SUMMARY

• I am an experienced and highly motivated certified AWS solutions Architect/Engineer with about 8+ years of experience in the IT - Cloud/Linux/ environments with proficiency in cloud orchestration, security, identity & access management, monitoring and event management, governance & compliance, application delivery, data protection, image and patch management, self-service and ops analytics in AWS and Azure platforms.

TECHNICAL SKILLS

AWS Security: AWS Security Hub, AWS Guard Duty, AWS Shield, AWS Firewall Manager, AWS Inspector, IAM, Security Groups,NACLetc.

Monitoring & Event Management: AWS CloudWatch (Events & Logs), AWS SNS.

Identity & Access Management: AWS Organization, AWS IAM, AWS AD Connector, AWS Workspaces, AWS Secrets Manager, etc.

Governance & Compliance: AWS Config Rules, AWS Organization, AWS Control Tower, AWS Trusted Advisor, AWS Budgets, AWS License Manager, etc.

Programming Languages: JSON YML.Python.

Cloud Orchestration/Automation: AWS CloudFormation, AWS Lambda, AWS Systems Manager, AWS SSM Parameter Store, Ansible, Docker.

Network: VPC, VGW, TGW, IGW, NGW etc.

Application Delivery: Jira, Jenkins, Bitbucket, AWS Code Pipeline, AWS Code Commit, Blue/Green deployment, Elastic Beanstalk

AWS Platform: AWS CloudFormation, AWS Lambda, AWS Systems Manager, S3, VPC, EC2, ELB, RDS, SNS, SQS, Route53, CloudFront, Service Catalog, AWS Auto Scaling, Trusted Advisor, CloudTrail CloudWatch etc.

Data Protection: AWS Certificate Manager, AWS KMS, Snapshot Lifecyle Manager, AWS Cloud HSM

Self Service: Service Catalog

Image & Patch: AWS SSM Patch Manager, AWS Golden AMI Pipeline.

PROFESSIONAL EXPERIENCE

AWS Solutions Architect

Confidential

Responsibilities:

• Developed and leveraged baseline and custom guardrails, policies, centralized policy enforcement, tagging policies and a well architected multi account environment.
• Implemented Machine Image Pipeline and integrated Patch Management
• Migrated legacy applications to AWS cloud environment
• Leveraged Docker to build, test and deploy applications in different environments.
• Developed LLDs for migrating various applications including network sizing, Instance types, names, tags etc.
• Developed required and optional tagging reference document for automation, compliance and consolidated billing
• Developed baseline VPC and Network design including leveraging VPN connectivity and Direct Connect
• Developed baseline AWS account security, implemented/integrated end-point protection, vulnerability scanning and intelligent threat detection
• Built serverless architecture with Lambda integrated with SNS, Cloud watch logs and other AWS services.
• Leveraged automated DevOps tools deployment and Blue-green deployment patterns and strategies
• Configured CI/CD Pipelines using Jenkins connected to Github and build environments (Dev, stage & Prod)
• Implemented IAM best practices and role-based access control
• Implemented AWS Organization to centrally manage multiple AWS accounts including consolidated billing and policy-based restrictions
• Implemented Control Tower Preventive and Detective guardrails and leveraged Account Factory, integrated with Lambda for new AWS account creation and setup.
• Setup Ansible control master - slave nodes and developed playbooks to automation configuration of servers across environments.
• Proficient with popular devop tools such as Jenkins, SonarQube, Docker, Kubernetes, Nagios, Nexus Ansible, OpenShift etc.

