TECHNICAL SKILLS

AWS services: VPC ( Subnet, EIP, ELB, VPC Peer Connection, NAT Gateway, Virtual Private Gateway Internet Gateway, Route Tables, Endpoint, Security Group, NACL, Customer Gateway, VPN Connection), EC2 ( AMI, EBS, Key Pairs, KMS ),EFS, RDS, S3, S3 Cross - Region Replication, Glacier, Storage Gateway, AWS Lambda function, Route53, CloudFront, CloudWatch, CloudTrail, IAM, Secrets Manager, DMS, SQS, SNS, ECS, ECR, EMR, Elastic Beanstalk, DynamoDB, Redshift, CloudFormation, AWS Certificate Manager, AWS System Manager, Run Command, Parameter Store, AWS VPN Connection, AWS Transit Gateway, AWS WAF, WebACL, AWS Transfer SFTP, AWS Directory Service, AWS Workspace, AWS FSx, AWS SES.

Cloud/Languages/Tools: Azure, GCP, OCI, AWS CLI, AWS SDK, IAC, DevOps CI/CD Automation ( DSL Chef, Chef-Client, Cookbook, Recipes, Knife, Docker, CloudFormation, TerraForm, Ansible), Github, Git, Jenkins, CruiseControl, Python, Groovy, Java, C/C++, XML, JSON, JDBC, SQL, SHELL, JBoss/WildFly, Tomcat, NGINX, Apache Server, Weblogic, Websphere, SVN, CVS, JIRA, Confluence, Crucible, big data ElasticSearch, Spark/Hadoop/HIVE/Zeppelin/Zookeeper, Kubernetes, SOA, RPC.

OS/Security Pkg: Unix/Linux/Windows, SolarWinds, FWSnort, NNT, PSAD, Qualys Cloud Platform, IBM Qradar, ClamAV, GeoIP, iptables, Micron Deep Security, Trend Micron Application Manager, Alert Logic, Cisco Umbrella, BT PowerBroker Pasword Safe, IDS/IPS, Yum, Apt, IBM WinCollect, OAuth, OpenID and SAML.

OO/DBMS/Network/Protocol: Oracle, SQL Server, Postgres, MySQL, MongoDB, Spark, ETL Hadoop. TCP/IP/UDP/DHCP/DNS/VPN, ESB/SOA/EAI ( ActiveMQ, IBM MQ, RabbitMQ, JMS, Tibco RV ), Redis Sentinel, Postgre Cluster, CIFS, S3FS, IPSec, Http(s), TLS/SSL, SFTP, SSH, DNS, Active Directory, LDAP, X.509 PKI, GPG, SMAL, Auth0/OKTA, OAuth, OpenID Connect, ADFS, REST, SOAP, BGP, Cisco NGFW ASA/FMC.

PROFESSIONAL EXPERIENCE

Confidential, Itasca, IL

Cloud Infrastructure Architect

Responsibilities:

• HealthMind Merger and Acquisition integration into DHP cloud with the scalable architecture with CloudFront, Route53, ALB, AWS Certificate Manager
• Architect and implement new AWS Cloud Security Infrastructure with AWS TGW/VPN/Cisco Firepower NGFW, WebACL, AWS WAF, CloudFormation, CloudFront, Route53.
• Leading efforts on capacity planning, DR and cloud environment monitoring.
• Architecting & building the New generation of platform to integrate cloud applications on the uniformed platform with Amazon service: ALB, ASG, Lambda function-Python, S3, DynamoDB, Storage Gateway, API Gateway, SSM, Transit Gateway, Transfer for SFTP, SNS, SQS, RDS, ECS, ECR, Docker container, AWS EMR, Kubernetes, Python, Shell, PowerShell, AWS SDK Python boto3.
• Providing direction to the infrastructure and operations teams by c onducting research, hands-on POCs, and pilots on emerging AWS cloud technologies to identify innovative solutions to improve the availability, lower cost, scalability, and operational efficiencies.
• Automate the ETL Consignment process to reduce the cost by eliminating 6 personal semi-manual work, and enhanced overall system reliability, using S3, EC2, SQS, SNS, Lambda function, AWS Transfer SFTP, TLS/SSL, SSH, DNS, S3FS, EFS, AWS Storage Gateway, SQL Server, Shell, Python, Powershell, AWS SDK for Python, AWS System Manager, Run Command, Parameter Store, AWS VPN Connection, VPC Peering Connection, CI/CD pipeline, Jenkins, Git, Docker, AWs Secret Manager,KMS.
• Cloud Cost Reduction project to reduce AWS account cost 30% per month. Act as technology lead or resource as needed in new application and infrastructure projects.
• Building cloud environment for Data Science Lab to deploy Analytical/Machine Learning applications with AWS Redshift, S3, IAM and CIS Hardened Images, AWS CloudFormation.
• In all cloud projects (Data Encryption and Security Monitoring projects, etc), develop cloud reference architectures, governance policies, security models and best practices with Enterprise Network Security tools to meet HIPAA/PCI/HITRUST compliance and reduce vulnerabilities by establishing security policy, creating cloud environment access policies with AWS IAM and access management PKI, implementing security controls across cloud platforms and setup DevOps security.
• Architect and implement SSO for AWS Console Access via Directory service and MS Active Directory
• Automating Applying OS patches and security packages via Ansible. Setup/Config/maintain Linux Servers, automate tasks through python/shell scripts and scheduling.
• Providing integration of DHP cloud platform with the cloud service of vendors.
• Perform problem resolution including root cause analysis of the system and application incidents
• Led the security efforts in Cloud security architecture, Cyber Risk Strategy, framework, SIEM and application architecture with AWS WAF, CloudTrail, CloudWatch, Lambda function, ZAP,etc. to ensure that security is integrated into all cloud architecture solutions.

Confidential

Sr. Cloud Infrastructure/Sr.Software Engineer

Responsibilities:

• Environment definition and launch - using chef 'data bag' for the environment spec file.
• Environment launch - bash functions using AWS APIs
• Environment configuration - Handled by chef cookbooks, which provide node bootstrap, all Linux configuration tasks, production installation and configuration, as well as use chef environments to handle product deployment on Dev, Test and Prod environments. Deploy Big Data analytical product Sagacity on EMR and Elastic Beanstalk environment. Written Lambda function to use Route 53 API to register/deregister DNS entries for launched EC2 instances. Setup Elastic Application Loader for HA featured Products deployments. Configured and deployed Auth0-enabled Authentication for all Confidential cloud deployments for Customer environments. Used AWS EFS/NFS as the shared file system for clustered Product nodes. Configured Apache HTTP Server as Reverse Proxy to serve secured products accesses. Configured Bation Hosts to allow SSH into private subnet ‘s EC2 instances. Configured NAT Host to provide private instances outgoing connectivity to the Internet while blocking incoming traffic from the outside world. Configured VPC Peering connection between Product AppServer VPC and WebServer VPC to enhance overall security of production environments. And configured ManageEngine’s Application Manger to provide the depth monitoring on Confidential SAAS products in AWS cloud.
• Environment operations - Cloudramp automate the day-to-day operational tasks such as server restarting, product deployments and upgrades
• Environment managements -Developed Python AWS Lambda functions to manage various resources with tagging EBS volume, RDS instances, SNS email notification, CloudWatch, EC2 AMI snapshots and volume backup snapshots. Run scheduled Lambda Functions to stop/restart EC2 instances in DEV/QA environments to cut the cost of Cloud operation.
• Led various projects in platform team: design and implements software infrastructure and development tools to support enterprise software products and platforms. Such as:
• Extending ant capability by creating new ant tasks and integrate Find bug with ant tasks.
• Writing Annotation preprocessor to auto-generate deployment codes for Confidential products
• Configure and deploy various clustering Application Servers with scripts ( JBoss, Wildfly and Websphere)
• Encryption and decryption of communication among Jgroups cluster members.
• Create product patches for customer supports
• Setup/Configured CI/CD Chef Server/Jenkins to automate infrastructure configuration and products/patches deployment in AWS cloud with Chef cookbooks, recipes, Shell, AWS CLI and Python.
• Provided Auth0/OKTA authentication service for AWS Cloud deployments to use Auth0 as an enterprise-grade platform for identity service and providing secured SSO.