SUMMARY

• Over 6 years of experience working as a Sr Cloud Security Engineer, AWS Infrastructure Engineer and DevOps Engineer.
• In - depth knowledge of Cloud Computing Strategies (IaaS, PaaS, SaaS) & building, deploying in and maintaining the cloud environment.
• Worked on Enterprise Users Single Sign On through browser and through services with third party applications hosted in enterprise or cloud using Active Directory Federation Services.
• Configured and supported SAML 2.0 with various partners to create SSO/FEDERATION between our Identity Provider Landing page and Service Provider's Applications
• In-Depth Knowledge with IAM principals (Users, Groups, Roles, Policies), Provided Delegation of Access between accounts using STS Assume Role Tokens Following hub and Spoke Model.
• Experience with Subversion Control, Build, Configuration Management tools like GIT, MAVEN, CHEF, DOCKER, ANSIBLE, and Integration & Monitoring tools like JENKINS and Unix, Linux and Windows Environment.
• Extensive experience with Azure in infrastructure support, systems architecture, Integration, automation and middleware planning, implementation, performance and support across distributed and mainframe platforms.
• Designed, Configured and managed public/private cloud infrastructures utilizing Confidential Web Services (AWS) including EC2, Auto-Scaling, Elastic Load Balancer, S3, Cloud Front, RDS, VPC, Route53, Cloud Watch, Cloud Formation, IAM, Lambda, EBS, RDS, SNS, SQS.
• Created and wrote shell scripts (Bash), Ruby, Python and PowerShell for automating tasks. Administered tasks like taking backups, expanding file system disk space, creating NFS mounts.
• Has experience in bash and python scripting with focus on Devops tools, CI/CD and AWS Cloud Architecture and Azure Infrastructure Deployment.
• Working with Route 53, DNS failover and setting up Latency based routing, weighted routing policies. Worked with scripting Automation for JavaScript, Linux/Unix, Python, Perl, Bash, Ruby.
• Implemented Cost Savings Strategy to Save $90,000 Dollars for the Organization
• Experience with Tools like Jira, Confluence, Slack, Federation Services like Identity provider and Service provider for Single sign on with SAML 2.0 Authentication.

PROFESSIONAL EXPERIENCE

Sr Cloud Security Engineer

Confidential, Dallas, TX

Responsibilities:

• Streamline the Process of Access Management, Threat Detection, Remediation Pipeline, Automation Detection.
• Experience in performing and/or participating in technical assessments in direct support of a major compliance effort (e.g. SOC1, SOC 2, HITRUST, HIPAA, PCI, or ISO)
• Understanding of the NIST Cybersecurity Framework (CSF)
• Used AWS Config to Analyze the Cloud infrastructure and build Auto Remediation for configuration drifts that are out of compliance.
• Extensive Experience working with Jira for creating Projects, Workflows and User access Management.
• Experience working with different security and monitoring tools like Jupiter One, Threat Stack, StrongDM to automate and remediate security vulnerabilities to Cloud Infrastructure.
• Working with different scripting languages like Python, Groovy script and Terraform for automation.
• Experience with Automation Configuration tools like Ansible, Terraform and CloudFormation.
• Experience in Implementing Security Hub, Guard Duty, Trusted Advisor, Access analyzer, AWS Shield, WAF, CloudTrail and CloudWatch.
• Exercised implementing Tagging resources in AWS Accounts and used these tags for auditing, cost exploration and security remediate actions.
• Developed Automation Pipeline in AWS to Remediate Security incidents using different AWS services like AWS lambda, cloud watch, cloud trail and scripting like python and groovy script.
• Applied Industry Standards like CIS Benchmarks, NIST, HIPAA and OWASP Top 10 to Implement security in AWS Cloud
• Used AWS Macie to Analyze PHI/PII data in S3 buckets and write custom quires to enable visibility into the resources that have access to the privileged buckets.
• Used Confidential Detective for security investigation and analysis, used this service mostly to identify un-authorized access, abnormal behavior like too Many requests from same API, console/API access from unexpected location, API call during midnights.
• Used IAM Access Analyzer for access management and to identify the resources with elevated privileges.

Cloud Security Engineer

Confidential, Salt Lake City, UT

Responsibilities:

• Automated Pipeline of Role Creation that are used as Service Roles for Cross-Account access.
• Created Step Functions as part of Role Automation to Read JIRA Input and Fetch Pre-Generated Policies from S3 bucket.
• Automated Lambda Functions using Python that can Fetch AWS Services, Actions from AWS Web pages and Create Policy templates to use as part of the Pipeline.
• Created MySQL Database tables that are used as JIRA Backend to fetch the AWS Services, App ID’s and AWS Account Numbers.
• Created JIRA Page that is used a Frontend page for requesting Role Creation. This Page helps users to raise tickets and initiate the role Creation Pipeline once Ticket is submitted.
• Automated CI/CD pipeline using Code Commit, Code Build, Code Deploy and Code Pipeline. This pipeline will initiate Creation of Role when users submits role JIRA Ticket.
• Created Role’s using the Pre-Generated IAM Policy Templates based on the JIRA Input.
• Automated fetching of IAM policies and JIRA Input from user using Lambda functions and Step Functions.
• Implemented Service Control Polices to Enforce Least Privilege on Identities and Control Tower is used to automate Creation of Landing Zone and Child Accounts
• Used Divvy Cloud and Splunk to achieve Compliance and Industry Standards. we are following NIST, HIPAA and Hi Trust Compliance.
• Created Cloud Formation Stack’s Based on JIRA Input and Pre-Generated Policies that are used for Role creation and This Stacks will be used for Future Role Provision Comparison.
• Used AWS Config to implement Custom and Pre-defined Rules to Achieve Data Privacy and Remediate on Critical issues that are observed.
• Identifies regulatory changes that will affect Information Security Policy, standards and procedures and recommends appropriate changes.
• Used Guard Duty and AWS Inspector to Scan the infrastructure and Recommend on Findings on Infrastructure Network.

