Subomi Lawson

DevSecOps Engineer

Avatar placeholder
Lagos, Nigeria

Experience

Aug 2024 - Present
1 year 6 months
London, United Kingdom

DevSecOps Engineer

VertoFX

  • Architect and operationalize security automation across CI/CD pipelines using SAST, DAST, and IaC scanning tools to detect vulnerabilities pre-deployment while maintaining development velocity and delivery timelines.
  • Conduct vulnerability assessments and penetration testing using specialized tooling (Burp Suite, custom automation) across cloud and on-premise environments, delivering remediation guidance for critical/high-severity findings.
  • Design security policies, lead compliance audits (ISO, GDPR, SOC2), and establish incident response protocols, enabling rapid threat mitigation and zero-downtime remediation strategies.
Dec 2022 - Jul 2024
1 year 8 months
United States

Cybersecurity Engineer

SecureFLO

  • Embedded threat modeling and secure coding practices into SDLC to reduce vulnerability introduction across development lifecycle.
  • Achieved regulatory compliance (ISO 27001, NIST 800-53, PCI-DSS) through control implementation, documentation, and cross-functional alignment.
  • Conducted enterprise penetration testing on web applications, APIs, and infrastructure; delivered critical vulnerability findings with remediation guidance.
Oct 2021 - Dec 2022
1 year 3 months
Kigali, Rwanda

Cybersecurity Engineer

Africa Cybersecurity Consortium

  • Maintained an information security risk register and assisted with 12 internal and external audits relating to information security.
  • Identified and remediated 20+ vulnerabilities through infrastructure hardening, threat assessments, and threat hunting.
  • Developed security training, policies, and incident response procedures to support organizational compliance maturity.

Skills

  • Cloud Security & Compliance (Aws, Azure, Gcp, Soc2, Pci-dss)

  • Penetration Testing & Red Teaming (Web, Api, Network, Cloud)

  • Devsecops & Secure Sdlc (Ci/cd, Sast, Dast, Iac Security)

  • Identity & Access Management (Iam, Rbac, Zero Trust)

  • Container & Kubernetes Security (Docker, Kubernetes, Falco)

  • Threat Detection & Incident Response (Siem, Edr)

  • Security Automation & Tool Development (Python, Javascript, Powershell)

  • Static Analysis (Sast/slither/semgrep)

  • Dynamic Analysis (Dast/burp Suite)

  • Aws/azure/gcp Security Configurations

  • Firewall Configuration

  • Network Segmentation

  • Zero-trust Architecture

  • Rbac/abac Design

  • Compliance Automation (Soc2/pci-dss/iso27001/hipaa)

Languages

English
Advanced

Education

University of Lagos

Bachelor of Building Construction Management · Building Construction Management · Lagos, Nigeria

Certifications & licenses

AWS Certified Security

Certified Ethical Hacker (CEH)

Certified in Risk and Information Systems Control (CRISC)

CompTIA Security+

Offensive Security Certified Professional (OSCP)

Tech Risk and Compliance Professional (OneTrust)

OneTrust

Need a freelancer? Find your match in seconds.
Try FRATCH GPT
More actions

Similar Freelancers

Discover other experts with similar qualifications and experience

Syed ghazanfar Abbas
Syed ghazanfar Abbas

Information Security Consultant

View Profile
Niels Aerts
Niels Aerts

Azure Architect

View Profile
Stefan Radushev
Stefan Radushev

ISO27001 Certification

View Profile
Pierre Gronau
Pierre Gronau

Ansible Automation, Windows Third Level Support

View Profile
Kazim Rizvi
Kazim Rizvi

Principal Security Architect - Contract Hands on

View Profile
Anthony Akoji
Anthony Akoji

Team Lead Cloud Engineering

View Profile
Ayesha Aziz
Ayesha Aziz

Senior Penetration Tester & Security Engineer

View Profile
Sascha Leitner
Sascha Leitner

CEO

View Profile
Valeri Milke
Valeri Milke

Associate Partner - Information Security Consulting

View Profile
Sokol Çavdarbasha
Sokol Çavdarbasha

Cybersecurity Engineer

View Profile
Seyed farhad Miri
Seyed farhad Miri

Senior Product Security Engineer

View Profile
Ali Yazdani
Ali Yazdani

Principal Product Security Engineer

View Profile
Alexander Nagy
Alexander Nagy

Security Expert

View Profile
Benedek Galácz
Benedek Galácz

CTO/CISO

View Profile
Maryam Mouzarani
Maryam Mouzarani

AI Red Team Engineer

View Profile
Rick Grassmann
Rick Grassmann

Interim IT Security Analyst

View Profile
Mohit Dabas
Mohit Dabas

Senior Security Technologist

View Profile
Markus Willems
Markus Willems

KRITIS Consultant

View Profile
Daniel Kaguongo
Daniel Kaguongo

ISMS Risk Tracker & Compliance Portal (Streamlit + PostgreSQL)

View Profile
Patrick Beck
Patrick Beck

AML Officer

View Profile
Udayan Sarkar
Udayan Sarkar

Head – IT Infrastructure & Cyber Security

View Profile
Bernhard Bowitz
Bernhard Bowitz

Senior Security Architect

View Profile
Matthias Steinmann
Matthias Steinmann

Senior Consultant Security (freelance)

View Profile
Nikolaus Betzler
Nikolaus Betzler

ICT Risk Management and Information Security

View Profile
Muhammad Daniyal
Muhammad Daniyal

Senior Penetration Tester

View Profile
Rashida Alexander
Rashida Alexander

Security Research Engineer

View Profile
Abiodun Abdullahi
Abiodun Abdullahi

Software Engineer

View Profile
Christoph Holzer
Christoph Holzer

Managing Director; Senior IT Infrastructure & Cybersecurity Consultant

View Profile
Nils Klawitter
Nils Klawitter

Vulnerability Management and Secure SDLC

View Profile
Erlijn Van genuchten
Erlijn Van genuchten

Science communicator and change manager

View Profile