Brian Nelson

Summary

Infrastructure and Cloud Security Leader with over a decade of experience designing, deploying, and securing enterprise-scale systems across on-premises and cloud environments. Expert in Azure and AWS architecture, virtualization, and Active Directory administration. Proven ability to lead migrations, strengthen security posture, and optimize performance and cost across global organizations. Recognized for bridging strategic vision with hands-on technical expertise and mentoring teams in complex, high-availability environments.

Skills

• Azure · Terraform · Azure AD / Entra ID
• Networking & Security · Firewalls · Zero Trust
• CI/CD · GitHub Actions · Scripting (PowerShell/Bash)

Experience

Sr. Infrastructure Engineer – IBM

October 2023 - Present | Morrisville, NC

• Lead design and governance of enterprise directory services, including Active Directory, Entra ID, and Azure SSO for global business units.
• Oversee hybrid identity architecture integrating on-premises and cloud authentication systems to support secure user provisioning and lifecycle management.
• Tier III escalation point - providing support as required to ensure availability of mission critical services such as authentication, Windows DNS, DHCP, and access to network resources.
• Maintain, manage, and optimize our Azure environment, including SSO setup, infrastructure deployment, Azure Virtual Desktop host pools, and network configuration including creating/destroying subscriptions, managing RBAC access, Enterprise Application deployment, SaaS integrations, and creating roles if needed.
• Deployment of Azure Conditional Access policies to affect, but not limited to, Multifactor authentication, regional based access, and preventing legacy authentication.
• Manage and maintain Microsoft Defender as it pertains to the Microsoft Security and Compliance Portals, creating and managing email quarantine policies, sensitivity labels, and alerts as it pertains to malicious emails and organizational wide phishing/spam maintenance for DLP.

Sr. Infrastructure Engineer – Apptio

January 2021 - October 2023 | Morrisville, NC

• Lead design and governance of enterprise directory services, including Active Directory, Entra ID, and Azure SSO for global business units.
• Oversee hybrid identity architecture integrating on-premises and cloud authentication systems to support secure user provisioning and lifecycle management.
• Tier III escalation point - providing support as required to ensure availability of mission critical services such as authentication, Windows DNS, DHCP, and access to network resources.
• Maintain, manage, and optimize our Azure environment, including SSO setup, infrastructure deployment, Azure Virtual Desktop host pools, and network configuration including creating/destroying subscriptions, managing RBAC access, Enterprise Application deployment, SaaS integrations, and creating roles if needed.
• Deployment of Azure Conditional Access policies to affect, but not limited to, Multifactor authentication, regional based access, and preventing legacy authentication.
• Manage and maintain Microsoft Defender as it pertains to the Microsoft Security and Compliance Portals, creating and managing email quarantine policies, sensitivity labels, and alerts as it pertains to malicious emails and organizational wide phishing/spam maintenance for DLP.

Network Engineer – World Wildlife Fund

September 2014 - January 2021 | Washington, DC

• Performs general maintenance and upgrades of infrastructure equipment, hardware and software. This includes developing and implementing best practices for support, routine maintenance, and proactively monitoring systems.
• Supported global Active Directory and Azure integrations for user authentication and remote access.
• Collaborated with IT Security and Compliance teams to implement group policy changes, MFA enforcement, and endpoint hardening.
• Administered firewall configurations (Checkpoint, Palo Alto) and managed identity synchronization between on-prem AD and Azure AD.

Contact

Email · LinkedIn · GitHub