Security Engineer at Meijer (2026-01 – Present)
- Administer ZPA connector groups and deploy Sarge Manager updates to improve platform stability, resilience, and service performance across the environment.
- Renew and validate application certificates in the ZPA Admin Portal to maintain secure application access and prevent service interruptions.
- Build Log Streaming Service (LSS) integrations into Microsoft Sentinel to improve security visibility, telemetry correlation, and threat analysis for Zscaler activity.
- Create KQL functions, parsers, and playbooks to enrich ZPA telemetry and automate triage and investigation workflows within the SIEM.
- Performed IdP integration with Entra ID for Zscaler to support identity-aware access and strengthen Zero Trust authentication flows.
- Migrate applications from discovery into granular, least-privilege ZPA segments, reducing attack surface and strengthening Zero Trust access controls.
- Produce runbooks, KB articles, and onboarding documentation to support steady-state ZPA operations, troubleshooting, and continuous process improvement.
- Provide engineering guidance on Zscaler Deception deployment to enhance lateral-movement detection and improve internal threat visibility.
Security Engineer at EY (2025-08 – 2026-01)
- Designed and recommended enterprise-scale Zscaler ZIA/ZPA architectures supporting 5,000+ users and 10,000+ IoT/OT devices during a large industrial spin-off, aligning secure access strategy to a Zero Trust operating model.
- Advised on SD-WAN-adjacent branch and manufacturing connectivity strategy for 40+ global sites, helping transition users and systems from legacy VPN-dependent access patterns toward segmented Zero Trust access.
- Delivered ZIA policy design recommendations for cloud and hybrid environments, including URL filtering and DLP-aligned controls to protect intellectual property and sensitive industrial data.
- Guided identity federation and access design with Azure AD to support secure, seamless access to shared services during transition-state operations.
- Led ZPA application discovery and segmentation planning to define least-privilege access paths for workforce and operational technology use cases.
- Partnered on compliance and data residency considerations across North American and European operations, aligning Zscaler design decisions with business, legal, and regulatory requirements.
Security Engineer at TekSystems (Department of Homeland Security) (2025-04 – 2025-07)
- Managed the full lifecycle of Zscaler accounts, including provisioning, modification, and deprovisioning, to enforce role-based access controls and maintain a secure, compliant user environment.
- Executed phased decommissioning of RHEL 8 ZPA App Connectors and migrated configurations to RHEL 9, improving platform supportability and security compliance.
- Deployed and configured Splunk and CrowdStrike agents on Zscaler App Connectors to expand endpoint telemetry, monitoring, and threat detection coverage.
- Supported secure onboarding and privileged access administration in CyberArk, configuring access roles and responding to privileged access workflows.
- Performed maintenance and troubleshooting across CyberArk components including CPM, PSM, and PVWA to sustain operational availability.
- Applied security policy controls to access requests and connector operations in a federal environment with strong compliance requirements.
Security Engineer at LaSalle Network (Home Partners of America) (2024-07 – 2025-04)
- Led deployment of Zscaler ZPA and ZPA China Premium for 1,500 endpoints, expanding secure remote access and strengthening the organization's Zero Trust posture.
- Implemented DLP policies using RegEx patterns to identify and control sensitive data across structured and unstructured content.
- Analyzed and responded to Darktrace alerts to identify potential threats, anomalous behavior, and indicators of compromise in real time.
- Used threat intelligence and behavioral analytics to proactively investigate advanced threats and insider risk activity across the environment.
- Optimized Microsoft Defender for Endpoint EDR capabilities to improve endpoint threat detection, automated response, and investigation readiness.
- Supported endpoint-aligned access protection by combining Zscaler remote access controls with endpoint detection and monitoring technologies.
Security Engineer at Brown-Forman (2022-08 – 2024-02)
- Led enterprise deployment of Zscaler ZIA and ZPA for 5,000 endpoints, improving secure remote access and modernizing the organization's access security architecture.
- Implemented SSL certificates, strong cipher configurations, and PKI-supported inspection controls to secure communications and align with security standards.
- Developed and enforced DLP policies using RegEx to better protect sensitive business data and reduce exfiltration risk.
- Orchestrated migration from Carbon Black EDR to Microsoft Defender for Endpoint while maintaining uninterrupted endpoint protection coverage.
- Designed Splunk dashboards, detections, and use cases that improved incident response efficiency, blocked malicious traffic, and increased analyst effectiveness.
- Implemented access approval workflows that strengthened identity validation and reduced phishing and unauthorized access exposure.
- Contributed to Zero Trust and SASE-aligned security modernization by integrating endpoint, identity, inspection, and access enforcement capabilities.
Security Engineer II at CBTS Technology (Fifth Third Bank) (2021-06 – 2022-08)
- Supported Zero Trust Network Access initiatives using GRE tunnels, secure access controls, and threat monitoring to improve least-privilege connectivity.
- Led deployment of Zscaler ZIA for 2,750 endpoints, strengthening secure internet access and centralized policy enforcement.
- Built custom Splunk dashboards and monitoring content for real-time visibility, detection, and operational response.
- Partnered with infrastructure and security teams to optimize access performance, run assessments, and improve standard operating procedures.
- Used threat intelligence and security analytics to uncover previously unknown threats and focus analyst investigations on the highest-risk activity.