Submitting more applications increases your chances of landing a job.

Here’s how busy the average job seeker was last month:

Opportunities viewed

Applications submitted

Keep exploring and applying to maximize your chances!

Looking for employers with a proven track record of hiring women?

Click here to explore opportunities now!
We Value Your Feedback

You are invited to participate in a survey designed to help researchers understand how best to match workers to the types of jobs they are searching for

Would You Be Likely to Participate?

If selected, we will contact you via email with further instructions and details about your participation.

You will receive a $7 payout for answering the survey.


User unblocked successfully
Ehsan Nidawi, Technical Cybersecurity Manager

Ehsan Nidawi

Technical Cybersecurity Manager·IQ Group Holding

United States

Bachelor's degree, Computer Science

Work experience

Total years of experience: 8 years, 8 months

Technical Cybersecurity Manager

January 2025 - Present

IQ Group Holding

Dubai, United Arab Emirates Remote

January 2025 - Present

• Engineered Zero Trust identity-first security program from greenfield for the UAEs largest
ISP: unified workforce, customer, and NHI governance across AWS and hybrid on-prem.
Eliminated standing privileged access for 8, 000+ users via JIT/JEA (CyberArk, HashiCorp
Boundary). Deployed full-stack IAM/CIAM/IGA/PAM (Entra ID, Okta, Auth0, SailPoint,
CyberArk, Delinea); reduced provisioning cycle time 40%.
• Designed full-stack IT infrastructure: multi-site DC architecture, LAN/WAN (BGP/OSPF), SD
WAN overlay, edge firewalls (Palo Alto, FortiGate), F5 load balancers, zero-trust
segmentation across 6 regional PoPs. Built and scaled 20-person cybersecurity org (Identity,
SOC, red team, GRC) to full operational capability within 6 months.
• Deployed ML-based UEBA (Splunk, CrowdStrike) across 8, 000+ identities with LLM-assisted
SOC copilot — 55% reduction in analyst investigation time. Built AI log correlation and threat
intel enrichment pipeline (vector embeddings + local LLM) for semantic SIEM search and NL
threat briefings. Purple-team exercises closed 23 critical MITRE ATT&CK gaps.
• Designed SSPM/CIEM controls for cloud entitlement governance. Architected
DevSecOps/GRC pipelines (OPA/Rego, SAST/DAST, secrets scanning) — 35% compliance
overhead reduction, real-time controls monitoring aligned to ISO 27001 and NIST CSF.
Consolidated 14-platform stack to 8 integrated solutions.
Sovereign AI Stack: vLLM, Ollama, TGI, LangGraph, n8n, Qdrant, QLoRA / Unsloth (Arabic fine-tuning),
K3s, Podman, HashiCorp Vault, Prometheus/Grafana

