Andrew Davis
Identity Security Staff Engineer | IAM Engineer | Lead IAM Engineer
Skills
Protocols & Products: Microsoft Entra (Azure AD), AWS IAM, SailPoint, Okta, CyberArk, SAML,
SCIM, OAuth, OIDC, Kerberos, LDAP Security & Controls: Privileged Identity Management (PIM),
Single Sign-On (SSO), Multi-Factor Authentication (MFA), Passwordless Authentication, Security Audits,
Compliance Auditing, Password vault, Security+ Industry Frameworks: NIST, CIS, SOC 2, MITRE,
HIPAA, PCI DSS, GDPR,
Cloud, Architecture & Development:
Platforms: AWS, GCP, Azure, Windows Server, Linux Architecture: Micro-services, REST APIs,
scaling, reliability, security controls Languages: Python, PowerShell, Bash Processes: Identity and
Access Governance (IGA), Privileged Access Management (PAM), Identity Threat Detection and
Response (ITDR), Endpoint Privilege Management (EPM), User Provisioning & De-Provisioning
Professional Experience
IAM Consultant
United States 4/2018-Present
Pro Bono Security Consultation is a professional service where I provide voluntary, unpaid IAM expertise to small
businesses and startups to help them improve their security posture and mature their identity systems
Administered Azure Privileged Identity Management (PIM) to enforce Just-in-Time (JIT) access, resulting
in a 30% reduction in potential attack surfaces.
Integrated and managed Azure MFA and SSO solutions, resulting in improved user experience and a
35% reduction in authentication-related incidents.
Developed automation scripts using PowerShell and Azure Sentinel to streamline incident response,
resulting in a 35% reduction in response time.
Developed and automated user provisioning and de-provisioning with Azure AD Connect and PowerShell,
resulting in decreased manual errors and a 40% reduction in onboarding time.
Led the execution of a technical roadmap to innovate and build new IAM solutions, using Microsoft Entra
(Azure AD) and AWS IAM, resulting in a strengthened security posture for small businesses and startups.
Spearheaded the integration of on-premise Active Directory with cloud services, resulting in a seamless
hybrid identity solution for all users.
Engineered and implemented a secure AWS environment utilizing AWS IAM, CloudTrail, and Security
Hub, resulting in a fortified security posture across a multi-account IaaS platform.
Managed the CyberArk Privileged Access Security (PAS) suite, securing critical infrastructure by vaulting
and managing credentials.
Designed and deployed automated identity lifecycle management workflows using SailPoint IdentityIQ,
resulting in significantly improved provisioning efficiency and access governance.
Conducted regular security and compliance audits and demonstrated security controls to auditors to
ensure ongoing compliance.
Collaborated with product managers and stakeholders to resolve IAM-related incidents, leveraging Azure
AD capabilities to result in a 20% reduction in resolution time.
Performed deep analysis of security vulnerabilities and risks, resulting in the design and implementation
of new controls to mitigate threats.
Led cross-functional teams in a fast-paced environment to deliver high-quality, scalable IAM solutions that
meet market demands.
Projects
Remote Project Lead, Security Incident Response Automation with Azure Sentinel
Developed automation scripts using PowerShell and Azure Sentinel to streamline incident response,
improving fast-paced incident analysis and response time by 35%.
Integrated Azure Sentinel with Azure AD to enhance threat detection, enabling proactive security
monitoring.
Led post-implementation reviews to assess the effectiveness of the automation processes and ensure
continuous improvement.
Secure Cloud Environment Engineering
Engineered and implemented a secure AWS environment utilizing AWS IAM, CloudTrail, and Security
Hub to monitor and enforce security policies across a multi-account IaaS platform.
Certifications
CompTia Security+ (SY0-701)- In Progress
Certified Information Systems Security Professional (CISSP) - In Progress
Azure Identity and Access Administrator Associate (SC-300) - In Progress
CyberArk Defender - In Progress
CyberArk Sentry - In Progress
