Ismail Arici

Security Engineer

Toronto, Canada
View Resume
01

Skills

โ˜

Cloud & Infrastructure Security

  • Designed and secured AWS environments using Terraform and CloudFormation, with focus on least privilege and environment isolation.
  • Deployed containerized applications to AWS (ECS) using OIDC-based authentication, avoiding long-lived credentials.
  • Applied infrastructure security scanning using Checkov to validate IaC configurations.
๐Ÿ›ก

Application Security

  • Integrated SAST, secrets scanning, and dependency checks into development workflows using Semgrep, Bandit, Gitleaks, and pip-audit.
  • Generated and analyzed SBOMs using Syft to improve visibility into software dependencies.
  • Performed DAST testing using OWASP ZAP and validated findings through manual analysis.
  • Identified and validated application-layer vulnerabilities (API exposure, access control flaws, data leakage).
๐Ÿ“ฆ

Container & Supply Chain Security

  • Built and scanned container images using Trivy and Docker Scout.
  • Implemented end-to-end container security workflows from build-time scanning to runtime considerations.
  • Strengthened supply chain security through dependency auditing and SBOM generation.
๐Ÿ”

Security Operations & Compliance

  • Supported and validated controls for SOC 2 Type II, ISO 27001, and HIPAA-aligned environments.
  • Performed vulnerability management and risk prioritization using Nessus.
  • Led incident triage and investigation, leveraging endpoint detection tools such as CrowdStrike Falcon.
  • Conducted vendor and architecture security reviews, including AI/LLM-related risk and data handling considerations.
</>

Automation & Tooling

  • Built automation for security scanning pipelines, SARIF-based reporting, and CI/CD integration.
Python Terraform JSON YAML SQL
02

Experience

Security Analyst

Case IQ // Canada // 06/2023 โ€” Present
  • Led application security efforts across engineering and compliance, ensuring controls are implemented in practice for SOC 2 Type II and ISO 27001.
  • Drove successful SOC 2 Type II and ISO 27001:2022 audits, owning technical evidence, validating controls, and working directly with auditors.
  • Led security hardening of acquired products, identifying gaps and driving remediation across authentication, access control, logging, and data handling.
  • Built and operationalized a vulnerability management program, integrating SAST, DAST, and container scanning into development workflows.
  • Integrated tools including Nessus, Docker Scout, GitHub Advanced Security, and StackHawk to improve coverage and reduce false positives through validation.
  • Identified and validated application-layer vulnerabilities (API exposure, data leakage, access control flaws) using automated and manual testing approaches.
  • Led incident triage and investigations, leveraging telemetry from cloud, application, and endpoint tools such as CrowdStrike Falcon.
  • Conducted vendor and architecture security reviews, including AI/LLM use cases, focusing on data handling, subprocessor risk, and secure design decisions.
  • Strengthened IAM controls (RBAC, MFA, least privilege) across cloud environments and internal systems.
  • Improved logging and audit visibility, enabling stronger detection capabilities and audit traceability.
  • Awarded "Case IQ Star" (Employee of the Quarter, July 2025).

Cloud Engineer

RGS Software // Turkey // 06/2019 โ€” 12/2022
  • Led infrastructure maintenance and development for e-commerce platforms on AWS.
  • Automated provisioning with Terraform and CloudFormation, improving infrastructure reliability.
  • Reduced AWS operational costs by 20% in one year through targeted optimization.

IT Supervisor & Instructor

Medipol University // Turkey // 09/2016 โ€” 06/2018
  • Designed and maintained a shared file system infrastructure serving 100+ instructors.
  • Archived access logs for university compliance and mentored engineering students.
03

Education

Ph.D. โ€” Leadership, Higher & Adult Education

University of Toronto ยท Canada

Dissertation: The privacy paradox: Managing compliance requirements while adopting new technologies in Higher Education.

Cybersecurity Training Program

Fields Institute of Mathematics ยท Canada ยท 2023

Intensive program in cloud security, risk management, and vulnerability management.

M.A. โ€” English

Canakkale University ยท Turkey ยท 2019

B.A. โ€” English

Istanbul University ยท Turkey ยท 2013
04

Projects

๐Ÿ›ก

SecurePipe

Open source DevSecOps CLI that runs a full security pipeline against any codebase with a single command. Orchestrates Semgrep (SAST), pip-audit / npm audit / OWASP Dependency-Check (SCA), Trivy (container scanning), Syft (SBOM), and OWASP ZAP (DAST) via Docker โ€” no cloud credentials required. Generates a self-contained HTML report with cross-tool CVE deduplication, dependency chain tracing, fix guidance, and SOC 2 / ISO 27001 compliance mapping. Supports org-wide scanning across multiple repos.

DevSecOps SAST SCA DAST Docker Python Open Source
โ˜๏ธ

SecureInfra

Cloud Security Posture Management (CSPM) layer that runs Prowler against AWS environments, normalizes findings into a shared event schema, and feeds results into SecureOps for centralized triage and alerting. Supports SOC 2 / CIS benchmark compliance checks with no persistent services โ€” runs as a one-shot pipeline via Docker or native Prowler.

CSPM AWS Prowler Python Docker SOC 2
๐Ÿ”ญ

SecureOps

SIEM/XDR orchestration and audit layer that ingests normalized findings from SecurePipe (application security) and SecureInfra (cloud posture), routes events to Wazuh and DefectDojo, and writes tamper-evident audit evidence. Config-driven and cloud-agnostic โ€” no vendor lock-in, no heavy pipelines.

SIEM XDR Wazuh DefectDojo Python Docker
๐Ÿ—

AWS 3-Tier Architecture

Designed and deployed a highly available, secure 3-tier application environment in AWS using Terraform and Zero-Trust principles.

AWS Terraform Zero-Trust
๐Ÿ”ท

Azure Cloud Resume

Completed the Cloud Resume Challenge. Built with Azure Blob Storage, Azure Functions, Cosmos DB, and automated CI/CD via GitHub Actions.

Azure Python GitHub Actions
โ˜

Multi-Client Cloud Infrastructure

Collaborated on design and maintenance of AWS infrastructure for multiple clients, applying IaC for automation and cost optimization.

AWS IaC CloudFormation
05

Certifications

Azure Security Engineer

Azure Security Engineer

AWS Security Specialty

AWS Certified Security Specialty

AWS Solutions Architect

AWS Certified Solutions Architect Associate

Terraform Associate

Terraform Associate