Company industry:
Telecommunications

Sr. Principal Identity Ecosystem Architect

January 2024 - January 2025

U.S. DHS – CISA

Austintown, United States Remote

January 2024 - January 2025

• Pioneered the Zero Trust identity reference architecture for a federal-scale IAM, CIAM, PAM,
IGA, and ITDR ecosystem spanning 12+ civilian and national security agencies. Defined end-to
end ICAM/FICAM-aligned strategy and technical blueprints across AWS GovCloud, Azure
Government, GCP Assured Workloads, OCI Government, and classified on-prem networks.
Directly accelerated FedRAMP High authorization milestones for three platform components
and positioned the program for CDM Phase 4 alignment.
• Designed and implemented a multi-cloud federal IT infrastructure backbone across AWS
GovCloud, Azure Government, and on-prem classified data centers including identity-aware
routing, inter-cloud federation, cross-domain solution (CDS) design, network segmentation
between classification levels, and resilient DNS/PKI infrastructure supporting 99.99% uptime
SLA.
• Directed 20+ engineers and architects delivering 24/7 high-availability, Zero Trust-aligned
identity services. Maintained 99.99% authentication availability across inter-agency
environments with DR patterns validated for classified and unclassified network segments and
inter-agency federation under cross-domain solution (CDS) constraints.
• Architected cross-domain federated identity for 40, 000+ workforce, partner, and inter-agency
users. Implemented phishing-resistant MFA via FIDO2/WebAuthn and PIV/CAC per OMB M-22-
09 and NIST SP 800-63B AAL3, RBAC/ABAC, and ZTNA-enforced SSO across security
classification boundaries. Established Shared Signals Framework (SSF/CAEP) integration
enabling real-time session revocation on risk signals.
• Engineered an AI/ML-driven ITDR pipeline integrating behavioral baselines, contextual risk
scoring, and anomaly detection models fusing identity telemetry from 12 agencies. Reduced
mean-time-to-detect privilege escalation and lateral movement from 72+ hours to under 4
hours and cut SOC false-positive volume by 60%, enabling automated playbook responses for
Tier-1 identity alerts.
• Integrated large language model (LLM) summarization and retrieval-augmented generation
(RAG) into the SOC analyst workflow, enabling natural language querying of identity event
data, automated incident narrative generation, and policy-aware response recommendations
reducing analyst documentation time by 45% per incident.
• Owned FedRAMP High and NIST RMF security architecture for identity platforms. Performed full
NIST 800-53 Rev 5 control mapping, automated continuous monitoring evidence collection,
and embedded provisioning guardrails into deployment workflows. Achieved zero high-severity
findings across two consecutive Authorization to Operate (ATO) review cycles.
• Designed Non-Human Identity (NHI) and machine identity governance framework for federal
environments. Inventoried and classified 10, 000+ service accounts, API keys, certificates, and
workload identities. Implemented SPIFFE/SPIRE-based workload attestation and automated
certificate lifecycle management via cert-manager and HashiCorp Vault PKI, eliminating long
lived static credentials from CI/CD and production workloads.
• Translated EO 14028, OMB M-22-09, and agency FISMA requirements into concrete, auditable
IAM and Zero Trust controls. Produced reusable policy templates and CONOPS documentation
subsequently adopted across 8 partner agencies.

Company industry:
IT Services

Sr. Principal Cybersecurity Architect

January 2022 - January 2023

Ally Bank

Austintown, United States Remote

January 2022 - January 2023

• Architected and owned enterprise IAM and CIAM platform serving 100, 000+ workforce users
and 4M+ financial customers. Delivered 99.99% authentication availability across 3 AWS
regions with zero critical audit findings across PCI-DSS, SOX, and GLBA review cycles.
Eliminated a pre-existing backlog of high-severity compliance exceptions and established the
identity programs first continuous controls monitoring baseline.
• Designed full AWS infrastructure engineering stack supporting the identity platform: multi-AZ
VPC architecture, Transit Gateway inter-region routing, WAF/Shield for DDoS protection,
ALB/NLB load balancing with mTLS termination, EC2/ECS/EKS compute tiers, RDS Aurora for
identity data persistence, and S3/KMS-encrypted audit log archiving.
• Led 20 to 60 engineers across architecture, platform, product, and delivery. Established SLA
frameworks, on-call standards, and automated runbooks that reduced identity-related P1
incidents by 50% YoY and improved mean-time-to-resolve from 4 hours to under 45 minutes
for Sev-1 authentication outages.
• Designed and deployed an AI-powered fraud detection and adaptive authentication engine
integrating ML risk models, behavioral biometrics, device fingerprinting, and session anomaly
detection. Reduced account takeover (ATO) rate measurably while maintaining sub-200ms p95
authentication latency across 4M+ active sessions.
• Built an AI/ML identity analytics pipeline ingesting authentication events, device signals, and
transaction telemetry into a feature store and serving real-time risk scores via low-latency
inference API. Integrated with fraud case management, enabling automated account
protection decisions without human-in-the-loop for 92% of high-risk sessions.
• Engineered fraud-resistant customer identity journeys including step-up authentication, device
binding, account recovery, and progressive profiling integrating Transmit Security and Akamai
WAF. Integrated identity and session signals into Splunk UBA and fraud detection pipelines
enabling real-time risk scoring and behavioral anomaly detection.
• Delivered continuous PCI-DSS, SOX, and GLBA compliance automation via Policy-as-Code
(OPA), automated IAM-to-GRC evidence pipelines, and Saviynt access certification workflows.
Reduced manual audit preparation effort by 40%, enabling quarterly attestation cycles with
zero manual sampling and full audit trail coverage.
• Defined OAuth 2.0/OIDC/SCIM API authorization standards for 50+ cloud-native microservices,
enforcing Zero Trust service-to-service authentication, token binding, and short-lived
credential rotation across AWS API Gateway and Lambda, eliminating implicit trust between
internal services.

