beBee background
Professionals
>
North Attleboro
Mohamed Elasmar

Mohamed Elasmar

Senior Cloud Security Engineer

Technology / Internet

North Attleboro, Town of North Attleborough, Bristol

Social


About Mohamed Elasmar :

I am a senior cloud security engineer with extensive experience in security cloud environments, Kubernetes clusters and applications. 

Experience

WORK EXPERIENCE:

Citizens Bank                                  June 2020-Present

Principal Cloud Security Engineer                                                                                                                                         Jun 2021 – Present 

Security Architecture

  • Conducted security architecture reviews of cloud migration initiatives across the bank and produced threat models for both cloud-native and lift and shift applications.
  • Served as a cloud security subject matter expert to the various lines of businesses by providing them with security consultations regarding current and emerging cloud technologies. 

Cloud Automation & Development

  • Developed a cloud-native application consisting of an API Gateway, several containerized APIs, and a MongoDB table in an OpenShift cluster. Developers can query the internal API and view image scans, namespace scans and CSPM scans. Created a front-end plugin in Backspace to view consolidated scan results 
  • Developed a serverless application using Lambda, SQS, and Dynamodb to poll Lacework intermittently and create Jira stories for compliance findings. This application tracks the state of the findings and periodically checks whether they have been remediated or if the resource has been terminated. 
  • Developed a serverless IAM Privlige escalation automation, where the requestor enters data in a ServiceNow ticket, which then sends the data to a lambda function via an SQS queue. This function then executes the Terraform to create the temporary permissions attached to the role, which are set to expire within a defined timeframe. A Terraform Destroy is then also executed to ensure permissions are removed. 
  • Developed numerous Python lambda functions that autoremediate various types of common cloud misconfigurations related to IAM, VPC and S3. 
  • Developed several CSPM scripts that deliver Prisma CSPM reporting to key stakeholders, and lambda functions that deliver cloud security metrics to Splunk dashboards using the Splunk HEC. 

Cloud Security Engineering

  • Created several Terraform modules to configure AWS GuardDutyCloudTrail and VPC Flow logs. Also created TF modules that ship these logs to our SIEM using Kinesis Firehose, AWS EventBridge and CloudWatch Logs
  • Created a Golden AMI Pipeline for creating hardened AMIs using PackerTerraform, and Qualys VM scanner/Inspector. 

Cloud/Container Vulnerability Management

  • Implemented Prisma Cloud CSPM across AWS, Azure and OCI, and created dozens of custom policy rules. Configured the tool (defined alert rules, accountgroups, policies…etc) using Terraform. 
  • Experience configuring and utilizing Lacework and Datadog CSPM/CloudSIEM (used by companies we acquired). 
  • Deployed Twistlock Container Security via Helm in an Openshift Kubernetes environment.
  • Worked with Cloud Operations teams to remediate cloud security findings with Terraform
  • Assisted various development teams in remediating container security findings and educating them on secure container practices. 
  • Deployed OPA Gatekeeper in an OpenShift Kubernetes environment and wrote several Rego rules for the Prisma Compute Admission Controller. Implemented a process for verifying image signatures utilizing a Rego script that sends an HTTP request to Notary w/ image signature and cross-references with image hash in the cluster. 
  • Assisted with integrating Fortify On-Demand scanner in Jenkins Pipeline. 
  • Led the transition from Qualys CSPM/CWPP to Prisma Cloud Suite
  • Led the IaC scanning and serverless security initiatives at the bank using the Prisma Cloud suite. 
  • Integrated Qualys Container Scans into Jenkins CI/CD pipeline for the Enterprise Pipeline.                       
  • Participated in several Red Team exercises that were focused on Cloud and Container related attacks.
  • Oversaw a third-party cloud security assessment.

  Senior Cyber Defense Specialist (Citizens Bank                                                                                   Jun 2020 – June 2021                                                

  • AWS Subject Matter Expert. Assisted in the development of a Cloud Security incident response program by creating several AWS security playbooks. 
  • Mentored co-workers in cloud security and produced educational content on various AWS security tools. 
  • Monitored, investigated and responded to AWS security alerts. 

PurpleShield (PurpleShield.io - (PART-TIME)                                                                                      Oct 2021 – June 2022

Lead Cloud Security Engineer

  • Conducted AWS security audits on several small-midsize companies using Prowler and remediated misconfigurations. 
  • Deployed Twistlock and configured scans w/ Github Actions and Jenkins pipelines.
  • Instrumented security controls within development pipelines, including AWS Inspector, SAST (CodeQL), container (Trivy), Kubernetes (Kube-Bench), and IaC scanners (Checkov).
  • Prepared several companies for SOC2 audits by drafting cloud architectural diagrams for SOC2, setting up SSO integrations w/ OKTA (some requiring custom code) using Terraform, configuring OAuth2-Proxy/OIDC integration for applications running in Kubernetes, configuring WAFs, configuring SOC2 automated compliance tools (Drata), and configuring Datadog monitoring and logging. 

Vertikal6                                              Feb. 2020 – June 2020

L3 Analyst                                                                               Warwick, RI 

  • Worked on several security incidents related to phishing, malware, and VPN troubleshooting.
  • Resolved technical problems with LAN, O365, Active Directory, and performed software troubleshooting.

Qatar University                                                                                                                                                           Sept. 2016 – Dec 2020

Law Researcher                                                                                                                            Doha, Qatar

  • Assisted law professors in researching legal topics. 
  • Edited and translated for the QU Law Journal.

Education

 

EDUCATION 


University of Rhode Island                                                                   2008-2012

BA.                                                                                                                                                                                       North Kingston, RI

Qatar University                                                                              2017-2020

MA, Law (ABD)       

 

CERTIFICATIONS: 


 

  • AWS Architect Professional
  • Certified Kubernetes Administrator (CKA)
  • SANS GCSA
  • AWS Architect Associate
  • Terraform Associate.
  • AZ-900
  • AWS Security Specialty
  • Security+
  • SANS GWEB 
  • AWS SysOps Associate
  • AWS Dev. Associate
  • PWAPT

Professionals in the same Technology / Internet sector as Mohamed Elasmar

Professionals from different sectors near North Attleboro, Town of North Attleborough, Bristol

Other users who are called Mohamed

Jobs near North Attleboro, Town of North Attleborough, Bristol

  • Work in company

    Senior Security Engineer, Cloud Platforms

    eClinical Solutions

    You will make an impact: · The Senior Security Engineer is a hands on role focused on securing AWS environments and SaaS platforms. · ...

    Mansfield

    1 month ago

  • The Mass General Brigham (MGB) Information Security Engineer III – Application and Cloud Security Lead provides leadership and expertise within the cybersecurity team, · ensuring robust and secure software development lifecycles · implementing advanced security strategies in clou ...

    Somerville

    1 week ago

  • Work in company

    Senior Cloud Data Engineer

    Liztek

    A Senior Cloud Data Engineer is responsible for designing and implementing data pipelines in both centralized and decentralized architectures. The ideal candidate will have experience with cloud-based data solutions on AWS and Snowflake. They will work closely with cross-function ...

    Boston

    1 week ago