SUMMARY:

• Expert in building and operating Containers, Microservices and Serverless environments on AWS with a focus around cost, performance, observability and security. Interested in next - generation Cloud Native application architectures.
• Kubernetes, Amazon EKS, Docker, Amazon ECS, AWS Fargate, Spot Instances, AWS Lambda, Step Functions, AWS App Mesh, AWS Cloud Map, Amazon ECR, AWS X-Ray, Amazon CloudWatch, Istio, Jaeger, Docker Swarm, Consul
• Node.js, JavaScript, TypeScript, Python (Boto3), Terraform, CloudFormation, AWS CDK/SAM/SDK, Serverless Framework, Packer, Ansible, Powershell, Bash

PROFESSIONAL EXPERIENCE:

Confidential

AWS DevOps Lead

Responsibilities:

• Lead DevOps resource on AWS - based Confidential InsurCloud Platform project for insurance industry incorporating Guidewire containers and custom Spring microservices, as well as tight integration with customer AWS accounts and Hybrid Cloud use cases
• Role entails AWS-based DevOps, DevSecOps, DevNetOps and GitOps responsibilities
• DevOps and IaC (Infrastructure as Code) tooling includes AWS Systems Manager, Terraform, Packer, Consul, CloudFormation, Ansible, Jenkins, Nexus, Docker, Docker Swarm, Powershell, Bash, and BitBucket
• Container builds/deployments using Multi-Stage Dockerfiles, Docker Compose and Docker Swarm stacks
• Configuration and management of Jenkins build and deploy CI/CD pipelines for Docker containers using OpenJDK, Spring Boot, Maven and Gradle
• Utilized git forking workflow with feature branches and pull requests for Terraform GitOps. Terraform plan/apply jobs run within Jenkins pipelines for pre-prod and production AWS environments.
• Cloud development and automation using Node.js, Python (Boto3), AWS Lambda, AWS CDK (Cloud Development Kit) and AWS SAM (Serverless Application Model)
• Implemented centralized container logging and monitoring using CloudWatch, Prometheus, Grafana, and FluentD/Fluent Bit
• Exposed Spring Boot microservices metrics to Prometheus via Micrometer and Spring Actuator
• Utilized Traefik and Let s Encrypt to enable SSL for Grafana and add user authentication for services cAdvisor, Prometheus & Alerting
• Deployment, configuration and management of AWS Systems Manager Agent and CloudWatch Agent
• CIS-compliant AMI builds and deployments for Amazon Linux, Ubuntu, RHEL and Windows Server using Confidential Packer and Terraform
• Database management and administration using Amazon RDS PostgreSQL, Amazon DynamoDB and MSSQL on Docker and Windows Server clusters
• AWS network engineering including VPC Peering, Transit Gateways, AWS Site-to-Site VPN, Transit VPCs, Hub VPCs, Palo Alto VM-Series, HAProxy, Aviatrix Controller & Gateway, ELBs, NAT Gateways, Internet Gateways, OpenVPN and VPC endpoints/gateways/interfaces
• Managed AWS Directory Service for Microsoft Active Directory
• Secrets Management and storage using AWS Secrets Manager, Systems Manager Parameter Store and Vault
• TLS/SSL Certificates and Encryption using AWS Certificate Manager, AWS KMS (Key Management Service), Confidential Vault and Let s Encrypt
• Cloud security and threat management utilizing IAM, AWS GuardDuty, AWS Config, AWS Security Hub, and AWS Organizations

Confidential

DevOps Architect

Responsibilities:

