SUMMARY

• Over 10+ years of cross platform IT experience in the domain of Federal (NIH/NCI), Health Care (NIH/NCI), Financials ( Confidential ), Education (CGI - Catapult learning), Consulting ( Confidential )
• Solid Engineer with experience in Amazon Web Service (AWS), Cloud Computing and Administration, Cloud security, Continuous Integration and Continuous deployment, RDBMS Databases, Red Hat Enterprise Linux, systems Security management, Virtualization and Performance Management and Networking
• Proficient at architecting highly scalable and fault-tolerant services within cloud infrastructure
• Proficient in AWS Cloud services in compute, Databases, Migration, Networking & Content Delivery, Cost Management, Application Integration, Management & Governance and Security.
• Experience in DevSecOps integration with AWS tools (CloudWatch, CloudTrails, GuardDuty, Lambda, AWS Config, AWS Inspector, etc.), open source (Jenkins/Gitlab) and SIEM tools (Splunk).
• Good experience with Risk Controls framework, and Audit procedures - SOX 404, HIPAA, FedRAMP, FISMA, NIST SP ( )
• Proficient with the following tools - For configuration management: Ansible, Ansible Tower, Puppet; For build and test: Jenkins, SVN, Git, Maven; For Infrastructure provisioning: Cloud formation and Terraform
• Experience in implementing Continuous Integration and Continuous delivery (CI/CD) from end to end
• Very good experience building infrastructure as code from end to end.
• Deep experience working as a DBA (Both on cloud and on-premise) - Oracle (RDS/on-premise), Postgres SQL, MySQL, Microsoft SQL
• Thorough experience working with many AWS services CloudFormation, AMIs, SNS, EC2, EBS, S3, RDS, VPC, ELB, EKS, IAM, Code-commit, Code-deploy, AWS System Manager, Route 53, Security Groups, Elastic Beanstalk etc
• Proficient with continuous monitoring, using tools like Nagios, Datadog, CloudWatch, Splunk, CloudTrail, etc
• Experience working on Azure IaaS - Virtual Networks, Virtual Machines, Cloud Services, Resource Groups, Express Route, VPN, Load Balancing, Application Gateways, Auto-Scaling
• Strong hands-on background in database technologies (Oracle, Mysql, MS SQL, RDS, DynamoDB)
• Solid knowledge of Source/Version Control Tools: CVS, Subversion, Git, Version Manager
• Familiarity with Agile Development Methodology
• Experience working with all phases of the software development lifecycle (SDLC).

TECHNICAL SKILLS

CLOUD (AWS): EC2, S3, RDS, ELB, EBS, VPC, Auto Scaling, Cloud Formation, Terraforming, Cloud Watch, Code Deploy, IAM, Route 53, SES, SNS, SQS, Cloud Trail, AWS system manager, Splunk, ELK stack(Elasticsearch, Logstash, Kibana), AWS Inspector, API Gateway, Heroku, Iac, Paas, Saas, Caas, Active Security+

AWS SECURITY: CloudWatch, CloudTrails, GuardDuty, AWS Config, AWS Inspector, AWS Shield

MICROSOFT Azure/Security: Virtual Networks, Virtual Machines, Functions, Scale sets, Storage, SQL DB, Auto-Scaling

VIRTUALIZATION: VMware, vSphere, vCenter, vCloud, Virtual Box

AUTOMATION: Ansible, Puppet, Unix Shell scripting, SQL, PL/SQL, SVN, Git, EC2 container service (ECS), Ant, Maven, Terraform

ORACLE DATABASE: 9i/10g/11g/12C, 12C OEM, RAC, ASM, DATAGUARD, Goldengate, RMAN, Performance Tuning (AWR, ADDM), Oracle Security/Access Control, Oracle CPU, Oracle RAC, DBCA, OUI, RMAN with NetBackup,Vault

MICROSOFT: Azure, MS SQL server 2000/05/08 Administration, SSIS, SSRS, SSAS, IIS

OPERATING SYSTEMS: Linux (Amazon, Red Hat 4, 5,6, CENTOS & SUSE), Solaris 10/9/8, Confidential AIX, Ubuntu 12/13, Windows

SCRIPTING: UNIX Shells (sh, csh, ksh, bash), Perl, SQL, Python, Powershell

APPLICATION: Apache, Nginx, Tomcat, LDAP, NFS, DNS, HaProxy

CI/CD: Docker, Jenkins, Kubernetes, Git, AWS CodeCommit, AWS CodeDeploy, AWS Code Build, AWS ECS

