Featured Projects

A showcase of key projects that demonstrate my expertise in building scalable, secure cloud infrastructure, DevSecOps practices, governance initiatives, and comprehensive security automation solutions.

Governance & Compliance
Technical Implementation
Security Standards Review & Update Initiative
Delegate & ContributorSummer 2025

Led enterprise-wide security policy modernization initiative as Cloud Security Engineer, serving as both Delegate and Contributor for 5+ core security policies. Collaborated cross-functionally to align 24+ policies with cloud-native practices, regulatory frameworks, and evolving business needs.

Key Features & Contributions:

  • Led Access Control Policy updates for cloud-native IAM and federated identity
  • Contributed to Vulnerability Management, Logging, and Network Security policies
  • Aligned policies with NIST, ISO 27001, and SOC 2 compliance frameworks
  • Implemented cloud security controls for AWS GuardDuty and Azure Defender integration
NIST 800-53
ISO 27001
CIS Benchmarks
AWS
Azure
Okta
CloudWatch
Multi-Cloud Security Platform

Designed and implemented a comprehensive multi-cloud security platform with zero-trust architecture, automated threat detection, and compliance monitoring across AWS, Azure, and GCP. Features centralized security orchestration and automated incident response.

Key Features & Contributions:

  • Zero-trust network architecture implementation
  • Automated threat detection and response across clouds
  • Centralized compliance monitoring and reporting
  • Security orchestration and automated remediation
AWS Security Hub
Azure Security Center
Terraform
Kubernetes
Prometheus
Python
DevSecOps Pipeline Automation

Built comprehensive DevSecOps pipelines with integrated security scanning, vulnerability assessment, and automated compliance checks. Implemented security gates at every stage of the development lifecycle with automated rollback capabilities.

Key Features & Contributions:

  • Automated SAST/DAST security scanning integration
  • Container image vulnerability assessment
  • Infrastructure security compliance checks
  • Automated security incident response and rollback
Jenkins
Docker
SonarQube
Snyk Code
OWASP ZAP
Trivy
Kubernetes
Cloud Security Monitoring Suite

Implemented end-to-end cloud security monitoring and observability stack with threat intelligence integration, automated alerting, and security analytics. Provides comprehensive visibility into multi-cloud security posture and compliance status.

Key Features & Contributions:

  • Real-time threat detection and intelligence correlation
  • Automated security incident escalation and notification
  • Cloud security posture management and drift detection
  • Compliance reporting and audit trail automation
AWS GuardDuty
Azure Sentinel
Prometheus
Grafana
ELK Stack
Python
Secure Infrastructure as Code Framework

Developed a comprehensive secure IaC framework with built-in security policies, compliance checks, and automated security hardening. Includes security-first modules for common cloud patterns and automated security testing.

Key Features & Contributions:

  • Security-hardened infrastructure modules and templates
  • Automated security policy enforcement and compliance checks
  • Infrastructure security scanning and vulnerability assessment
  • Multi-cloud security configuration management
Terraform
Ansible
AWS Security Hub
Azure Security Center
Python
Go
Hybrid Identity Federation with AWS IAM Identity Center, Microsoft Entra ID, and Okta SCIM

Architected and implemented enterprise hybrid identity federation solution integrating AWS IAM Identity Center with Microsoft Entra ID as primary external identity provider and Okta for on-premises Active Directory integration. Configured SCIM-based provisioning for seamless identity synchronization across cloud and on-premises environments.

Key Features & Contributions:

  • AWS IAM Identity Center configuration with Entra ID as external IdP
  • Okta SCIM connector for on-premises AD to Azure and AWS synchronization
  • Multi-cloud identity federation with centralized access management
  • Automated user provisioning and deprovisioning across cloud platforms
  • Single Sign-On (SSO) and Multi-Factor Authentication (MFA) enforcement
  • Identity compliance and audit trail for hybrid environments
AWS IAM Identity Center
Microsoft Entra ID
Okta
SCIM
Active Directory
AWS
Azure
SOC 2 Compliance Implementation Framework

Enterprise-Grade Security Compliance Documentation. A comprehensive framework for achieving and maintaining SOC 2 Type II certification. Includes policies, procedures, evidence templates, and continuous monitoring strategies.

Key Features & Contributions:

  • SOC 2 Type II certification roadmap and implementation guide
  • Security controls documentation and evidence collection templates
  • Risk assessment and control mapping frameworks
  • Continuous compliance monitoring and audit trails
SOC 2
Compliance
Security Controls
Audit
Documentation
SOC 2 Compliance Automation

Automated SOC 2 compliance monitoring and reporting platform. Streamlines evidence collection, automates compliance checks, and generates audit-ready reports for continuous SOC 2 Type II certification maintenance.

Key Features & Contributions:

  • Automated evidence collection and compliance status tracking
  • Real-time compliance monitoring and alerting
  • Audit-ready report generation and evidence documentation
  • Continuous compliance automation and remediation workflows
SOC 2
Automation
Cloud Security
Compliance Monitoring
Python
Just-In-Time (JIT) AWS Access Management System

Provides temporary, time-bound access to AWS resources with automated approval workflows and comprehensive audit trails. This system eliminates standing privileged access while maintaining operational efficiency through automated provisioning and role-based access control.

Key Features & Contributions:

  • Automated access provisioning with low-risk requests auto-approved in seconds
  • Approval workflows for high-risk requests requiring manager authorization
  • Time-limited access with automatic expiration (1 hour maximum)
  • Manual revocation capabilities to revoke access anytime before expiration
  • Role-based access control with different permissions for engineers and managers
  • Email notifications for all access events, manager alerts, and revocation notices
  • Full audit trail with CloudWatch logging and HTTPS web portal via CloudFront
AWS
Lambda
Python
AWS Cognito
CloudFront
CloudWatch

Project Impact

24+

Security Policies Modernized

5+

Cloud Platforms Secured

99.5%

System Uptime Achieved