Cybersecurity Engineer

Cheyenne Bounds

Zero Trust Architecture · Security Operations · Compliance

Secure network infrastructure, ZTNA implementation, and compliance programs at T-Mobile. Based in Seattle, WA.

Building secure infrastructure with clarity and precision.

I'm a Cybersecurity Engineer at T-Mobile specializing in Zero Trust Network Access, with five years building and implementing secure network infrastructure using ZTNA and application-level segmentation. I understand the security protocols and best practices that underpin modern Zero Trust architectures.

I apply a security first mindset to every layer of the stack, from identity and access management to compliance documentation and audit readiness. Experienced in cyber security incident management and response, I work effectively both independently and within cross functional teams, with strong communication and problem solving skills.

Now integrating agentic AI / LLM tooling, including custom MCP servers and triage skills, into Tier 1–3 incident and service task triage workflows to improve consistency and reduce resolution time.

Role
Cybersecurity Engineer, ZTNA
Company
T-Mobile
Location
Seattle, WA
Focus
Zero Trust Architecture
Experience
5+ years
Email
contact@cheyennebounds.com

Professional History

2/2025 — Present

Cybersecurity Engineer, ZTNA

T-Mobile · Seattle, WA

Develop, implement, and maintain secure network infrastructure solutions using Zero Trust Network Access (ZTNA) and Virtual Private Network (VPN) technologies. Assess existing network security architectures and document findings and recommendations aligned with industry best practices. Monitor network security protocols and best practices related to ZTNA and provide guidance on improvements or updates. Respond to and manage cyber security incidents. Act as a leader and mentor to junior technical personnel. Collaborate with internal teams to develop and improve processes related to network security. Analyze data and trends to understand network security threats and vulnerabilities. Create and maintain technical documentation related to network security. Research and recommend new products and technologies to improve network security. Perform hands-on implementations and configurations of network security technologies. Ensure all security operations and maintenance activities are fully documented and up to date.

  • Integrated AI / LLM tooling into Tier 1 to 3 incident and service-task triage by building a custom knowledge MCP server (~19,000 indexed documentation chunks) and a suite of triage skills encoding team decision trees — covering internet-access allow requests, private-access connectivity incidents, and endpoint-client log analysis.
  • Supported identity- and policy-based access control using Zscaler ZIA/ZPA, integrating SCIM provisioning and Microsoft Entra ID to enforce Zero Trust access across legacy and data center environments.
  • Improved access visibility and reduced misconfigurations across enterprise infrastructure by aligning identity-based controls with existing network architectures
  • Automated 42% of previously manual security and access management tasks, increasing operational efficiency.
  • Built a DLP rule-builder CLI that detects sensitive (CPNI) data in carrier bills and proposes validated DLP dictionary/engine/policy configurations.
  • Analyzed ~15,500 incidents and service tasks over two years to surface recurring patterns and prioritize automation opportunities.
  • Participated in control effectiveness testing and remediation resulting in 100% compliance with SOX, PCI, and CPNI requirements.
  • Developed standardized documentation and repeatable evidence templates to improve audit readiness and support ongoing compliance cycles.
Zero Trust ZTNA IAM Compliance
4/2024 — 2/2025

Engineer, Systems Architecture

T-Mobile · Seattle, WA

Oversaw total life cycle focus for the program from requirements development and architecture creation with a focus on complex system designs through architect definition. Partnered closely with internal teams, SMEs, program management, and Systems Engineering leadership to drive the technical solution across the program. Ensure the requirements and architecture focused on “building the right thing.” Developed architectures, defining the physical architecture, allocating requirements to architecture elements, deriving requirements to drive details into the model, creating and refining modeling standards and design patterns, and distributing and merging model elements back into the baseline

  • Designed and deployed hybrid-cloud infrastructure aligned with Zero Trust and OnPrem Cloud principles.
  • Applied security hardening techniques to reduce attack surface and improve system resilience.
  • Led capacity planning initiatives to support traffic growth without degrading network performance.
  • Automated network operations, improving response times by 20% and reducing manual intervention.
  • Developed and enforced policies to ensure high availability and compliance with SOX, PCI, and CPNI regulations.
  • Mentored junior and senior engineers in troubleshooting techniques, infrastructure practices, and security-minded design decisions.
  • Collaborated with engineering and security teams to deliver secure, business-aligned network solutions.
Cloud Security Automation Architecture
6/2021 — 4/2024

Associate Engineer, Systems Architecture

T-Mobile · Seattle, WA

Designed and developed system architectures, and defined key capabilities and performance requirements. Defined total systems design and technology maturity constraints in accordance with mission requirements. Developed system element architecture and design and interface definitions. Defined system implementation approach and operational concept. Developed models and architectural guidelines for current and future system development.

  • Led firewall and perimeter security operations, supporting high-priority applications and audits for SOX and PCI compliance.
  • Cut firewall rule turnaround times by 25% by removing steps from the approval and validation workflow.
  • Facilitated application migrations (PCF and TKE) while ensuring policy integrity and secure access during transition.
  • Delivered technical documentation and collaborated with security, payment, and ops teams for infrastructure aligned change control.
  • Managed escalations and high-pressure project requests with efficiency and consistent delivery under tight deadlines
  • Identified operational risks and implemented proactive measures to strengthen compliance readiness.
  • Simplified workflows and advocated for tool improvements to reduce friction and improve system performance.
Firewall SOX/PCI Migration
1/2021 — 6/2021

Launch Engineer Intern

Firefly Aerospace

Co-designed and built the hardware and software for a launch-pad state warning system meeting U.S. Space Systems Command range-safety standards (SSCMAN 91-710). Programmed safe/nominal/hazardous state-change logic in Lua to drive warning lights and audio, installed and tuned a siren and speaker array, and validated alert coverage with decibel-meter testing during launch preparation.

8/2015 — 5/2016

Technical Support Specialist

Wave Broadband

Delivered remote technical troubleshooting for broadband, TV, and voice services. Reduced service disruptions by 20% through accurate diagnostics and secure data handling.

Core Competencies

AI & Automation

AI / LLM Tooling (Claude, ChatGPT, Cursor) · Model Context Protocol (MCP) Servers · Prompt & Skill Engineering · RAG Knowledge Systems · Python Automation

Zero Trust & Network Security

Zscaler ZIA & ZPA · Axis · Prisma Access · Palo Alto Firewall · Checkpoint · IAM & SSO Integration · VPN Technologies · Firewall & Perimeter Security

Security Operations

SIEM/SOAR Tools · Splunk · Incident Response · Vulnerability Management · CASB Solutions · SaaS Security · DDoS/WAF (Cloudflare, Silverline) · NDR Tools

Compliance & Governance

SOX · PCI-DSS · CPNI · NIST Framework · CIS Controls · Security Documentation & Audits · Access Reviews · Risk Assessment & Mitigation

Cloud & Infrastructure

AWS · Azure · Google Cloud Platform · Cloud Migration · Configuration Auditing · Hybrid Cloud Architecture · DLP (Microsoft Purview, Conditional Access)

Tools & Platforms

ServiceNow · Jira · Python · Agile/Scrum · Automation Tools · Email Protection (Proofpoint, Barracuda, SpamTitan, Mimecast)

Leadership & Communication

Project Management · Security Documentation · Mentorship · Cross-functional Collaboration · GRC Walkthroughs · Stakeholder Communication

Academic Background

Master of Science, Information Technology — Cybersecurity

Purdue University Global

Bachelor of Science, Computer Science

Colorado State University Global

Let's connect.

Open to discussing cybersecurity solutions, Zero Trust architecture, or new opportunities with fellow security professionals.