Download PDF

Cloud Security Engineer with 8+ years of experience across AWS, Azure, and GCP. Proven ability to enhance security posture across 1,000+ cloud accounts through automation, Infrastructure as Code (Terraform, CloudFormation), and policy-driven guardrails. Deep experience with Wiz (CSPM/CNAPP), AWS IAM Identity Center, SCPs, and automated account lifecycle management. Strong background in network security, vulnerability management, incident response, and compliance (PCI DSS). Passionate about building secure, scalable cloud environments and collaborating with engineering teams to embed security early.

Professional Experience

July 2020April 2026

Cloud Security Engineer II

Sony Interactive Entertainment, LLC
  • Collaborated with InfoSec teams across North America, Europe, Oceania, and Asia, including regular coordination with partners on the JP Security Engineering team, to align security standards and practices globally.
  • Helped drive cloud security initiatives across cross-cultural, distributed teams, ensuring consistent policy application across regions while accommodating local compliance and operational requirements.
  • Enhanced cloud security posture across 1,000+ AWS, Azure, and GCP accounts; led the transition from PrismaCloud to Wiz as the primary CNAPP tool and managed Wiz configuration, custom RBAC roles, projects, and policy frameworks entirely in Terraform.
  • Partnered with multiple first-party studios and internal organizations to advance shift-left security adoption by deploying Wiz brokers to connect Wiz Code with studio development environments, enabling earlier identification and remediation of vulnerabilities in the SDLC.
  • Implemented and tuned Wiz Code policies aligned to Sony Security Standards.
  • Contributed to automation of IAM role and other infrastructure deployments, as well as cloud account tagging across the entire AWS footprint, ensuring consistent metadata for governance, cost allocation, and policy enforcement.
  • Helped build a source-of-truth repository for AWS account CloudFormation template configurations and account-level tags, enabling centralized infrastructure-as-code management and auditability.
  • Helped build automation to deploy security-managed IAM roles across SIE’s entire AWS environment and automated the AWS cloud account lifecycle end to end.
  • Partnered with Global Security Architecture and Governance, Risk, and Compliance teams to develop a fully automated account provisioning process using CloudFormation, later migrating to Terraform.
  • Created and maintained Service Control Policies for multiple OUs across PSN and enterprise accounts.
  • Contributed significantly to AWS Identity Center adoption for cloud account access across multiple first-party studios.
  • Deployed and managed Wiz Sensor across SIE’s entire Kubernetes infrastructure, including EKS, AKS, and GKE.
  • Collaborated with SOC and Incident Response teams to fine-tune Wiz Defend threat detections, improving MTTD/MTTR.
  • Supported PCI DSS auditing and compliance.
Sept 2018July 2020

Security Operations Administrator

Sony Interactive Entertainment, LLC
  • Helped create secure AWS environments using VPCs, Security Groups, hardened EC2 instances aligned with CIS benchmarks, IAM Roles/Policies, and Auto Scaling to support high availability.
  • Helped automate deployments through CI/CD pipelines such as Jenkins, automated configuration tools such Ansible and AWS Config, and CloudFormation to improve consistency and efficiency across infrastructure delivery processes.
  • Managed secrets using HashiCorp Vault, CyberArk, and AWS Secrets Manager to strengthen credential security and access control.
  • Administered WAF policies in Akamai Kona and Imperva to block DDoS, XSS, SQLi, and brute force attacks.
  • Monitored security posture and threats using PrismaCloud, GuardDuty, McAfee DAM, and CloudPassage across cloud and application environments.
  • Implemented layered cloud security controls and operational practices to support resilient, scalable, and secure infrastructure management.
Aug 2017Sept 2018

