About
Cloud Security Engineer with 4+ years of experience in designing, implementing, and managing cloud and network security controls in enterprise environments. Strong expertise in Cloudflare WAF, Azure Firewall, and Azure-native security services to protect web applications from OWASP Top 10 vulnerabilities, Layer 7 DDoS attacks, and automated bot traffic. Proven skills in integrating cloud security logs and telemetry into Azure Sentinel (SIEM) for centralized monitoring, threat detection, and incident correlation using KQL queries. Experienced in security incident response, root cause analysis, vulnerability assessment, and remediation. Solid background in Azure networking security including NSGs, ASGs, hybrid cloud architectures, and collaboration with SOC, cloud engineering, and application teams to improve security posture, availability, and compliance.
Skills & Expertise (20)
Work Experience
Cloud Security Engineering
Persistent Systems
Jan 2022 - Present
Implemented and managed Cloudflare WAF security policies to protect web applications against OWASP Top 10 threats including SQL Injection, Cross-Site Scripting (XSS), Remote File Inclusion, and command injection attacks. Configured and optimized Cloudflare WAF rules, custom firewall rules, rate limiting, and bot protection controls to mitigate Layer-7 DDoS attacks, automated bot traffic, and application-layer threats. Integrated Cloudflare and Azure security telemetry into Azure Sentinel SIEM, enabling centralized log monitoring, threat detection, incident correlation, and automated alerting using KQL-based analytics rules. Deployed, configured, and managed Azure Firewall policies to enforce network segmentation, control inbound and outbound traffic, and secure Azure workloads in hybrid and cloud-native environments. Monitored real-time application traffic, firewall logs, and threat intelligence feeds to proactively identify suspicious activity, indicators of compromise (IOCs), and potential security incidents. Investigated and responded to security incidents and alerts generated from SIEM, WAF, and firewall platforms, performing root cause analysis, impact assessment, and remediation actions. Performed continuous tuning and optimization of WAF and firewall rules to reduce false positives, improve detection accuracy, and ensure optimal application performance and security posture. Conducted vulnerability assessments and analyzed security findings, coordinating remediation efforts by implementing WAF virtual patching and firewall policy updates to mitigate identified risks. Implemented Azure network security controls including Network Security Groups (NSGs), Application Security Groups (ASGs), and Azure Firewall, ensuring secure communication between Azure resources. Managed and supported enterprise load balancers, firewall infrastructure, and cloud security controls, ensuring high availability, secure traffic flow, and uninterrupted business operations. Monitored, analyzed, and responded to SIEM alerts using Azure Sentinel, correlating events across multiple sources to detect advanced threats and unauthorized access attempts. Performed detailed security log analysis using SIEM and cloud security tools to identify anomalies, investigate suspicious behavior, and strengthen threat detection capabilities. Provided escalation support for critical and high-severity security incidents, coordinating with SOC, cloud, and infrastructure teams to ensure timely containment and remediation. Maintained comprehensive security documentation including firewall rules, WAF configurations, incident reports, and operational procedures to ensure compliance and operational consistency. Collaborated closely with cloud engineering, SOC, and application teams to implement security best practices, improve cloud security posture, and ensure secure deployment of applications and services.
Education
B. Tech (CSE) - Holy Mary Institute of Technology and Science
- 2020 · Afghanistan
Certifications
Zscaler ZIA Administrator
· 2026
