TGW for secure connectivity between Cloud and on-premise networks
AWS Terraform Kubernetes Docker DevSecOps Python PowerShell Ansible
Trisor GmbH
Berlin
1 Jahr
2023-07 - 2024-06

Provided Cloud Security advisory to application teams

Cloud Security Consultant
Cloud Security Consultant
  • Provided Cloud Security advisory to application teams in the areas of DevSecOps, IT Risk and vulnerability management
  • Conducted pre-production security assessments and reviews of penetration tests for applications migrating to the Cloud
  • Reviewed container image vulnerabilities and Terraform IaC compliance with JFrog Artifcatory, SonarQube, Checkov and tftest
  • Investigated MSI (Market Sensitive Information) and CSI (Confidential Statistical Information) data flows across internal ECB and external ESCB (European System of Central Banks) communication systems
  • Provided support, and conducted workshops on the use of Prisma Cloud for landing zone and cloud security posture management
European Central Bank
Frankfurt, Germany
2 Jahre 1 Monat
2022-03 - 2024-03

Managed Azure Hubs

Azure Architect
Azure Architect
  • Managed Azure Hubs in 6 global regions (VNETs, Peerings, Firewalls, ExpressRoute, VPN Gateways, NSGs and UDRs) to provide Hybrid Cloud connectivity for 4000+ on-prem stores in 77 geographical and 60 online markets
  • Migrated Azure platform infrastructure code from ARM templates to Terraform
  • Configured and maintained Azure DevOps pipelines for the release of workloads to Test and Production environments
  • Supported Operations team in the deployment of Azure Firewall policies, IP Groups and the reliability of Active Directory Domain Controllers
  • Implemented Zscaler Private Access App Connectors in Azure Hubs, for Zero Trust Network Access (ZTNA) to SAP servers in spoke subscriptions
  • Monitored Azure cloud platform infrastructure with Azure Monitor, Alerts, and Log Analytics workspaces
H&M Group
Stockholm, Sweden
6 Monate
2023-01 - 2023-06

Developed and managed access control

AWS DevOps Engineer
AWS DevOps Engineer
  • Deployed AWS landing zones to development and production accounts using Terragrunt and Terraform
  • Supported a team of Data and AI Engineers with infrastructure provisioning and AWS service requests such as SFTP, Aurora RDS, S3 and Kafka
  • Developed and managed access control using AWS SSO, Okta, CloudFlare, IAM roles and policies
  • Provided support for microservices deployment to Kubernetes clusters using ArgoCD, Helm charts and manifest files
  • Automated IaC deployments to production using CodeCommit, CodeBuild, Gitlab registries and CI/CD pipelines
Allianz
Munich, Germany
6 Monate
2022-07 - 2022-12

Conducted workshops

DevSecOps Consultant - Container Security
DevSecOps Consultant - Container Security
  • Evaluated current and alternative solutions for SAST, DAST, IAST, SCA and container security by comparing tools such as SonarQube, NetSparker, NexusIQ and Aqua, against Veracode, Checkmarx, Synopsys, and Snyk
  • Conducted workshops for application teams to assess their implementation of container security and worked with them to reduce the overall organizational container security vulnerabilities by 28%
  • Reviewed Dockerfiles and Azure DevOps build pipelines for the implementation of container security best practices
  • Scanned container images for vulnerabilities in applications and third-party libraries with Aqua
  • Provided recommendations for updating base images to minor releases of less vulnerable ones based on CVSS scores
  • Investigated application security standards such as OWASP Application Security Verification Standard (ASVS), SANS Security Web Application Technologies (SWAT) Checklist, and the NIST Secure Software Development Framework (SSDF) for mapping against DevSecOps security tools
Swiss Re
Zurich, Switzerland
4 Monate
2021-10 - 2022-01