• Design, code, build, deploy and manage secure and compliant cloud - native solutions in the area of instances, CI/CD, containers, clusters, databases, configuration management, orchestration, serverless and APIs
• Foundational infrastructure and application design using AWS Well-Architected Framework
• AWS EC2/VPC/IAM/Route53/S3/RDS environment setup, automation, orchestration using Terraform, CloudFormation, Ansible and Chef
• Builds, migrations and integrations of Kubernetes, Jenkins, Spinnaker, Istio, Prometheus, GitLab CI and Nexus
• Setup of CI/CD pipeline components for Jenkins, Spinnaker, Concourse CI, GitLab CI, AWS CodePipeline, AWS CodeBuild, AWS CodeDeploy, Amazon ECR and Kubernetes Helm Charts
• Design, build, secure and manage clusters/workloads running on self-managed Kubernetes (Kops), Amazon EKS (Amazon Kubernetes Service), Amazon ECS and AWS Fargate
• AWS network engineering including VPC Peering, Site-to-Site VPN, Transit VPCs, ELBs, NAT Gateways, Internet Gateways, Client Access VPN and VPC endpoints
• REST API and serverless development using Node.js on AWS Lambda, SQS, SNS, SES and API Gateway. AWS automation development using Python (Boto3).
• Utilize AWS Systems Manager for instance inventory, compliance, automation, patching and remote execution
• Implement Amazon Pinpoint for web/mobile projects to do user insights/analytics, audience targeting, as well as direct and targeted messaging via e-mail, mobile push and SMS
• Test and troubleshoot REST API calls to the Amazon Pinpoint API using Postman
• Deploy, configure and optimize AWS Elasticsearch Service with Kibana and Logstash
• Solution, migrate and support SQL and NoSQL databases/caches in the cloud, including MongoDB, PostgreSQL, Redis, MySQL, Amazon RDS, AWS DynamoDB, and Amazon Aurora
• Solution and implement object storage using AWS S3, CloudFront, Akamai, and Cloudflare
• Secrets management using Confidential corp Vault, AWS Secretes Manager, Parameter Store with AWS KMS
• Design and implement NLB, ALB, WAF solutions using NGINX, AWS Elastic Load Balancers and AWS WAF
• Monitoring, compliance (SOC I/II, CIS, PCI, ISO, HIPAA) and security on AWS using Security Hub, Config, CloudTrail, CloudWatch, and GuardDuty
• Big data, streaming, interactive data querying and analytics using Amazon Kinesis, Athena, EMR, and Redshift

Confidential

AWS DevOps Architect

Responsibilities:

• Performed data center discovery and scoping of project requirements/phases on - site or remotely, most work done remote
• Designed/implemented greenfield solutions and planned migrations to AWS using services such as AWS Database Migration Service, RDS, EC2, Elastic Beanstalk, ECS, ECR, Elasticache, S3, Route53, Cloudfront, IAM, AWS WAF, CloudFormation, SES and
• Deployed and administered self-managed Kubernetes clusters on EC2 using Kops and Terraform
• Architected and implemented multi-VPC AWS solution including a Security VPC that served as the point-of-entry via a secure Server 2012 RD Gateway/Farm. Utilized VPC Peering, S3/SSM Endpoints and Ingress/Egress data controls including AWS WAF for inbound and Squid Proxy for outbound web filtering
• Implemented majority of AWS configuration management and orchestration via Terraform, CloudFormation and CodeDeploy
• Utilized git repos such as BitBucket, GitHub, GitLab, and AWS CodeCommit
• Node.js API design specification and implementation along with data caching design and implementation
• Worked with client-side Network and Infrastructure resources to create IIS/PHP Web Server Golden AMI Image provisioned via Auto Scaling Groups controlled by F5 Load Balancer appliances in AWS
• Leveraged cloud-provider services when migrating on-prem MySQL clusters to AWS RDS MySQL, provisioned multiple AWS AD forests with AD-integrated DNS, as well as utilized AWS Elasticache for Redis
• Solutioned, deployed and configured Amazon Elasticsearch Service with integrated Logstash and Kibana functionality
• Utilized AWS Systems Manager and CloudWatch Logs for managing, monitoring, alerting and VPC flow log analysis
• Developed Node.js Lambda functions for validating Redis/SQL/CRM endpoint access and functionality, certain scheduled tasks such as centralized proxy whitelist updates and batch processes

