SUMMARY:

Enhance business alignment and growth through deploying secure cloud consumption and embracing best practice methodology for security.

TECHNICAL SKILLS:

Specialties: Cloud Security and Application design based on Agile, ITL and Scrum methodologies for designing and deploying hybrid cloud solutions for IaaS, SaaS and PaaS. Leveraging Docker /Kubernetes containers and Mirco - Services for application rework and migrations. Incorporating Encryption and credentials management and rotations method using Secrets Key management encryption services for SysTrust, OWASP, and OAuth and API authentication.

Software: AWS, Azure, Chef, Python, Terraform, Chef, Ansible, Cloud Formation, Power-shell, VMware, Jira, SNOW, NXS, OKTA, PING, UCSM, OnTap, Linux, Hyper V, AD/EXCH SQL Server, Citrix, Windows, Project, Open-stack, Visio, NoSQL, GitHub, Jira, Confluence, Node.js, Java, REST API’s, MongoDB, Redshift, Redis, Cassandra, Postgres, Oracle, Microservices, Java SE, Splunk, Nagios, Nuesse, Qualys Predix, O365, SCCM, SCOM, Ping Federate, SAML, Kubernetes.

Network: SDN, ACI, NSX, SDWAN, WLAN, Nexus, Catalyst, IOS, ASA, ISE, F5, PANW, Checkpoint, Concord, OpsManager.

Hardware: Confidential -UCS, 6200, 5108, 2204, 2208xp, Nexus 1k, 2k, 5k,7k, 9300, 9500, ASA 55xx series, ISR Series, WLC/WLAN, MDS 9600 series, CRS-1, 12816, 12416, 7500, 6800, 3700 series, NetApp FAS 8000,2500,6060,3170,3240, HP ProLiant Servers, vBlock/ FlexPod series

Protocol: TCP/IP, HTTP, X.25 Ethernet, MPLS Unified Fabric, OSPF, RIP, BGP, EIGRP, ACLs, QoS, STP and Multicast. Unicast

Security: CIS, NIST, JAAS, PCI, SSAE16, SOX, HIPPA, ISO 17799/27002 , GDPR. LDAP/SSO Integration, SSL, CAS, Kerberos, RBAC, Open ID, OAuth, Identity Federation, OKTA, PING

Cloud Providers and Containers: AWS, Azure, IBM, Cloud Foundry, Docker and Kubernetes.

EXPERIENCE:

Cloud Security Architect

Confidential, San Ramon, CA

Responsibilities:

