Kazim R. - Principal Security Architect - Contract Hands on

Go to Website

Oxford, United Kingdom

Experience

Mar 2025 - Present

9 months

Principal Security Architect - Contract Hands on

StateStreet

Automating patch management for sixty thousand servers via Ansible Tower Automation platform for DAST findings captured via Qualys scans across on-prem and multi-cloud environments.
Upgrading legacy automation to a new platform, syncing with patch management activities and resource scheduling.
Recording, reporting, and remediation of the patch deployment cycle.
Proof of concept of AI tool integration on corporate data by applying secure AI practices.
Patching Linux kernel systems, CrowdStrike, Veritas, Oracle, Sybase, and other enterprise software.

Feb 2023 - Dec 2024

1 year 11 months

Enterprise Security Architect

London Metal Exchange

Worked for a futures and forwards exchange with the world's largest market in standardized forward contracts, futures contracts, and options, including cash trading on high-performance infrastructure.
On-prem and cloud Linux & Windows security patching and deployment of security controls via Ansible automation.
Developed blueprints for Security Engineers for Windows and Linux server upgrades and script execution via Ansible.
Created product approval pages, high-level documents (HLDs), and software development architectures (SDAs).
Compared Akamai Services vs. Blue Coat vs. AWS WAF and AWS Shield for content delivery, security, performance, and scalability.
Integrated multi-cloud environments with AWS ROSA and Azure RedHat OpenShift clusters using Kong/Istio service mesh; applied enterprise security on Kubernetes and OpenShift with static and runtime container scanning.
Used Atlassian Suite for Agile-Scrum product management.
Deployed NIST CyberSecurity Framework for policies, procedures, access controls, security/privacy attributes, information flows, training, and event logging.
Performed security testing on OWASP Top 10 API and website vulnerabilities; participated in STRIDE analysis and OWASP SAMM aligned with TOGAF.
Conducted penetration tests using Qualys scans.
Deployed CIS-based framework on Kubernetes clusters via deployment pipelines.
Integrated Veracode for SAST and SCA on Java, Python, and .NET repositories; managed triage processes across teams.
Selected and integrated Trufflehog and GitGuardian for secret scanning in Bamboo pipelines.
Led IAST product selection and integration with Contrast Security.
Deployed multi-AD IGA with CyberArk Secure Cloud (MFA, PKI, SAML, REST).
Implemented IAM SSO with PingOne, CyberArk Secure Cloud, AWS, PingFederate, and SailPoint SCIM.
Headed multi-regional cloud initiatives: AWS Organizations, Landing Zone, Control Tower, SCP, IAM, Boundary permissions, Security Hub, GuardDuty, CodePipeline, Config, budget and cost analysis.
Automated with PowerShell, Unix shell, SQL scripting, and Ansible.
Extensive use of Terraform and CloudFormation for infrastructure creation.

Feb 2020 - Jan 2023

3 years

Enterprise Security Architect / Consultant / Product Owner

Direct Line Insurance

Implemented Kubernetes static and runtime security with SaaS Prisma Cloud integration.
On-prem and cloud Linux & Windows security patching and deployment of controls via Ansible automation.
Managed product using Agile Scrum and Kanban in Atlassian JIRA; documented HLDs and LLDs in Confluence.
Compared security traceability metrics for data security, governance, operational procedures, personnel/physical security, asset registry, encryption, data lifecycle, resilience, configuration, identity management, virtualization, patching, and vulnerability management aligned with TOGAF.
Managed threat modeling and landscape for AWS accounts.
Architected and implemented SAST and DAST frameworks with SonarCloud, JFrog, GitHub Dependabot, Burp Suite Enterprise, and OWASP ZAP; automated daily SAST/DAST reports.
Integrated Prisma Cloud for container scanning and alerting.
Conducted price comparisons for AWS ECS Fargate, EKS, and EC2; performed budget and cost analysis.
Implemented AWS Cognito OAuth2.0 for MuleSoft APIs.
Generated compliance and security reports for FCA and group audits.
Provided Agile coaching, sprint planning, backlog refinement, and quarterly OKRs.
Deployed 70 security controls on 250 AWS accounts via AWS CodePipeline (CIS framework, managed and custom rules).
Captured security control data using AWS EventBridge and Kinesis Data Streams.
Collaborated with IAM team on SCP and boundary permissions to enforce compliance.
Diagnosed AWS CloudFormation issues using JupyterLab; configured SSM parameters.
Deployed responders for multi-environment AWS organizations to remediate global non-compliance.
Coordinated with AWS Managed Services for manual control deployment.
Used DynamoDB for control tables, reporting trends, account lists, and exceptions.
Automated compliance reporting via email and MS Teams webhooks; generated ServiceNow/SIEM tickets.
Managed a security operations team of ten to remediate non-compliance.
Used AWS Lambda, Kinesis Data Firehose, CloudWatch Logs/Events, EventBridge, S3, SSM, KMS, Secrets Manager, IAM, Macie, GuardDuty, Security Hub, and Control Tower.
Automated with Linux/Unix shell and SQL scripting, plus Ansible.

