9+ Years Security Operations | Transforming to Cloud Security Architecture
Transitioning from SOC Operations Leadership to Cloud Security Engineering through hands-on AWS security projects, automation, and modern detection engineering.
Current Focus:
- βοΈ AWS Security Architecture (CloudTrail, GuardDuty, Security Hub, IAM)
- π Security Automation with Python
- π Detection Engineering & Threat Hunting
- π SOAR & Security Orchestration
- π‘οΈ Cloud Security Posture Management (CSPM)
Security Operations Expert @ Nokia (May 2023 - Present)
- Leading 12-member SOC team across L1/L2/L3 operations
- 9+ years experience in SIEM (Splunk ES, McAfee ESM)
- Incident Response, Threat Hunting (MITRE ATT&CK-aligned)
- Use-case development, custom dashboards, and MDR operations
Previous Experience:
- Senior Specialist @ HCL Technologies
- Associate SME Security @ MicroLand
- Security Consultant @ Aujas Cybersecurity
- Security Service Specialist @ IBM
Now Building: Cloud-native security engineering capabilities to architect secure cloud infrastructure at scale.
π aws-security-lab
Building production-grade AWS security monitoring with CloudTrail, GuardDuty, and automated response workflows. Python-based automation for security posture management.
Collection of Python scripts for AWS security automation - IAM auditing, misconfiguration detection, compliance checking, and automated remediation.
High-fidelity detection rules in Sigma format for cloud environments. Covering AWS attack techniques, privilege escalation, and lateral movement detection.
Documenting my transition from traditional SOC to Cloud Security Engineering. Labs, lessons learned, and technical deep-dives for security professionals making the same journey.
Automated IR playbooks for cloud security incidents. Python-based orchestration for containment, investigation, and recovery in AWS environments.
π οΈ cloud-security-tools
Testing and documenting open-source cloud security tools. Practical guides for CSPM, CNAPP, and security automation platforms.
Current:
- ISC2 Certified in Cybersecurity (CC)
- Splunk Enterprise Certified Admin
- Splunk Power User
π Pursuing (2026):
- AWS Certified Security - Specialty (Target: Q2 2026)
- CISSP - Certified Information Systems Security Professional (Target: Q4 2026)
Cloud Platforms: AWS (Primary Focus), Azure (Learning)
SIEM & Security Tools: Splunk Enterprise Security, McAfee ESM, Darktrace, EDR platforms
Languages: Python (Security Automation - Learning), Bash, PowerShell
Frameworks: MITRE ATT&CK, CIS Benchmarks, NIST CSF
Cloud Security: CloudTrail, GuardDuty, Security Hub (Hands-on Labs)
Detection: Sigma Rules, SPL (Splunk), Use-case Development
Network Security: FortiGate UTM, Layer 3 Switching, McAfee EPO
Coming Soon: Technical blog covering cloud security architecture, detection engineering, and lessons from the SOC to cloud security transition.
- π Build 6+ production-quality cloud security projects
- π Earn AWS Security Specialty & CISSP certifications
- π Launch technical blog with 20+ security engineering articles
- π Master Python for security automation
- π Transition to Cloud Security Architect/Engineering role (βΉ40-50 LPA)
- Customer Appreciation: Developed custom Splunk dashboard enabling timely audit completion and sustained 2 years of MDR operations with consistent SLA adherence
- Zero Escalations: Maintained MDR operations with zero customer escalations, recognized by Nokia management
- Team Leadership: Successfully led 12-member SOC team, improving MTTR through streamlined workflows
- False Positive Reduction: Reduced alert noise by 40% through McAfee ESM fine-tuning at Apollo Munich
I'm always interested in connecting with security professionals, especially those working in cloud security architecture and detection engineering.
- πΌ LinkedIn: SK Sahabuj Zaman
- π§ Email: [email protected]
- π Location: Noida, India
- π¬ Open to: Cloud Security roles, Security Engineering positions, Technical collaboration