ENVIRONMENT: EC2, S3, IAM, Step Functions, Lambda Functions, MySQL, Code Commit, Code Deploy, Code Pipeline, Python, Java.

Cloud Security Engineer

Confidential, Milwaukee, WI

Responsibilities:

• Designed the Federation Architecture with Hub and Spoke model using the SAML authentication for Single Sign On(SSO).
• Created and managed IAM roles through automation using Terraform to integrate into infrastructure.
• Managing, provisioning, Application Deployment & Multi-Tier Orchestration using Ansible automation.
• Automated Azure Cloud Infrastructure using Ansible Playbooks (Jump Servers, Domain Controllers, ADFS)
• Created Active Directory(AD) groups as part of the Federation for the Single Sign On(SSO) using SAML Authentication between the Identity provider and Service Provider(AWS).
• Audit and Reviewed the user Policy’s in all Enterprise AWS Accounts to provide the Least- Privilege via Roles and Policy’s.
• DevelopedSecurity Patternsand controls For AWS to Enforce (Automate) Security on the AWS Services that Enterprise Uses. This Security Patterns are compliance ofNIST, CIS Benchmarks (Center for Internet Security)and Confidential Custom Standards and AWS Best practices.
• Once this Security Patterns has been developed I work with platform teams toEnforcethis Security Controls (Minimum Security Baselines) into the CI/CD pipelines andRole-based Access Control policies.
• UsedAWS InspectorandGuard Dutyto perform Port scanning and Perform recommended patches accordingly. Also providesDLP (Data Loss Prevention)Solutions to Enterprise.
• Develops and implements security standards, procedures, and guidelines for multiple platforms and diverse systems environments (e.g., corporate, distributed and client server systems).
• Identifies regulatory changes that will affect information security policy, standards and procedures and recommends appropriate changes.

ENVIRONMENT: EC2, S3, IAM, cloud watch, VPC, Lambda, Terraform, Ansible, Ansible Tower, Splunk, Jira, Confluence, Slack, Federation Identities.

AWS Infrastructure Engineer

Confidential, Chicago, Illinois

Responsibilities:

• Experience with an in-depth level of understanding in the strategy and practical implementation of AWS Cloud-Specific technologies including EC2, EBS, S3, VPN, VPC, RDS, SQS, SNS, RedShift and Route 53.
• Migrated existing web applications to AWS and re-written some components to align with cloud strategies.
• Hands on experience in configuring classic and application load balancers and security features like WAF
• Configured Elastic Load Balancers (ELB) with EC2 Auto Scaling Groups, Experience with application deployment using Elastic Beanstalk.
• Worked on setting up and configuring AWS’s EMR Clusters and used Confidential IAM to grant fine-grained access to AWS resources to users.
• Experience in Configuring AWS Networking Infrastructure such as Route Tables, Security Groups, Internet Gateway, Virtual Gateway, Direct Connect.
• Experience in Building S3 buckets and managed policies for S3 buckets and used S3 bucket and Glacier for storage and backup on AWS.
• Configured Vnets and subnets as per the project requirement. Configure Azure blob storage and Azure file servers. Configured private and public facing Azure load balancers etc.
• Expertise in Azure infrastructure management (Azure Web Roles, Worker Roles, SQL Azure,AzureStorage, AzureAD Licenses, Office365).
• Experience in migrating on premise to Windows Azure using AzureSite Recovery and Azure backups.
• Created detailed AWS Security Groups, which behaved as virtual firewalls that controlled the traffic allowed to reach one or more AWS EC2 instances.

ENVIRONMENT: EC2, S3, Auto Scaling, AMI, ELB, EBS, IAM, RDS, DNS, cloud watch, Route53, VPC, Cloud Formation, Elastic Beanstalk, Ruby, Redshift, Chef.

DevOps Engineer

Confidential

Responsibilities:

• Worked on AWS and related services like EBS, RDS, ELB, Route53, S3, EC2, AMI, IAM through AWS console.
• Expertise in developing templates for AWS infrastructure as a code using Terraform to build staging and production environments.
• Proficient in writingAWS Cloud Formationtemplates to create custom sized VPC, subnets, NAT, EC2 instances, ELB’s and Security groups.
• Manage configuration of Web App and Deploy to AWS cloud server through Chef. Used Chef to manage web applications, configure files, database, users and packages.
• Developed Chef Recipes using Ruby framework to configure, deploy and maintain software components of the existing infrastructure.
• Created Ansible playbooks to automatically install packages from a repository, to change the configuration of remotely configured machines and to deploy new builds.
• Configured the Ansible playbooks with Ansible Tower so that other users can run them with just a push of a button.
• Used Ansible playbooks to setup Continuous Delivery pipeline. This primarily consists of a Jenkins to run packages and various supporting software components such as Maven.
• Implemented Docker based Continues Integration and Deployment framework. Deploying and maintaining Micro services using Docker.
• Experience deploying and maintaining multi-container applications through Docker.
• Used MAVEN as a build tool on java projects for development of build artifacts on the source code.