Summary
Overview
Work History
Education
Skills
Certification
Core Competencies - Technical Skills
Timeline
Generic

Mahesh Karnakoti

Cornwall,ON

Summary

Senior Cloud Security Developer and technical leader with deep experience securing AWS, Azure, and GCP environments across banking, payments, and high-trust financial platforms. I design and review cloud security architectures, embed automation-first guardrails, and drive risk-based improvements aligned with fintech security, compliance, and resilience standards. I operate independently across the full development lifecycle—reducing fraud and operational risk through stronger detection, secure-by-default patterns, and high-integrity cloud controls. I work closely with infrastructure, AppSec, and vulnerability teams, mentoring with empathy while translating complex cloud and financial security requirements into simple, developer-friendly solutions that scale with fast-moving fintech products.

Overview

7
7
years of professional experience
1
1
Certification

Work History

Cloud Security Architect

Morgan Stanley
Montreal, Quebec
01.2024 - 12.2025
  • Engineered enterprise-grade AWS security architectures, including Landing Zones, multi-account governance, identity boundaries, SCP frameworks, KMS/HSM encryption baselines, and VPC/hybrid-network segmentation, supporting global clients and customer-facing platforms.
  • Led secure cloud modernization using Terraform, GitLab CI/CD, OPA/Gatekeeper, Lambda-based guardrails, AWS Config rules, detective controls, CloudTrail pipelines, and automated remediation integrated across VM, SecOps, and SRE teams.
  • Designed and deployed real-time threat detection pipelines with GuardDuty, Security Hub, EventBridge, Lambda, and CloudWatch, reducing response times for high-severity incidents across customer-facing workloads.
  • Implemented policy-as-code and secure CI/CD patterns, integrating IaC scanning, container security, SAST/SCA, EKS hardening, IAM least privilege, and network zoning, achieving a 30%+ reduction in cloud misconfigurations.
  • Served as a technical SME for cloud security, data protection, IAM, encryption, and AI/LLM security, advising C-level executives, leadership, and influencing architecture decisions across engineering, product, and customer-facing services.

Application Security Engineer

Verifone
Toronto, ON
12.2021 - 11.2023
  • Secured enterprise and customer-facing applications across AWS, Azure, and VMware, integrating security across SDLC pipelines, and CI/CD workflows.
  • Conducted threat modeling and implemented SAST, DAST, and SCA automation, reducing recurring high-risk vulnerabilities by 20% and improving developer security readiness.
  • Managed Palo Alto/Checkpoint firewalls, IDS/IPS, API gateways, DLP, and encryption platforms, strengthening network and data protection controls.
  • Enhanced cloud visibility through CSPM/CNAPP, WAF/edge security tuning, and API security testing, improving compliance with NIST, SOC2, PCI DSS, and ISO standards.
  • Collaborated cross-functionally with product, platform, and engineering teams to deliver secure architectures, communicate risks, and mentor junior analysts.

Cyber Security Engineer / Analyst

IBM
Toronto, Ontario
09.2020 - 11.2021
  • Delivered cloud security operations, threat detection, and application security controls for enterprise clients across financial and public sectors.
  • Tuned SIEM detection logic (QRadar, M365 Defender) and endpoint security platforms, reducing false positives by 25% and improving triage efficiency.
  • Strengthened Shadow IT visibility by 40% via advanced Netskope CASB tuning and cloud-activity governance.
  • Supported vulnerability management, compliance reporting, and regulatory alignment (NIST CSF, CIS, SOC2).
  • Acted as SME for cloud, identity, and API security during escalations and customer-impacting incidents.

Security Analyst / Cloud Security Engineer

HCL Technologies
Hyderabad, Telangana
01.2019 - 08.2020
  • Built secure AWS environments using IAM, KMS, CloudTrail, WAF, Shield, VPC segmentation, and hybrid connectivity (Direct Connect, VPN, SDN).
  • Performed application security assessments using Burp Suite, WebInspect, ZAP, and API fuzzing for customer-facing workloads.
  • Strengthened firewall rule bases and optimized traffic across Palo Alto/Checkpoint, improving network security posture.
  • Supported cloud migrations and secure-by-design architectures for enterprise clients across telecom and financial industries.
  • Developed automation scripts (Python/PowerShell) to improve compliance monitoring, detection logic, and infrastructure hardening.

Education

Bachelor of Technology - Computer Science

Gandhi Institute of Technology
Hyderabad, India

Skills

  • Cloud Security Compliance
  • Cross-Functional Collaboration
  • Problem-Solving and Root-Cause Analysis
  • Incident Response Planning
  • Cloud Architecture Security
  • Threat Detection & Response
  • Policy-as-Code Implementation
  • CI/CD Pipeline Security
  • Risk Assessment & Risk Management
  • Vulnerability Management
  • Technical Leadership
  • Data Encryption & Key Management
  • Intrusion Detection / IDS
  • Endpoint Security & EDR/XDR
  • System Hardening
  • Disaster Recovery & Business Continuity
  • Penetration Testing Methodologies
  • Security Policy Development

Certification

  • AWS Certified Security - Specialty
  • Microsoft Certified: Cybersecurity Architect Expert (SC-100)
  • Azure Security Engineer Associate (AZ-500)
  • Azure Fundamentals (AZ-900)

Core Competencies - Technical Skills

Cloud Platforms & Security:
AWS (primary), Azure, GCP • IAM • KMS/HSM • VPC & Network Security • Secrets Management • Zero Trust • CSPM/CNAPP

Infrastructure, Automation & Developer Workflows:
Terraform • Helm • GitOps (ArgoCD/Flux) • Ansible • GitLab CI/CD • Jenkins • Docker • EKS/AKS • OPA/Gatekeeper • Policy-as-Code

Detection, Monitoring & Threat Engineering:
CloudTrail • GuardDuty • Security Hub • EventBridge • Lambda-based detections • IDS/IPS • EDR/XDR • Netskope • QRadar • M365 Defender

Application & Platform Security:
SAST/DAST • SCA • Container Security • API Security • Identity & Access Governance • CI/CD Security Patterns

AI/LLM Security:
Adversarial ML • LLM Red Teaming • Prompt Injection Defense • Data Leakage Prevention • Jailbreak Mitigation

Compliance, Risk & Fintech Requirements:
NIST CSF • SOC 2 • PCI DSS • ISO 27001 • Risk Assessment & Threat Modeling • Secure SDLC • Cloud Security Reviews

Timeline

Cloud Security Architect

Morgan Stanley
01.2024 - 12.2025

Application Security Engineer

Verifone
12.2021 - 11.2023

Cyber Security Engineer / Analyst

IBM
09.2020 - 11.2021

Security Analyst / Cloud Security Engineer

HCL Technologies
01.2019 - 08.2020

Bachelor of Technology - Computer Science

Gandhi Institute of Technology
Mahesh Karnakoti