Jul 2019 - Jan 2020

7 months

Lead DevSecOps Consultant

Dentsu Aegis Network

Deployed and managed parallel Azure AKS and AWS EKS Kubernetes clusters (pods, services, ingress, deployments, ConfigMaps, persistent volumes, jobs, replica sets, daemon sets, stateful sets).
Implemented attribute-based access control (ABAC) with Okta, Apigee/Kong, and third-party tools for 600+ applications worldwide.
Deployed and integrated Apigee Micro Edge Gateway on Kubernetes.
Developed IAM architecture strategy for ABAC.
Implemented Kong/Konga on Kubernetes with Helm charts and Brigade pipelines.
Architected Kubernetes-based API gateway with Apigee Edge MicroGateway and Kong; compared with SaaS API gateway solutions.
Secured Kubernetes clusters for database and network traffic.
Integrated third-party services on Kubernetes.
Used Docker Compose and Helm charts with Brigade pipelines for solution implementation.
Developed Terraform modules for AWS, Azure, Apigee, and Kong.
Managed ABAC via Okta user profiles and Symphonic PDP/PAP.
Monitored Brigade pipelines with ELK, Prometheus, and Kashti.
Architected ETL data design for 500 clients in multi-regional and multi-cloud environments with ABAC.
Designed and implemented multi-tier security architecture across multi-cloud data and applications.

Dec 2018 - Jul 2019

8 months

Lead DevOps/Platform Consultant

Reed Recruitment

Led a team of five in DevOps/platform solutions with hands-on coding in Terraform, Python, and Ansible.
Implemented AWS Landing Zone and Okta integration for multi-account management.
Migrated Azure DevOps CI/CD pipelines to AWS infrastructure using Terraform.
Configured Kubernetes ingress/load balancers and functional/load testing via Kubernetes jobs on EKS.
Secured AWS S3 cross-account policies with IAM roles and users.
Adopted GitOps strategy for Terraform code across 200+ branches and multiple state files.
Integrated Kubernetes platform on GCP with Azure DevOps data pipelines and AWS SageMaker.
Automated GitLab to Azure DevOps repository migration; migrated TeamCity to Azure pipelines.
Developed AWS IAM policy violation tester using Lambda.
Implemented SageMaker blue/green deployments and load testing from GKE.
Deployed Azure DevOps Linux build agents on AWS; migrated usage data to S3 and ELK with automation.
Migrated on-prem data to S3 with KMS encryption via Terraform.
Automated repo parsing and migration via Azure DevOps CLI and Python.
Performed ETL data migration with Talend Server ETL for AI platforms with KMS encryption.
Audited Azure DevOps security by streaming logs to ELK via Lambda.
Integrated Datadog with AWS Security Manager; monitored with DataDog, ELK, and NewRelic.
Managed Docker and Kubernetes infrastructure: EC2, ASGs, ELB, S3, KMS, Azure build agents on EKS, ECR, ECS, SageMaker, Route53, CI/CD pipelines with security tokens.
Automated Azure pipelines and AWS Lambdas with Python scripts.
Used Atlassian JIRA, Confluence, Bitbucket, GitLab, GitHub, and Azure DevOps Scrum boards.

Apr 2018 - Dec 2018

9 months

Lead Cloud DevOps/Platform Specialist in Big Data

PA Consulting

Deployed AWS infrastructure using Terraform and Ansible (VPC, route tables, public/private subnets, NACLs, security groups).
Established VPC connection via AWS Direct Connect and VGW.
Designed AWS disaster recovery strategies with EBS volumes and EFS.
Deployed Ab Initio web applications on AWS ELB and Tomcat (Metadata Hub, Express IT, Application Gateway, Control Center).
Configured Ab Initio cluster dependencies via Ansible.
Managed ETL on Ab Initio servers in a load-balanced cluster to push data from 500 lakes to encrypted Snowflake buckets.
Created firewall and security groups between internal and AWS networks.
Automated EC2 instance lifecycle and EBS volume resizing with Lambda.
Configured cross-account S3 access and IAM profiles/roles.
Established VPC endpoints between Snowflake and AWS VPCs for secure differential data migration.
Developed Terraform modules for Route53, ELB, ACM, EC2, IAM, Lambda, CloudWatch logs, SES, ELB, and EFS.
Built CI/CD pipelines in Jenkins with Ab Initio Dev repository.
Installed DataDog and Control-M agents via Ansible.
Managed multi-account server creation with Ansible.
Deployed Docker-based Ab Initio COOP system and EKS Kubernetes clusters.
Conducted ETL proof of concept using AWS Glue and DMS for secure daily data migration.