Confidential

Cloud Architect

Responsibilities:

• Architect cloud computing stack dependencies for PaaS, IaC/IaaS, DBaaS, DRaaS and SaaS solutions delivery and organizational transformation initiative utilizing Azure/Office365 technologies
• Engage in long - term planning of development and solutions lifecycle transition strategy to microservices architecture pattern incorporating CI/CD, Atomic, JSON/REST and simple authentication delivering bottoms-up, simple and modular solutions to complex business requirements and LOB challenges
• Follow existing traditional SOA design patterns where needed while incorporating requirements, risks, assumptions and constraints as design factors
• Document system context, architecture overview, as well as functional, non-functional and operational architecture
• Perform requirements gathering, vendor evaluation, and document justification for selected solutions including providing other relevant details that would help downstream design and implementation
• Designed and deployed ARM (Azure Resource Manager) templates using Visual Studio Team Services for IaC
• Integrated GitLab with VSTS (Visual Studio Team Services) using Cloudpipes
• Improve, leverage and streamline full application lifecycle for hybrid cloud using Cloudify and solution cloud-native app development lifecycle using Azure s PaaS offering Azure App Service, consisting of Web Apps, Mobile Apps, Logic Apps and API Apps based off .NET, Node.js, and Java
• Devise solution for migrating on-premise SQL instances to the Azure SQL Database DBaaS solution, leveraging Active Geo-replication for synchronizing replicas of databases
• Lead design and migration effort with Microsoft FastTrack team on migrations from Lotus Notes to Office 365 for Exchange Online, handle post-migration escalation issues
• Design Skype for Business pool balancing and distribution scheme, extend topology with new edge services
• Provide technical oversight for Azure AD Connect, Azure RMS, Federated Identities and DRS (Device Registration Service). Augment and secure SSO implementation.
• Expand, secure and scale Azure AD DS environment for VMs and Apps on Azure virtual networks
• Configure and troubleshoot WS-FED, SAML and OAuth federation and claims handling
• Manage and optimize Lotus Notes/O365 co-existence environment using Binary Tree and FIM 2010 R2
• Manage mobile device connectivity/authentication controls and apps to Azure/Office 365 (Skype for Business) for Blackberries & iPhones/iPADs

Confidential

Technical Systems Lead

Responsibilities:

• Act as a Windows SME and project lead for investment projects throughout entire project lifecycle. Design, deploy and monitor Microsoft infrastructure components in Dev, QA, and Production environments by working closely with Dev/QA/Operations teams and the Solutions Architect
• Gather, document, and articulate business and systems requirements into requirements specifications, including BCP/DR/HA provisions
• Create security documentation and work with InfoSec on penetration testing for each application or system platform
• Engage in capacity planning, workload monitoring, optimization analytics and right - sizing of Microsoft on-Hyper-V, Azure and VMWare virtual infrastructure using CiRBA and System Center Capacity Planner
• Deploy, configure and expand Hypervisor clusters running Hyper-V 2008/2012 R2 and VMware vSphere/ESXi
• Utilize Virtual Machine Manager 2012 R2 to provision and manage hypervisors, VMs, logical networks, SDN, virtual Fiber Channel (FC) and fabric resources.
• Design and implement Exchange 2013 & Office 365 high availability and recovery infrastructure, message transport, archiving, client access, and legal compliance/eDiscovery. Define DLP Policy templates.
• Maintain Lotus Notes/Exchange 2013 co-existence using Quest/Dell migration and co-existence tools
• Provision on-premises, DR, and Azure-based VMs. Perform cross-site, local and cloud-destined P2V and V2V migrations.
• Manage AD DS and Azure AD, DNS and DHCP services in a multi-forest, network segmented environment. Support Kerberos/LDAP authentication with in-house applications and troubleshoot authentication issues.
• Utilize Azure Key Management Service via Key Vault for LOB application security
• Use of Cisco UCS (Unified Computing System) as the central data center server platform and Hitachi VSP (Virtual Storage Platform) as the core enterprise storage system for hosting Hyper-V/VMWare based virtual infrastructure
• Support Citrix XenServer hypervisor clusters, XenApp farms and NetScaler VPX LB
• Configure and troubleshoot Cisco Fabric interconnect, Nexus switch and IronPort configurations and states
• Leverage PowerShell (v2-v4) for automating deployments, streamlining migrations, as well as managing hypervisors, clusters, Exchange/AD and Azure tenancy
• Administer IIS 6-10 - manage application pools, sites and authentication, configure website security and SSL, FTP, setup Web Farm using NLB and ARR, monitor performance
• Design and build-out core Windows solutions including Failover Clusters, Classic and Scale-Out File Servers (SMB 3.0), DFS, NLB, RDS, HA Printing, and load-balanced DHCP for critical application, user and database services
• Deploy packages and updates using Shavlik and System Center Configuration Manager (SCCM)
• Support Microsoft SQL Server and DB2 database server/cluster environments
• Establish performance baselines and monitoring for service states using both SCOM and Perfmon
• Institute and maintain a load-balanced TS/RDS server farm on the extranet for offshore users

