Security
engineering,
at scale.

I build and operate the security infrastructure organisations depend on — from architecting enterprise SIEM platforms and writing detection logic that fires on real threats, to hardening cloud environments on AWS with IAM guardrails, automated compliance, and infrastructure-as-code. Full-stack security: platform, detection, and cloud.

View research → Get in touch Download CV
GitHub LinkedIn
profile.rule.yml
# engineer signature rule id: 100247 level: 12 # high signal role: Senior Security & Cloud Engineer focus: - SIEM architecture & detection engineering - cloud security on AWS & multi-cloud - incident response & threat hunting clouds: AWS # primary, multi-cloud capable techniques: IaC · PCRE2 · MITRE ATT&CK · CTI reach: 100,000+ professionals
EVALUATING…
0+
years in security
0K+
professionals reached
0+
detection rules engineered
0
publications & projects
[ WHAT I DO ]

Security at every layer of the stack.

Platform engineering, detection logic, cloud security, and offensive validation — across the full security lifecycle.

// platform

SIEM Architecture

Enterprise-scale SIEM across multi-cloud environments — designed for resilience, multi-site, and the volume real SOCs run at.

Wazuh · Splunk · AWS EKS · Terraform · NIST 800-53
// logic

Detection Engineering

200+ detection rules mapped to MITRE ATT&CK using PCRE/PCRE2 — cutting noise, raising coverage by 45%, and driving threat hunting operations.

PCRE2 · MITRE ATT&CK · Wazuh CTI · YARA · Suricata
// cloud

Cloud Security Engineering

Hardened, multi-account AWS environments built entirely in code — IAM guardrails, centralized logging, GuardDuty, and automated compliance. Patterns that travel across clouds.

AWS · Terraform · IAM/SCPs · GuardDuty · CloudTrail
// defense

Incident Response & Forensics

End-to-end IR from detection through containment — memory forensics with Volatility3, IOC extraction, root cause analysis, and post-incident reporting at a 98% SLA.

Volatility3 · Wireshark · STRIDE · NIST CSF · CAINE
[ CAREER ]

Engineering security at every layer.

A clear progression from infrastructure operations to enterprise security engineering and cloud architecture.

Security Engineer
Wazuh Inc. · San Jose, USA (Remote)
May 2023 — Present
Engineered 200+ custom MITRE ATT&CK-mapped detection rules, architected multi-node SIEM clusters across AWS and Azure, designed cloud security monitoring pipelines with GuardDuty and Security Hub, and automated CIS Benchmark compliance across 1,000+ endpoints. Research adopted by 100K+ security professionals worldwide.
Security Researcher
Innopolis University · Innopolis, Russia
Aug 2022 — May 2024
Conducted memory forensics with Volatility3, hardened AWS infrastructure with least-privilege IAM and GuardDuty, performed STRIDE threat modeling identifying 25+ threat scenarios, and integrated SAST/DAST pipelines (Snyk, SonarQube, StackHawk) reducing critical vulnerabilities by 35%.
Infrastructure Security Engineer
Hardcore Biometric Systems · Abuja, Nigeria
Nov 2021 — Jul 2022
Deployed a centralised SIEM across 200+ servers ingesting Windows Event Logs, Syslog, and firewall syslogs. Configured Suricata IDS/IPS, built and tuned SIEM correlation rules, and automated infrastructure provisioning with Terraform, Ansible, Kubernetes and Docker — cutting deployment time by 50%.
Technical Support Engineer
Zeta-Web · Abuja, Nigeria
Aug 2019 — Oct 2021
Administered and hardened Linux and Windows systems to CIS baselines, maintained patch compliance across 400+ endpoints, and monitored enterprise infrastructure using PRTG and WhatsUp Gold, reducing network downtime by 35%.
IT Technician
Multichoice · Port Harcourt, Nigeria
Dec 2018 — Aug 2019
Supported 300+ end users across LAN, WAN, and VSAT environments. Resolved OS and application issues reducing business downtime by 60%, and produced IT documentation covering incident workflows and network topology.
[ FEATURED BUILDS ]

Projects.

Production-grade security engineering work — from cloud infrastructure to defence frameworks.