PROFESSIONAL EXPERIENCE

Confidential, Carlsbad, CA

Cloud Engineer/Cloud Security Engineer/DBA

Responsibilities:

• Proficient in AWS Cloud platform and many of its services and tools, which includes EC2, VPC, SNS, RDS, EBS, CloudWatch, Cloud Trail, CloudFormation AWS Config, Autoscaling, CloudFront, IAM, S3, and Route53, API gateway, and many more
• Designed and implemented CI/CD pipeline with code scans, security checks, performance tests, acceptance test and continuous delivery through automatics deployment
• Ensured that all the developers that my team supports have a suitable level of security training in order to minimize potential security issues
• Integrated the CloudTrail, VPC Flowlogs, and GuardDuty events to Splunk and built various dashboards as actionable events for Operations and Security teams
• Automated event driven security systems to minimize inadvertent actions by AWS users
• Worked with audit and compliance team on cloud security remediations against NIST SP controls
• Developed AWS Services Security guidelines using CSA best practices for these AWS services - (IAM, EC2, S3, VPC, SG, NACL, etc.)
• Use terraform to provision many AWS infrastructure
• Manually converted AWS cloud formation templates to Terraform
• Hands on experience Configuring Access Lists (ACL) for inbound and outbound to infrastructure
• Created Highly secure CI/CD pipeline for application deployment using AWS Code pipeline and Jenkins
• Configured the following security controls for AWS logging: ensure CloudTrail is enabled in all regions, ensure CloudTrail log file validation is enabled, ensure the S3 bucket used to store CloudTrail logs is not publicly accessible, ensure CloudTrail trails are integrated with CloudWatch Logs, and additional controls
• Used of AWS Key Management Service (KMS) service to create, import, rotate, disable, delete, define usage policies for, and audit the use of encryption keys used to encrypt your data with AWS RDS, Amazon S3 buckets, EC2 instance disks, and Amazon Glacier
• Used Ansible to manage and configure nodes, also managed Ansible Playbooks with Ansible roles.
• Securely storing all passwords and tokens on Hashi corp vault
• Document security controls for one of the most important AWS security gaps (S3 Buckets) by applying: bucket policies, server access logging, versioning, API logging, cross-region replication, and multiple client-side and server-side encryption options, default encryption, permission checks, cross-region replication ACL overwrite, cross region replication with KMS, and detailed inventory reporting
• Ensure all AWS AMI images have security controls based on CIS security standards applied and developed an exception process via tagging that allows the compliance team to report in real-time
• Used a POC to deploy and test security controls for AWS Monitoring including ensuring CloudTrail is functioning and secured in all regions and integrated with CloudWatch. Also alarming on unauthorized API calls, management Console sign-in without MFA, usage of "root" account, and IAM policy change
• Design EC2 instance architecture to meet high availability application architecture and security parameters
• Implementing new projects builds framework using Jenkins and Maven as build framework tools
• Worked with IAM service creating new IAM users & groups, defining roles and policies and Identity providers
• Created alarms and trigger points in CloudWatch based on thresholds and monitored the server's performance, CPU Utilization, disk usage
• Utilized AWS Cloud watch to monitor environment for operational & performance metrics during load testing
• Automate our build/deployment process and replaced the current manual build and deployment process
• Developed Puppet manifest to automate deployment, configuration, and lifecycle management of key clusters
• Experience in dealing with Windows Azure IaaS - Virtual Networks, Virtual Machines, Cloud Services, Resource Groups, Express Route, VPN, Load Balancing, Application Gateways, Auto-Scaling
• Hands on experience in Terraform for building, changing, and versioning of Infrastructure and wrote Templates for AWS infrastructure as a code using Terraform to build staging and production environments.
• Migrated Databases from on-premise to AWS RDS - Oracle, Postgres (views, stored procedures, functions, materialized views)
• Preventive maintenance (OS Patching) of red hat enterprise Linux (RHEL) servers.
• Migrating existing on-premises applications to AWS from end to end - Web/app servers, databases, load balancer, etc
• Created monitors, alarms, and notifications for EC2 hosts using CloudWatch
• Created an efficient way to get logs from EC2 to Cloudwatch logs to Firehose Streams to S3 to Splunk
• Identify risks by software, information category and role, and define risk mitigation strategies for Cloud Security.
• Responsible for distributed applications across hybrid AWS and physical data centers
• General troubleshooting and root cause analysis and making proper documentation
• Upgrade databases with physical standby from 11g to 12c
• Generated and analyzed AWR reports, ASH reports, ADDM reports and explain plans
• Applied Critical patch Updates(CPU), Patch Set Update(PSU), One Off Patches using Patch Utility
• Created, tested, and implemented backup strategy using RMAN, Export/Import utilities
• Restore database to point in time using Flashback technology and RMAN
• Migrate Oracle databases from On-premise to cloud and manage the databases