Company industry:
Banking

Sr. Infrastructure and Identity Operations Lead

January 2021 - January 2022

Austin International Airport (AUS)

Austintown, United States Remote

January 2021 - January 2022

• Architected enterprise IT, network, and identity infrastructure spanning multi-site data centers, WAN/LAN, SD-WAN, Wi-Fi, and multi-cloud (AWS, Azure, GCP) for a 200+ person organization operating across 12 regional offices. Defined IAM, PAM, IGA, MFA, federation, and network segmentation standards as foundational architecture pillars. • Designed full data center infrastructure: server virtualization (VMware vSphere clusters), SAN/NAS storage (NetApp, Pure Storage), BGP/OSPF routing between regional offices, SD-WAN policy-based overlay, multi-tier firewall architecture (perimeter, east-west), and redundant internet uplinks with failover automation. • Led 20 to 50 engineers across infrastructure, network, platform, and security to deliver core IAM/PAM/IGA and GRC capabilities. Implemented Terraform and OPA-based Infrastructure-as Code and Policy-as-Code pipelines for continuous controls monitoring, automated compliance evidence, and audit-ready posture. • Designed cloud-native Zero Trust network architecture implementing VPC/VNet segmentation, micro-segmentation, east-west controls, and identity-aware proxy for application access, replacing legacy VPN-based perimeter model and reducing implicit trust zones to zero. • Built an AI/ML-powered security operations capability: deployed UEBA platform with ML behavioral baselines, integrated AI-assisted threat hunting workflows with ELK SIEM, and implemented automated threat intelligence enrichment using vector-similarity search across security event data — reducing mean-time-to-detect across the distributed org. • Integrated identity, PAM, IGA, and infrastructure telemetry into ELK-based SIEM, building correlation rules, dashboards, and alerting for identity-centric threat detection, improving mean-time-to-detect and providing unified visibility across the distributed organization.

Company industry:
Aerospace

Sr. Infrastructure Engineer Global Identity

January 2021 - December 2021

Tesla (Giga Texas)

Austintown, United States

January 2021 - December 2021

• Served as a founding on-site infrastructure engineer at Giga Texas. Designed and deployed
end-to-end identity and access foundations from day zero for the greenfield Gigafactory,
covering physical badging hardware, logical identity (directories, SSO, IAM), and role-based
access policies for 5, 000+ workforce, contractors, and partners.
• Engineered full factory IT and OT infrastructure from scratch: designed server room layouts,
deployed VMware hypervisor clusters, established core Cisco switching and routing fabric,
provisioned multi-VLAN segmentation across manufacturing, administrative, lab, and guest
networks, and delivered SD-WAN connectivity to Tesla corporate.
• Integrated physical badge readers and access controllers with Active Directory, Okta SSO, and
Teslas internal IAM platform, enabling a single identity to govern building access, production
floor entry, lab access, and enterprise application authentication under a unified least-privilege
model.
• Deployed AI-assisted IT monitoring using ML-based anomaly detection for network baselines,
server health, and identity event streams — enabling proactive incident detection for
manufacturing-critical systems and reducing unplanned downtime through predictive alerting
before factory floor impact.
• Federated Giga Texas identity infrastructure with Tesla corporate and SpaceX shared network
environments, enforcing consistent RBAC policies, secure inter-network connectivity, and
separation of duties between vehicle programs, manufacturing systems, and shared
engineering tools.
• Authored infra-as-code patterns and operational runbooks for identity and access components
at Giga Texas, standardizing provisioning, configuration management, and incident response,
and mentoring junior engineers on secure access patterns, observability, and controlled
change management.

