Salman Qazi

Spearheaded the integration of security controls into CI/CD pipelines using tools like GitLab CI integrating SAST reducing deployment vulnerabilities by 45%.

Designed and implemented a CI/CD-integrated solution to detect hardcoded secrets in source code, achieving 100% detection coverage with 80% accuracy, significantly reducing the risk of credential leaks.

Designed and implemented an automated solution to generate AWS access keys, store them securely in Secrets Manager, and retrieve them via a Slackbot, with built-in automatic key rotation — enabling 100% compliance with the 90-day access key rotation policy.

Built and maintained custom Kubernetes admission controllers (OPA/Gatekeeper) to enforce security policies i.e EKS security standards at deployment time, blocking non-compliant workloads.

Deployed container security solutions like WIZ to enforce image scanning, runtime protection, and policy enforcement across EKS

Integrated WIZ into CI/CD pipelines for automated scanning of containers, IaC, and code dependencies, reducing vulnerable image deployments by 70%.

Designed and implemented layered DDoS mitigation strategy using AWS Shield, WAF, and CloudFront, ensuring high availability during volumetric and application-layer attacks.

Integrated rate-based rules and IP reputation lists into AWS WAF to block malicious traffic, reducing attack surface by 80%.

Designed a GenAI-powered solution that analyzed AWS CloudTrail logs and enabled natural language querying via a Slackbot, significantly reducing manual log analysis effort and providing an intuitive interface for users unfamiliar with CloudTrail.

Designed and implemented IAM governance models using least privilege principles and automated guardrails with Terraform and AWS SCPs, reducing identity-related security incidents by 30% for AWS customers.

Worked with container security solutions like WIZ, Prisma to enforce image scanning, runtime protection, and policy enforcement across EKS and ECS clusters.

Orchestrated Incident Response and Forensics workflows with automated alert triage via SecurityHub, GuardDuty, and Lambda responders, achieving 5x faster MTTR.

Created detailed threat detection and alerting pipelines using AWS CloudTrail, EventBridge, and Lambda, enabling proactive monitoring of suspicious activity.

Provided security consultancy across multiple DevOps teams, standardizing practices for IaC, container security, and RBAC — aligning with NIST, CIS Benchmarks, and OWASP Top 10.

Led cloud security posture management (CSPM) efforts across AWS environments using tools like AWS Config, improving compliance scores for the customers.

Worked with customers to deploy vulnerability scanning pipelines using AWS Inspector for achieving compliance on high/critical CVEs.

• Integrated fixed wireless connectivity into facilities requiring high-speed networks.
• Created VPN infrastructure and allowed for secure remote connections.
• Analyzed, troubleshot and enhanced network performance to drive efficiency.