Serverless Image Converter
S3 → Lambda (Sharp) → S3 pipeline with event-driven processing, IAM least-privilege, and CloudFront delivery. Includes CORS hardening.
AWSLambdaS3CloudFrontTerraform
Designing resilient clouds. Securing what matters.
I'm Umber — Cloud & Security Engineer focused on AWS, CyberArk, and DevOps automation. I build reliable systems, lock down access, and make dashboards that sing.
AWS • Serverless • IaC
CyberArk L2 • PSM SME
SOC • Threat Detection
Terraform • Python • Bash
Featured Projects
A curated set of hands-on builds. Filter by stack to jump fast.
CyberArk PAM in a Secure VPC
Reference architecture for Vault, PVWA, and PSM across private subnets with NAT, ALB, WAF, and session recording. Automated with IaC.
CyberArkVPCWAFALBTerraform
Automated Email Sender
SES-backed transactional email via API Gateway + Lambda. Signature validation, DLQ, and observability with CloudWatch.
API GatewayLambdaSESCloudWatch
Tailscale Exit Node Fleet
Multi-region exit nodes with route advertisements, health probes, and auto-recovery scripts on GL.iNet/OpenWrt.
TailscaleOpenWrtBash
S3 Static Site + CF + WAF
Hardened static hosting with OAC, versioned deploys, HSTS, and bot control. Blue/green invalidations for safe rollouts.
S3CloudFrontWAF
GuardDuty + Security Hub Baseline
Org-wide enablement with delegated admin, auto-enrollment, and finding export to S3/Lake. All via Terraform.
GuardDutySecurity HubTerraform
Skills & Tools
The toolkit I reach for to build, break (safely), and harden.
Cloud
AWSIAMEC2S3CloudFrontRDSVPC
Security
CyberArkPSMWAFGuardDutySecurity Hub
DevOps
TerraformGitHub ActionsDockerBashPython
Networking
TailscaleWireGuardOpenWrtDNS
Experience
Key roles and impact across cloud, security, and infrastructure engineering.
Privileged Cloud Engineer — CyberArk
Built and operated HA CyberArk PAM (CPM/PSM/PVWA/Vault/CM) in AWS/Azure; integrated Splunk & QRadar for live session monitoring; automated onboarding via REST + PowerShell (~30% efficiency gain); designed DR/failover targeting 99.99% uptime; tightened network controls (firewalls, VPNs, tunnels) and aligned PAM to least-privilege/zero-trust with ISO 27001/CIS.
Freelance Web Developer — Taza Negra
Delivered a Next.js storefront with Stripe + Skydrop logistics, subscription checkout, and a non-technical admin dashboard; launched under budget in 3 weeks, enabling subscription revenue and smoother ops.
Implementation Specialist / System Engineer — Yardi Systems
Led Voyager 8 deployments with Amazon Aurora; enforced Azure tenant isolation & RBAC; designed HA across DB/app layers; investigated performance using targeted SQL diagnostics to resolve root causes.
Technical Support Specialist — SkyBell Technologies
Administered Microsoft 365 (Exchange/SharePoint/Teams) and Azure AD; managed hybrid AD and VDI rollout; handled patching/endpoint controls to secure remote-first operations.
Certifications
CompTIANetwork+
CyberArkDefender • L2 / PSM SME
AWSSolutions Architect (in progress)
Let's build something solid.
Got a project, an interview, or a thorny incident? Drop a line — I reply fast.