Available for Contract & Remote — Multilingual · Dallas, TX

Infrastructure that
holds, stable, secure, & scalable .

Cloud Security & Infrastructure Architect with 10+ years securing GNU Linux systems & AWS, including work with Google & the U.S. Navy (DoD). I eliminate risk, enforce CIS/STIG standards, and automate infrastructure to stay stable and audit-ready. Read →

Start a Conversation Book a Free Call

10+

Years in production
infrastructure

DoD

Cleared-level
environments

SRE

Google (X) &
U.S. Navy background

99.9%

Uptime delivered for
mission-critical apps

Younis Amedi — Cloud Security & Infrastructure Architect

Younis Amedi Cloud Security & Infra Architect · Dallas, TX

Is This You?

The problems I'm hired to fix

If any of these sound familiar, you're in the right place.

🔥

"We keep having random outages"

Unplanned downtime caused by misconfigured infra, no autoscaling, or unmonitored single points of failure.

🛡️

"We have an audit coming up"

FedRAMP, PCI-DSS, SOC 2, or a DoD assessment — and your hardening is undocumented or nonexistent.

🔓

"Our AWS permissions are a mess"

Overprivileged IAM roles, no SCP enforcement, public S3 buckets, and GuardDuty findings no one's acting on.

📙

"We need STIG compliance — fast"

A government contract or DoD environment requires hardened, STIG-compliant Linux systems with auditable evidence.

☁️

"We're moving to the cloud but scared"

Migrating from data center or hybrid on-prem to AWS without losing your security posture or waking up to a breach.

⚡

"Our infra grew too fast"

Years of "move fast" decisions left your environment fragile, inconsistent, and impossible for anyone to fully understand.

Services

What I Do — and How Engagements Work

Contract, project-based, or retainer — scoped to your situation. No fluff, no retainers you don't need.

Work With Me

Most Requested

Linux Hardening (CIS / STIG)

Systematic hardening of Linux systems to CIS Level 1/2 or DISA STIG profiles. Kernel tuning, auditd, SELinux/AppArmor, access control, and OpenSCAP compliance reports. Delivered with automation you can apply to every new build.

CIS L1/L2DISA STIGOpenSCAPauditdSELinuxAnsible

AWS Cloud Security Architecture

Design and audit of AWS environments with a security-first lens. IAM role architecture, VPC segmentation, SCPs, GuardDuty, CloudTrail, Config, Security Hub — and a remediation roadmap with severity rankings.

IAM / SCPsGuardDutySecurity HubCloudTrailVPC Design

Infrastructure Risk Assessment

Comprehensive audit of your cloud or hybrid environment. Identifies misconfigurations, over-permissions, single points of failure, and compliance gaps. Delivered as a prioritized report with business-impact scoring.

Gap AnalysisRisk ScoringRemediation PlanExecutive Summary

DevSecOps & Infrastructure Automation

Security baked into your pipelines from day one. Terraform IaC with compliance gates, CI/CD hardening, drift detection, automated patching, and Bash/Python scripts to enforce your security baseline consistently.

TerraformCI/CDPythonBashGolangGitOps

Data Center & Hybrid Cloud Integration

Bridge legacy Cisco on-prem environments with AWS. Site-to-Site VPN, network segmentation replication, firewall rule migration, and maintaining a consistent security posture during and after migration.

CiscoAWS VPNNACLsBGPHybrid Cloud

Monitoring, Alerting & Incident Prevention

AI-assisted observability with Prometheus, Grafana, and cloud-native tools. Reduce alert noise, surface real anomalies faster, build runbooks that stop incidents before they become outages.

PrometheusGrafanaCloudWatchAI AnomalyRunbooks

Real Work · Real Results

The Kind of Problems I'm Paid to Solve

Specifics — not vague buzzwords. Here's what engagements actually look like and what they deliver.

DoD / Government

STIG Compliance on 200-Node RHEL Fleet — 60 Days

Inherited a 200-node RHEL fleet with zero documented hardening. Built automated STIG scanning with OpenSCAP, reduced findings by 94% in 60 days, produced auditable compliance reports for ISSO sign-off, and wrote Ansible/Bash playbooks to enforce the baseline on every future build automatically.

94%

Findings reduced

Days to comply

200

Nodes hardened

RHELOpenSCAPDISA STIGAnsibleBash

SaaS / AWS

Eliminated 3–4 Monthly Production Outages via Rearchitecture

A SaaS company was averaging 3–4 unplanned outages per month. Root causes: over-permissive IAM, no autoscaling, monolithic EC2 setup, zero alerting strategy. Redesigned with proper VPC isolation, ECS Fargate, CloudWatch alarms, and IAM least-privilege. Zero unplanned outages in the following 6 months.

Outages (6 mo.)

