Programming languages: Bash, JSON, YML, Python, Java, Intel Assembly, C++, Object Oriented Programming, SQL
Web Technologies: Java Script, CSS, HTML
Other: Project management, problem - solving skills, communication skills, data structures and algorithms in Java
Cybersecurity analyst tools: data protection; endpoint protection; SIEM; systems and network fundamentals. Compliance and threat intelligence topics; Breaches incident responses and forensics.
Cloud Orchestration / Automation: AWS CloudFormation, Terraform, AWS Lambda, AWS Systems Manager, AWS SSM Parameter Store, Ansible, AWS EC2, Docker, Jenkins, ECS, EKS, Develop and maintain CI/CD pipelines.
Cloud Migration: AWS Cloud Adoption Readiness Tool, AWS Migration Hub, AWS Athena, AWS Cloud Endure, AWS Server Migration Service, Direct Connect, VPN
AWS Security: AWS Security Hub, AWS Guard Duty, AWS Shield, AWS Firewall Manager, AWS Inspector, etc.
Network Security: Network ACLs, Security Groups, VPC Flow Logs, Endpoints
Monitoring and Event Management: AWS CloudWatch (Events and Logs), AWS SNS, AWS S3, AWS CloudTrail
Identity and Access Management: AWS Organization, AWS IAM, AWS AD Connector, Active Directory, AWS Workspaces, AWS Secrets Manager, etc
Governance and Compliance: AWS Config Rules, AWS Organization, AWS Control Tower, AWS Trusted Advisor, AWS Well Architected Tool, AWS Budgets.
Data Protection: AWS Certificate Manager, AWS KMS, Snapshot Lifecyle Manager, AWS Cloud HSM, Client & Server-Side Encryption, Encryption at Rest
Self Service: Service Catalog
Network: VPC, VGW, TGW, CGW, IGW, NGW
Image and Patch: AWS SSM Patch Manager
Data Analytics: Amazon S3, Amazon Athena, Amazon Redshift, Amazon RDS, Amazon DynamoDB, Amazon S3 data lakes.
Senior AWS Architect
- Ensured data recoverability by implementing systems snapshot, AMIs, RDS Replicas, and application-level backup to S3.
- Designed for high availability and business continuity using self-healing-based architectures, fail-over routing policies, multi-AZ deployment of EC2 instances, ELB health checks, Auto Scaling, and other models based on customer’s functional and nonfunctional requirements.
- VPC built with Private and Public Subnet couple with VPNs setup back to on-premises datacenter and cooperate offices.
- VPC peering with other accounts allowing access and routing to service and users of separate account to communicate.
- Monitored Network, CPU, disk, and connectivity with CloudWatch and setup to trigger alarm and notify system administrators.
- Configured security groups and locked down the various authorized subnet and IP addresses in AWS.
- Built kinesis dashboards and applications that reacted to incoming data using AWS provided SDKs and exported data from kinesis to other AWS services including EMR for analytics, S3 for storage, Redshift for big data and Lambda for event driven actions.
- Automated deployment, configuration and security settings using Ansible.
- Created and attached new volume to an existing EC2 instance.
- Automated and managed configuration using system manager.
- Created and resized partition including logical Volumes, formatted with ext3, and ext4.
- Leveraged site-to-site VPN to allow communication with VPC and on-premises network.
- Designed Network Security using Firewalls, DDoS, IPs, IDs, NACLs and security group.
- Migration of high availability webservers and databases to AWS EC2 and RDS with minimum or no downtime.
AWS Lead Cloud Architect
Confidential, Omaha, Nebraska
- Collaborate with enterprise architecture, information security, applications and infrastructure teams and support and contribute to evaluation, design, and analysis of enterprise-wide solutions to translate business and technical requirements into an architectural blueprint aiming to achieve business objectives.
- Designed for high availability and business continuity using self-healing-based architectures, fail-over routing policies, multi-AZ deployment of EC2 instances, ELB health checks, Auto Scaling, and other disaster recovery models.
- Implemented AWS Systems Manager management service capabilities to automatically collect software inventory, apply OS patches, and automate administration tasks and complex workflows across our environments.
- Automatically remediated Trusted Advisor findings using Amazon CloudWatch events & AWS Lambda
- Implemented AWS Organization to centrally manage multiple AWS accounts including consolidated billing and policy-based restrictions
- Implemented Control Tower Preventive and Detective guardrails and leveraged Account Factory, integrated with Lambda for new AWS account creation/vending and setup.
- Design the overall Virtual Private Cloud VPC environment including server instance, storage instances, subnets, availability zones and managed provisioning of AWS infrastructures using Terraform.
- Developed and leveraged baseline and custom guardrails, policies, centralized policy enforcement, tagging policies and a well architected multi account environment.
- Leveraged different design principles for security in the cloud and implemented various AWS services to improve our security posture for Authentication, Authorization, Monitoring, Auditing, Encryption and Data path security.
- Implemented security best practices in AWS including multi factor authentication, access key rotation, role-based permissions, enforced strong password policy, configured security groups and NACLs, S3 bucket policies and ACLs.
- Optimized cost through reserved instances, selection and changing of EC2 instance types based on resource need, S3 storage classes and S3 lifecycle policies, leveraging Autoscaling.
- Leveraged EC2 Lifecycle Manager tocreate snapshots of EBS Volumeson scheduled intervals for backup and define a retention period as a cost saving measure.
- Configured CloudWatch alarm rules for operational and performance metrics for our AWS resources and applications.
- Configured S3 events to set up automated communication between S3 and other AWS services.
- Designed highly available infrastructure using Elastic load balancer and auto-scaling for Web servers which Scale-in and Scale-out automatically, also isolated environment by having security groups and NACL across subnets for EC2 instances.
- Architected and Implemented AWS Cloud cost effective solution for non-Production environment.