Worked on security automation and policy enforcement across cloud infrastructure repositories, focusing on risk reduction and compliance. In the govuk-one-login/observability-configuration repository, integrated Checkov into pre-commit hooks and GitHub Actions workflows using YAML, enabling automated scanning of infrastructure-as-code for misconfigurations. Updated workflow permissions to enforce least-privilege, addressing security findings and reducing potential access risks. In the govuk-one-login/tech-docs repository, implemented an AWS security policy to enforce secure transport for AccessLogsBucket, ensuring all data transfers use encrypted protocols. Leveraged skills in CI/CD, DevOps, and security policies to deliver measurable improvements in security posture and governance without introducing new bugs.