Security Engineer focused on cloud security, detection engineering, and making security actually scale. I spend most of my time in AWS, building things with Terraform, and trying to automate my way out of manual work.
I've led and contributed to security programs across cloud infrastructure, detection engineering, compliance, and automation. Some highlights:
- SIEM at scale β designed and scaled an Elastic SIEM ingesting ~185M events/day from AWS CloudTrail, Okta, and Cloudflare. Built ML-based anomaly detection and defined long-term detection strategy.
- Cloud vulnerability management β overhauled the vuln management program across 500+ EC2 instances. Implemented auto-patching via AWS Systems Manager, built an Inspector-based reporting pipeline in Looker, and automated AMI updates via Renovate.
- CNAPP migration β led migration from a third-party CNAPP to native AWS services (Inspector + Resource Explorer), saving ~$103k/year while keeping parity on coverage.
- EDR rollout β deployed container and host-level EDR across 6 Kubernetes clusters and 500+ EC2 instances. Refactored Helm charts to support ongoing scalability.
- Cloudflare security β managed configs across 15+ zones, migrated legacy rules, hardened ciphers for PCI DSS, and onboarded Bot Management blocking ~120k malicious requests daily.
- Compliance β supported ISO 27001 and ISO 27701 audits, owning evidence for network, infrastructure, and IAM controls.
Cloud & infra: AWS (Inspector, Systems Manager, CloudTrail, Resource Explorer), GCP, Cloudflare
Detection & response: Elastic SIEM, EDR (container + host), ML-based anomaly detection
IaC & automation: Terraform, Helm, Renovate, Vanta
Compliance: ISO 27001, ISO 27701, PCI DSS
- Cloud-native security tooling and reducing dependency on third-party SaaS where native does the job
- Detection engineering at scale β signal quality over alert volume
- Security automation that engineers actually want to use
Based in Poland π΅π± β open to connecting on LinkedIn