Confidential

Infrastructure Consultant (Team Lead)

Responsibilities:

• Plan and design strategic high - level migration and roadmap steps, act as technical and team lead for implementation of various infrastructure projects. Engage in daily operational issues.
• Provide Directory Services and Exchange deployment planning services
• Provide Tier 3 support using incident/service management system, on-call for emergencies 24/7
• Manage multiple Exchange 2007 and Exchange 2010 organizations in separate AD forests
• Implement and administer multi-forest, multi-site Windows Server 2003 and Windows Server 2008 R2 Active directory infrastructures with cross-forest trusts
• Implement and troubleshoot Blackberry Enterprise Server 5.x cluster
• Configure Windows Server 2003 and Windows Server 2008 failover clusters, including Hyper-V Cluster Shared Volumes (CSV)
• Support deployments of SQL Server 2005 and 2008 on Windows failover clusters that utilize MSDTC
• Create LUNs, MetaLUNs, RAID Groups, Storage Groups and zones on EMC SANs and Brocade FC switches. Configure HBA and multipathing on host end.
• Deploy and utilize ADMT & Forefront Identity Manager 2010 for cross-organizational object migration as well as GAL synchronization, provisioning, and identity/lifecycle management
• Deployment and administration of front-end, archiving and group chat server roles in OCS 2007 R2
• Utilize SCOM 2007 R2 for AD and Exchange baselining and performance monitoring; utilize SCVMM 2008 for virtual machine provisioning and live migration across Hyper-V R2 hosts.
• Process bulk Exchange and Active Directory changes using Powershell 2.0
• Administer DFS/DFS-R across Windows Server 2003 and Windows Server 2008
• Design backups of Exchange, AD and DFS/DFS-R systems using Netbackup, DPM 2010
• Support Citrix XenApp 6 front-end, authentication servers and gateways

Confidential

Systems Specialist

Responsibilities:

• Provide systems integration and administration, network support, backup administration and IT project management services in accordance with ITIL best practices
• Installation and administration of Exchange Server 2003 and 2007, Windows Server 2003 and 2008. Performed Exchange migration and provided mixed - environment support.
• Administer Virtual environments/platforms such as Hyper-V and VMware ESX
• Manage Activate Directory in multi-site environments with DFS
• Management of Terminal Servers and thin clients
• Configuration and monitoring of perimeter firewalls and Barracuda spam appliances
• Backup Exec/Netbackup administration on iSCSI, NAS, Tape and SAN
• Blackberry support and Blackberry Enterprise Server (BES) administration
• Trend Micro and Symantec corporate antivirus deployment and administration
• Ghost imaging of laptops, desktops
• VPN management and support