Manny Quartey

Lanham, MD | 202-878-5256 | Prodynamic.ITsolution@gmail.com

Cloud Security Engineer/Cloud Engineer / Information Security Analyst

PROFESSIONAL SUMMARY
Seasoned Professional with 10+ years of combined experience in cloud engineering and cyber security with a background in AWS/Azure
Architecture and Administration, Cloud Migration, Configuration Management, Build, Release Management and Data warehousing.
Experience with AWS security architecture, Microsoft Active Directory and ability to leverage expertise in cyber data and information,
analyze and identify data requirements. Proven success building Automation on AWS/Azure cloud environment with ability to utilize
various Cloud Services to create a highly available environment. Highly knowledgeable of TrendMicro, Kubernetes, Docker,
CloudWatch, CloudTrail, EC2, S3, CloudFormation, Splunk, Nessus and OpenVPN. Strong project management skills, analytical
problem-solving ability, excellent communication and interpersonal skills. Familiar with best practices for running and building scalable
applications in a containerized environment.
Experience and familiar with containers and container technologies such as Docker, Podman, kubernetes and similar tools. Build
images, push to ECR. Working experience on agile team by utilizing JIRA, Kanboard, Branching, sprint demos and backlog.

TECHNICAL SKILLS
 Operating System: Microsoft Windows7 - 11 • Windows Server • UNIX, Ubuntu • RHEL 7 • CentOS • Fedora and Kali Linux
 Application Software: Microsoft Office • Adobe Photoshop/Illustrator/Flash • MS Project •MS Visio • WinZip • Adobe Acrobat
5.0/6.0 • Acrobat PDF Writer • Internet Explorer, Lucichart
Databases: Oracle • SQL Server • MySQL• DynamoDB and PostgreSQL,
 Tools: Wireshark • Nessus Professional • Metasploit • Nmap • DbProtect • Microsoft Baseline Security Analyzer • BurpSuite •
Amazon Inspector • WebInspect, Splunk, ConfigOS,CloudTrail,Macie, CloudWatch
 Cloud: Azure, Google, Amazon AWS GovCloud, S3, EC2, CloudFormation, , Lambda, DynamoDB, AWS, Azure, VPC, EBS, IAM, , ELB
AutoScalingGroup(ASG), Route 53, CLI . Docker Container, Jenkins, Kurbenetes, Ansible,High Availability,JSON, YAML
 Methologies: Agile & Scrum, PMP ,Waterfall, ITIL,SDLC
 Misellaneous Knowledge & Experience : Contingency Planning, Disaster Response Planning,Cyber Security, DevSecOps, Client
Engagement,Confluence, Backup & Recovery, Artifactory, Mentorship & Facilitation, JIRA, NIST CyberSecurity Framework, Legal
Compliance, RMF, PKI,Quality Assurance, Vulnerability Assessment, Git,Helm chart, Configmap,Image ECR, Version Control

KEY SKILLS

 Team Leadership  Access Management  Performance Evaluation

 Cyber Security
 IT Audit/Risk Management
 Information Security
 Vulnerability & Risk Assessments
 Requirement Analysis
 Firewall Administration
 Customer Engagement
 Quality Assurance
 Gap Analysis and Remediation
 Risk Mitigation Planning
 Incident Response and Security
Strategy
 Complex Problem Solving
 Third-Party Risk Management
 Data Protection
 Project Management
 Excellent written and verbal
communication skills

