Ismail Arici

Security Engineer

Toronto, Canada
01

Skills

โ˜

Cloud & Infrastructure Security

  • Designed and secured AWS environments using Terraform and CloudFormation, with focus on least privilege and environment isolation.
  • Deployed containerized applications to AWS (ECS) using OIDC-based authentication, avoiding long-lived credentials.
  • Applied infrastructure security scanning using Checkov to validate IaC configurations.
๐Ÿ›ก

Application Security

  • Integrated SAST, secrets scanning, and dependency checks into development workflows using Semgrep, Bandit, Gitleaks, and pip-audit.
  • Generated and analyzed SBOMs using Syft to improve visibility into software dependencies.
  • Performed DAST testing using OWASP ZAP and validated findings through manual analysis.
  • Identified and validated application-layer vulnerabilities (API exposure, access control flaws, data leakage).
๐Ÿ“ฆ

Container & Supply Chain Security

  • Built and scanned container images using Trivy and Docker Scout.
  • Implemented end-to-end container security workflows from build-time scanning to runtime considerations.
  • Strengthened supply chain security through dependency auditing and SBOM generation.
๐Ÿ”

Security Operations & Compliance

  • Supported and validated controls for SOC 2 Type II, ISO 27001, and HIPAA-aligned environments.
  • Performed vulnerability management and risk prioritization using Nessus.
  • Led incident triage and investigation, leveraging endpoint detection tools such as CrowdStrike Falcon.
  • Conducted vendor and architecture security reviews, including AI/LLM-related risk and data handling considerations.
</>

Automation & Tooling

  • Built automation for security scanning pipelines, SARIF-based reporting, and CI/CD integration.
Python Terraform JSON YAML SQL
02

Experience

Application Security Specialist

Case IQ // Canada // 06/2023 โ€” Present
  • Lead application security initiatives across engineering and compliance, embedding security controls that support SOC 2 Type II and ISO/IEC 27001:2022 compliance.
  • Own the application vulnerability management program, integrating SAST, DAST, SCA, container, and secret scanning into the software development lifecycle.
  • Partner with engineering teams to identify, prioritize, and remediate application and infrastructure vulnerabilities using risk-based remediation strategies.
  • Lead security hardening efforts for acquired products, improving authentication, authorization, logging, encryption, and secure configuration.
  • Evaluate, implement, and optimize security tooling including GitHub Advanced Security, StackHawk, Nessus, Docker Scout, and other AppSec technologies.
  • Conduct application security assessments, architecture reviews, and threat modeling for new products, cloud services, and AI/LLM initiatives.
  • Lead vendor security assessments and technical due diligence for cloud, SaaS, AI, and security platforms.
  • Drive security incident investigations by correlating telemetry across cloud, application, endpoint, and identity platforms.
  • Strengthen IAM and least-privilege controls across Azure, AWS, and enterprise applications.
  • Serve as technical lead for enterprise security initiatives, including SIEM modernization, secure SDLC improvements, and vulnerability governance.
  • Successfully supported multiple SOC 2 Type II and ISO/IEC 27001 audits by owning technical evidence, validating security controls, and working directly with auditors.
  • Awarded Case IQ Star (Employee of the Quarter).

Cloud Engineer

RGS Software // Turkey // 06/2019 โ€” 12/2022
  • Led infrastructure maintenance and development for e-commerce platforms on AWS.
  • Automated provisioning with Terraform and CloudFormation, improving infrastructure reliability.
  • Reduced AWS operational costs by 20% in one year through targeted optimization.

IT Supervisor & Instructor

Medipol University // Turkey // 09/2016 โ€” 06/2018
  • Designed and maintained a shared file system infrastructure serving 100+ instructors.
  • Archived access logs for university compliance and mentored engineering students.
03

Education

Ph.D. โ€” Leadership, Higher & Adult Education

University of Toronto ยท Canada

Dissertation: The privacy paradox: Managing compliance requirements while adopting new technologies in Higher Education.

Cybersecurity Training Program

Fields Institute of Mathematics ยท Canada ยท 2023

Intensive program in cloud security, risk management, and vulnerability management.

M.A. โ€” English

Canakkale University ยท Turkey ยท 2019

B.A. โ€” English

Istanbul University ยท Turkey ยท 2013
04

Projects

๐Ÿ›ก

SecurePipe

Open source DevSecOps CLI that runs a full security pipeline against any codebase with a single command. Orchestrates Semgrep (SAST), pip-audit / npm audit / OWASP Dependency-Check (SCA), Trivy (container scanning), Syft (SBOM), and OWASP ZAP (DAST) via Docker โ€” no cloud credentials required. Generates a self-contained HTML report with cross-tool CVE deduplication, dependency chain tracing, fix guidance, and SOC 2 / ISO 27001 compliance mapping. Supports org-wide scanning across multiple repos.

DevSecOps SAST SCA DAST Docker Python Open Source
โ˜๏ธ

SecureInfra

Cloud Security Posture Management (CSPM) layer that runs Prowler against AWS environments, normalizes findings into a shared event schema, and feeds results into SecureOps for centralized triage and alerting. Supports SOC 2 / CIS benchmark compliance checks with no persistent services โ€” runs as a one-shot pipeline via Docker or native Prowler.

CSPM AWS Prowler Python Docker SOC 2
๐Ÿ”ญ

SecureOps

SIEM/XDR orchestration and audit layer that ingests normalized findings from SecurePipe (application security) and SecureInfra (cloud posture), routes events to Wazuh and DefectDojo, and writes tamper-evident audit evidence. Config-driven and cloud-agnostic โ€” no vendor lock-in, no heavy pipelines.

SIEM XDR Wazuh DefectDojo Python Docker
๐Ÿ—

AWS 3-Tier Architecture

Designed and deployed a highly available, secure 3-tier application environment in AWS using Terraform and Zero-Trust principles.

AWS Terraform Zero-Trust
๐Ÿ”ท

Azure Cloud Resume

Completed the Cloud Resume Challenge. Built with Azure Blob Storage, Azure Functions, Cosmos DB, and automated CI/CD via GitHub Actions.

Azure Python GitHub Actions
โ˜

Multi-Client Cloud Infrastructure

Collaborated on design and maintenance of AWS infrastructure for multiple clients, applying IaC for automation and cost optimization.

AWS IaC CloudFormation
05

Certifications

Azure Security Engineer

Azure Security Engineer

AWS Security Specialty

AWS Certified Security Specialty

AWS Solutions Architect

AWS Certified Solutions Architect Associate

Terraform Associate

Terraform Associate