# Sparky Wood > Staff Cyber Security Engineer @ Tanium Location: Salt Lake City Metropolitan Area, United States Profile: https://flows.cv/sparky With over twelve years of experience in the cybersecurity field, I am a passionate and skilled cloud security engineer who strives to protect and empower organizations with innovative and robust solutions. I have a strong background in web application security, software development, and data science, and I hold an OSCP certification. I am currently working as a staff cloud cyber security engineer at Tanium, a leading provider of unified endpoint management and security solutions. At Tanium, I am responsible for building and deploying cloud security tooling and automation across multiple AWS and Azure environments, as well as leading the identity squad that handles IAM-related initiatives. I have contributed to several projects that have improved the security posture, compliance, and scalability of Tanium's cloud infrastructure, such as creating an AWS account creation tool, architecting global roles for PAM, deploying AWS SCPs, and implementing Cloudflare for Teams Zero Trust Network Access. I have also been involved in triaging and remediating bug bounty reports, and collaborating with other security, engineering, and product teams. Some of the skills that I use and enhance daily are Linux, web applications, software development, AWS, Azure, Cloudflare, Terraform, Pulumi, Golang, and Python. ## Work Experience ### Lead/Staff Cloud Security Engineer (IAM) @ Tanium Jan 2022 – Present | Utah, United States - Built golang/pulumi based AWS account creation tooling to handle creation of dozens of accounts each quarter spanning commercial and govcloud environments. This tool expedited account provisioning from days to hours. - Primary contributor and architect of terraform driven cloudformation templates in a delegated administration pattern to deploy global roles for our PAM tool across 4 different AWS Organizations deploying to 250+ accounts - Owner and automator of AWS SCP deployment tooling across 4 AWS Organizations to help meet both standard commercial and FedRamp related guardrails - Identity Squad lead, handling initiatives related to IAM components in AWS and Azure. Supporting teams with deployment, configuration, and consultation regarding identity security best practices in cloud native environments. - Architected and implemented an Azure and AWS AuthN/Z framework for Github Actions automation of CI/CD workloads to migrate deployment of over 20 different repositories. - Built automation infrastructure for provisioning Management Groups, Azure AD Security Groups, Enterprise Applications, and Service Principles. This automation helped to seamlessly integrate AD groups into Application Roles across 4 different internally facing applications. ### Senior Application Security Engineer II @ dutchie Jan 2021 – Jan 2022 | Utah, United States - Lead implementation, testing and planning of leveraging Cloudflare for Teams Zero Trust Network Access patterns across 250 engineers - Founded security branch of Dutchies Cloud Center of Excellence and developed 13 unique case studies for secure patterns in AWS - Transformational change of migrating 13 AWS accounts from standalone AWS Organizations to AWS Control Tower environment - Lead triaging and remediation of 3 critical, 2 high, and over a dozen medium/low bug bounty reports. - Primary point of contact for product and application security vendor procurement ### Security Consultant @ Amazon Web Services (AWS) Jan 2019 – Jan 2021 | Utah - Helping to ensure a nearly 2 Petabyte Data Lake migration for a Global 10 Company was accomplished securely and efficiently - Architected and developed a custom serverless based Redshift Authorization Framework to administer data governance at scale for a 1000+ customer use case - Expertise in navigating custom solutions implemented through Serverless, CDK, and Terrafrom as part of a large enterprise pipeline - Security architecture for a large data lake migration with a large enterprise automotive customer ranging from IAM to IR - Identity and Access Management and Data Protection specialization in multi-account environments - Experience with Attribute based access control ABAC in a large multi-product SaaS environment ### Application Security Engineer @ Signal Sciences Jan 2018 – Jan 2019 | Utah, United States Dogfood the Signal Sciences product to provide actionable security data for our own products Security vulnerability research and subsequent rules development to protect customers from exotic exploits Internal security risk and compliance tooling and reporting Develop quick python scripts to help understand where to focus product development roadmap with regards to the rules platform Use golang to develop in product features related to template rules and virtual patches including CVE's and other indications of exploit outside of normal protections offered by our product Work directly with customers to experiment, iterate