3–4

Monthly before

AWS ECSVPCCloudWatchTerraformIAM

Financial Services / PCI-DSS

Reduced PCI-DSS Audit Scope by 60%, Saving ~$80K/Year

Helped a payments company dramatically reduce their annual PCI-DSS assessment cost. Hardened 40+ GNU/Linux servers to CIS Level 2, segmented cardholder data environments with strict iptables rules and network isolation, and produced documented controls that satisfied QSA requirements. Scope reduced by 60%, saving ~$80K annually.

60%

Scope reduction

$80K

Annual savings

40+

Servers hardened

DebianCIS L2PCI-DSSiptablesauditd

Hybrid Migration

Data Center → AWS Migration With Zero Security Regression

Migrated a legacy Cisco-heavy data center to a hybrid AWS environment. Designed Site-to-Site VPN, replicated firewall ACL logic into AWS Security Groups and NACLs, enforced SCPs organization-wide via AWS Organizations. No security regression during migration — completed 3 weeks ahead of schedule, no incidents.

Security incidents

−3wk

Ahead of schedule

CiscoAWS VPNSCPsNACLsTerraform

How It Works

From First Call to Production-Safe

A simple, no-surprises process. You know what's happening at every step.

Discovery Call

Free 30-minute intro. We discuss your environment, pain points, and what success looks like. No commitment required.

Assessment & Scoping

I audit your current state, identify the highest-risk gaps, and propose a scoped engagement with clear deliverables and pricing.

Execution

Hands-on hardening, remediation, or architecture work. Regular check-ins, documented decisions, and clean handoffs.

Documentation & Handoff

Everything is documented. Runbooks, playbooks, compliance evidence — your team can operate and maintain it without me.

Client Testimonials

What Teams Say After Working With Me

★★★★★

"Your efforts spanned several months and required considerable evening and weekend work. We would like to express our deepest gratitude and appreciation for the outstanding effort and support you provided. Your professionalism and "can do" attitude made a significant impact on the successful inspection result."

Michael Troxel

Activity Chief Information Officer — Naval Surface Warfare Cente - U.S Navy

★★★★★

"I very much appreciated being able to assign Younis a task and have him efficiently complete it, working unsupervised. He is a diligent, responsible and conscientious employee, always punctual, professional and trustworthy!"

Jim Myers

Director of IT Operations - Schuyler House Medical Systems

★★★★★

"I cannot express the high level of regard I hold for Younis. He has impressed me on several occasions with his technical skills and his positive attitude. He has proven himself that he has a high degree of understanding in the information technology field."

Lauren R. Newsome

Senior IT Specialist - Official U.S Army Corps of Engineers

★★★★★

"Younis has never shrunk from hard work or the physical dangers of being a contractor in service of the United States Armed Forces and has consistently executed his duties in an exemplary manner."

James R. Hajduk

Colonel, U.S Army Chief - Military Transition Team - 3rd Brigade

★★★★★

"Not only has Younis always displayed a willingness to go above and beyond the expectations of his duty position his technical skills as a computer programmer have been invaluable during his tour of duty!"

Mollie E. Keith & Jeremy S. Latham

U.S 1175th MP Company Commander CPT - Police Advisor / CIVPOL

About

Built on 10+ Years of Production Infrastructure

I'm Younis — a Cloud Security & Infrastructure Architect based in Dallas, TX. Multilingual, available for remote and contract work nationwide.

Over the past decade, I've worked across AWS, Linux systems, and data center infrastructure — including DoD-level environments (U.S. Navy, AEGIS Coalition Forces) where security and uptime aren't optional. My specialty is taking environments that grew too fast, got too messy, or were never hardened properly, and making them predictable, secure, and resilient.

At Google (X / ERG contract), I ran load balancing and compliance work on GCP. At the U.S. Navy (NDTI), I automated DNS and patching that cut maintenance by 90% and earned recognition for operational improvements. I bring that same rigor to every contract engagement.

I work with Terraform, Ansible, Python, Bash, and Golang. I apply AI-assisted monitoring pragmatically — reducing alert noise and catching real problems earlier. Every engagement closes with runbooks, playbooks, and documentation your team can own without me.

OpenSCAP IAM Architecture GuardDuty Ansible Terraform CI/CD / GitOps PCI-DSS FedRAMP Nessus / Red Hat Satellite Incident Response Risk Assessment SELinux / AppArmor Prometheus / Grafana Docker / Kubernetes Python · Bash · Golang BGP / Routing

Hire Me GitHub Read My Articles

Quick Facts

Dallas, TXRemote & Contract · Multilingual

10+ YearsProduction infrastructure experience

DoD-LevelSecurity clearance environments

Currently Available

Available for Select Engagements

Contact

Phone+1 (214) 997-5609

GitHubgithub.com/younisamedi

Book Free Intro Call