Home

Omiodjo Donadje

Cloud Security Engineer | AWS Security Specialist | Cloud Compliance Expert

About

Cloud security professional with 6+ years of consulting experience across security engineering, security architecture, software development, and GRC. Design secure cloud solutions across AWS and Salesforce, lead small teams, and partner with stakeholders through architecture reviews and structured problem-solving. Support audit readiness through SSP maintenance and NIST 800-53-aligned compliance work.

Skills

GRC (Governance, Risk & Compliance)

Risk governance, compliance frameworks, and audit readiness.
  • Control framework implementation: NIST SP 800-53, NIST CSF
  • RMF execution: categorize, select, implement
  • Security artifacts: SSP creation/maintenance and audit evidence
  • Policy/standards development: baselines, procedures, security standards
  • Security governance: operating cadence, boards, metrics/KPIs

Cloud & Enterprise Platforms

Secure cloud foundations, network design, and identity patterns.
  • Platforms: AWS, Azure, Salesforce
  • Networking foundations: VPC/VNet design, routing, DNS, private connectivity
  • Identity & access model: RBAC/roles/groups, federation patterns, least-privilege design
  • Logging & monitoring foundations: enablement, centralization, retention patterns
  • Landing zone/baseline guardrails: account/subscription strategy, environment separation

Security Architecture

Controls, threat modeling, and security design reviews.
  • Security requirements and control mapping
  • Threat modeling and attack surface analysis
  • Secure SDLC/DevSecOps design: security gates, pipelines, review patterns
  • Tooling integration architecture: fit tools into delivery workflows
  • Architecture reviews: risk tradeoffs, recommendations, sign-offs

Security Engineering

Hardening, vulnerability management, and security operations.
  • IAM operations: provisioning, access reviews, least-privilege enforcement
  • Secure configuration & hardening: baseline definition and enforcement
  • Vulnerability management: validation, prioritization, false-positive handling, remediation tracking
  • Security automation: scripts, auto-remediation, reporting
  • Incident response support: triage support, evidence collection, runbooks

Automation & IaC

Infrastructure automation and secure delivery pipelines.
  • IaC design & best practices: reusable modules and patterns
  • Environment automation: repeatable deployments, parameterization
  • Secure CI/CD controls: approvals, least privilege, secrets handling
  • Automation scripting: Python/TypeScript for security tasks

Tools

Cloud security tooling for detection, compliance, and scanning.
  • CNAPP / CSPM: Wiz
  • Vulnerability management: Qualys, AWS Inspector
  • Threat detection: Amazon GuardDuty
  • Cloud compliance / auto-remediation: AWS Config, AWS Systems Manager
  • SSPM / AppSec scanning: AppOmni, EzProtect, DigitSec

Projects

AI agent using AWS Strand and OWASP Top 10 LLM

Design phase

Building an AI Agent on AWS using AWS Strands with safe deployment guidance: least-privilege tool access, prompt-injection resistance, sensitive-data redaction, and audit logging. Evaluating against the OWASP Top 10 for LLM Applications.

AWS StrandsAI SecurityOWASP LLM Top 10

NIST 800-53 Control Validation Library

Not started

Building reusable control “playbooks” that translate NIST 800-53 requirements into implementation guidance, required evidence, and validation procedures. Starting with documentation-first MVP for high-impact families like Access Control and Audit on AWS.

NIST 800-53AWSGRC

Security Control Coverage Analyzer

Done

A visibility tool that analyzes an AWS account and produces a Control Coverage Report showing what security capabilities exist, what is missing, and what to prioritize next—without duplicating Security Hub or AWS Config.

AWSSecurity CoverageAssessment
GitHub ->

Progress so far:

  • Implemented account analysis and coverage scoring logic
  • Generated Control Coverage Report with gaps and priorities
  • Documented setup and usage in the repository

Experience

Sep 2025 - Present

Cloud Architect and Security Engineer (Large Retail Company)

Serve as Lead Security Architect for an AWS-based agentic solution integrating with SAP; owned security architecture decisions and security outcomes across workstreams.
  • Architected and built the end-to-end Okta PKCE authentication flow on AWS using API Gateway and Lambda
  • Partnered with stakeholders to validate authentication architecture and security controls
  • Led DevSecOps delivery by creating Terraform IaC modules and secure-by-default patterns
  • Drove production readiness via code reviews, SAST/Wiz remediation, and security best practices

Sep 2024 - Sep 2025

Cloud Security Engineer and GRC Lead (Large State Agency)

Owned the security compliance strategy for 31 enterprise apps (Salesforce, Workday, MuleSoft, Azure) aligned to NIST 800-53 Moderate and NIST RMF.
  • Led GRC implementation of 270 controls, compliance documentation, and audit readiness
  • Developed and maintained SSP/SMP and documented control implementation details
  • Performed vulnerability management and security risk assessments aligned to NIST 800-53
  • Integrated AppOmni, EzProtect, and DigitSec to detect misconfigurations and policy violations

Jun 2023 - Sep 2024

Cloud Security Engineer (Large State Health Department Agency)

Led access control for 500+ users across AWS, Salesforce, and Azure.
  • Led a team of 3 access control specialists managing user access and permissions
  • Improved documentation to reduce onboarding/offboarding time by 30%
  • Acted as AWS SME for security reporting, audits, and automation (25% time reduction)
  • Performed S3 audits and lifecycle policies to reduce storage costs by 50%
  • Supported incident response with forensic and configuration data collection
  • Leveraged GuardDuty, Inspector, and Qualys for endpoint protection

Mar 2022 - Jun 2023

Cloud Security Engineer (Large Insurance Company)

Contributed to a secure multi-cloud automation platform for AWS spoke VPCs and Azure integration.
  • Built reusable libraries for deployment/import of spoke networks and routing appliances
  • Enabled integration of VPC endpoints, NAT gateways, Internet gateways, and CloudWAN
  • Reduced provisioning time by 40% and increased reusability by 20%

Apr 2021 - Mar 2022

Cloud Security Engineer (Large Electronic Company)

Owned the logging aggregation platform and led delivery improvements.
  • Product owner for logging aggregation; prioritized stories and stakeholder delivery
  • Led a team of 5 to enable multi-region support and SIEM integration
  • Improved security with S3 bucket encryption and data backup recommendations
  • Closed encryption and logging gaps using NIST SP 800-57 and NIST SP 800-92

Feb 2020 - Apr 2021

Cloud Architect (Large Insurance Company)

Designed logging pipelines and compliance automation on AWS.
  • Built modules for CloudTrail/ELB/NLB/CloudFront log aggregation and S3 lifecycle policies
  • Improved onboarding by 50% with documentation and training
  • Refactored code to improve reusability and reduce monthly cost by 10K
  • Auto-remediated noncompliant EC2 and S3 using AWS Config and Systems Manager

Certifications

Microsoft Azure Fundamentals

Cloud fundamentals and core Azure services.

AWS Certified Security - Specialty

AWS security architecture, threat detection, and incident response.

Contact

Feel free to reach out if you want to connect or have any questions.

Email me LinkedIn