DEV_JOSHI://SECURITY_TERMINAL
Open to Work

Hi, I'm Dev Joshi, Cloud Security Freelancer & GRC Consultant specializing in SOC 2 readiness, NIST, ISO 27001, and CIS compliance

GRC & Cloud Security Engineer

I got tired of security being an afterthought. Whether you need SOC 2 readiness or automated cloud compliance, my goal as your Cloud Security Engineer is simple: make security something you automate, not something you dread. Here's a look at the automation engines I've built to get there.

Remote / Available Globally
Let's TalkSee my work
// ———————— ABOUT ————————

About Me

Honestly, most of my projects started as me jumping in where companies get stuck. As a GRC & cloud security engineer, I kept wondering — like, why does SOC 2 readiness still take months when half of audit prep is just checking boxes that a script could check?

That curiosity turned into a habit of building. The GRC engine, the incident response platform, the DevSecOps pipeline — they weren't separate ideas, they just kept connecting to each other. Now they're basically one system.

I care most about the gap between ‘we have a security policy’ and ‘our security policy is actually enforced.’ That gap is usually where I start.

GRC & Compliance

GRC & Compliance

NIST CSF, SOC 2 readiness, ISO 27001, HIPAA — acting as your GRC consultant to turn complex frameworks into enforceable policy-as-code.

Cloud Security

Cloud Security

GCP & multi-cloud security architecture, IAM hardening, network segmentation, and infrastructure-level threat mitigation.

Security Engineering

Security Engineering

Python-driven automation, custom detection rules, SIEM integration, and building tools that scale security operations.

DevSecOps

DevSecOps

Terraform, Docker, CI/CD pipeline security, IaC scanning, and embedding security into every stage of the development lifecycle.

// ———————— PROJECTS ————————

Proof of Work

I don't just build side projects—I build scalable solutions to real business bottlenecks. Here is how I approach solving complex security, compliance, and cloud architecture problems for the people.

01

Multi-Cloud GRC Compliance & Remediation Engine

Audit prep usually means an engineering team burning weeks manually going through spreadsheets. I wanted to see how much of that pain could be killed with automation. Turns out: most of it.

GitHub

This engine scans 94 CIS controls, figures out what's broken in your cloud, generates the Terraform to fix it, and validates the fix before it touches production. It turns a week-long compliance nightmare into an afternoon task.

View Proof of Work GRC-App
Screenshot of Multi-Cloud GRC Compliance & Remediation Engine - GRC Compliance Engine. Featuring Python, Terraform, Prowler, Steampipe, ChromaDB, OpenAI, OPA/Rego, Streamlit, AWS, Azure
Key Metrics
CIS Coverage: 94%
Audit Time: 2 weeks → 4 hours (tested against 200-resource AWS & Azure org, simulated SOC 2 audit scope)
Frameworks: CIS + NIST + FAIR
Stack
PythonTerraformProwlerSteampipeChromaDBOpenAIOPA/RegoStreamlitAWSAzure
02

ResilienceOps — Cloud Native Incident Response Engine

The biggest problem with incident response is the lag. By the time a human notices a GuardDuty alert, the blast radius has already grown. I built this to stop waiting for humans to react.

GitHub

When an alert fires, the system instantly maps the attack path using Neo4j, automatically isolates the compromised resource, and pushes a Terraform fix—usually in under two minutes. No more frantic slack calls.

View Proof of Work ResilienceOpsApp
Screenshot of ResilienceOps — Cloud Native Incident Response Engine - ResilienceOps. Featuring Python, AWS GuardDuty, CloudTrail, Neo4j, Isolation Forest, OpenAI, OPA/Rego, Terraform, JIRA, Prometheus, Grafana
Key Metrics
Response Time: <2 mins (tested on 8 incident types across 100+ AWS org resources)
Threat Sources Integrated: 3 (GuardDuty, CloudTrail, Neo4j)
Incident Types Detected: 8 (lateral movement, privilege escalation...)
Stack
PythonAWS GuardDutyCloudTrailNeo4jIsolation ForestOpenAIOPA/RegoTerraformJIRAPrometheusGrafana
03

DevSecOps Container Remediation with AWS Inspector

Developers shouldn't have to slow down to think about security—the pipeline should just handle it. I built this so teams can ship fast without shipping vulnerabilities.

GitHub

It runs OWASP ZAP, SonarQube, and Trivy on every commit. If it finds a vulnerability, Claude on Bedrock automatically writes the fix and opens a PR. The developer just reviews and merges.

