Brandon A. Moe

Principle Security Engineer - U.S. Bank (August 2023 to Present)

• Drove the HashiCorp Vault initiative, establishing best practices that improved security protocol adherence and created a more resilient infrastructure supporting over 10,000 enterprise users in the organization.
• Enabled Azure Authentication and Database Secrets Engines (PostgreSQL, MySQL, MariaDB, AzureSQL, MSSQL, RDS PostgreSQL) in HashiCorp Vault, implementing self-service on-boarding to streamline secure access management.
• Designed and implemented a scalable solution for mass distribution of internal CA public keys, enabling application teams to automate trust store updates at build and runtime, enhancing security and efficiency.
• Implemented pipeline and IaC for clustered PostgreSQL RDS instance, AWS DocumenetDB, AWS S3, and EKS cluster utilizing Teraform and GitLab CI.
• Converted 21 Kubernetes file base deployment to helm chart deployment with high availability and event driven auto scaling across 3 region based clusters able to handle 1000+ concurrent tasks.
• Migrated 13 CentOS 7 based containers after EOL to Debian decreasing image footprint by 50% while also decreasing CVE's by 97%.
• Created 73 custom API endpoint for engineering teams to integrate with AD, HashiCorp Vault, Cyberark, and Access Management to outsource CRUD operations to platform teams while limiting capabilities and enforce controls as defined by the business.
• Implemented inner source documentation platform with AI chat-bot to distill down vendor documentation while integrating business specific modifications and requirements to enhance customer experience.
• Converted 32,000 untracked HashiCorp Vault policies created over 4 years to a set of standard policies controlled by source code and automatically updated by automation. This decreased policy and permission related incidents from 42% of volume to 0%.

Senior Information Security Engineer - U.S. Bank (August 2022 to August 2023)

• Technical Owner of HashiCorp Vault at US Bank leading direction and feature development for all development teams.
• Developed golang desktop application for operations teams to perform critical IAM functionality in cloud integrated with HashiCorp Vault.
• Create secret zero agent for On-PREM Linux and Windows VM's to connect to Hashicorp Vault.
• Independently complete migration of HashiCorp Vault from Consul backend to Raft backend while upgrading OS from RHEL 7 to RHEL 8.
• Introduced automation to enforce IAM policy and standards through detective controls.
• Created dual local environments for developers utilizing windows, linux, and docker architecture.
• Integrated cert-manager to Venafi using HashiCorp Vaults PKI engine. Achieving this for 600+ clusters required automated onboarding of Kubernetes authentication for Vault cluster, policy provisioning in Venafi, and PKI role configuration at cluster buildtime through custom developed API.
• Developed self service onboarding for vault customers for Kubernetes authentication workflow in Vault while also providing infrastructure team API endpoints for onboarding new Kubernetes clusters at build-time.

Information Security Engineer - U.S. Bank (January 2021 to August 2022)

• Matured Active Directory account provisioning to be self-service increasing consistence while decreasing request time form two weeks to five minutes. Integrated Django, Flask, Apache Airflow, HashiCorp Vault, Power Automate, and Microsoft Teams utilizing Python, RESTful APIs, and LDAP.
• Scripted Active Directory data extraction to MSSQL across 8 production domains to facilitate reporting and better provide visibility into our environment for audit and remediation efforts.
• Automated reporting for Oracle Identity Manger and SailPoint IdentityIQ through Google Cloud Platform's GKE. Enabled operation teams to run 250+ scheduled reports saving hundreds of hours monthly.
• Developed a self-service onboarding solution for engineers to integrate HashiCorp Vault with Kubernetes and GitLab authentication.
• Implemented monitoring and cleanup on HashiCorp Vault utilizing Grafana, Prometheus, Splunk, and Telegraf for time series data collection. Using data and active queries, modifications were made to HashiCorp Vault to achieve security goals set by management.
• Lead successful conversion effort from legacy software to Apache Airflow. Doing so enabled software to horizontally scale increasing uptime 7% to above 99.9% while improving runtime of tasks.

Information Security Engineer Intern - U.S. Bank (June 2020 to January 2021)

• Migrated Docker container formally treated as pets to cattle based containers with unit testing, vulnerability scanning, code quality scanning, and automated build processes. This decreased time to production by 95% while also stabilizing the environment.
• Designed a local environment configuration using Docker to replicated production configuration on user's local machines for code development. This enabled developer to decrease time to production and enabled better local unit, application, and integration testing.

Enterprise DevOps Solutions Engineer Intern - U.S. Bank (June 2019 to June 2020)

• Architected and designed a self-service web based on-boarding service to perform the most common CRUD requests to minimize manual provisioning work required by admins and optimize end user lifecycle in GitLab, SonarQube, Artifactory, Jenkins, and Jira.

Field Technical Advisor Assistant - For Inspiration and Recognition of Science and Technology (January 2021 to Present)

• Responsible for keeping the FIRST Robotics Competition field running in accordance with FIRST requirements.

Control System Advisor - For Inspiration and Recognition of Science and Technology (January 2018 to Present)

• Assists teams with Robot Control System-related issues. Language include C++, Java, LabVIEW, and Python.

Beta Tester and Lecturer - LabVIEW FRC - For Inspiration and Recognition of Science and Technology (June 2016 to Present)

• Beta test the software coming out for the next season to find bugs and breaking changes.
• Present lectures to students teaching the fundamentals of robotics programming to advance motion techniques.