Manisha Kabir

Security Engineer I with CEH certification and 5+ years of IT experience, including cloud and application security. Founded and led a security team, driving key initiatives in AWS security, threat detection, and compliance (SOC 2 Type 2, ISO 27001). Skilled in security automation, secure coding practices, with a working knowledge of coding to enhance security solutions. Self-driven and passionate about security, thriving in fast-paced environments where I can make a real impact. Always eager to take on challenges, innovate, and strengthen defenses in cybersecurity.

• Security Engineer I, Evertz Microsystems, 10/01/23, Present, Founded and led a 3-member security team, enabling developers to adopt secure coding, best practices, automated security checks., Ongoing implementation of SOC 2 Type 2 and ISO 27001 compliance using Vanta to identify and address security gaps in infrastructure and processes., Leading security retrospectives and review calls with global dev teams on best practices and security patches., Developed detailed security policies for AWS cloud resources (S3, EC2, etc.), covering encryption, access controls, and compliance best practices., Implementing custom AWS Config rules and Cloud formation Guard rules to detect and prevent security misconfiguration., Automated security checks using GitHub Actions to enforce Cloud-formation Guard scans, warning in PR's for compliance., Integrated AWS Security Hub for continuous monitoring, enabling proactive threat detection and compliance enforcement, and used Amazon Inspector to identify security issues in EC2 instances., Utilized AWS Access Analyzer to continuously monitor and identify unintended public access to resources like SNS, ensuring compliance and security., Eliminated direct SSH access to all EC2 instances by implementing AWS Systems Manager, enhancing security and access control., Generated SBOM using Syft and scanned vulnerabilities with Grype for the Amazon AMI build process, integrating results into GitHub workflows for visibility and compliance., Experience with Infrastructure as Code (IaC) to automate and secure AWS resources, using CloudFormation for provisioning and enforcing security policies., Automated security standards using GitHub Actions, including auto-approval for dependency upgrade PR's to ensure secure and up-to-date dependencies., Created manual security test suite for QA covering OWASP scenarios (SQL injection, XSS, CSRF) to validate security controls before deployment., Participated in API planning discussions to integrate authentication, rate limiting, encryption, and secure communication from the design phase., Configured Dependabot tool to automate dependency updates and enhance security across repositories., Configured SonarQube for automated code analysis, ensuring code quality and security compliance.
• QAE III | QAE II (Automation), 10/01/21, 10/01/23, Transitioned from QA Automation to Security Engineering by leading a POC for security testing., Automated API testing using Python, Pytest, and Postman., Maintained and improved OpenAPI spec files for accurate API documentation., Developed and maintained a security test suite for continuous validation.
• Software Test Engineer (Automation) II, Neutrinos, 06/01/19, 10/01/21, Strong experience in JavaScript automation (WebdriverIO, Puppeteer, Spectron, Appium)., Worked with SQL and NoSQL databases (MongoDB)., Worked with CI/CD pipelines, Jenkins, and Git., Maintained and upgraded automation frameworks., Tested microservices APIs using Postman., Automated API testing with a focus on authentication and security., Collaborated with dev teams, BA's, conducted knowledge transfers, and participated in technical interviews for team hiring process., Performed security bug validation and regression testing using Burp Suite.

Certified Ethical Hacker(CEH)- ECC7061943852 - Active