IAM and Cloud Security Engineer with hands-on enterprise experience in Azure AD / Entra ID, identity lifecycle management, endpoint security, and PowerShell automation.
At YNAP (Yoox Net-A-Porter), I administer Azure AD / Entra ID with MFA and Conditional Access, managed DLP/GDPR compliance across NA/EU/APAC, and led a 400+ machine Windows 11 migration. I've automated 1,000+ user accounts via PowerShell and built identity and cloud infrastructure from scratch.
Currently pursuing CompTIA Security+ (Aug 2026) and SC-300: Microsoft Identity & Access Administrator (Sep 2026). Targeting a fully remote IAM or Cloud Security Engineer role.
| Project | What I Built | Stack |
|---|---|---|
| Okta Lifecycle Management | Full joiner-mover-leaver automation: CSV-driven provisioning, attribute-based group rules, SCIM 2.0 app provisioning, and two-stage deprovisioning with audit reporting | Okta · SCIM 2.0 · PowerShell · Universal Directory |
| Azure PIM Lab | Privileged Identity Management: eligible role assignments, MFA-gated activation, approval workflows, quarterly access reviews, and audit KQL queries | Entra ID · PIM · Graph API · PowerShell |
| PowerShell AD Automation | 3 production scripts: bulk user provisioning from CSV, inactive account deprovisioning with quarantine, and full access audit reporting | PowerShell · AD DS · RBAC |
| Azure Entra ID Lab | Conditional Access policies, MFA enforcement, SSPR, device compliance, and legacy auth blocking, with importable JSON policy templates | Entra ID · Intune · Graph API |
| Configuring Active Directory in Azure | Full AD domain from scratch: DCs, OUs, GPOs, user lifecycle, PowerShell bulk provisioning | Azure VMs · AD DS · PowerShell |
| Network File Shares and Permissions | RBAC-based file share access control using AD groups and permission inheritance | Active Directory · RBAC · Windows Server |
| Project | What I Built | Stack |
|---|---|---|
| Microsoft Sentinel SIEM Lab | Full SIEM deployment: log ingestion from Entra ID, 4 KQL detection queries (brute force, impossible travel, privileged activity, new admin alerts), and scheduled analytic rules | Sentinel · KQL · Log Analytics |
| Project | What I Built | Stack |
|---|---|---|
| Azure Network Protocols Lab | NSG rule configuration and live network traffic inspection across RDP, SSH, DNS, ICMP | Azure · NSGs · Wireshark |
| Azure Virtual Machine Setup | Foundation lab: provisioning and configuring Azure VMs for identity and cloud infra work | Azure · Windows Server |
Active cert prep logged daily in daily-security-log. Rotating through 14 IAM and Security+ concepts: Conditional Access, PIM, Zero Trust, RBAC, Hybrid Identity, Entra ID Protection, and more. Automated via GitHub Actions.
Identity & Access Azure AD / Entra ID · Active Directory · Okta · Duo MFA · SSO · RBAC · Conditional Access · PIM
Cloud Azure (VMs, VNets, NSGs) · DNS · DHCP · VPN · VDI · Microsoft Sentinel
Device Management SCCM · Jamf Pro · Intune · AirWatch · iOS/Android MDM · OS Imaging
Security DLP · GDPR · BitLocker · Zscaler · Endpoint Security · MFA · Firewall Policies · KQL
Automation PowerShell · AD Lifecycle Scripting · Bulk Provisioning · GitHub Actions
| Project | What I Built |
|---|---|
| osTicket: Installation | Full helpdesk stack on Azure (IIS, MySQL, PHP) |
| osTicket: Configuration | Roles, departments, SLAs, help topics |
| osTicket: Ticket Lifecycle | End-to-end ticket workflow simulation |
Open to fully remote IAM & Cloud Security Engineer roles · English / Spanish · Saddle Brook, NJ
