Cloud Security / Detection Engineering

Cloud Detection & Alerting Pipeline

Built and tuned a cloud detection and alerting workflow that connected cloud security findings to actionable notifications while reducing low-value noise.

AWSTerraformDetection EngineeringSecurity Automation

Problem

Cloud security tools generated high volumes of alerts, many of which were low-value or duplicated. On-call engineers spent excessive time triaging noise instead of responding to real threats.

Constraints

Small security team, limited on-call bandwidth, multiple AWS accounts, need to maintain compliance visibility while reducing alert fatigue.

Approach

Built a Terraform-managed detection and alerting pipeline that ingested findings from cloud security services, applied suppression logic for known low-value patterns, and routed actionable alerts through event-driven notification paths.

Outcome

Reduced false positives by 60%, improved on-call signal quality, and established a repeatable pattern for adding new detection rules without increasing toil.

Tools

AWSTerraformGuardDutySecurity HubEventBridgeSNSLambda

Key Highlights

Event-driven security notifications
Terraform-managed workflow
Cloud security finding ingestion
Auto-suppression for low-value findings
Reduced on-call toil without losing signal

Details are intentionally sanitized to protect employer and client confidentiality.

← All Work Discuss Security Work