Emmanuel Eze - Senior Cloud Security / Infrastructure Engineer

Summary

Senior Cloud Security Engineer with over 10 years of experience designing, securing, and operating enterprise-scale cloud, hybrid, and on-premise environments. Proven expertise across Azure, Microsoft 365, and AWS with strong focus on security architecture, Zero Trust, IAM, PKI, SIEM/SOC operations, vulnerability management, DevSecOps, and regulatory compliance. Extensive experience supporting public-sector and regulated environments, aligning technical controls with governance, risk, and compliance (GRC) frameworks including ISO 27001, NIST, CIS Controls, GDPR, HIPAA, and PCI DSS.

Overview

6

years of professional experience

1

Certification

Work history

Senior Cloud Security / Infrastructure Engineer

OFWAT

2023.12 - 2026.01

Designed and implemented Cloud PKI (Root & Issuing CA) to support certificate-based authentication for enterprise Wi-Fi and RADIUS (UPAM) using Entra ID.
Operate Microsoft Sentinel and Microsoft 365 Defender to investigate alerts, incidents, and security events aligned with MITRE ATT&CK.
Perform threat analysis, incident response, and root-cause investigations in collaboration with Microsoft and internal SOC teams.
Deliver CIS Benchmark-based system hardening across Windows Server, Linux, Azure workloads, and Microsoft 365.
Support GRC activities by mapping technical controls to ISO 27001, NIST, CIS Controls, GDPR, HIPAA, and PCI DSS requirements.
Conduct vulnerability scanning with Nessus and controlled validation testing using Metasploit.
Use Wireshark and Burp Suite for traffic inspection, troubleshooting, and application security testing.
Secure Azure workloads using RBAC, Conditional Access, Managed Identities, and secrets lifecycle management.
Migrate Log Analytics from MMA to AMA to improve telemetry, detection, and compliance.
Secure DevSecOps pipelines using Azure DevOps, GitHub Actions, and SonarQube.
Support endpoint security posture using Intune, MDM/MAM, Autopilot, and Defender for Endpoint.
Produce security architecture diagrams, policies, and audit evidence.

Senior Infrastructure & Cloud Security Engineer

Murphy Group

2022.03 - 2023.12

Secured hybrid Azure and on-prem environments, reducing attack surface and improving identity security.
Implemented Conditional Access, MFA, Defender, and identity governance controls.
Delivered TLS/SSL upgrades and certificate lifecycle management.
Conducted vulnerability remediation and patch management.
Automated security operations using PowerShell and Azure Runbooks.
Supported ISO-aligned audits and security reviews.

Senior Network, Cloud & Security Engineer

Avidity

2021.07 - 2022.02

Designed secure multi-tenant Azure architectures.
Implemented Conditional Access, SCEP/NDES, and Application Proxy.
Delivered tenant-to-tenant migrations with strong security controls.
Automated security operations using PowerShell and Logic Apps.

Infrastructure Engineer (Security Focus)

Benenden Hospital

2020.07 - 2021.07

Managed endpoint protection, firewall rules, and network security monitoring.
Supported VMware, storage, and SQL security.
Implemented monitoring and alerting using PRTG and SolarWinds.

Education

MSc - Electronics & Communications Engineering

University of Greenwich

BEng - Electrical & Electronic Engineering

Federal University of Technology, Owerri

Skills

Cloud Security Architecture (Azure & AWS)
Shared Responsibility Model & Secure Landing Zones
Zero Trust Architecture
Identity & Access Management (IAM)
Security Operations (SOC, SIEM, SOAR)
Governance, Risk & Compliance (GRC)
Threat Intelligence & Adversary Mapping
Vulnerability Management & Security Testing
Endpoint & Network Security
DevSecOps & Secure Automation
Identity & Access Management (IAM):
Microsoft Entra ID (Azure AD), Conditional Access, MFA
Privileged Identity Management (PIM), RBAC
App Registrations, OAuth, Managed Identities
Security Operations & Detection:
Microsoft Sentinel (SIEM)
Microsoft 365 Defender & Defender for Endpoint
MITRE ATT&CK mapping and kill-chain analysis
Incident response, alert triage, threat hunting
Log Analytics (KQL)
PKI, Certificates & Encryption:
Cloud PKI (Intune Suite)
SCEP / NDES (On-prem & Cloud)
Root & Issuing Certificate Authorities
TLS/SSL, CSR, JKS, certificate lifecycle management
System & Cloud Hardening:

CIS Benchmarks (Windows Server, Linux, Azure, M365)
Secure baselines, patching & configuration drift control
OS, identity, and workload hardening
Vulnerability Management & Security Testing:
Nessus vulnerability scanning
Metasploit (controlled exploitation & validation)
Risk scoring, remediation tracking, reporting
Network & Application Security:
Azure NSGs, VPNs, firewall concepts
Cisco Meraki, FortiClient, Check Point
Wireshark (packet capture & analysis)
Burp Suite (web application testing)
Passive & Active reconnaissance techniques
Compliance, Privacy & GRC:
ISO 27001, NIST CSF / 800-53, CIS Controls
GDPR, HIPAA, PCI DSS
Control mapping, risk assessments, audit support
Policy, standards & evidence documentation
DevSecOps & Automation:
Azure DevOps, GitHub Actions
Secure CI/CD pipelines
Secrets management & service connections
PowerShell, Azure Runbooks, Logic Apps
Infrastructure as Code (IaC)
Microsoft Sentinel Microsoft Defender for Cloud & Endpoint Microsoft 365 Defender Azure Log Analytics Entra ID Intune Autopilot Cloud PKI SCEP / NDES Nessus Metasploit Wireshark Burp Suite Cisco Meraki FortiClient Check Point PRTG SolarWinds Azure DevOps GitHub Actions VMware SQL PaaS PowerShell