PROFESSIONAL EXPERIENCE

Novetta/ Accenture
Information System Security Officer| Cloud Security Engineer | September 2021– Present
 Provide guidance and oversight into the implementation of security controls and other related security best practices by working
with software development teams
 Track and manage vulnerabilities of the software development process utilizing automated security tools. Tools include: Splunk,
Nessus, McAfee, ConfigOS
 Perform configuration, troubleshooting, and ongoing management of various cloud technologies in the customer’s environment
 Create the migration process of legacy systems to the AWS/Azure cloud by working with internal team
 Maintain compliance and governance across subscriptions in the tenant by implementing Azure Policies
 Ensure architecture and operations adheres to security guidelines and policies by partnering with Cloud Security and Cyber teams
 Identify, Select, and Implement applicable security controls for various operating systems and applications IAW NIST SP 800-37,
Risk Management Framework
 Meet requirements by reviewing technical security controls and implementation responses
 Conduct cloud system assessments, primarily with AWS (Amazon Web Services) by utilizing FedRAMP and NIST guidelines
 Implement Multi-Factor Authentication (MFA) on externally available servers and on AWS Console. IT automation utilizing Salt and
AWS CLI scripts
 Experienced with “on-premises to cloud” migrations and IT transformations with the aid of AWS solutions
 Develop reference architectures and proof of concept implementations of cloud security environments
 Document findings within Requirements Traceability Matrixes (RTMs) and Security Assessment Reports (SARs)
 Identify client challenges and develop creative solutions in close collaboration with clients and Data & analytics practice at LTI
 Implement pipeline for applications in Jenkins using pipeline-as-a-code while enforcing governance by executing service catalog
for cloud resources
 Experienced in working in a DevSecOps environment, and familiar with source code control and CI/CD pipelines and related
systems
 Strong knowledge of the various security solutions, such as AV, IPS, IDS, SIEM, VPN, DNS, firewalls, proxies, etc.
 Experienced with CI/CD and containerization related management stacks like Docker, ECS, EKS, Jenkins and Kubernetes.
 Experienced on AWS Infrastructure services such as but not limited to EC2, Route53, S3, Workspaces, CloudWatch, CloudTrail,
Automation deployment, RDS, Lambda, IAM & Governance, Organizations, EBS Storage & Snapshots replication, Tagging, VPCs,
Security Groups, Load Balancers, VPN Gateway, Data and Server migrations, Cloud Endure, and AWS CLI.

Asymmetric Warefare Group – Yorktown System Group,Fort Meade, M.D.

Information Security Auditor | March 2021- July 2021
 Worked closely with the SSO to implement network security.
 Created RFC documentations to request changes to their current network diagram
 Work with the cloud team to deploy AWS network infrastructure to connect on-premise datacenter to AWS cloud.
 Meet requirements by reviewing technical security controls and implementation responses
 Conducted cloud system assessments, primarily with AWS (Amazon Web Services) by utilizing FedRAMP and NIST guidelines
 Implemented Multi-Factor Authentication (MFA) on externally available servers and on AWS Console. IT automation utilizing Salt
and AWS CLI scripts
 Documented findings within Requirements Traceability Matrixes (RTMs) and Security Assessment Reports (SARs)
 Managed AWS EC2 instances along with EBS and S3 Services
 Actively involed in AGILE/SCRUM metholodgies while executing the project
 Involed in providing Demo to customers on product (CI/CD pipeline) and its features.
 Created S3 buckets storage and restricting access to buckets and directories to specific IAM users
 Worked with Cloudwatch, CloudTrail Amazon Inspect to monitor instances and AWS infactructure for compliance.
 Onboarded and supported several Mobile iOS and android applications onto jenkins CI/CD pipeline and manage Docker
orchestration and docker containerization using Kubernetes

Department Of Homeland Security – Perspecta, Washington, D.C.

Senior Information Security Auditor III | October 2019 – May 2021
 Analyzed System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test & Evaluation
(ST&E) and the Plan of Actions & Milestones (POA&M)
 Developed, captured and documented To-Be architecture for applications migrating to AWS/Azure.
 Documented findings within Requirements Traceability Matrixes (RTMs) and Security Assessment Reports (SARs)
 Oversaw the management and administration of AWS Services CLI, EC2, Direct Connect, Cloud Formation, S3, ELB, Glacier,
CloudWatch,CloudTrail, IAM, & Trusted Advisor services
 Determined the adequacy and effectiveness of internal controls and compliance with regulations by evaluating business
processes, and executing audit test programs
 Experienced in working in a DevSecOps environment, and familiar with source code control and CI/CD pipelines and related
systems
 Hands on & expert in AWS eco system. Experienced in data migration to AWS.
 Capable of identifying client challenges and develop creative solutions in close collaboration with clients and Data & analytics
practice at LTI.