Stack: Physical PACS/badging, Active Directory, Okta, IAM platforms, VMware, Linux, Cisco LAN/WAN, SD
WAN, L2/L3 networking, Python scripting, Terraform, ITSM

Company industry:
Automotive Manufacture

Principal Cybersecurity Global Identity Architect

January 2018 - January 2019

Meta (Facebook)

Austintown, United States

January 2018 - January 2019

• Designed and evolved planet-scale identity and access services handling billions of daily
authentication and authorization events across globally distributed Kubernetes-based
infrastructure. Architected low-latency token validation (sub-10ms p99), session management,
and OAuth 2.0/OIDC service-to-service auth patterns for web, mobile, and API workloads at
hyperscale.
• Engineered distributed AI/ML identity security platform: designed feature pipelines ingesting
login events, device attestation, geolocation, and behavioral signals into ML models for
account compromise, credential stuffing, and bot detection. Models served 10B+ daily
inference requests via low-latency feature stores and gRPC-based serving infrastructure.
• Integrated identity signals including login events, device attestation, and session metadata
into security data lakes and ML-driven detection pipelines. Powered advanced threat detection
and real-time correlation of identity events with endpoint and network telemetry across Metas
global SOC, improving detection coverage for account compromise and insider threat patterns.
• Led architectural decisions across IAM, CIAM, PAM, and IGA in a hyperscale microservices
environment. Defined privileged access governance patterns, service mesh security (mTLS
enforcement), and workload identity frameworks for identity-critical Kubernetes services.
• Designed and contributed to AI-powered content moderation and identity verification pipelines,
integrating facial recognition and document liveness verification into account recovery and
identity proofing workflows — reducing fraudulent account recovery attempts by an order of
magnitude at billion-user scale.
• Delivered privacy-by-design identity workflows aligned with GDPR and CCPA at platform scale.
Embedded consent management, data subject rights
minimization, and directly into identity and architecture.

Company industry:
IT Services

Sr. Infrastructure Architect

January 2017 - January 2018

Google

Austintown, United States

January 2017 - January 2018

• Engineered centralized identity lifecycle and JML provisioning architecture across Google Cloud
and on-prem. Designed auto-provisioning pipelines using Terraform and ServiceNow to create
accounts, roles, policies, and group memberships in Google Cloud Identity, AWS IAM, and
Google Workspace with end-to-end approval workflows and audit trails. Reduced manual
provisioning labor by 60% and cut average access fulfillment time from 3 days to under 4
hours.
• Designed and operated multi-region GCP infrastructure: designed Shared VPC architecture,
Cloud Interconnect for on-prem hybrid connectivity, Cloud Armor WAF policies, GKE cluster
networking (VPC-native), Cloud Load Balancing with SSL termination, Cloud SQL HA instances,
and GCS bucket policies with CMEK encryption supporting identity platform SLAs for 99.99%
availability.
• Architected CIAM platform using Firebase Authentication at consumer scale. Designed token
lifecycle management, session handling, progressive authentication flows, and secure backend
microservice integration for web and mobile platforms, with patterns subsequently reused
across multiple Google product teams.
• Integrated AI/ML capabilities into identity and access operations: deployed ML models for
access pattern anomaly detection, built predictive access review tooling that flagged stale or
over-privileged access 30 days before certification cycles, and prototyped LLM-assisted policy
generation for IAM role recommendations.
• Integrated identity events into SOC/SIEM, enabling real-time correlation with endpoint and
network telemetry and automated enrichment workflows that reduced Tier-1 analyst
investigation time on suspicious access alerts.
• Led 20+ engineers across identity, infrastructure, and automation disciplines. Defined infra-as
code standards, reusable Terraform modules, and security-by-default access patterns. Built
compliance automation pipelines that cut environment build time by 50% and converted
quarterly manual compliance reviews into continuous automated verification.

