Matthew Munk
Senior Security Engineer · Cloud Security · Security Architecture
Longwood, FL · [email protected] · LinkedIn
Summary
Senior Security Engineer with 10+ years securing hyperscale cloud, enterprise, and hybrid environments. Currently lead threat modeling and security architecture reviews for Oracle Cloud Infrastructure (OCI) services — hardening IAM, encryption, and zero-trust controls so engineering teams ship fast without compromising security. Pairs deep hands-on engineering (Terraform, Python, multi-cloud) with prior experience building and leading security teams. CISSP · CISM · M.S. Cybersecurity.
Core Skills
- Cloud & Infrastructure
- OCI, AWS, Azure, Kubernetes, Docker, Linux, Terraform, Git, CI/CD (GitHub, GitLab)
- Security Architecture
- Threat Modeling (STRIDE), IAM & Zero Trust, PKI / mTLS, KMS & Encryption, Secure SDLC
- Network & Data Security
- NGFW (Palo Alto, Fortinet, Check Point, Cisco), SASE, CASB, DLP, VMware NSX, Netskope
- Automation & Detection
- Python, Bash, PowerShell, Terraform (HCL), Splunk, Wireshark, Regex
- Frameworks & Compliance
- NIST 800-53, PCI-DSS, Zero Trust Architecture
Experience
-
Oracle · Remote
Jul 2024 – PresentSenior Security Engineer, Security Architecture
- Lead threat models and security architecture reviews for OCI service teams, partnering with engineering across the SDLC to eliminate design-level risk before code reaches production.
- Enforce least-privilege, zero-trust service-to-service communication across OCI — reviewing IAM policy and network ACL changes and hardening authentication with mTLS/PKI across services including Object Storage and KMS.
- Built a library of security-approved Terraform modules for common OCI resources, giving service teams pre-hardened building blocks that cut security review cycles and accelerated time-to-release.
- Served as a technical lead for OCI's ZPR migration initiative, guiding fourteen engineering teams through the shift from Security Lists/NSGs to Zero Trust Packet Routing; authored migration playbooks, ran enablement sessions, and unblocked edge cases to meet the LA rollout of the service.
-
Cognizant · Remote
Aug 2022 – Jul 2024Associate Director, Security Architecture
- Network security SME on the enterprise Security Architecture Review Board, reviewing and approving new customer deployments across Healthcare and Corporate business lines for confidentiality, integrity, and availability.
- Led enterprise migration from legacy firewalls to next-generation platforms across 20 sites — full policy conversion and network redesign that delivered significant annualized cost savings and improved posture against modern threats.
- Network security lead for VDI migration from on-prem to public cloud: rebuilt security policy, migrated VPN tunnels, and validated routing and availability with zero unplanned downtime at cutover.
-
TransUnion · Remote
Dec 2021 – Aug 2022Information Security Manager
- Led a team of 5 network security engineers operating global proxy and SASE platforms protecting 15,000+ endpoints across multiple continents.
- Automated URL risk review with a Python pipeline that scored and routed exception requests — improving accuracy and cutting user resolution time by ~50%.
- Deployed new SASE capabilities including Remote Browser Isolation and CASB controls for Amazon S3, closing data-exfiltration paths identified by the security team.
-
SAIC · Orlando, FL
Aug 2019 – Dec 2021Security Engineering Manager
- Managed a team of 3 network security engineers responsible for 100+ next-generation firewalls spanning on-prem and Azure environments.
- Led enterprise NGFW vendor consolidation, delivering significant annual savings and a simpler, more defensible architecture.
- Authored NGFW deployment standards and Azure reference architectures, enabling rapid, repeatable stand-up of highly available firewalls for new customer environments.
Principal Firewall Engineer
- Designed, implemented, and maintained the corporate firewall estate across Palo Alto, Fortinet, Check Point, Cisco, and VMware NSX-V.
- Authored CONOPs, SSPs, and management plans for network security appliances aligned to NIST 800-53 controls.
-
Hilton Grand Vacations · Orlando, FL
Apr 2018 – Aug 2019Network Engineer
- Administered a global WAN spanning 35+ sites and multiple countries (DMVPN, VPLS, MPLS); network lead for a PCI firewall audit, NICE call-recorder upgrade, and FireMon rollout.
- Wrote PowerShell automation to provision Azure VNets, NSGs, and load balancers — cutting manual deployment time and reducing misconfiguration risk.
-
Earlier Roles · Orlando area, FL
2016 – 2018- Security Analyst, ADP (2017 – 2018) — Splunk detection engineering and enterprise IAM provisioning for client HR systems.
- NOC Technician II, StackPath (2016 – 2017) — CDN and network-layer troubleshooting at scale (BGP, DNS, TLS, packet analysis).
Education
-
M.S. in Cybersecurity — Cyber Intelligence
May 2022University of South Florida — Tampa, FL
-
B.S. in Information Systems & Technology — Security
May 2018Seminole State College — Lake Mary, FL
Certifications
- CISSP — Certified Information Systems Security Professional (ISC²)
- CISM — Certified Information Security Manager (ISACA)
- AWS Certified Solutions Architect – Professional
- Terraform Associate (HashiCorp)
- Linux+ (CompTIA)