View Proof of Work DevSecOps Workflow
Screenshot of DevSecOps Container Remediation with AWS Inspector - DevSecOps Pipeline. Featuring Python, Flask, Docker, AWS ECR/ECS, AWS Bedrock, Terraform, GitHub Actions, OWASP ZAP, SonarQube, Trivy, Graylog
Key Metrics
Security Layers: 6
Compliance: PCI-DSS
Pipeline Stages: 6 (ZAP → SonarQube → Trivy → ECR → Bedrock → PR)
Stack
PythonFlaskDockerAWS ECR/ECSAWS BedrockTerraformGitHub ActionsOWASP ZAPSonarQubeTrivyGraylog
04

Google Cloud Security Environment

Securing GCP isn't just about checking boxes in the console—it's about understanding how components break under pressure. I spent time deliberately breaking and securing complex architectures to learn exactly how to configure enterprise environments.

GitHub

It covers 20+ architectures including IAM, GKE RBAC, Cloud Armor, and KMS. The main focus was on Cloud IDS and VPC Flow Logs—watching how traffic moves and fails at that level totally reframes how you think about zero-trust and network segmentation.

View Proof of Work
Screenshot of Google Cloud Security Environment - GCP Security Lab. Featuring GCP, IAM, Cloud Armor, Cloud KMS, DLP API, VPC, GKE, Kubernetes RBAC, BigQuery, Terraform
Key Metrics
Security Domains: 5
Labs Completed: 20+
Cloud Services: 25+
Stack
GCPIAMCloud ArmorCloud KMSDLP APIVPCGKEKubernetes RBACBigQueryTerraform
// ———————— CERTIFICATIONS ————————

Certifications & Achievements

01

AZ-500

Microsoft·June 2025·Expires June 2026

Microsoft Certified: Azure Security Engineer Associate

Proving proficiency dealing with Secure Access Management, Identity Protection and Governance, Platform Protection, Securing of Applications, and managing Security Operations in Azure environments.

ID: 7566C5B29A7322CCVerify
AzureCybersecurity ToolsIdentity & Access ManagementPlatform Protection
Certificate verifying Microsoft Certified: Azure Security Engineer Associate issued by Microsoft. Validates skills in Azure, Cybersecurity Tools, Identity & Access Management, Platform Protection
// ———————— SKILLS ————————

Skills & Tools

Cloud Security

AWS (GuardDuty, Inspector, Bedrock, ECR/ECS, S3, IAM, CloudTrail)/GCP (Cloud Armor, KMS, DLP, IAM, VPC, GKE)/Azure (Key Vault, Data Factory, SQL, Storage)/Multi-Cloud Architecture

GRC & Compliance

NIST 800-53 / CSF/PCI-DSS v4.0/CIS Benchmarks (AWS/GCP/Azure)/ISO 27001/SOC 2 Type II/FAIR Risk Model

Security Tools

Prowler/Steampipe/OWASP ZAP/SonarQube/Trivy/Graylog/Splunk/Cloud IDS

DevSecOps & IaC

Terraform/Docker & Kubernetes/GitHub Actions CI/CD/OPA / Rego/AWS Bedrock / Claude/OpenAI GPT-4

Programming & Data

Python/SQL/Bash / Shell/Neo4j / Cypher/ChromaDB / Vector DBs/Streamlit

Monitoring & Observability

Prometheus/Grafana/Cloud Logging / Monitoring/VPC Flow Logs/CloudTrail / Audit Logs/SLO / SLI Engineering
// ———————— EXPERIENCE ————————

Experience & Simulations

SOC Analyst — Incident Detection & Response

Deloitte Cyber Simulation (Forage)July 2025

Deloitte's SOC simulation put me inside a real-feeling incident investigation — messy logs, no obvious answers, and a clock running. The one that stuck with me most was an insider threat case where the access pattern looked completely normal until you noticed it was too consistent. Hourly API calls, no UI sessions, always the same size. That's not a person, that's a script. Narrowed the investigation scope significantly once we flagged it.

  • >Caught an insider threat by noticing the access pattern was too robotic — hourly API calls with zero UI interaction. Ruled out an external actor and focused the investigation.
  • >Traced an unauthorized data exfiltration by cross-referencing timestamps, user agents, and request frequency. The timing told the story.
  • >Cut simulated detection time by ~40% by building a triage method that hits auth logs, access logs, and network logs simultaneously instead of sequentially.
// ———————— CONTACT ————————

Get in Touch

If you're building something that needs to be secure and audit-ready, let's talk. I've built the tooling — I know what it takes to actually get there.

devvjoshi2005@gmail.com
Remote / Available Globally
Download CV