Cybersecurity Analyst in Devops

Hard Skills

- DevSecOps & CI/CD Security Automation

- Cloud Security (AWS, Azure, GCP)

- Container Security (Docker, Kubernetes)

- Vulnerability Management & Penetration Testing

- SIEM & Log Analysis (Splunk, Elastic Stack)

- Infrastructure as Code Security (Terraform, CloudFormation)

- Security Frameworks & Compliance (ISO 27001, SOC 2, NIST)

- Threat Intelligence & Incident Response

- Scripting & Automation (Python, Bash, PowerShell)

Soft Skills

- Cross-team Collaboration & Communication

- Problem Solving & Critical Thinking

- Agile & DevOps Culture Advocacy

- Continuous Learning & Tech Adaptability

- Stakeholder Engagement & Reporting

*Senior Cybersecurity Analyst – DevSecOps*

*InnovateTech Solutions | San Francisco, CA*

June 2022 – Present

- Embedded security controls into CI/CD pipelines for over 20 microservices architectures, reducing deployment vulnerabilities by 40%.

- Led the development of an automated container vulnerability scanner integrated with Kubernetes clusters, decreasing runtime security threats.

- Implemented a Zero Trust security model across hybrid cloud environments, enhancing access controls and minimizing lateral movement risks.

- Conducted persistent vulnerability assessments and coordinated remediation efforts, enabling compliance with ISO 27001 standards.

*DevSecOps Engineer*

*CloudSecure Inc. | San Jose, CA*

January 2020 – May 2022

- Developed infrastructure security policies that automated compliance checks during pipeline execution, ensuring 100% audit readiness.

- Built custom scripts for threat detection utilizing machine learning techniques on log data, improving early incident identification.

- Managed cloud security configurations with Terraform and AWS Security Hub, optimizing resource security posture.

- Facilitated cross-departmental training sessions on secure coding practices and security automation tools.

*Security Operations & Automation Specialist*

*NextGen Tech | Mountain View, CA*

July 2017 – December 2019

- Monitored security alerts via SIEM platforms, reducing false positives by 25% through rule tuning.

- Automated incident response workflows, decreasing mean time to containment (MTTC) by 30%.

- Collaborated with developers to embed security testing into development cycles, fostering a DevOps mindset for security.

**Bachelor of Science in Cybersecurity & Information Assurance**

University of California, Berkeley | 2013 – 2017

- Certified Cloud Security Professional (CCSP) – (ISC)²

- AWS Certified Security – Specialty

- Certified DevSecOps Professional (CDP) – DevOps Institute

- Offensive Security Certified Professional (OSCP)

- **Cloud-native Security Automation Platform:** Designed a serverless platform on AWS Lambda that runs automated security scans and compliance reports, reducing manual effort and expediting audits.

- **Secure Kubernetes Deployment Pipeline:** Implemented admission controllers and network policies, resulting in hardened container orchestration environments with minimal performance impact.

- **AI-driven Threat Detection System:** Developed a machine learning model that analyzed log patterns and flagged anomalous activity, increasing threat detection speed by 50%.

- CI/CD: Jenkins, GitLab CI, GitHub Actions

- Cloud Platforms: AWS, Azure, GCP

- Containerization: Docker, Kubernetes

- Security Tools: Prisma Cloud, Aqua Security, Snort, Metasploit

- Automation & Scripting: Python, Bash, PowerShell

- Monitoring & Logging: Splunk, Elastic Stack, Prometheus

- English (Fluent)

- Spanish (Professional Working Proficiency)