Kubernetes Security Project

Kubernetes Security Expert Kubernetes Docker Cloud-Native ...
Kubernetes Security Expert
  • Performed security audits on EKS clusters to identify issues relating to cluster, node and application security
  • Reviewed AWS IRSA authentication, Kubernetes cluster RBAC Roles, Role Bindings, Service Accounts, Signed Certificate holders and ConfigMaps
  • Investigated container runtime security, mutating and validating webhooks, admission controllers, network policies, privileged access and security contexts.
  • Evaluated security of the DevOps lifecycle, CI/CD deployment pipelines, Helm charts and supply chain security
  • Proposed an implementation of OPA Gatekeeper Admission Controller and OPA agents for whitelisting of container registries
  • Performed automated cluster security assessments with Falco, Kubescape, and Kube-bench tools against CIS Benchmarks
  • Proposed an implementation of security best practises in Kubernetes for cluster access control, image and container vulnerability scanning, and audit logging.
  • Deployed Conftest for static analysis of Dockerfiles and Kubernetes YAML manifests, and writing rules using rego commands
  • Proposed an implementation of hardened docker images for Debian and Alpine
E-Commerce
Kubernetes Docker Cloud-Native DevSecOps Security Architecture AWS
About You GmbH
Hamburg
1 Jahr 8 Monate
2019-05 - 2020-12

Hybrid Cloud Architecture Design and Security automation

Cloud Security Lead AWS Azure GitLab ...
Cloud Security Lead
  • Designed cloud architecture and event-driven security on the Nokia Hybrid Cloud (AWS & Azure)
  • Performed CI / CD data builds, and cloud automation with GitLab CI, Terraform and Python scripts
  • Managed PrivateLinks, VPC / VNet Peering, TGW and DX links on the Nokia Internal Network
  • Managed IAM service role creation, federated logins, cross-account access and alarm configs
  • Managed cloud security with AWS Security Hub, GuardDuty, Inspector and Azure Security Center
  • Performed Hybrid Cloud services consulting, security assessments and compliance audits
AWS Azure GitLab Terraform
Nokia Solutions & Networks
Accra, Ghana
2 Jahre 6 Monate
2016-12 - 2019-05

Providing managed cloud services

Cloud Operations Engineer
Cloud Operations Engineer

  • Providing managed cloud services for customers on the Nokia Worldwide IoT Network Grid (WING)
  • Supported cloud migration and on-boarding of customer VNFs and applications
  • Monitored Telco Cloud infrastructure (OpenStack, VMware, KVM) with Zabbix, Nagios and Ganglia
  • Performing incident management and resolution of customer trouble tickets through Nokia GDC

Nokia Solutions & Networks
Accra, Ghana
2 Jahre 8 Monate
2014-04 - 2016-11

Alcatel-Lucent SPOC

Network Security Engineer
Network Security Engineer

  • Alcatel-Lucent SPOC for infosec management and design on the NITA e-Government Project
  • Managed ArcSight SIEM, TippingPoint IPS, Radware WAFs and Mail Filters, and HP Firewalls
  • Initialized, lead and coordinated project security requirements of risk assessments, audits, security policies, acceptance testing, business continuity and crisis management planning

Alcatel-Lucent (Nokia)
Accra, Ghana
1 Jahr
2013-05 - 2014-04

Provided MPLS backbone support

Senior Network Engineer
Senior Network Engineer

  • Provided MPLS backbone support as part of a 24/7 NOC team for customer wide area networks
  • Managed Point-to-Point (PTP) links, 4G Radio, WiMAX, LTE and VSAT satellite transmissions
  • Monitored network performance and KPIs with PRTG, Cacti, Solarwinds and WhatsUp Gold tools
  • Conducted failover to DR and Business Continuity Process (BCP) tests on the NOC infrastructure

STL Group
Accra, Ghana
2 Monate
2013-02 - 2013-03

IT Risk and Assurance | Advisory Services

Intern - IS Auditor
Intern - IS Auditor
  • Performed IS Audits for client companies to support EY's assurance financial statements
  • Used IT general controls (ITGCs) and application controls to perform security reviews and assurance
EY Ghana

