SB Saurabh Bhargav
← Back to projects
Featured

AWS Cloud Architecture, Security & SOC 2 Compliance

Designed and implemented a SOC 2–aligned AWS architecture with least-privilege IAM, centralized secrets, and continuous security monitoring.

Role
Cloud Security Engineer (Lead)
Duration
Feb 25 – Aug 25
AWSIAMGuardDutyAWS KMSAWS ConfigInspectorWAFSecrets ManagerCloudWatchSOC 2

Key highlights

  • Implemented least-privilege IAM principals, reducing unnecessary permissions by ~70% and improving security posture.
  • Integrated GuardDuty, AWS KMS, AWS Config, and Inspector to continuously monitor vulnerabilities and misconfigurations — cutting manual audit effort by ~70%.
  • Configured AWS WAF (Bot control, SQLi, XSS, IP-restricted admin URLs), blocking ~99% of common web exploits.
  • Led investigation and remediation of a security incident, improving monitoring and access controls.
  • Optimized infrastructure cost through rightsizing and monitoring, achieving 30–40% reduction in monthly AWS spend.

Overview

Designed an end-to-end AWS cloud architecture for production-grade applications, then audited and aligned it with SOC 2 compliance requirements. The goal was a security baseline that auditors trust and engineers can actually work within day to day.

What I did

Identity & access

Rebuilt IAM around least-privilege principals, removing standing broad permissions and scoping access to exactly what each role needs. This reduced unnecessary permissions by ~70%.

Secrets management

Removed hard-coded credentials across the stack by moving secrets into AWS Secrets Manager and Parameter Store, with rotation where supported.

Continuous monitoring

Wired up GuardDuty, AWS Config, Inspector, and KMS so vulnerabilities and configuration drift surface automatically — cutting manual audit effort by ~70%.

Edge protection

Configured AWS WAF with managed rule groups (SQLi, XSS, bot control) and IP-restricted the admin login URLs, blocking roughly 99% of common web exploits.

Logging & alerting

Centralized logging and alerting on CloudWatch for fast detection and resolution of security and availability events.

Outcome

A SOC 2–aligned, continuously-monitored AWS environment with least-privilege access, centralized secrets, and 30–40% lower monthly spend — plus a central knowledge base documenting the whole architecture.

← Back to all projects