›Leading the development of a Cloud Detection & Response (CDR) system by leveraging AWS CloudTrail logs to engineer threat detection use cases, map cloud-native events to the MITRE ATT&CK Framework, and strengthen proactive risk visibility and response capabilities across distributed cloud environments
›As part of the compliance team, implementing and operationalizing privacy and security controls specific to Nigeria’s NDPR and Kenya’s Data Protection Act (2019), while conducting regulatory research and initiating control mapping activities to prepare for upcoming compliance obligations in Sri Lanka
›Implemented security and privacy controls aligned with India’s financial sector regulations—RBI, IRDAI, and SEBI—by translating regulatory clauses into actionable architecture requirements, embedding them into IAM policies and access workflows, and producing audit-ready documentation to support compliance validation
›Preparing to lead the research and design of a tailored internal Risk Management Framework focused on expanding organizational governance, enabling real-time risk assessment cycles, and automating the validation of technical and administrative security controls to support continuous assurance
Information Security Engineer
Banyan Cloud Inc.|Bangalore, India
2021 August – 2024 April
›Led end-to-end security initiatives across multi-cloud and hybrid environments, including AWS, Azure, and OCI, by orchestrating control testing, continuous compliance monitoring, and risk framework mapping (NIST, ISO, CIS), in close collaboration with Governance, Risk, and Compliance (GRC) teams to ensure enterprise-wide alignment with risk appetite, audit expectations, and regulatory obligations
›Drove regulatory compliance by aligning cloud and enterprise environments with global and regional standards such as GDPR, HIPAA, PCI DSS, ISO/IEC 27001, NIST CSF, and EU DORA, through detailed control design, secure implementation, and the systematic collection of audit-ready evidence during internal and third-party assessments
›Collaborated with cloud subject matter experts and platform engineering teams to evaluate high-risk use cases, perform penetration testing and security code reviews, and enhance access control mechanisms—including IAM policies, permission boundaries, and fine-grained Role-Based Access Control (RBAC)—to minimize lateral movement and privilege escalation risks across AWS, Azure, and Oracle Cloud (OCI)
›Contributed to product security efforts by reviewing technical design documents, identifying gaps in existing security controls, and working with development teams to align implementation activities with applicable privacy and security requirements—ensuring that controls were appropriately applied during active development and reducing the risk of non-compliance or insecure features reaching production
›Designed and operationalized data protection frameworks customized to region-specific regulations, including CCPA and HIPAA (US), DPA 2018 (UK), and NESA and QCB (Middle East), ensuring enterprise-wide compliance, minimizing regulatory violations, and protecting customer trust across jurisdictions
›Mapped CIS Benchmarks and MITRE ATT&CK techniques directly to cloud-native services and enterprise configurations to enhance baseline hardening, detect abnormal behaviors early, and strengthen audit preparedness by aligning real-time monitoring with industry-standard threat models and best practices.
Data Security Consultant
Banyan Cloud Inc.|Bangalore, India
2021 May – 2021 August
›Conducted security testing across internal environments to identify vulnerabilities, assess exposure risks, and support remediation efforts to strengthen overall data protection.
›ollaborated with the infrastructure team to implement a Data Loss Prevention (DLP) solution, reducing the risk of unauthorized data access and ensuring sensitive information remained secure.
Cyber Security Intern - Remote
Virtually Testing Foundation|California, USA
2021 January – 2021 March
›Gained foundational knowledge in cybersecurity concepts, tools, and methodologies through hands-on labs, guided learning paths, and independent research.
›Completed mini-projects focused on vulnerability analysis, secure configurations, and access control, building practical expertise and domain awareness.