Macdonald Daniel

I’m a DevSecOps engineer with 4+ years securing cloud-native infrastructure across AWS EKS, Kubernetes, and multi-environment CI/CD pipelines. I focus on integrating SAST/DAST tooling, automating vulnerability remediation, and enforcing compliance policy gates aligned with OWASP and CIS benchmarks.

At Keystone Bank, I coordinated security assessments and tracked remediation to ensure timely closure of vulnerabilities, reducing critical security risks across 15+ applications by 60%. I also cut build times 50% by automating SAST/DAST-integrated CI/CD pipelines (Trivy, Checkov, SonarQube, Gitleaks) on AWS EKS with parallelized runners.

I align pipeline security controls with OWASP Top 10 and CIS Kubernetes benchmarks, producing audit-ready evidence across dev, stage, and prod to reduce compliance findings by 40%. I enforce zero non-compliant workload promotion using OPA and Kyverno admission controllers across all clusters.

I’ve hardened AWS environments through IAM least-privilege policies, VPC segmentation, and automated compliance checks—while eliminating plaintext credential exposure by deploying HashiCorp Vault with automated secret rotation and RBAC least-privilege. I also build Python and Bash automation to speed vulnerability review, prioritization, remediation, resource auditing, and alert routing.