// cloud security

AWS IAM Cloud Security Portfolio in progress

A production-grade, multi-account AWS security environment built end to end in Terraform. Two-account organisation (Security + Dev) with centralised logging, continuous IAM audit, and preventative guardrails that block dangerous actions before they happen — every resource defined as code.

infra: Terraform · AWS Organizations · S3/DynamoDB state
visibility: CloudTrail · AWS Config · IAM Access Analyzer
prevention: Service Control Policies · permission boundaries · break-glass roles
automation: Python · Lambda · EventBridge
View on GitHub →
// cyber defence framework

ShadowMatrix CDF in progress

A unified cyber defence framework purpose-built to act as a coordination layer for SOC operations — integrating threat detection, intelligence correlation, and response orchestration across distributed environments. Designed to bridge the gap between raw telemetry and actionable defence.

core: Threat Detection · Intelligence Correlation · Response Orchestration
integration: SIEM · CTI Feeds · MITRE ATT&CK · SOAR
scope: SOC Automation · Distributed Environments · Multi-source Telemetry
Visit project →
[ PUBLISHED WORK ]

Research & documentation.

Peer-reviewed journals, official product documentation, and technical deep-dives — read by security teams worldwide.

[ SKILLS & TOOLS ]

Built from real-world operations.

Skills and tools accumulated across 6+ years of security engineering, research, and infrastructure roles.

// security operations

SIEM Engineering Detection Engineering Threat Hunting Alert Tuning & Correlation Log Source Onboarding Identity & Access Management Malware Analysis Threat Intelligence Incident Response Digital Forensics Zero Trust Architecture Purple Team Operations Security Architecture

// siem, xdr & monitoring

Wazuh SIEM & XDR Splunk Microsoft Sentinel FortiSIEM ELK Stack NewRelic Shuffle SOAR PRTG Network Monitor WhatsUp Gold

// security tools

Volatility3 Burp Suite Nmap Wireshark Metasploit Hashcat OWASP ZAP Caine Linux Suricata IDS/IPS YARA HashiCorp Vault StackHawk

// cloud security (aws)

GuardDuty Security Hub CloudTrail AWS Config IAM / SCPs KMS Shield / WAF Secrets Manager Access Analyzer EC2 / EKS / RDS VPC / S3 / Lambda Route53 / DynamoDB

// automation & devsecops

Terraform Ansible Docker Kubernetes GitHub Actions Jenkins Snyk SonarQube SAST / DAST Dependency Scanning Vagrant Git

// networking

Firewall Config OSPF / BGP VPN / VLAN / WLAN DHCP / DNS Cisco Fortinet Mikrotik Ubiquiti Checkpoint Sophos

// frameworks & standards

MITRE ATT&CK NIST 800-53 NIST CSF ISO 27001 PCI-DSS CIS Benchmarks STRIDE

// programming & scripting

Python PowerShell Bash PCRE / PCRE2 YAML JSON

// platforms & os

Linux Windows macOS AWS Azure GCP VMware ESXi HyperV OpenStack
[ CREDENTIALS ]

Certifications.

Validated expertise across security operations, cloud architecture, and network security.

CISSP
Certified Information Systems Security Professional
(ISC)²
In progress
AWS
SAA
AWS Certified Solutions Architect — Associate
Amazon Web Services
Dec 2024
CNSP
Certified Network Security Practitioner
SecOps Group
Nov 2024
NSE
1–3
Network Security Associate NSE 1, 2 & 3
Fortinet
Mar 2022
AZ
900
Azure Fundamentals AZ-900 & Security Fundamentals SC-900
Microsoft
Jul 2021
SEC+
CompTIA Security+
CompTIA
May 2021
[ RESUME ]

Samson Idowu

Senior Cybersecurity Engineer · 6+ years · Abuja, Nigeria

SIEM architecture, detection engineering, and cloud security on AWS. Open to senior security roles and consulting engagements globally.

Download CV View PDF →
[ GET IN TOUCH ]

Let’s talk
security & cloud.

// based in Abuja, Nigeria — working globally
mailtosamsoni@gmail.com github.com/SamsonIdowu in/samson-idowu