Professional Summary
Senior Security Engineer with 10+ years of experience owning security programs in regulated, production environments. Extensive background in cloud security, vulnerability management, monitoring, compliance support and security architecture. Proven ability to operate as a sole security engineer, translate security frameworks into practical engineering controls, and build audit-ready evidence. Currently leading SOC 2 readiness efforts and preparing for ISO/IEC 27001, with planned expansion into FedRAMP and GovCloud environments. Highly capable of rapidly adapting to DoD cybersecurity frameworks and tooling.
Core Skills and Competencies
- Security Engineering and Architecture
- Vulnerability Management and Risk Assessment
- Security Monitoring and Incident Support
- Compliance, Audit and Evidence Development
- NIST-Based Frameworks and Control Mapping
- Secure Cloud Architecture (AWS)
- DevSecOps and Infrastructure as Code
- Cross-Functional Security Leadership
- Security Documentation and Risk Communication
Technical Skills
Security and Monitoring
- Vulnerability assessment and remediation workflows
- SIEM Platforms: Splunk, ELK/Opensearch, Logz.io
- Log analysis and investigation support
- Burp Suite (web application testing)
Compliance and Frameworks
- NIST CSF and NIST 800-series concepts
- SOC 2 (Trust Services Criteria) readiness and evidence
- ISO/IEC 27001 preparation and governance concepts
- Audit support and control documentation
- Risk assessment and mitigation tracking
Cloud and Systems
- AWS security services (IAM, logging, monitoring, WAF)
- Linux (Ubuntu, RHEL concepts)
- Windows Server and endpoint security fundamentals
DevSecOps and Automation
- Infrastructure as Code: Terraform, CloudFormation
- CI/CD security integration
- Python and Powershell scripting
- Git-based workflows
Government and Authorization Readiness (Current/In Progress)
- DoD RMF concepts and control structure
- DISA STIG familiarity and implementation planning
- FedRAMP and GovCloud security planning concepts
- Security documentation structured for authorization readiness
Professional Experience
Security Engineer | DHI Group, Inc | June 2020 - Present
- Serve as the sole security engineer, owning the organization’s security posture across cloud infrastructure, applications, and supporting systems.
- Maintain end-to-end responsibility for security engineering, vulnerability management, monitoring, compliance support, and incident response collaboration within a regulated production environment.
- Act as the primary authority for security risk decisions, balancing security requirements with operational and business constraints and providing clear rationale for remediation or risk acceptance.
- Provide security architecture guidance during system design, platform changes, and feature development to reduce risk prior to deployment.
- Design, implement, and maintain security controls for cloud-hosted environments, including secure configuration, access control, logging, and monitoring aligned with NIST-based frameworks.
- Own the vulnerability management lifecycle, including identification, prioritization, remediation tracking, and risk acceptance, with a focus on reducing material risk rather than scanner noise.
- Own the vulnerability management lifecycle, including identification, prioritization, remediation tracking, and risk acceptance, with a focus on reducing material risk rather than scanner noise.
- Translate vulnerability, assessment, and compliance findings into actionable remediation guidance for engineering teams.
- Support security monitoring and investigation activities through SIEM platforms and log analysis, assisting with incident response investigations and post-incident improvement efforts.
- Support compliance and audit initiatives by developing and maintaining security documentation and evidence, and by translating control requirements into practical technical implementations.
- Integrate security considerations into CI/CD pipelines and infrastructure-as-code workflows to improve consistency, traceability, and repeatability of security controls.
- Serve as a trusted security advisor and escalation point for engineering and leadership stakeholders, providing clear communication on security risk, tradeoffs, and system impact.
Compliance and Authorization Initiatives
- Serve as a trusted security advisor and escalation point for engineering and leadership stakeholders, providing clear communication on security risk, tradeoffs, and system impact.
- Preparing for ISO/IEC 27001 by strengthening information security governance, documentation practices, and control consistency.
- Planning expansion into FedRAMP and GovCloud environments, focusing on understanding requirements and preparing security controls accordingly.Contributing to longer-term planning for FedRAMP and GovCloud readiness, including understanding authorization requirements, shared responsibility models, and continuous monitoring expectations.
- Developing security documentation and evidence processes designed to scale from commercial compliance frameworks to U.S. government authorization requirements.
Certifications
- CompTIA Security+ - Planned (2026)