May 2025 – Present · 1 yr

Jan 2024 – Jul 2025 · 1 yr 6 mos · Irving, Texas, United States · Hybrid

• Spearheaded enhancements in incident response by automating threat detection and mitigation across cloud infrastructure, which has strengthened response times and bolstered security posture.
• Led the strategic migration from AWS CDK to Terraform Enterprise, supporting the roll-out of our automated incident response framework (CCAF) on both AWS and Google Cloud.
• Reduced technical debt by 85% by streamlining AWS controls and migrating incident response tools to compliant platforms.
• Integrated tools like Snyk, SonarQube, and Tflint into CI/CD pipelines to boost security and code quality.
• Created playbooks and standardized secure coding practices, empowering our incident response teams in AWS and GCP environments.
• Designed custom incident response strategies for Amazon EKS with AWS-specific security protocols.
• Architected and deployed an automated response framework on Google Cloud, leveraging Terraform Enterprise, Cloud Workflows, Cloud Functions, and Pub/Sub for scalable incident response.
• Contributed insights in Cloud Security Architecture Review forums, shaping security recommendations for critical products in AWS and GCP.

Aug 2021 – Jan 2024 · 2 yrs 5 mos · Irving, Texas, United States · Hybrid

• Led the development of an AWS Incident Response framework using AWS CDK, cutting response times by over 65% through automation.
• Built a custom AWS acceptance testing platform with Terraform to ensure the resilience of our incident response framework.
• Developed a DevSecOps pipeline using AWS services like CodePipeline, SonarQube, CodeCommit, and CodeBuild for secure and seamless deployments.
• Strengthened AWS security with preventive controls using HashiCorp Sentinel and Open Policy Agent.
• Established security metrics and analysis through Splunk, providing actionable insights on performance and trends.
• Partnered with stakeholders to gather requirements and develop custom AWS security controls aligned with business objectives.

Jan 2024 – Present · 2 yrs 4 mos · Dallas, Texas, United States

• The DevSec Blueprint is a comprehensive, free, and open-source learning guide designed to equip you with the essential skills and knowledge needed to transition into DevSecOps or grow within your DevSecOps career.

Jul 2020 – Jul 2021 · 1 yr

• Developed proof-of-concept applications to enhance IT security operations and support key security governance initiatives.
• Built and implemented a scalable DevSecOps pipeline, streamlining large-scale deployments and reducing overhead using Jenkins, SonarQube, Fortify, BlackDuck, and Ansible.
• Designed and deployed an AI/ML-powered video recommendation engine for an enterprise-wide ticketing system, improving ticket management efficiency and reducing open requests by over 35%.
• Delivered technology solutions that consistently met or exceeded performance standards by thoroughly analyzing project requirements.
• Authored clear, comprehensive API documentation and automated deployment guides, enabling seamless use and understanding for development teams.

Jan 2019 – Jul 2020 · 1 yr 6 mos

• Developed efficient, high-quality code across various projects, enhancing system functionality and performance.
• Built and maintained a custom email management system for the Application Security team, improving the tracking and updating of service tickets.
• Engaged in the full software development lifecycle—prototyping, designing interfaces, implementing, testing, and maintaining solutions—to deliver robust, reliable applications.
• Contributed to the development of scalable REST APIs for an in-house Data Loss Prevention (DLP) product, serving over 1,000 internal users.
• Implemented information security standards, procedures, and guidelines to ensure compliance and strengthen the overall security posture.

Jun 2018 – Aug 2018 · 2 mos · Irving, Texas

• Designed, maintained, and supported robust information security systems to ensure secure and efficient daily operations.
• Developed a comprehensive security framework using Docker, Jenkins, Kubernetes, Python, Git, Blackduck, Twistlock, and Zap, enhancing container security and streamlining development workflows.
• Conducted static and dynamic code testing, automated security scans, threat modeling, design reviews, and penetration testing of Docker containers, identifying and mitigating vulnerabilities to strengthen security defenses.
• Assisted in establishing AWS EC2 baselines and created detailed standard operating procedures, supporting consistent security practices and compliance.

Sep 2017 – Dec 2018 · 1 yr 3 mos · Houston, Texas Area

• Installed and maintained university systems, network infrastructure, and the Remedy ticketing system, ensuring smooth and reliable operations.
• Performed troubleshooting and repairs to resolve technical issues, minimizing downtime and enhancing system reliability.
• Provided recommendations and developed technical designs for new application features, contributing to system improvements and boosting user satisfaction.
• Trained users on effective hardware and software usage, equipping them with troubleshooting skills and improving overall productivity.

May 2017 – Aug 2017 · 3 mos · Houston, Texas Area

• Evaluated applications and software patches for desktop applications, ensuring compatibility and resolving desktop issues effectively.
• Developed and implemented PowerShell scripts to enhance desktop deployment performance and efficiency.
• Collaborated with vendors to assess new technologies and provided management with strategic recommendations on adoption and integration.