May 2017 - Mar 2018

11 months

Lead DevOps/Platform Consultant

Travelodge Hotels UK

Built CI/CD pipelines for AWS serverless and legacy LAMP stack sites generating £500M turnover across 500 hotels.
Implemented AWS VPC peering between VPN management and big data VPCs; built EMR clustering environments.
Configured S3 endpoints, Elastic IP VPN connections, and dynamic CloudFormation templates.
Developed and deployed applications with AWS Lambda, S3 versioning, CodePipeline, CodeDeploy, Redis caching, VPC, RDS MySQL, DynamoDB, CloudFront, ACM, ELB.
Managed AWS IAM roles, policies, and Google single sign-on.
Automated end-to-end serverless CI/CD pipelines; integrated CloudWatch, NewRelic, and Splunk for monitoring.
Automated legacy LAMP deployments via Ansible and Jenkins across 50 Ensono servers.
Configured Google Analytics, NewRelic mobile and browser, and synthetic monitoring.
Integrated Atlassian toolchains: Bitbucket, JIRA, Confluence.
Managed Akamai configurations and third-party email, postcode, and payment APIs.
Handled domain administration and acquisition via CSC-Netname.
Technologies: AWS Lambda, S3, CodePipeline, CodeDeploy, CodeBuild, Redis, VPC, Route Tables, Internet Gateway, RDS MySQL, DynamoDB, Route53, ACM, SES, Jenkins, Ansible, Splunk, NewRelic.

Jan 2017 - May 2017

5 months

Senior Cloud DevOps/Platform Consultant

HSBC

Transformed Azure CI/CD pipelines for internal and external websites across global availability zones.
Provisioned Azure VMs for GitLab, Ansible Tower, Docker, Nexus, Jenkins, TeamCity via Docker and TeamCity agents.
Integrated Octopus Deploy, PowerShell automation, and Linux scripting for VM creation and application deployments.
Configured code quality tools: FxCop, NCover, DotCover, NUnit, SpecFlow, SonarQube, Black Duck, VersionEye, Checkmarx, and Atlassian Crucible.
Designed public/private subnet architectures for CI/CD infrastructure.
Automated deployments via Nexus and evaluated ProGet.
Improved test processes with HPE ALM and Selenium integrations.
Exposed Azure CDN and leveraged enterprise Jenkins, Confluence, JIRA Service Desk, and Bitbucket.
Led AngularJS and .NET development efforts.

Dec 2015 - Dec 2016

1 year 1 month

Senior Cloud DevOps/Platform Consultant

Hewlett Packard Enterprise

Integrated HPE products with open-source tools in enterprise environments; developed statements of work and managed sales engagements.
Led delivery engagements and designed software delivery processes for clients.
Implemented TFS and JIRA integration with HPE ALM for a London asset management firm (Schroder), enabling SSO and real-time syncing of backlog, defects, SCM, build, and defect information.
Enhanced CI/CD lifecycle stages for developers and testers.
Integrated Jenkins, UFT, and HPE Codar for VHI Insurance in Dublin, establishing CI/CD governance via Codar UI.
Contributed to SOW creation, resource planning, and service delivery.

Dec 2013 - Dec 2015

2 years 1 month

Lead Software Engineer

Sky Broadcast

Developed tools for non-functional testing of Cisco products in multi-million dollar video projects.
Designed and automated software deployment and configuration management on Cisco and Sky servers.
Technologies: DevOps, AWS, CI/CD, cloud automation, PowerShell, TeamCity, TFS, Azure, .NET, Java, JIRA, AngularJS, Windows services with Topshelf, hybrid infrastructure, SQL, MongoDB, Entity Framework, Autofac, ELK, Puppet, Rundeck, JavaScript, CSS, HTML, SQL Server, FxCop, NUnit, NCover, SonarQube, SpecFlow.

Jan 2011 - Dec 2013

3 years

Senior Software Developer - Consultant

Sun Guard

Served as product consultant and developer for two financial transaction products.
Managed product deployment in institutions including ING, Barclays, and Wachovia.

Dec 2009 - Jan 2011

1 year 2 months

Senior Software Engineer

NWeH

Led a team of eight developers to release the Doctor Assistance Lab dashboard for NHS.
As database engineering lead, co-developed C# .NET 3.5, MVC, NHibernate, LINQ, jQuery, JavaScript, AJAX, HTML, Spring, and ASP dashboard features.
Developed dynamic data access for JqGrid and JqTree handling 3 million rows.

Nov 2006 - Dec 2009

3 years 2 months

Senior Software Engineer

Intelligent Media Ltd.

Designed, developed, tested, and integrated TV monitoring and radio systems.
Developed front-end GUIs and back-end server components, leading a team of three.
Created data quality test cases.
Led business process analysis for production processes (activities, costs, schedules, dependencies).

Summary

A seasoned Enterprise Security Architect for Security Engineering & Operations, Threat Modeling for Apps and API Security, DevSecOPS, IAM/PAM Architect and Digital Transformation (DevOPS) leader with over two decades of diverse experience in Banking, Insurance, Media, Telecommunications, Financial Service sector, Healthcare and recruitment domains who successfully helped organizations achieve greater business efficiencies and security by transforming their operations and security models and implementing robust controls and measures to fortify their security posture.