PROFESSIONAL SUMMARY
Senior Cloud, Infrastructure, and Security Engineer with over 10 years of enterprise IT consulting experience designing, deploying, and securing hybrid Microsoft environments. Specialized expertise in Microsoft security technologies including Sentinel, Defender XDR, Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, Purview, and modern SIEM/SOAR automation. Proven leadership in large-scale AD DS/Entra ID hardening projects, Zero Trust adoption, endpoint modernization, and cloud transformation initiatives. Highly skilled in translating complex technical needs into scalable solutions that improve security posture and operational efficiency.
TECHNICAL SKILLS
Security & Compliance:
- Microsoft Sentinel, KQL, Defender XDR, Defender for Endpoint, Defender for Identity, Defender for Office 365, Defender for Cloud
- Apps (MCAS), Purview (DLP, sensitivity labeling, data governance), Conditional Access, Identity Protection, Zero Trust
- Architecture, SIEM/SOAR, Logic Apps automation
Cloud Infrastructure & Identity:
- Azure AD / Entra ID, AD DS (on prem), AAD Connect, PIM, Azure VMs, Storage, Networking, Monitor, Backup/DR (on prem and cloud)
Endpoint & Device Management:
- Intune, Autopilot (+ APv2/prov. packages), ConfigMgr (SCCM), Co-Management, Endpoint Compliance, Application Packaging, GPO/Group Policy
Automation & Tools:
- PowerShell, MS Graph API, Scripting Automation, Tenable.io, VMWare, Hyper-V, Azure Migrate
PROFESSIONAL EXPERIENCE
Well Established MSP (2015-2025)
Cloud Solutions Engineer / Senior Consultant
- Engaged primarily in Enterprise space to provide tailored and scalable IT infrastructure solutions. I progressed quickly early in my career and became heavily involved with our larger clients and most strategic engagements. Recently, I’ve filled the role of Senior
- Endpoint Engineer for a rapidly growing client. This involved designing and configuring device compliance and configuration policies, custom deployments for both legacy and modern applications, MS Graph API, custom detection/remediation scripts etc.
- Previously, I was engaged as a Senior/Primary Engineer on an enterprise-scale AD DS Tiered Administration and PAM implementation project for one of the largest alternative energy companies in North America.
Security Engineering & Architecture
- Led enterprise AD DS & Entra ID hardening initiative implementing Tier Model separation, privileged access workflows, enhanced password/security policies, and baseline alignment across all domain controllers.
- Designed and deployed Microsoft Sentinel including analytics rules, hunting queries, SOAR automation playbooks, custom workbooks, and incident response workflows.
- Delivered Defender XDR integration across Endpoint, Identity, Cloud Apps, and Office 365, enabling unified threat detection and vulnerability management.
- Implemented Purview solutions for DLP, sensitivity labels, insider risk management, and governance policies.
- Managed and remediated vulnerabilities using the Tenable Security Center platform. Utilized asset grouping, scan policies, reporting, and remediation pipelines to accomplish project initiatives.
Cloud Engineering & Infrastructure
- Provisioned and managed Azure resources (Virtual Machines, Storage Accounts, Virtual Networks) using the Azure portal and command-line tools like Azure CLI and PowerShell
- Developed and maintained Infrastructure as Code (IaC) using Azure Bicep, and Azure Resource Manager (ARM) templates to automate resource deployment and eliminate configuration drift
- Designed and implemented an enterprise PAM solution (Devolutions) for a key client / PSM’s largest project in history. This involved designing the Devolutions Solution end-to-end, creating the required Azure infrastructure to support the Devolutions environment, deploying the solution, and testing/presenting a PoC (SQL Server 2022, Database creation/configuration/permissions/backups, Mgmt., Web and other Devolutions infra. Servers, Security Groups and restricted access to only Tier0 personnel, gMSAs to run required services, etc.)
- Deployment, administration and support tasks for both Windows and Linux servers in the Azure environment, including patching and special configurations for third-party/custom solutions
Endpoint Management Leadership
- Primary Engineer for a multi-domain 3,000+ endpoint SCCM deployment project. Responsible for both managing and configuring the legacy SCCM environment, as well as implementing co-management with Microsoft Intune
- Responsible for the design and implementation of Intune/Entra ID Device Compliance and Configuration policies
- Strategically implemented Microsoft Security Baseline configurations company-wide with no negative impact on operations
- Highly skilled in PowerShell scripted solutions, creating custom application deployment packages, custom detection / remediation scripts and workflows, and enjoy using logic and automation wherever possible
- Developed multiple legacy OSD task sequences (legacy/SCCM), Autopilot v1 and v2 deployments, custom application deployment packages, detection/remediation scripts, and operational procedures, reducing deployment times and improving consistency across sites
Small MSP (2014-2015)
Systems Administrator / Technical Engineer
- Supported Microsoft-based server and network environments for 40+ SMB clients, including deployments, migrations, troubleshooting, patching, monitoring, and customer support.
- Managed Exchange/Office 365 migrations, backup solutions, virtualization projects, and documentation delivery.
EDUCATION
- B.S. in Recreation, Park and Tourism Administration
- Emphasis: Leadership and Outdoor Education / Occupational Therapy
CERTIFICATIONS
- Microsoft Certified: Security Operations Analyst Associate Microsoft Certified: Azure Fundamentals MCSA Office 365 CompTIA A+
