Results-driven Cloud Identity & Security Engineer with 5+ years of experience designing and managing IAM solutions across hybrid cloud and on-premises environments. Specialist in Microsoft Entra ID, Zero Trust architecture, and identity lifecycle automation (Joiner-Mover-Leaver). AZ-104 certified; SC-300 in progress. Proficient in Conditional Access, PIM, SAML 2.0, OAuth 2.0, OIDC, and SCIM. Aligned identity governance with ISO 27001:2022 and COBIT 2019 frameworks.
Career Path
Self-Employed · Perth, WA
Design and implement Microsoft Entra ID identity governance solutions for SMB clients — Conditional Access policies, MFA enforcement, and RBAC assignments in hybrid environments. Automate Identity Lifecycle Management (JML) workflows using PowerShell and Microsoft Graph API, achieving a 40% reduction in manual provisioning effort. Architect Zero Trust security postures applying Least Privilege and continuous access evaluation across Microsoft 365 tenants. Develop n8n-based IAM automation workflows integrating GitHub, PostgreSQL, and REST APIs on a self-hosted Ubuntu server.
TEUNO · Financial Services · Remote, Ecuador
Administered enterprise IAM platform supporting 500+ user identities across financial services infrastructure. Redesigned VPN provisioning workflow integrating IAM controls, reducing ticket resolution time by 60% while enforcing Least Privilege access. Implemented and maintained RBAC policies covering the full JML identity lifecycle, ensuring timely provisioning and deprovisioning. Maintained ISO 27001:2022 compliance through user access reviews, entitlement certifications, and audit log analysis. Managed identity federation using SAML 2.0 and OAuth 2.0 for SSO integrations between on-premises Active Directory and cloud applications.
Security Data · On-site, Ecuador
Conducted ISO 27001:2022 and COBIT 2019 gap analyses for enterprise clients across financial, logistics, and public sector verticals. Developed access control policies, PAM procedures, and identity governance documentation for ISMS implementations. Supported privileged access reviews and entitlement certification campaigns, producing audit-ready reports for compliance teams. Streamlined ITSM workflows in ServiceNow, reducing mean time to resolution by 25%. Advised clients on Zero Trust security architecture improvements covering network segmentation and identity perimeters.
Frenos y Frenos · Automotive Sector · Multi-site, Ecuador
Administered on-premises Active Directory (AD DS) for 200+ endpoints — managing user accounts, group policies, and access control lists. Provided L2/L3 technical support for Microsoft 365 and network infrastructure, maintaining 99%+ uptime SLA and resolving identity and access-related incidents. Administered VPN access controls and endpoint security policies for remote workforce. Led end-to-end migration of the accounting system to a cloud-based platform, reducing manual data entry by 20%.
Technical Expertise
Credentials
Universidad de las Américas (UDLA) — Quito, Ecuador
CompletedUniversidad de las Américas (UDLA) — Quito, Ecuador
CompletedNIT Australia — Perth, WA
In Progress (Sep 2025)Information Security Auditing
CertifiedISO 27001:2022
CertifiedIT Governance Framework
CertifiedAzure Administrator Associate
Achieved — 2026Universidad de las Américas (UDLA) — Ecuador
Completed — Nov 2023Identity and Access Administrator Associate
In Progress — 2026Azure Security Engineer Associate
Planned — Late 2026Security Operations Analyst Associate
Planned — Late 2026IT Service Management · Target Q3 2026
In ProgressPortfolio
AI-powered Identity Lifecycle Platform built on Microsoft Entra ID. Automates Joiner/Mover/Leaver operations with AI risk scoring, ISO 27001 audit evidence, drift detection, and Slack approval workflows.
Entra ID Conditional Access policies, MFA enforcement, Named Locations, and Continuous Access Evaluation configured on a test tenant — documented as a hands-on Zero Trust implementation reference.
Protocol-level implementation of SCIM 2.0 user provisioning via Microsoft Entra ID — automating cross-system identity sync between the identity provider and downstream SaaS applications.