Confidential

Cloud Engineer/DBA

Responsibilities:

• Designing and deploying multitude applications utilizing almost all of the AWS stack (Including EC2, Route53, S3, RDS, Dynamo DB, SNS, SQS, IAM) focusing on high-availability, fault tolerance, and auto-scaling in AWS CloudFormation
• Configured S3 to host static web content
• Designed AWS Cloud Formation templates to create custom sized VPC, subnets, NAT to ensure successful deployment of Web applications and database templates
• Setup and build AWS infrastructure various resources, VPC EC2, S3, IAM, EBS, Security Group, Auto Scaling, and RDS in Cloud Formation JSON/yaml templates
• Maintained the user accounts (IAM), RDS(SQL), Route 53, VPC, Dynamo DB(NoSQL), SES, SQS and SNS services in AWS cloud
• Automated various infrastructure activities like Continuous Deployment, Application Server setup, Stack monitoring using Ansible playbooks and has Integrated Ansible with Jenkins
• Implementing a Continuous Delivery framework using Jenkins, Ansible, Maven in Linux and Windows environment
• Install, configure, modify, test & deploy applications on Apache Webserver, Nginx & Tomcat Servers
• Researched and documented security controls related to AWS VPC including Security Groups (and cross-cloud ACL management), Network ACLs, and Flow logs
• Identify gaps in system compliance against NIST SP and work with respective team to remediate
• Updated security controls around the following AWS cloud technologies: VPC, Multi-Factor Authentication, S3 Buckets, S3 bucket logging, EC2 instances, availability zone, CloudWatch, Cloud Trail, AWS KMS, AMI, Security Group (ACLs), Network Segmentation, DDoS protection.
• Configured Amazon Inspector in all supported regions and AWS accounts to automatically understand instances under compliance and then determine the security state of your applications running on those instances
• Ensured that AWS Cloud Trail service is enabled in all AWS regions, while ensuring that the buckets where the logs were sent to were hardened with IAM permissions, log file integrity validation, and bucket encryption
• Produced security guidelines on AWS network security covering the following topics: secure network architecture, fault-tolerant design time
• Deploy Azure resources using ARM templates
• Management of Azure Portal via Powershell, Cli and Azure Portal
• Implementing change requests raised by user for server configuration or other issues
• Implemented AWS High-Availability using AWS Elastic Load Balancing (ELB), which performed a balance across instances in multiple Availability Zones.
• Integrated Ansible to manage all existing servers and automate the build/configurations of new servers.
• Worked on setting up the life cycle policies to back the data from AWS S3 to AWS Glacier

Confidential

Cloud Engineer/DBA

Responsibilities:

