SecOps Engineer @ Paydock  Jan 2024 – Present
  › Built a centralized SIEM (Wazuh → Elasticsearch Cloud) aggregating logs from AWS, Okta, Netskope, Google Workspace, GitLab, and MongoDB
  › Deployed and tuned CrowdStrike Falcon EDR across 100+ endpoints, integrated with Netskope DLP for threat intel exchange
  › Set up Falco on EKS clusters for container runtime monitoring and suspicious behavior detection
  › Deployed Sublime Security for email threat detection (phishing, malware, BEC) and configured SPF, DKIM, DMARC controls
  › Built an automated email analysis tool using n8n and GenAI, enriching artifacts via VirusTotal and URLscan
  › Managed Netskope DLP: configured policies, monitored data flows, and enforced acceptable use across the fleet
  › Built an automated DFIR capability using Aftermath for remote forensic artifact collection, stored in S3
  › Developed n8n and GenAI workflows for alert enrichment and initial endpoint investigation, reducing manual triage
  › Set up an automated threat intelligence pipeline feeding intel to the security team (aligned with ISO 27001:2022 Annex A 5.7)
  › Implemented Prowler for CSPM, working through EC2, S3, IAM, and EKS misconfigurations
  › Worked with GitLab Ultimate security scanning in CI/CD: secret detection, SAST, dependency, container (Trivy), and IaC (KICS) scanning
  › Implemented Teleport for PAM and session recording, capturing audit logs of all privileged access
  › Participated in ISO 27001, SOC 2, and PCI DSS v4 compliance: gap analysis, remediation, and audit sessions
  › Integrated Drata with internal systems to automate evidence collection and control monitoring across the compliance program
  › Implemented security baselines from ISO 27001 and NIST SP 800-219, enforced via JumpCloud across a distributed macOS fleet
  › Built Heimdall, a multi-agent platform for autonomous triage of EDR, AWS, and SIEM alerts
  › Ran phishing simulations with GoPhish to measure and improve security awareness

Senior IT Engineer @ Paydock  Nov 2023 – Jan 2024
  › Managed IAM and RBAC across AWS, GitLab, MongoDB Atlas, and security platforms
  › Implemented least privilege access controls, ran regular access reviews to catch unused accounts and excessive permissions
  › Documented IAM processes and approval workflows used during compliance audits
  › Built n8n integrations to connect security and IT tools and cut down on manual work

IT Support Specialist @ Paydock  Aug 2022 – Nov 2023
  › Administered Okta for 100+ users (access policies, MFA, application integrations, user lifecycle) alongside Google Workspace and AWS
  › Deployed Miradore, Netskope DLP, and Malwarebytes across macOS and Windows endpoints
  › Deployed OpenVPN gateway integrated with Okta MFA and Netskope device posture checks
  › Implemented SSO via Okta across multiple systems to centralise access and reduce credential overhead
  › Supported patch management across the macOS fleet using Miradore

Technical Support Specialist @ Bunny CDN  Apr 2022 – Jul 2022
  › Technical support for CDN, Edge Storage, and DNS services
  › Helped customers troubleshoot network issues, met SLA targets through clear communication and escalation

Technical Support Analyst @ More Than Enough  Feb 2019 – Mar 2022
  › Managed hybrid infrastructure across Windows, macOS, AWS VMs, and SaaS applications
  › Administered endpoint security tools, managed backups and disaster recovery
  › Wrote automation scripts and SOPs for internal teams

IT Support Technician @ Tradewind Recruitment  Jun 2017 – Feb 2019
  › 1st and 2nd line support for 100+ users remotely and on-site
  › Administered Jamf/Intune MDM, enforced endpoint security policies, managed patch deployment
  › Monitored system resources, network activity, and security events

IT Support Analyst @ John Parker & Son  Nov 2016 – Apr 2017
  › 1st and 2nd line support for 300+ users across Windows and macOS
  › Managed MDM platform to enforce security policies across devices

Cloud Security
Security Automation
AI & Agentic Workflows
Incident Response & DFIR
SIEM, Log Management & Email Security
Vulnerability Management & CSPM
Identity & Access Management
EDR, MDM & DLP

IAM & Directory
  Okta · Google Workspace
EDR & Endpoint
  CrowdStrike Falcon · Malwarebytes · Falco
DLP & MDM
  Netskope DLP · Miradore MDM · Jamf · Intune · JumpCloud
SIEM & Email Security
  Wazuh · Elastic · Sublime Security
Cloud & CSPM
  AWS (GuardDuty · Inspector · CloudTrail) · Prowler
DevSecOps
  GitLab Ultimate (SAST · DAST · Trivy · KICS · Secret Detection)
Automation
  n8n · GoPhish · GenAI
PAM & VPN
  Teleport · OpenVPN · WireGuard · Pritunl
GRC
  Drata · ISO 27001 · SOC 2 · PCI DSS v4
Operating Systems
  macOS · Windows · Linux