Systems Administrator

QuadraNet, Inc.
  • Deployed and maintained servers in a 24/7/365, multi-platform data center environment, primarily supporting CentOS/RHEL systems serving live websites and customers.
  • Configured and troubleshot LAMP server environments to support reliable hosting operations and service continuity.
  • Implemented server security controls, including firewall configuration with iptables, firewalld, CSF, and Windows Firewall; mitigated DDoS and brute-force attacks; and applied best practices such as RSA key authentication and remote access over non-standard ports.
  • Executed server migrations with little-to-no downtime and configured both hardware and software RAID to strengthen availability and resilience.
  • Maintained QuadraNet's in-house cloud platform, InfraCloud, and managed core networking functions including VLAN management, switch configuration on Cisco and Juniper equipment, static routing, server network configuration, and troubleshooting in a highly complex environment with multiple upstream network partners.
  • Produced run books documenting policies, procedures, and common to complex issue resolutions; performed proactive server monitoring and management; and supported Root-Cause Analysis with clients following downtime to resolve issues before client awareness.
Nov 2016August 2017

Systems Administrator

DIRECTV (AT&T Entertainment Group)
  • Provided technical support to QA testers and Software Engineers, ensuring reliable day-to-day systems availability and issue resolution.
  • Administered LDAP environments by creating and removing accounts and managing user and group permissions.
  • Configured and managed network infrastructure, including VLANs, wired and wireless routers, Cisco switches, NTP servers, NFS storage servers, DHCP servers, and DNS servers.
  • Managed servers across a multi-platform environment spanning CentOS/RHEL and Windows Server systems.
  • Implemented Linux system installations and configurations using iPXE and Kickstart to support consistent provisioning processes.
  • Deployed and troubleshot virtualization environments using VMware vSphere and ESXi, while supporting automation with CFEngine, basic Bash scripting, repository package management, proprietary equipment installation, and comprehensive documentation maintenance.
JAN 2015May 2016

Systems Administrator

Groupt, Inc.
  • Collaborated directly with the CTO to design and deploy Linux servers from the ground up.
  • Administered LAN, WAN, and VPN environments, including the installation and configuration of wireless access points.
  • Implemented and configured MySQL and PostgreSQL databases for Ubuntu Server environments.
  • Improved system redundancy by introducing high-availability and disaster recovery solutions, including RAID configurations and internal cloud backup.
  • Troubleshot and resolved system and network issues using TCP/dump and Wireshark to verify proper network paths and restore functionality.
  • Secured company data through the implementation of SSL/TLS, server-side encryption, and the creation of SSL certificates and private keys.
  • Installed and configured Atlassian JIRA for issue and project tracking, and administered the JIRA ticketing system.
  • Provided technical leadership in the adoption and use of JIRA, Mattermost, and ownCloud across the team.
  • Managed multiple projects simultaneously, maintained current project updates, and participated in weekly SCRUM meetings with team members.

Education

Jan 2013May 2016

Bachelor of Science (B.S.) in Applied Information Management Systems

Loyola Marymount University

Skills

Cloud security
  • AWS, Azure, and GCP security best practices.
  • Secure deployments via CI/CD pipelines
  • Encryption
  • IAM least privileging
  • SIEM (Splunk)
  • CSPM/CNAPP (PrismaCloud, Wiz)
  • Infrastructure as Code (CFN, Terraform)
  • Data Classification and Security (PII, SOX, GDPR)
Programming and scripting Languages
  • Bash
  • Python
Computer Security
  • Knowledgeable of computer security concepts and best practices.
  • Research and deployment
  • Endpoint Security
  • Container Security
  • SSL/TLS
  • RSA and SHA encryption
  • DDoS Mitigation
Computer Hardware and networking
  • LAN/WAN Administration, VPN, TCP/IP, Routers and Switches, Apache and Nginx Webservers
  • Systems Installation, Configuration & Upgrading
  • RAID configurations
  • Virtualization: VMWare vSphere, ESXi, OpenVZ, SolusVM, and XenServer.
  • Media Streaming Technologies
  • Audio/Visual Technologies
Mac, PC, and Linux Computer Platforms
  • Linux (CentOS/RHEL/Amazon Linux, Fedora, Ubuntu)
  • Kubernetes
  • Windows and Windows Server
  • MacOS
  • Android, iOS
Database Design, Management and Big Data Applications
  • AWS DynamoDB
  • MySQL/MariaDB
  • MongoDB
  • Relational Databases (RDBMS)
  • Data Integrity and Disaster Recovery