Day Johnson

DevOps Engineer

Dallas, Texas, United States6 yrs experience

Most Likely To Switch

Key Highlights

Expert in Threat Hunting and Incident Response.
Developed AWS threat detection frameworks adopted company-wide.
Strong community builder in cybersecurity education.

Stackforce AI infers this person is a Cybersecurity professional specializing in Threat Detection and Incident Response within SaaS environments.

Contact

daysprings2020@gmail.com LinkedIn

Skills

Core Skills

Incident ResponseThreat HuntingThreat DetectionCloud Security

Other Skills

SQLIT Security OperationsSecurity Information and Event Management (SIEM)SplunkSOARPython (Programming Language)Amazon Web Services (AWS)AWS SecurityCyber Threat Intelligence (CTI)Cyber Threat Hunting (CTH)AWS LambdaCyber DefenseAWSInfrastructure-as-CodePython

About

All opinions are mine, not those of my previous, current, or future employers. Hi, I'm Day (@daycyberwox). Skilled in Defensive Cybersecurity Operations relating to Cloud Security, SecDevOps & DevSecOps, Detection Engineering, Incident Response, Threat Hunting, Threat Intelligence, SIEM Engineering, Data Analysis, Security Automation, & Cybersecurity Training. My career is focused on helping to build, mature & scale defensive cybersecurity operations. In my free time, I enjoy creating valuable cybersecurity content and building community.

Experience

6 yrs

Total Experience

1 yr 10 mos

Average Tenure

2 yrs 5 mos

Current Experience

Amazon

Security Engineer, Incident Response & Threat Hunting

Dec 2023 – Present · 2 yrs 5 mos · Dallas-Fort Worth Metroplex · On-site

I currently serve on the Proactive Security Operations team, focusing on Threat Hunting & Incident Response for Amazon's Global Customer Service Operations. This specialized unit within the Worldwide Amazon Customer Service Security organization is dedicated to staying ahead of emerging security threats.
As part of this team, I'm responsible for leading the design, development & architecture of our custom threat hunting target analysis engine. This serverless application on AWS, built with infrastructure-as-code (IaC) using AWS CDK (Typescript), facilitates threat hunts, threat intelligence, and adversarial emulation engagements.
I also lead Incident Response Engineering efforts spanning investigations into high-profile incidents involving insider threats, data exfiltration, fraud and abuse, account takeovers, application vulnerabilities, and sophisticated organized crime threat actors.
Responsibilities included rotating as Incident Commander for high-severity incidents and managing various high-visibility and critical security events. The position encompassed developing automated response workflows using Python and Splunk SOAR to enhance operational efficiency, while collaborating with cross-functional teams, HR, and Legal to handle sensitive investigations and improve detection capabilities.

SQLIT Security OperationsSecurity Information and Event Management (SIEM)SplunkSOARPython (Programming Language)+8

Collin college

Cybersecurity Tutor

Jun 2022 – Apr 2023 · 10 mos · Frisco, Texas, United States · On-site

Planned and designed a tutoring program for security fundamentals with the end goal of helping students learn core skills that can help them attain internships.
This role was held alongside my role at Datadog.

Datadog

Security Engineer, SaaS & Cloud Threat Detection

Mar 2022 – Dec 2023 · 1 yr 9 mos · Remote

As a Security Engineer on Datadog's Security Detection & Research team, I specialized in developing threat detection use cases across major SaaS platforms (Microsoft 365, Google Workspace, Okta) and cloud environments (AWS, Azure, GCP, Kubernetes). From March 2022 to July 2023, I developed critical logging pipelines, security dashboards, and an innovative AWS Threat Emulation framework using Stratus Red Team and Datadog's Cloud SIEM. This framework was adopted company-wide for customer onboarding and AWS threat detection testing, contributing to my promotion to Security Engineer II.
During a strategic engagement with the Cloud Workload Security Team, I restructured network utility detections to significantly reduce false positives, specifically targeting suspicious URI communications and data exfiltration via curl or wget. This work substantially improved threat detection accuracy across Linux and container environments.
As a security evangelist, I represented Datadog at major conferences including fwd:cloudsec, DASH, Texas Cyber Summit, and AfroTech. I established technical partnerships with industry leaders such as 1Password, Tailscale, Jamf, and Cloudflare to create collaborative threat detection use cases. Through conference presentations, blogs, and technical collaborations, I consistently demonstrated my ability to communicate complex security concepts while advancing cloud security understanding in the industry.
👇🏽See more in the blogs below!

AWS SecurityCloud SecurityDatadogGitHubGoogle Cloud Platform (GCP)Security Information and Event Management (SIEM)+1

Optiv

Threat Analyst, Advanced Fusion Center

Jun 2021 – Feb 2022 · 8 mos · Irving, TX · Hybrid

As a Threat Analyst in Optiv's Advanced Fusion Center, I served as the primary detection and response specialist for a Fortune 50 client, managing initial alert triage and threat response using an integrated security stack including Splunk, Crowdstrike, Tanium, and Cortex XSOAR. My strong performance in this role led to a promotion to Threat Analyst II within my first five months.
I was subsequently transferred to a Fortune 500 client engagement focusing on Active Directory threat hunting, endpoint threat detection, and Azure cloud security. During this brief but high-impact assignment, I successfully identified the root cause of a persistent threat actor's continued access to the client's environment and played a key role in developing and implementing remediation strategies.
Throughout both engagements, I demonstrated expertise in threat detection across diverse technology environments, incident response coordination, and the ability to deliver actionable security insights to enterprise clients. My rapid promotion reflected my commitment to excellence in threat analysis and client service delivery.