• Provide Security Architecture for Confidential ’s AWS production services and lead best practice creation and implementation around Credentials/Secrets rotation with AWS Key Management Service, and Secret Manager with IAM role - based access including API/Oauth token definition.
• Provide Security audit/review of 3rd party SaaS providers. Performs security assessments of AWS individual services and accounts using AWS tools and 3rd party along with Container security and credentials automation for Dev and Production.
• Design IAM role-based account with least privilege access for 3 rd party SaaS reporting services such as New Relic for security compliance.
• Lead Engineer providing SalesForce internal operations with AWS hybrid cloud solutions using Pivotal Cloud Foundry principles for application migration and rework.
• Emphasis on security posturing, implementing MFA on console admin account, VPN network access and various cloud services.
• Design SIEM monitoring. Security controls, intrusion detection using Guard Duty, Inspector, VPC flow log, Cloud Watch and Cloud Trail for monitoring User login, resource usage and API access of resources and data and consolidate into Splunk.
• Design AWS VPC'S with endpoints with Application gateways, Security groups and flow logs for secure Route 53 DNS and web services via specific port access. Drive development of AWS Open API’s with security posturing.
• Design database services using AWS Redshift/ ElastiCache and Elasticsearch for Analytics, which include security and encryption through peered VPC's for data in transit and Confidential rest from services and SQL clients.
• Designed cloud-based migration strategy for application migration and refactoring, across all layers. Infrastructure, Platform, and Software as a Service based on Pivotal Cloud Foundry principles and refactoring using Java.
• Implement AWS Security Services such as AWS Cloud HSM, Amazon Guard Duty, Amazon Inspector, AWS Key Management Service, Amazon Macie, AWS Shield, and Security Groups for access control of network subnets, VPC’s and AWS resources.
• Lead Identity and Access management services design for SSO with SAML/LDAP -AD for role-based access and policy/user group for Identity management and AWS resource access with Ping Federate and Okta
• Design and deploy AWS cloud backup solutions globally using NETAPP AMI and securing EC2, S3, ELB services using Chef/Puppet.
• Lead for Confidential & Confidential with Java application dev, test and migration for Utility/Industrial use with Predix w/IoT Platform tools on AWS and Azure platforms. Focused on security and application posturing using IAM, HTTP, SSL, LDAP and SSO.
• Drive design Conversion from legacy applications to cloud based and modern application framing with IoT methodologies in an Agile framework. OS and configuration management with Chef/Puppet and Terraform for Orchestration to deploy resources in an automated code and devops for CI/CD and testing.
• Confidential Systems lead architect for State/ Fed collaboration on health agency PaaS. Architect MS Azure ARM AD /ADFS multi-tier applications PaaS using Azure Bus service, Hyper V, in DMZ and multi-tier firewall for mobile, tablet and laptop based on IIS, HTTP, JavaScript, and REST API’s. SharePoint, Windows Server, SQL on a OnPrem and Azure hybrid cloud.
• Led AWS design, of Multi-region/zone architecture and deployment of VPC using VPN and direct connect, APV, Route53, ELB, IAM and Ping Federated for SSO and security groups role-based security access in multi-tier EC2 instances connecting S3, RDS for a PaaS solution using Cloud Formation, Terraform for Orchestration and Chef for CI/CD and patch management.
• Lead engineer for deploying AWS VPN/direct connect and design VPC with ELB and IAM security services in a multi-tenancy architecture with Chef/Puppet and Terraform.
• Lead the design, architecture and implementation of IaaS and PaaS solutions using Chef and Terraform for Orchestration and deployment configurations of services and security on AWS and Azure.
• Create SSO strategies on Linux OS, and windows, using Ping Federate, SAML SSO integration and OKta for Hybrid cloud Identity store providers pass through of Identity and login for role-based access of applications and security posturing.
• Lead several Dev/Ops team to implement PaaS solutions on cloud architecture for private and public on AWS using GitHub, Jenkins, Artifactory for recoding credentials management and automation with Chef and Terraform.
• Define Monolithic application requirement for moving to a Microservice based architecture with micro service communication techniques including mesh services.
• Lead teams in Agile SLDC objectives and data mapping character fields to get desired outcome with DB’s fields/ tables in conversion from SQL to NoSQL.
• Develop strong partnership with business and technology stakeholder to drive the vision and prioritize the delivery roadmap on AWS/ MS Azure (ARM) using AD, ADFS, IAM, SCCM, O365 and Ping Federate.
• Lead Architect for Confidential & Confidential of San Francisco IaaS, PaaS for deploying centralized hybrid cloud offer for shared IaaS/PaaS Citywide to all department and provide application and data migrations strategies.
• Tools: Cloud-formation, Cloud Watch, Cloud Trail, VPN, VPC, IAM, AFW, ELB, EC2, S3, RDS, Ping Federate, SAML, SSO and Terraform.

Cloud Solution Engineer

Confidential, San Jose, CA

Responsibilities:

• Led design and operations of cloud services using AD, DNS, DHCP on VMware Confidential -I virtualization on IaaS/SaaS. Maintained AD/DNS services windows management with new initiative to grow business unit and vendor support and adoption of cloud services
• Led all aspects of IaaS, SaaS, PaaS, platform from building technology strategy, roadmap to delivery of platform with AD/DNS, VMware integration.
• Spearheaded the Data Center and Enterprise initiative to migrate existing and build new products on API platform and integrated, partners, and developers to platform
• Lead several Dev/Ops team to implement PaaS solutions on cloud architecture for private and public automation and orchestration services.
• Led delivery and implementation of customer applications for services and account management of PaaS, SaaS and IaaS.
• Delivered next generation Data center and Enterprise platforms with high availability and multi tenancy architecture.
• Built out award winning Platforms for IaaS, SaaS and PaaS using best of breed and latest Cloud technology offerings with Agile methodology supported across all form factors.
• Led initiative to deliver Mobile and tablet network security posturing using ISE for tablets and mobile devices.

Network Capacity Engineer

Confidential, San Ramon, CA

Responsibilities:

• Drive network utilization assessment for network upgrades on Confidential switch and routers for Internet access and customer experience.
• Create enhance service models for greater speed and network utilization for customer.
• Lead refresh of legacy network models and components for greater speed, reliability and higher customer satisfaction
• Provide engineering documents to outline migration upgrades of circuits, and network components to enhance network speed and drive customer experience up.

Infrastructure Engineer

Confidential, San Ramon, CA

Responsibilities:

• Design, configure and provide 3rd level support on Applications, Compute, Network, Storage, OS’s and DB’s for enterprise customers on their Data Center stacks.
• Design and deploy AD/DNS services enterprise wide for application integration with windows using AD/FS and SSO.
• Support production, development and backups teams as needed in the Enterprise.