• Build servers using AWS: Importing volumes, launching EC2, creating security groups, auto-scaling, load balancers, Route 53, SES, and SNS in the defined virtual private connection.
• Configured and Managed Elastic Load Balancing (ELB) for fault tolerance and to avoid single point of failure of applications, hence provide high availability and network load balancing.
• Created privatized AWS Virtual Private Cloud (VPC) and launched instances, to provide high security and accessibility to applications and databases, so that inbound and outbound network traffic is accessed restricted
• Use terraform to provision AWS infrastructure
• Integrated Subversion and Ant/Maven with Jenkins to implement the continuous integration process.
• Involved in developing custom scripts using Shell (bash) to automate jobs.
• Provide 24*7 Application availability using AutoScaling Services, including configuring, defining and testing auto scaling policies and also created alarms to call scale up/down policy.
• Monitor Resources and Applications using AWS Cloud Watch, including creating alarms to monitor metrics such as EBS, EC2, ELB, RDS, S3, SNS and configured notifications for the alarms generated based on events defined.
• Provided security and managed user access and quota using AWS Identity and Access Management (IAM), including creating new Policies for user management in JSON
• Updated security controls around the following AWS cloud technologies: VPC, Multi-Factor Authentication, S3 Buckets, S3 bucket logging, EC2 instances, availability zone, CloudWatch, Cloud Trail, AWS KMS, AMI, Security Group (ACLs), Network Segmentation, and DDoS protection.
• Configured Amazon Inspector in all supported regions and AWS accounts to automatically understand instances under compliance and then determine the security state of your applications running on those instances
• Ensured that AWS Cloud Trail service is enabled in all AWS regions, while ensuring that the buckets where the logs were sent to were hardened with IAM permissions, log file integrity validation, and bucket encryption
• Designed and documented the following security controls for AWS IAM: ensure credentials unused for 90 days or greater are disabled, access keys are rotated every 90 days or less, IAM password policy requires a minimum length of 14 or greater, and additional controls
• Provided information security guidelines surrounding encrypting AWS data at rest that included three options based on data sensitivity covering: Amazon S3, Amazon EBS, Amazon RDS, and Amazon EMR all utilizing the AWS Key Management Service (KMS) installation of packages, patches, maintenance & RPM updates on Red Hat Linux
• Transfer data from Datacenters to cloud using AWS Import/Export Snowball service.
• Migrating into amazon cloud for flexible, cost- effective, reliable, scalable, high-performance and security
• Maintaining the user accounts (IAM), RDS, Route 53, SES and SNS services in AWS cloud.
• Creating alarms in Cloud Watch service for monitoring the servers, performance, CPU Utilization, disk usage etc.
• Experience in working on source controller tools like Subversion (SVN), CVS, Confidential Clear case, and GIT
• Experience in installing and deploying Apache
• Creating templates inVMwareenvironment from ISO images, VM deployments, Installation and configuration of red hat 6.x-64, 7.x-64, Suse 11, 12 Linux servers, Ubuntu, Cent OS configuration on VMware.
• Experience building infrastructure as code.
• Migrate Oracle 12c database from VMware to AWS
• Creating scripts that generate reports to proactively monitor the environment
• Installing and maintaining golden gate data replication to suit business needs
• Migrating databases to datacenters to AWS RDS(cloud), while maintaining them
• Creation of cloud formation Templates of existing environments to use in building similar environments in the same or different regions for High Availability
• Experience in IaaS and PaaS in a hybrid cloud environment working with private and public cloud service providers
• Created a discussion group for cloud support team in shared point and also maintained all documentations here
• Analyze and Evaluate Existing Architecture at Customer on Premise Datacenters and Design, Configure and migrate complex Network architectures to AWS Public Cloud.
• Key member of a Managed Services team that installs, configures and maintains Software, Databases and Web applications
• Experience with Cloud Front, Glacier, and Dynamo DB.
• Experience working with Agile/Scrum environment.
• Architect and deployed security-conscious infrastructure with complex VPC peering, VPN, security groups and NAT configuration
• Perform software installation, upgrades/patches, troubleshooting, and maintenance of Linux system
• Providing 24/7 on-call support on a monthly rotational basis

Confidential, Bethesda, MD

Cloud Systems Engineer/DBA

Responsibilities:

• Build servers using AWS: Importing volumes, launching EC2, creating security groups, auto-scaling, load balancers, Route 53, SES, SNS in the defined virtual private connection
• Migrate databases from local datacenters to AWS RDS - Oracle, SQL Server
• Configured and managed AWS Glacier, to move old data to archives based on retention policy of databases/ applications (AWS Glacier Vaults)
• On-call support for 24/7 for troubleshooting production issues.
• Created reusable Cloud Formation Templates for deployments and automation
• Experience in IaaS and PaaS in a hybrid cloud environment working with private and public cloud service providers
• Created a discussion group for cloud support team in shared point and also maintained all documentation there
• Analyze and evaluate existing Architecture at Customer on Premise Datacenters and Design, Configure and migrate complex Network architectures to AWS Public Cloud.
• Key member of a Managed Services team that installs, configures and maintains Software, Databases and Web applications
• Experience with Cloud Front, Glacier, and Dynamo DB.
• Worked with auditing/assurance team on cloud security remediations against SOX standards
• Experience working with Agile/Scrum environment.
• Perform software installation, upgrades/patches, troubleshooting, and maintenance of Linux system
• Configured S3 lifecycle of Applications & Databases logs, including deleting old logs, archiving logs based on retention policy of Apps and Databases.
• Configured and managed AWS Glacier, to move old data to archives based on retention policy of databases/ applications (AWS Glacier Vaults).
• Automate database backups identify and resolve network security issues
• Troubleshoot and fix performance issues as new applications start using the new databases
• Monitor databases using Oracle 12c cloud control
• Supported over 60 mission critical Oracle databases of versions 10.2.0.4, 11.2.0.3, 11.2.0.4,12.1.0.1 with different maximum availability setup as in RAC, physical standby, and active data guard
• Performed testing and certification of Oracle 12c Physical standby databases
• Lead team effort to meet deadlines e.g coordinating, tracking, and installing 12c cloud control agents in several production database servers and reporting progress to management
• Upgraded several Oracle database from 10.2.0.4 to 11.2.0.4/12 c
• Provided 24 by 7 on-call support for business
• Lead efforts to troubleshoot and tune long running jobs in order to meet SLA; e.g.: A job which ran for 18.5hrs was tuned to run for 4.50hrs
• Maintaining the user accounts (IAM), RDS, Route 53, SES and SNS services in AWS cloud.
• Worked as RDS DBA on Oracle/SQL Server/Postgres/Mysql/DynamoDB/Redshift
• Experienced in AWS CloudFront, including creating and managing distributions to provide access to S3 bucket hosted application and hence providing security to applications (by restricting access to S3)
• Transfer data from Datacenters to cloud using AWS Import/Export Snowball service.
• Monitor Resources and Applications using AWS Cloud Watch, including creating alarms to monitor metrics such as EBS, EC2, ELB, RDS, S3, SNS and configured notifications for the alarms generated based on events defined.

