Timothy Murkomen

DevSecOps Engineer                                                           Nathan Digital [March 2025 - Date]

• Designed and maintained secure, scalable CI/CD pipelines, embedding security checks across build, test, and deployment stages.
• Integrated SAST/DAST and container security tools (SonarQube, OWASP ZAP, Burp Suite, Trivy, GitLeaks), reducing production vulnerabilities.
• Led secure coding initiatives and enforced OWASP best practices across engineering teams.
• Supported L2/L3 DevOps & security operations, improving incident resolution time and system stability.
• Collaborated closely with SOC teams to strengthen application and infrastructure security posture.
• Monitored platform health using Prometheus and Grafana, proactively identifying performance and security issues.
• Supported internal security audits and compliance activities in hybrid cloud environments.

DevSecOps Engineer                                              Interintel Technologies Limited[Oct 2024 –Feb 2025]

• Built and secured CI/CD pipelines using Jenkins, GitHub, and Tekton for high-velocity software delivery.
• Deployed ModSecurity WAF, protecting applications against OWASP Top 10 threats.
• Designed and optimized Kafka-based event-driven systems for high-throughput environments.
• Led data reliability improvements, including Cassandra to PostgreSQL migration.
• Implemented continuous monitoring and alerting using Prometheus and Grafana.

DevSecOps & Cybersecurity                                                       Uamuzi Foundation [Jan 2024 –Aug 2024]

• Designed secure Infrastructure as Code (IaC) frameworks using Terraform, Helmfile, and Ansible.
• Implemented Kubernetes-based production platforms, ensuring resilience and scalability.
• Embedded security scanning and dependency checks (SonarQube, Veracode, Snyk, Trivy) into CI/CD pipelines.
• Enforced ISO 27001 and GDPR controls, supporting audits and risk assessments.
• Strengthened IAM, encryption, and endpoint protection strategies across cloud environments.

Security Software Engineer                                        Robyns Business Systems  [Nov 2020 – Dec 2023]

• Led secure delivery of enterprise systems, including Core Banking and E-Statements platforms.
• Architected and executed AWS and Azure cloud migrations with strong security baselines.
• Developed and deployed Dockerized microservices on Kubernetes, improving performance by 30%.
• Automated infrastructure provisioning using Terraform and Ansible, reducing deployment time by 50%.
• Implemented secure CI/CD pipelines using GitLab CI and Jenkins.
• Strengthened API security, encryption, OAuth 2.0, and JWT authentication mechanisms.

• Master’s Degree in Information Technology Security and Audit, Jaramogi Oginga Odinga University of    Science and Technology (JOOUST) – 2023- 2025.
• Bachelor’s Degree in Information Communication Technology, Jaramogi Oginga Odinga University of    Science and Technology (JOOUST).