Cloud Security Engineer | AWS | Azure | Wiz | Terraform | Python

Cloud security automation built for fast, controlled response.

I build CSPM workflows, remediation playbooks, infrastructure guardrails, and audit-ready automation that help security teams prioritize real cloud risk and respond with confidence.

Wiz CSPM workflow automation
Python Alerting and remediation playbooks
Terraform Secure AWS delivery patterns
View Security Work View Resume LinkedIn GitHub

Profile

Cloud security engineer focused on automation, evidence, and safe remediation.

I build practical cloud security workflows across AWS, Azure, Wiz, Terraform, Python, and SQL. My work focuses on turning security findings into repeatable operational processes: enrich the context, route to the right owner, validate remediation safety, and leave a clean audit trail.

This portfolio is designed to show how I think as an engineer: not just identifying cloud risk, but building systems that help teams respond faster while keeping control over production change.

Role Targets Cloud Security Engineer, DevSecOps Engineer, Security Automation Engineer
Core Strength Wiz CSPM workflows, Python playbooks, Terraform infrastructure, audit-ready automation
Portfolio Theme Reduce risk with guardrails, ownership context, and measurable security operations

Featured Work

Wiz Security Automation Portfolio

These case studies show how I think through cloud findings, workflow design, remediation safety, evidence capture, and production operations.

Featured Case Study

Wiz Auto Remediation Architecture

A cross-account remediation workflow where Wiz controls trigger automation rules, events flow through SNS and SQS, Lambda validates eligibility, assumes a scoped customer-account role, applies the approved fix, and records audit evidence.

Wiz Control SNS SQS Lambda AssumeRole Audit Trail
Wiz
to
SNS
to
SQS
to
Lambda
to
AssumeRole
to
Remediate
Alerting

Wiz Alert Notification Playbooks

Python-based alert workflows for validating Wiz payloads, enriching context, routing issues, and sending clear messages to responsible teams.

Remediation

Auto Remediation Playbooks

Guardrailed automation for cloud misconfigurations, risky security group patterns, and policy-driven response actions.

Azure

Azure NSG Exposure Remediation

Detection and remediation logic for overly permissive Azure NSG rules using source, port, priority, and rule intent checks.

Evidence

Audit Logging and Metrics

SQL-based audit trails for automation activity, remediation status, exceptions, failures, and leadership-ready operational metrics.

IaC

Terraform Security Infrastructure

Secure static portfolio infrastructure using private S3, CloudFront, encryption, versioning, tagging, and repeatable Terraform deployment.

API

Wiz API and GraphQL Automation

API-driven workflows for querying Wiz issues, mapping controls, updating automation logic, and supporting scalable security operations.

Architecture

Designed for repeatable security operations

The automation pattern starts with a Wiz issue or cloud event, routes it through a message layer, validates context in Python, then either notifies the owner or executes a pre-approved remediation with full audit logging.

Wiz Finding
to
Message Bus
to
Python Playbook
to
Validation
to
Action
to
Audit Log

Operating Model

Professional security automation habits

Evidence Every workflow is designed to leave a clean trail of inputs, decisions, action taken, and result.
Safety Remediation logic uses guardrails, allowlists, ownership checks, and clear fallback paths.
Scale Reusable patterns support repeated findings across accounts, subscriptions, services, and teams.

Core Skills

Cloud Security Engineering Stack

AWS Security Azure Security Wiz CSPM Python Automation Terraform IAM CloudFront S3 Security Service Bus Azure Functions SQL Audit Logging Security Remediation Alert Notification Policy as Code DevSecOps

Credentials

Certifications and Professional Focus

AWS AWS Certified Solutions Architect - Associate
AWS Security AWS Certified Security - Specialty
Infrastructure as Code HashiCorp Certified: Terraform Associate
Outside Work

Strategy, teamwork, and competition

Away from cloud security, I follow soccer closely, support Manchester City, and unwind with Call of Duty. I enjoy competitive systems where preparation, timing, and teamwork make the difference.

Contact

Let’s connect

I am open to cloud security engineering, DevSecOps, and security automation conversations. The fastest way to reach me is email.

Email hebertntse@gmail.com
Send Email
Resume and Professional Links Review my resume, connect on LinkedIn, or inspect the portfolio source on GitHub.
View Resume LinkedIn GitHub