Aus- und Weiterbildung

Aus- und Weiterbildung

1 Monat
2020-08 - 2020-08

AWS Certified Solutions Architect - Professional

Cloud - AWS
Cloud - AWS
1 Monat
2020-08 - 2020-08

Microsoft Certified Azure Administrator - Associate

Cloud - Azure
Cloud - Azure
1 Monat
2020-07 - 2020-07

Microsoft Certified Azure Solutions Architect - Expert

Cloud - Azure
Cloud - Azure
1 Monat
2020-06 - 2020-06

Microsoft Certified Azure Security Engineer - Associate

Cloud - Azure
Cloud - Azure
1 Monat
2020-05 - 2020-05

Microsoft Certified Azure Fundamentals

Cloud - Azure
Cloud - Azure
1 Monat
2019-06 - 2019-06

AWS Certified Security - Specialty

Cloud - AWS
Cloud - AWS
1 Monat
2019-05 - 2019-05

AWS Certified Developer - Associate

Cloud - AWS
Cloud - AWS
1 Monat
2019-04 - 2019-04

AWS Certified Advanced Networking - Specialty

Cloud - AWS
Cloud - AWS
  • AWS Certified Solutions Architect - Associate
1 Monat
2016-09 - 2016-09

Certified Ethical Hacker (CEH)

Security
Security
1 Monat
2016-08 - 2016-08

Certified Information Systems Auditor (CISA)

Security
Security
1 Monat
2016-07 - 2016-07

Certified Information Systems Security Professional (CISSP)

Security
Security
3 Jahre 11 Monate
2007-08 - 2011-06

Computer Science

Bachelor of Science (BSc.), Kwame Nkrumah University of Science and Technology, Kumasi, Ghana
Bachelor of Science (BSc.)
Kwame Nkrumah University of Science and Technology, Kumasi, Ghana

Position

Position

  • Cloud Security
  • DevSecOps
  • DevOps
  • Cloud Architect
  • Cloud Engineer
  • Cloud Migration
  • Security Architect
  • Independent Consultant

Kompetenzen

Kompetenzen

Top-Skills

AWS Terraform Kubernetes Azure GCP GitlabCI Docker bash Python Ansible Flux PowerShell CircleCI CI/CD Cloud DevOps DevSecOps Cloud-Native GitOps IT-Sicherheitsarchitektur

Produkte / Standards / Erfahrungen / Methoden

Linux
Python
Bash Scripting
Networking
Docker / Helm
Kubernetes
Terraform
AWS/Azure/GCP
Flux /ArgoCD
GitLab/CircleCi
Azure DevOps
SIEM
ISO 27001
Incident Response
Security Auditing
PenTesting
OpenStack
Profile:

  • A Hybrid and Multi-Cloud (AWS/Azure/GCP) Solutions Architect with expertise in DevSecOps, container security, CI/CD pipelines, Kubernetes and cloud automation using Terraform
  • I have experience providing innovative Managed Security and Cloud-based solutions for Start-Up, Government and Enterprise


Personality:

  • Team Player
  • Creativity
  • Goal Oriented
  • Communication
  • Leadership
  • Innovation
  • Analysis
  • Time Management


Internship

02/2013 - 03/2013

Role: Intern

Customer: EY Ghana, Accra, Ghana


Tasks:

  • Performed IS Audits for client companies to support EY's assurance financial statements
  • Used IT general controls (ITGCs) and application controls to perform security reviews and assurance

Vertrauen Sie auf Randstad

Im Bereich Freelancing
Im Bereich Arbeitnehmerüberlassung / Personalvermittlung

Fragen?

Rufen Sie uns an +49 89 500316-300 oder schreiben Sie uns:

Das Freelancer-Portal

Direktester geht's nicht! Ganz einfach Freelancer finden und direkt Kontakt aufnehmen.