20 role-specific resumes with verified KPIs — BlackRoad only, no prior experience

RoadChain-SHA2048: 428ab11c02ce78d6 RoadChain-Identity: alexa@sovereign RoadChain-Full: 428ab11c02ce78d628aa30489d9f0f3251e709352f2deacf05882435ed9f5d114fe2a1c9e75b3c831688f47cd9032c22b388f821b1b29dcac9fc9a3ad4a1b39f1210d1275f9472df606b763bb551961d1eaebfe8f2a4b9c23d3f3da3f001d916e03ff920def04c8304d8544ac916e4c50c16da942dcc830388e298b7c016b991320b30f7d3fe153aaab71ab109aea3f9dca996ac6e14ca1c0969248c8ca2767ab631c17dc86c0c2a8edd1c8965ab3ba6c92ba7cc9aa4d74406058a39d8fdec53a200371b7d1e1214a860a7ff2c53b83b09f516cec69cbe00e3556caee7f813e4a09d3f430a3a3eab5d4763f8975999c31bd77f82972ab8d7c2d7c5aedcce9442
2026-03-18 04:34:12 -05:00 · 2026-03-13 00:01:11 -05:00
parent 58d4e18634
commit d5c8667284
22 changed files with 1584 additions and 215 deletions
--- a/roles/14-security-engineer.md
+++ b/roles/14-security-engineer.md
@@ -0,0 +1,71 @@
+# Alexa Amundson
+
+**Security Engineer**
+
+amundsonalexa@gmail.com | [github.com/blackboxprogramming](https://github.com/blackboxprogramming)
+
+---
+
+## Summary
+
+Security engineer who identified and remediated malware, credential leaks, and misconfigurations across a 7-node distributed fleet. Implements zero-trust networking via Cloudflare tunnels, WireGuard encryption, firewall policies, and credential management across 256 managed services.
+
+---
+
+## Experience
+
+### BlackRoad OS | Founder & Security Lead | 2024–Present
+
+**Incident Response**
+- Discovered and removed obfuscated cron dropper executing from /tmp/op.py (Cecilia)
+- Identified leaked GitHub PAT (gho_Gfu...) in Lucidia service file, initiated rotation
+- Found and investigated xmrig crypto miner service configuration on Lucidia
+- Migrated credentials from plaintext crontabs to secured env files (chmod 600) fleet-wide
+
+**Network Security**
+- Zero-trust architecture: all external access through 4 Cloudflare tunnels (no exposed ports)
+- WireGuard encryption for all inter-node communication (10.8.0.x mesh)
+- UFW firewall with INPUT DROP policy on edge nodes
+- Tailscale ACLs for management access (9 peers)
+
+**Access Management**
+- SSH key audit: identified 50+ keys on Alice and Octavia requiring cleanup
+- NOPASSWD sudo policies documented across all nodes
+- Identified 3 Tailscale ghost nodes (offline 15+ days) for decommissioning
+- Per-user cron job audit across all fleet nodes
+
+**Infrastructure Hardening**
+- Disabled 16 unused skeleton microservices (freed 800 MB RAM, reduced attack surface)
+- Masked crash-looping services (rpi-connect-wayvnc) to prevent service abuse
+- Removed overclock settings causing instability
+- Secured GitHub relay credentials in ~/.github-relay.env (chmod 600)
+
+**Monitoring & Detection**
+- Self-healing autonomy scripts detecting and restarting failed services
+- 12 failed systemd units tracked and investigated daily
+- Fleet-wide power monitoring detecting anomalous CPU usage
+- Daily KPI collection tracking security-relevant metrics
+
+---
+
+## Technical Skills
+
+**Security:** Incident response, credential management, malware removal, hardening
+**Networking:** WireGuard, Cloudflare Tunnels (zero-trust), UFW, nftables, Tailscale
+**Linux:** systemd, SSH, file permissions, audit, service isolation
+**Monitoring:** Custom KPI system, anomaly detection, SSH probes
+**Tools:** Bash (212 CLI tools), Python, GitHub CLI
+
+---
+
+## Metrics
+
+| Metric | Value |
+|--------|-------|
+| Incidents remediated | 5+ |
+| Services managed | 256 |
+| Firewall policies | UFW + nftables |
+| VPN tunnels | 4 CF + 7 WG |
+| Services disabled | 16+ |
+| Credentials rotated | 4+ |
+| Fleet nodes secured | 7 |