and deploy features aligned with the goal of our product and the needs of customers ### Senior Technical Account Manager @ Signal Sciences Jan 2017 – Jan 2018 | Greater Los Angeles Area Worked with new customers to deliver implementation services and ensure maximized usage of the Signal Sciences Web Protection Platform product Developed beginner and intermediate level Signal Sciences training programs including content and interactive lab modules based on OWASP Juice Shop deployed in containers for maximum portability Developed internal python applications to integrate multiple performance metrics including Signal Sciences Product REST API, Mavenlink, Expensify, and Salesforce Performed attack analysis and product tuning to react to attack driven responses to protecting unique and complex web applications both customer and internally facing Developed mentor program for training all new professional services teams and contributed to mentor program for Sales Engineering Worked to develop Advanced Rules in Golang template language to provide coverage for business logic attacks, CVE Virtual Patching and Other unique Web Protection Platform use cases. ### Senior Application Security Consultant @ Rapid7 Jan 2015 – Jan 2017 | Greater Los Angeles Area Primary application security consultant for the Rapid7 Managed Application Security Services team Established frameworks for delivering application security services including business logic testing to a variety of enterprise companies Provide training to internal stakeholders regarding application security best practices and technical expertise Built program to assist enterprise companies with identifying and ranking their highest criticality issues based off deep understanding of the customers environment and development culture ### Application Security Analyst @ NBCUniversal, Inc. Jan 2015 – Jan 2015 | Universal City, California Worked with application teams enterprise-wide to detect, prioritize, and remediate security defects throughout the SDLC process. Assisted Program Teams and security review service partners to submit, review and assist in remediation of applications. Performed internal application security assessments as needed. Typically involved utilizing Burp Suite and other web application testing tools. Assisted with the development and maintenance of an effective system to collect and report meaningful metrics from security issues identified in all review processes. Participated in hands on technical security awareness training for software architects and development groups. Assisted NBCUniversal’s software architecture and Policy groups to develop a set of architectural and development standards for all application security. Established an automated process for scanning of top mobile and web assets increasing coverage of NBCUniversal's portfolio coverage from ad hoc scanning to periodic scanning on a monthly cycle. Contributed to remediation and identification of PCI related issues across the business spectrum. ### Application Security Analyst @ Shift4 Corporation Jan 2014 – Jan 2015 | Las Vegas, Nevada Area Security analyst for a leading independent PCI security company. Work with developers to refine security checkpoints in the SDLC that are based on the PCI Data Security Standard and other industry-accepted doctrine such as NIST SP 800-115 and/or ISO security standards. Developed secure coding standards that are based on industry-accepted best practices, such as OWASP Guide, SANS CWE Top 25, or CERT Secure Coding, to address common coding vulnerabilities. Used automated tools to perform source code security analyses to identify vulnerabilities and attack vectors in Web applications. Worked with information security analysts to refine Web application penetration testing methods and breadth of security services. Obtained and reviewed all required artifacts as part of Go/No-Go analyses at security checkpoint phases in the development cycle. Assisted with periodic security risk assessments, IT security audits, and management reporting. Reviewed and coordinated changes to information security policies, procedures, standards, and audit work programs in a continuous improvement model. ### Static Code Vulnerability Analyst @ WhiteHat Security Jan 2014 – Jan 2014 | Houston Area, Texas Whitehat Security focuses on scanning and identifying vulnerabilities of enterprise level web applications. Primary job role is Identifying vulnerabilities in static source code for specific weaknesses in code including; SQL injection, Cross-site scripting, Content Spoofing and various other common vulnerabilities in applications. Analysis of languages including C#, Java, and PHP. ## Education ### Bachelor of Science (B.S.) in Computer Science Park University Jan 2012 – Jan 2015 ### Data Science in Boot Camp General Assembly Jan 2017 – Jan 2017 ## Contact & Social - LinkedIn: https://linkedin.com/in/sprkyco --- Source: https://flows.cv/sparky JSON Resume: https://flows.cv/sparky/resume.json Last updated: 2026-03-22