Company industry:
IT Services

Infrastructure Security Engineer

January 2016 - January 2017

Dell Technologies

Austintown, United States

January 2016 - January 2017

• Designed and implemented enterprise IAM, PAM, and IGA architecture for Dells global
environment spanning 100, 000+ endpoints. Consolidated fragmented multi-vendor identity
and privileged access configurations into a standardized, integrated architecture with full audit
trails, eliminating shared admin credentials and establishing vault-and-rotate lifecycle
management for all privileged accounts.
• Engineered enterprise IT infrastructure underpinning the IAM deployment: designed Active
Directory Forest/domain topology, DNS and DHCP high-availability architecture, PKI/CA
hierarchy for certificate lifecycle, Windows Server and Linux server build automation (Ansible),
VMware vSphere cluster management, and SAN-based storage tiering for identity data.
• Deployed and operationalized CyberArk, BeyondTrust, and ManageEngine PAM360 for
privileged session brokering and credential rotation. Implemented SailPoint IdentityIQ and One
Identity Manager for access certification, role modeling, and automated JML provisioning with
IGA-to-HR system integration.
• Designed and piloted an AI-assisted access review automation platform: integrated ML
classification models to identify toxic access combinations, predict access review outcomes
based on historical attestor behavior, and auto-approve low-risk routine certifications reducing
access review burden by 50% while improving risk detection coverage.
• Built vulnerability and compliance automation pipelines using Nessus, Qualys, Splunk, and RSA
Archer. Automated scan-to-dashboard reporting correlated privileged account data with
vulnerability findings for risk-prioritized remediation, and generated executive compliance
dashboards.

Stack: Okta, OneLogin, ManageEngine AD360, CyberArk, BeyondTrust, ManageEngine PAM360, SailPoint
IdentityIQ, One Identity Manager, Nessus, Qualys,
AI/ML: Access Review Classification, Prediction

Company industry:
IT Services

Systems Engineer Global Identity

January 2015 - January 2016

Apple Inc

Austintown, United States

January 2015 - January 2016

• Contributed to building Apples next-generation SSO, federated identity, and phishing-resistant
MFA platform for the global corporate workforce. Implemented authentication and
authorization services, OAuth/OIDC/SAML integrations, and SCIM-based lifecycle provisioning
for internal applications and third-party SaaS platforms at enterprise scale.
• Designed and contributed to the enterprise IT infrastructure supporting Apples identity
platform: LDAP directory architecture, PKI X.509 certificate automation, macOS/iOS MDM
integration (JAMF), server virtualization, and network access control (NAC) integration for
endpoint posture checking at authentication.
• Developed full-stack identity management features using ReactJS front end and Java-based
backend services. Implemented and debugged OAuth 2.0, OIDC, SAML 2.0, and SCIM
integrations across Active Directory, Okta, and Apples internal identity APIs.
• Contributed to early AI/ML research prototypes for user behavior analytics (UBA) integrated
with Apples corporate identity platform — exploring ML-based anomaly detection for insider
threat use cases and adaptive authentication signal enrichment.
• Contributed to enterprise architecture patterns for high-availability identity systems including
session management, token validation, and multi-datacenter failover strategies for global
enterprise scale.

Stack: Active Directory, Okta, PKI / X.509, LDAP, JAMF (macOS MDM), ReactJS, Java, OAuth 2.0, OIDC,
SAML 2.0, SCIM, NAC

Company industry:
Computer Hardware & High-Tech Manufacture

Education

University of Technology

January 2012

January 2012

Bachelor's degree, Computer Science

United States

GPA (point): 4.7 out of 5

GPA (point): 4.7 out of 5

Computer Science engineering

Skills

APPLE APERTURE
Intermediate
APPLE APERTURE
Intermediate
COMPUTER HARDWARE
Intermediate
COMPUTER HARDWARE
Intermediate
CONFLICT MANAGEMENT
Intermediate
CONFLICT MANAGEMENT
Intermediate
CYBER SECURITY
Intermediate
CYBER SECURITY
Intermediate
CYBERARK
Intermediate
CYBERARK
Intermediate
FEDRAMP
Intermediate
FEDRAMP
Intermediate
GOOGLE APPLICATIONS
Intermediate
GOOGLE APPLICATIONS
Intermediate
IDENTITY AND ACCESS MANAGEMENT
Intermediate
IDENTITY AND ACCESS MANAGEMENT
Intermediate
IT INFRASTRUCTURE
Intermediate
IT INFRASTRUCTURE
Intermediate
METADATA
Intermediate
METADATA
Intermediate

Social profiles

Languages

English

Native Speaker

Arabic

Native Speaker

Training and Certifications

Certifications
AWS Certified Security – Specialty
Cloud Security & Architecture
Certified Information Systems Security Professional
Certified Information Security Manager

Hobbies and interests

Woodworking