U.S. Department of Justice (DOJ) – Washington, D.C.

Information Security Analyst | April 2018 – September 2019
 Conducted cloud system assessments, primarily with AWS (Amazon Web Services) by utilizing FedRAMP and NIST guidelines
 Implemented Multi-Factor Authentication (MFA) on externally available servers and on AWS Console. IT automation utilizing Salt
and AWS CLI scripts
 Reviewed and interpreted Nessus Vulnerability and Compliance scans with ability to execute Security Assessments, and deliver
supporting documentation within aggressive timelines
 Developed and delivered supporting documentation within aggressive timelines by executing Security Assessments as well as
review Nessus Vulnerability and Compliance scans
 Assessed systems of varying scope and complexity and comprised of various technologies
 Comprehensive server level logging and reporting solution of Rsyslog, Elastic Load Balancer (ELB), and Splunk
 Generated security documentation, including: security assessment reports; system security plans; contingency plans; and disaster
recovery plans
 Designated systems and categorized its C.I.A using FIPS 199 and NIST SP 800-60
 Protected the security and integrity of information systems and data by developing coordinating, implementing and maintaining
standards and procedures
 Researched and recommended innovative, and where possible, basic automated approaches for system administration tasks
 Interacted with cyber intelligence analysts conducting threat analysis operations as well as numerous IT professionals performing
varying technical roles within the client organization

Infotek (ITK) - Columbia, MD

Cyber Security Analyst | August 2016 – April 2018
 Generated security documentation, including: security assessment reports; system security plans; contingency plans; and disaster
recovery plans
 Designated systems and categorized its C.I.A using FIPS 199 and NIST SP 800-60
 Protected the security and integrity of information systems and data by developing coordinating, implementing and maintaining
standards and procedures
 Researched and recommended innovative, and where possible, basic automated approaches for system administration tasks
 Interacted with cyber intelligence analysts conducting threat analysis operations as well as numerous IT professionals performing
varying technical roles within the client organization
 Monitored controls post authorization to ensure constant compliance
 Conducted Certification and Accreditation (C&A) on major applications following the Risk Management Framework (RMF) from
Categorization through Continuous Monitoring using the various NIST Special Publications to meet the necessary Federal
Information Security Management Act (FISMA)
 Developed System Security Plan (SSP), Security Assessment Report (SAR) and POA&Ms, presented to the Designated Approving
Authority (DAA) to obtain the authority to operate (ATO)
 Conducted security assessments on major applications, updated POA&Ms with findings and monitored for remediation deadlines
 Assessed systems of varying scope and complexity and comprised of various technologies.
 Created standard templates for required security assessment and authorization documents, including risk assessments, security
plans, security assessment plans and reports, contingency plans, and security authorization packages
 Provided weekly status reports on ongoing tasks and deliverables

Aquilent –Allied Universal – Laurel, MD

Security Specialist | 2012 - 2018
 Assist Users in and out of the building on a regular basis.
 Perform Paremeter checks on Security Server rooms to ensure doors are secure.
 Check Control access and report to Authorizing official of any issues
 Conduct Log reviews and report any incident to Stakeholders

CLEARANCES
DoD Secret Clearance
Active High Risk Public Trust Clearance
Current DHS EOD

CERTIFICATIONS

CompTIA Security + (CE)

CompTIA Linux +
CompTIA CySA +
CompTIA CASP +
Certified Information Systems Security Professional (CISSP) in progress
Certified Ethical Hacker (CEH)
Certified Information Security Manager (CISM)
Certified Information Security Auditor (CISA)
AWS Certified Solution Architect – Associate
AWS Certified Security -Specialty
Microsoft Azure solutions Architect Associate
Microsoft 365 Security Administrator
Splunk Core Certified User
ITIL V4

EDUCATION

Bachelor of Science - Cybersecurity in Information Assurance -2021

Western Governor University