Confidential, Rockville, MD

Systems Engineer/DBA

Responsibilities:

• Installation, configuration, and upgrade of Redhat Linux operating systems
• Performed hardware, software and network events diagnosing and troubleshooting.
• Preventive maintenance (OS Patching) of red hat enterprise Linux (RHEL) severs.
• Resolve issues related to NFS, Auto mount, DNS, LDAP
• Creating new nodes on F5 load balancers
• Provided day to day Linux Admin support
• Worked with auditing/assurance on cloud security remediations against HIPAA standards
• Ensured that all newly provisioned infrastructure were FedRAMP certified
• NFS/CIFS file system mounting and support.
• Participated in on-call rotations.
• Monitored the environment using OEM/Nagios
• Proficient in troubleshooting system problems and performance.
• Provisioning/configuring required software onto servers, such as web servers and databases.
• Responsible for capacity planning, including allocating storage, providing hardware and software redundancy, and planning future expansion requirements.
• Deployed quarterly PSU to DEV, QA, STAGE, and PROD databases including RAC, and dataguard
• Install and setup 11g Oracle grid control in prod server to monitor production environment
• Develop shell, SQL scripts, and stored procedures to automate database tasks
• Install and maintain Oracle 11g RAC on Linux physical servers and VMware virtual servers
• Manage and support data deployments across different tiers
• Implement Oracle standard RMAN backup procedures across various production databases
• Monitored the performance of databases and applied tuning when necessary
• SQL server migrations from SQL 2000 R2
• Install and Upgrade databases from versions 9i to 11g
• Configure SQL Server database mirroring and SQL server log shipping between sites for maximum availability of mission critical production database
• Create database objects (schemas, tablespaces, tables, indexes, packages, triggers)for data load activities.
• Provided 24 X 7 dedicated supports for production database servers
• Performed maintenance tasks on databases during maintenance weekends
• Installed Oracle client on client machines
• Maintain database users by implementing security hardening and assigning restricted roles.

Confidential - Reston, MD

Database Administrator

Responsibilities:

• Provided day to day Linux Admin support
• Build servers by cloning within VMware and RHEVM virtual centers.
• Set up mount points on Linux servers for Oracle database.
• Setup NFS-share of directories and other resources and Samba access management.
• Solid background in technical support, capacity planning, and security.
• Troubleshoot, maintain and patch Linux systems
• Strong communication abilities, with history of providing on-site support to wide range of clients.
• Restoring using RMAN backups of production databases to lower environments while troubleshooting performance issues
• Refreshing data from production to lower environment based on business needs
• Backing up and purging data from tables to free up space for new data
• Ensuring the security of database systems by enabling auditing
• Scheduling and running RMAN and datapump backup based on application requirements
• Performing database upgrades from 8i and 10.2.0.4 to 11.1.0.7, 11.2.0.1, and 11.2.0.2
• Building standby databases using active database duplication
• Providing 24/7 support
• Enforced the security of applications by restricting roles and privileges
• Deploy ASM for automatic file management
• Tuning databases or making recommendations on how to improve performance
• Implementing UNIX shell and SQL scripts for database task automation
• Created Oracle database repositories to support data warehousing activities.