AWS Engineer

Confidential

Responsibilities:

• Managed provisioning of AWS infrastructures using CloudFormation
• Design for high availability and business continuity using self-healing-based architectures, fail-over routing policies, multi-AZ deployment of EC2 instances, ELB health checks, Auto Scaling and other disaster recovery models.
• Created patch management using Systems Manager automation for multi-region and multi account execution
• Implemented preventive guardrails using Service Control Policies (SCPs)
• Implemented detective guardrails using AWS config and Cloud Custodian
• Designed and implemented for elasticity and scalability using Elastic Cache, CloudFront - Edge locations, RDS (read replicas, instance sizes) etc
• Implemented security best practices in AWS including multi factor authentication, access key rotation, encryption using KMS, firewalls- security groups and NACLs, S3 bucket policies and ACLs, mitigating DDOS attacks etc
• Implemented Jenkins, GitHub and Git for version control, code build, testing and release and CI/CD.
• Monitored end-to-end infrastructure using CloudWatch and SNS for notification
• Used AWS system manager to automate operational tasks across AWS resources
• Used System Manager to automate operational tasks across WK AWS infrastructure.
• Setup AWS Single Sign On (SSO) for on premise Active Director (AD)
• Developed and documented security guardrails for AWS Cloud environments
• Built custom images through docker server, docker compose with multiple local containers and created production grade workflows and a continuous application workflow for multiple images
• Implemented multiple container deployments to AWS and maintained sets of containers with deployments
• Setup, Configure d, and used Ad Hoc ansible Command.
• Designed secured, cost optimized, highly available and fault tolerant infrastructure in AWS
• Architected and configured Dev/Stage/QA environments in AWS (VPC, subnets, security groups, EC2 instances, load balancer, RDS, Redis, route53, etc).
• Implemented security best practices in AWS including multi factor authentication, access key rotation, role- based permissions, enforced strong password policy, configured security groups and NACLs, S3 bucket policies and ACLs, etc.
• Optimized cost through reserved instances, selection and changing of EC2 instance types based on resource need, S3 storage classes and S3 lifecycle policies, leveraging Autoscaling etc
• Leveraged EC2 Create Snapshot API call to create snapshots of EBS Volumes on scheduled intervals
• Configured CloudWatch alarm rules for operational and performance metrics for our AWS resources and applications
• Monitoring from end-to-end view of runtime systems CPU, bandwidth, disk space and log files using NewRelic
• Deployed and configured infrastructure using cloud formation and Ansible
• Architected and implemented continuous integration and deployment pipelines using Jenkins and other CI tools

AWS- Solutions Architect

Confidential

Responsibilities:

• Performed applications installation, upgrades/patches, troubleshooting, maintenance, and monitoring Linux servers
• Installation, configuration and administration of Enterprise Linux
• Created, managed and administered user accounts security and ssh passwordless login
• Network configuration & troubleshoot issues with respect to network and configuration files
• Configuring Apache, NFS.
• Create users, groups and give permissions on bear metal servers
• Task automation, service management and application deployment using Ansible and Jenkins
• Build and configured Linux servers from scratch with type one hypervisors for virtualization and network components
• Perform security setup, networking, system backup and patching for both AWS, and on-premise environments.
• Architect high availability environment with auto scaling & Elastic Load Balancer
• Securely deploy MySQL Primary DB and its read replica in private subnet with multi AZ for disaster recovery and best practice
• Migration of high availability webservers and databases to AWS EC2 and RDS with minimum or no downtime
• VPC build with Private and Public Subnet couple with VPNs setup back to on premise datacenter and cooperate offices
• VPC peering with other Accounts allowing access and routing to service and users of separate account to communicate.
• SSL setup for Apache and Nginx application couple with AWS ELB SSL for all http to https thereby maximizing security
• Network, CPU, Disk and connectivity monitoring with CloudWatch and setup to trigger alarm and notify system administrators
• Aide setup for and configured for logs files detail monitoring and alerts notification when changes are made.
• Performed root-cause analysis of recurring issues, system backup, and security setup
• Security groups configured and locked down to the various authorized subnet and ip addresses in AWS
• Automated deployment, configuration and security settings using Ansible
• Experienced in Github (cloning a Git repository, creating a branch, pushing to Git from local, making a PR, etc).