Cloud Security Engineer | IAM & Identity Specialist | Melbourne, Australia
I build AWS security automation and identity governance controls backed by real test evidence. Delivered a zero-incident Entra ID migration for a critical infrastructure organisation, more than 40 applications, 500+ users, and cut the phishing-prone rate from 13% to 4.8% in under three months. Currently sitting AWS SAA-C03 (Jun 2026) and SC-300 (Jul 2026).
Event-driven IAM security pipeline that detects unauthorised privilege escalation, runs governance-aware remediation logic, and sends structured alerts — end-to-end validated with real CloudWatch logs and SNS output.
Stack: CloudTrail · EventBridge · Lambda · SNS · DynamoDB · Terraform · Python/Boto3
- Detects
AttachUserPolicyabuse in near real-time via CloudTrail and EventBridge - DynamoDB exception registry with TTL — approved exceptions auto-expire, no manual cleanup
- Human-in-the-loop dry-run mode before live enforcement eliminates accidental lockout risk
- Lambda IAM role scoped to
iam-test-useronly — no over-permissioned execution role - Handles the IAM/us-east-1 global service logging problem with a dedicated Terraform provider alias
- CloudTrail log file validation, SNS encryption, S3 SSE-KMS — hardened end to end
- Modular Terraform, S3 remote state, DynamoDB locking, AssumeRole — no long-term credentials
Automated Cloud Security Monitoring & Remediation S3 security controls, Python, Boto3, AWS automation |
Enterprise IAM Governance Lab Joiner-Mover-Leaver automation in Python/Boto3. CloudTrail log parser with CloudWatch alerting for high-value IAM role changes. |
Terraform Secured S3, EC2 & IAM Infrastructure-as-Code with lifecycle management, least-privilege IAM roles, and encryption automation. |
Java Web App Deployment with AWS CI/CD EC2, S3, CodePipeline, CodeDeploy, CodeArtifact |
Azure Security Operations & Threat Detection Deployed honeypot Azure VMs to capture real attacker traffic. Built KQL detection rules correlating Event ID 4625 with GeoIP data, generating Sentinel incidents with attacker context pre-attached. |
Threat Hunting — Australian University Incidents Analysed three real incidents — ANU ransomware, WSU 580TB SSO exfiltration, QUT PrintNightmare. Full MITRE ATT&CK mapping with Navigator layer JSON. |
SolarWinds Cyber Risk Management Applied ISO 27001 and NIST frameworks to the SolarWinds supply chain attack — risk evaluation, control prioritisation, executive reporting. |
SOC Analyst Technical Assessment End-to-end SOC investigation framework covering SIEM analysis, log correlation, MITRE ATT&CK mapping, IR workflow, evidence handling, and executive reporting. |
Cloud AWS (CloudTrail, EventBridge, Lambda, SNS, DynamoDB, IAM, S3, Security Hub)
Azure (Sentinel, Defender for Cloud, Entra ID)
IaC Terraform (modular), CloudFormation
Languages Python, Boto3, KQL, PowerShell, Bash, YAML
Identity Entra ID, Okta, SAML, OIDC, OAuth, MFA, Conditional Access, RBAC
Security MITRE ATT&CK, Cisco XDR, Rapid7 InsightVM, KnowBe4
Frameworks NIST CSF 2.0, ISO 27001, ASD Essential Eight, APRA CPS 234
| Credential | Status |
|---|---|
| CompTIA Security+ | Achieved 2024 |
| CompTIA Network+ | Achieved 2024 |
| AWS Solutions Architect – Associate | Exam scheduled Jun 2026 |
| Microsoft SC-300: Identity & Access Administrator | Exam scheduled Jul 2026 |
| AWS Security Specialty | Planned Q4 2026 |

