Matthew Munk

Senior Security Engineer · Cloud Security · Security Architecture

Download PDF ↓

Longwood, FL · [email protected] · LinkedIn


Summary

Senior Security Engineer with 10+ years securing hyperscale cloud, enterprise, and hybrid environments. Currently lead threat modeling and security architecture reviews for Oracle Cloud Infrastructure (OCI) services — hardening IAM, encryption, and zero-trust controls so engineering teams ship fast without compromising security. Pairs deep hands-on engineering (Terraform, Python, multi-cloud) with prior experience building and leading security teams. CISSP · CISM · M.S. Cybersecurity.

Core Skills

Cloud & Infrastructure
OCI, AWS, Azure, Kubernetes, Docker, Linux, Terraform, Git, CI/CD (GitHub, GitLab)
Security Architecture
Threat Modeling (STRIDE), IAM & Zero Trust, PKI / mTLS, KMS & Encryption, Secure SDLC
Network & Data Security
NGFW (Palo Alto, Fortinet, Check Point, Cisco), SASE, CASB, DLP, VMware NSX, Netskope
Automation & Detection
Python, Bash, PowerShell, Terraform (HCL), Splunk, Wireshark, Regex
Frameworks & Compliance
NIST 800-53, PCI-DSS, Zero Trust Architecture

Experience

  1. Oracle · Remote

    Jul 2024 – Present

    Senior Security Engineer, Security Architecture

    • Lead threat models and security architecture reviews for OCI service teams, partnering with engineering across the SDLC to eliminate design-level risk before code reaches production.
    • Enforce least-privilege, zero-trust service-to-service communication across OCI — reviewing IAM policy and network ACL changes and hardening authentication with mTLS/PKI across services including Object Storage and KMS.
    • Built a library of security-approved Terraform modules for common OCI resources, giving service teams pre-hardened building blocks that cut security review cycles and accelerated time-to-release.
    • Served as a technical lead for OCI's ZPR migration initiative, guiding fourteen engineering teams through the shift from Security Lists/NSGs to Zero Trust Packet Routing; authored migration playbooks, ran enablement sessions, and unblocked edge cases to meet the LA rollout of the service.
  2. Cognizant · Remote

    Aug 2022 – Jul 2024

    Associate Director, Security Architecture

    • Network security SME on the enterprise Security Architecture Review Board, reviewing and approving new customer deployments across Healthcare and Corporate business lines for confidentiality, integrity, and availability.
    • Led enterprise migration from legacy firewalls to next-generation platforms across 20 sites — full policy conversion and network redesign that delivered significant annualized cost savings and improved posture against modern threats.
    • Network security lead for VDI migration from on-prem to public cloud: rebuilt security policy, migrated VPN tunnels, and validated routing and availability with zero unplanned downtime at cutover.
  3. TransUnion · Remote

    Dec 2021 – Aug 2022

    Information Security Manager

    • Led a team of 5 network security engineers operating global proxy and SASE platforms protecting 15,000+ endpoints across multiple continents.
    • Automated URL risk review with a Python pipeline that scored and routed exception requests — improving accuracy and cutting user resolution time by ~50%.
    • Deployed new SASE capabilities including Remote Browser Isolation and CASB controls for Amazon S3, closing data-exfiltration paths identified by the security team.
  4. SAIC · Orlando, FL

    Aug 2019 – Dec 2021

    Security Engineering Manager

    • Managed a team of 3 network security engineers responsible for 100+ next-generation firewalls spanning on-prem and Azure environments.
    • Led enterprise NGFW vendor consolidation, delivering significant annual savings and a simpler, more defensible architecture.
    • Authored NGFW deployment standards and Azure reference architectures, enabling rapid, repeatable stand-up of highly available firewalls for new customer environments.

    Principal Firewall Engineer

    • Designed, implemented, and maintained the corporate firewall estate across Palo Alto, Fortinet, Check Point, Cisco, and VMware NSX-V.
    • Authored CONOPs, SSPs, and management plans for network security appliances aligned to NIST 800-53 controls.
  5. Hilton Grand Vacations · Orlando, FL

    Apr 2018 – Aug 2019

    Network Engineer

    • Administered a global WAN spanning 35+ sites and multiple countries (DMVPN, VPLS, MPLS); network lead for a PCI firewall audit, NICE call-recorder upgrade, and FireMon rollout.
    • Wrote PowerShell automation to provision Azure VNets, NSGs, and load balancers — cutting manual deployment time and reducing misconfiguration risk.
  6. Earlier Roles · Orlando area, FL

    2016 – 2018
    • Security Analyst, ADP (2017 – 2018) — Splunk detection engineering and enterprise IAM provisioning for client HR systems.
    • NOC Technician II, StackPath (2016 – 2017) — CDN and network-layer troubleshooting at scale (BGP, DNS, TLS, packet analysis).

Education

  • M.S. in Cybersecurity — Cyber Intelligence

    May 2022

    University of South Florida — Tampa, FL

  • B.S. in Information Systems & Technology — Security

    May 2018

    Seminole State College — Lake Mary, FL

Certifications

  • CISSP — Certified Information Systems Security Professional (ISC²)
  • CISM — Certified Information Security Manager (ISACA)
  • AWS Certified Solutions Architect – Professional
  • Terraform Associate (HashiCorp)
  • Linux+ (CompTIA)