SUMMARY:

• Sr. Cloud Infrastructure and Security Architect
• Ability to develop high level and detailed design documents addressing the business, infrastructure, security, support and operational needs of the business
• Review of applications and infrastructure, to create target state architectures is Azure Cloud
• Demonstrated capacity for problem solving, synthesis and making sound recommendations
• Ability to write entire playbook of application migration from discovery, design, staging, production and decommission phases
• Excellent verbal and written communication skills, including polished presentation skills with the ability to deliver technical issues to both technical and non - technical audiences in a clear and understandable manner
• Experience designing and implementing complex, HA multi-tier, end-to-end solutions in azure using a wide variety of azure services and marketplace appliances, including Azure Site Recovery, Azure Load Balancer, Application Gateway, Internal LB, Operations Management suite, Azure Active Directory, AD connect, Privileged Identity Management, Identity Protection, Checkpoint, Citrix Xenapp, Netscalar VPX, Barracuda LB, Cisco ASAv, Big IP Web Application Firewall, Azure Right Management Server, Azure Security Center, Key vaults for encryption, SAS key management, User Defined Route, Express Route, Network security groups.
• Implementing O365 for organization users, security and compliance management
• Security Domains Patch Management, Access Request Management, Incident Management, Vulnerability Assessment, SOX Audits and Compliances
• Writing requirement, controls and Azure services mapping for HIPAA, PCI DSS, ISO 27001, SANS and NIST 800-53 compliance standards
• Implementing Azure services in accordance with PCI DSS, ISO 27001 controls
• Windows Azure Infrastructure Security Implementation - Azure Security Center
• SIEM logging solutions like Splunk
• Intrusion Protection\Detection tools Critical System Protection, Trend Micro Deep Security etc
• Vulnerability Scanning tools Nessus Scan, MBSA Scan, Zen Map (Nmaps), Cenzic scan for webapps etc
• Patch Management tools WSUS, SCCM etc.
• Monitoring Infrastructure Tools SCOM, HP Site Scope, Operation Management Suite (Azure), Application monitoring using AppInsights
• Incident Management using tools like Service Desk, BMC Remedy, client home grown tool
• Defining ITSM Process setup for Azure Cloud Data Centers (ITIL and ACE standards)
• Quality Audits for various Infrastructure Projects
• Security Audits for Infrastructure at Client locations
• Managing Network monitoring and controls using Riverbed Steelhead devices, Azure Confidential Firewalls, Net scout etc.
• Disaster Recovery Solution for on premise infrastructure using PLATESPIN PROTECT 10.1 and Azure using Recovery services
• Virtualization administration VMWARE ESX 5.1, 4.0 VSphere, Hyper V, SCVMM
• Defining Base lining and Thresholds for various Security domains
• Administering System Center Operations Manager 2007, 2012
• Windows Server Performance tuning
• Hands on experience on Microsoft Server 2000, Server 2003, Server 2008 R2, Windows 2012 R2 servers
• Terminal services 2003 and Remote Desktop Services 2008 R2, 2012 R2, RemoteApps and RDS in Azure.
• Client Operating systems like Windows XP, Windows Vista, Windows 7, Windows 8.1 and Windows 10
• Hands on experience on Linksys (Cisco Wireless Technology) Routers, Switches, Hubs, Range expanders, Access Points, NIC cards
• Hands on experience on Cisco 2500 series routers

EMPLOYMENT:

Confidential, Princeton, New Jersey

Senior Cloud Infra\Security Architect

Responsibilities:

• Requirement Gathering, mapping to Azure services and Market place appliances to meet customers’ needs in security, operations and compliance (HIPAA, PCI DSS, Data Protections, BASEL etc.
• Build migration strategies for moving workloads and data from on premise to Azure Cloud using Azure Site Recovery, Azure import\Export services, double take etc.
• Architect network topology hub-spoke, daisy chain and mesh using P2S, S2s, Express route. Setting up peering for public, private and Microsoft for office 365.
• Securing network using inbound\outbound rules in Confidential, subnet isolations, Role-based isolations, Resource grouping, Configuring External Load Balancer with Multiple VIPs and NAT rules, ILB, third party appliances like Checkpoint, Netscalar VPX, barracuda LB, WAF using Big IP etc.
• Virtual Machine Sizes and Tiers, Virtual Machine Templates, Virtual machine Scale sets implementation, Virtual Machine hardening, Availability Sets, Storage Classes, Storage Requirements, Storage Availability and Redundancy, Storage Accounts, Azure Monitor, Accelerated Networking, Key Vaults, VNet Peering and Gateway Failovers.
• Architecting Security in Azure using Azure Security Center, Encryption (Bitlocker, TDE, AES 256, SSE), Storage Access and ACLs, Reporting and Auditing, Resource Groups, Role Based Access Control Model (RBAC), Monitoring using Operations Management Suite, Azure Extensions for AV, Network Security Groups, Web Application Firewall.
• Writing cloud security objectives in accordance with 14 ISO 27001 domains and 12 PCI DSS controls. Implementation for Azure\ AWS mapping services with respect to security standards like PCI DSS, HIPAA, ISO 27001-2, NIST 800-53.
• Configuring BCDR using Azure backups, OMS and ASR with config server, process server and Mobility service.
• Azure Active Directory, Privileged Identity Management, AD connect sync, AD Health monitor, AD premium features, O365 security and compliance.
• Implementing DevTest Labs with Formulas and Artifacts for staging\development environments.
• Automations using Ansible, JSON ARM templates and powershell.

Confidential

PROJECT MANAGER

Responsibilities:

• Designing and Building Azure infrastructure, Migration of on-premise datacenter to Windows Azure, Setting up Virtual networks for site-to-site, Point-to- Site and Express Route
• Setting up Azure Network Security with Confidential and Endpoint ACLS, High availability with Storage accounts and availability sets, Disk Sanitization Process, Configuring Azure Backups, Monitoring Azure infra using OMS integrated with operations manager, Data Encryption, Key Vaults, RBAC model, Resource manager, implementing core services like AD, DNS, WSUS, SEP, SCOM, CSP in Azure, Powershell scripting, Building VMs and Gold images
• Managing Information Security Domains Patch Management, Incident Management, Access Request Management, SOX Audits and Compliances, Disaster Recovery for UTC BIS 3000+ sites across 3 Regions
• Working closely with IT Controllers, IT Directors, Regional IT managers, Site IT Managers, Site Admins, and Regional Compliance Managers to meet above mentioned (security domains) compliance requirements
• Defining SOC processes based on defined IT security Policies, creating procedures (SOPs, Run books, User guides) for achieving set standards, extracting vendor specific best practices for defining guidelines
• Publishing SOC dashboards with management at Confidential council meetings
• Managing and maintaining Risk Log, Risk to impact Ratio matrix, Project action log, Service Delivery Plan, Training log, Meeting log, Audit log, CI Matrix, RACI, Asset inventory, Issue Log, (SLA\OLA\ underpinning), Project Plans, Roll-out Plan etc.
• Release Management process, Change Management process, Incident management process etc.