Cloud Solution Architect Resume
Irvine, CA
SUMMARY
- AWS Certified Solutions Architect with around 12+ years of experience (6 years onsite USA/Europe) in IT as anAWS Cloud Engineer, DevOps CI/CD, Kubernetes, Docker, Kafka, Infrastructure as a Code (IaC), Release management, Unix/Linux systems administration, Cloud Migration, Middleware.
- Delivered responsibilities as Cloud/DeVops Engineer, Site - Reliability Engineer & Solutions Architect for various client assignments.
- Experienced in configuring and managing Amazon Web Services such as (Amazon EC2, Elastic Load Balancing, Auto Scaling, Amazon S3, Amazon VPC, DNS, Amazon Route53, Amazon CloudFront, Amazon CloudFormation, CloudWatch, SQS, SNS, SES and Amazon RDS) in DevOps.
- Built and maintained critical, high fault tolerant and high availability web applications using the Elastic Load Balancing. Scaling the web application servers by adding or deleting servers for controlling the server capacity with Auto Scaling.Build and deploy application using Docker.
- Manage users and groups for secured access toAWSservices and products withAWSIdentity and Access Management (IAM). Built policies for DevOps specifying different roles for IAM groups.
- Worked on industry standard web servers such as Apache, Nginx, and Java Web Application Servers such as WebLogic, WebSphere, and Tomcat for hosting both static and dynamic content code.
- Worked on setting up Amazon Virtual Private Cloud with customized Network ACL and Routing tables with creation of subnets with specified set of IP address range.
- Migrated applications to light weight Docker containerized platform.
- Designed template stacks using CloudFormation to automate building the Amazon Web Services (Amazon EC2, Simple Storage Service, Elastic Load Balancing, Auto Scaling, Amazon VPC) using JSON files.
- Well versed with code repositories for branching and maintaining the code using version control tools such as Subversion (SVN) and GitHub on Linux and Windows.
- Deployed and scaled web applications that are developed on programming languages such as Java/J2EE, .NET, PHP, Node.js.
- Experienced with DevOps build tools Ant, Maven to automate the build process using Jenkins.
- Configured AWS Elastic Beanstalk to automate DevOps deployment, capacity provisioning, load balancing, auto scaling for web applications and services.
- Experienced in building DevOps scripts and automate using shell scripting. Created shell scripts based on Bash, Python for automating the tasks.
- Excellent communication, teamwork, interpersonal & presentation skills, fast & self-organized learner.
- Flexible to work in on-demand work environments for supporting business critical applications.
- Possess excellent problem solving, analytical and team building/managing skills with proficiency at implementing new technical concepts & utilize the same in a productive manner.
TECHNICAL SKILLS
- AWS
- Kubernetes
- Docker
- DevOps
- Jenkins
- GitLab
- CI/CD
- Bash
- Python
- Kafka
- Agile-Scrum
- Terraform
- CloudFormation
- Maven
- JIRA
- Bugzilla
- GitHub
- Chef
- Ansible
- Nagios
- CloudWatch
- Splunk
- Nexus
- EC2
- S3
- RDS
- DynamoDB
- ElasticCache
- Redshift
- Amazon VPC
- CloudFront
- Direct Connect
- Route53
- CloudWatch
- CloudFormation
- CloudTrail
- Amazon IAM
- SQS
- SNS
- SES
- Nginx Ingress
PROFESSIONAL EXPERIENCE
Confidential, Irvine, CA
Cloud Solution Architect
Responsibilities:
- Design and document robust cloud solutions per well architected standards and best practices that are cost effective, resilient, scalable and aligned with business strategy utilizing architecture methodology.
- Architect end-to-end solutions using cloud native methodology and automation provisioning and management of infrastructure.
- Deploy VM-Series next-generation Palo Alto Network firewall and leverage the AWS Gateway Load Balancer (GWLB) to scale and load-balance traffic across the stack of VM-Series firewalls. Expose the GWLB with the stack of firewalls as a VPC endpoint service for traffic inspection and threat prevention. Use Transit Gateway, Direct Network Connect and implement hub and spoke model for security VPC
- Designed and developed AWS Cloud Formation templates to create custom VPC, Subnets, NAT to ensure deployment of web applications.
- Worked on Multiple AWS instances, set the security groups, Elastic Load Balancer and AMIs, Auto scaling to design cost effective, fault tolerant and highly available systems.
- Design and develop serverless architecture using Python/Boto3.
- Perform ServiceNow to AWS Integration using API Gateway, AWS CognitoUserPool, SQS, DynamoDB, SES to automate the catalogue items provisioning E.g., Workspaces/EC2
- Design and implement core AWS services VPC, S3, EC2, RDS, IAM, Route 53, Autoscaling, CloudWatch, AWS Config, CloudTrail, ELB, AWS Migration, ELB, VPN/Direct Connect, Transit Gateway, Organizations, Stack Sets, Single Sign-On and Service Catalog.
- Implement OAuth 2.0 to authorization for rest api using AWS Cognito. Write CloudFormation code to automate it.
- Design and implement DevOps CI/CD processes and tools - GitLab, AWS CodeCommit, CodeBuild, CodePipeline, CodeDeploy, use nested CloudFormation stacks
- Cloud development and automation using Node.js, Python (Boto3), AWS Lambda, AWS CDK (Cloud Development Kit) and AWS SAM (Serverless Application Model)
- Setup AWS Snowball Edge in multi-region to perform data migration, data transport, data analytics, IoT sensor stream capture, and machine learning
Confidential
Lead Engineer- DevOps/Cloud
Responsibilities:
- Lead a team of 4 team members. Prioritize the task depending on business need. Assist team members if they are blocked with any technical issue. Code review, peer programming etc.
- Identify the areas for automation and implement wherever possible. Discover new open-source tool/technologies which can be leveraged to solve the problems.
- Do a POC with new tools and take it till the production.
- Deploy an Angular App to AWS S3 with CloudFront Serving HTTPS. Write Infra code in Terraform
- Build highly resilient, scalable, highly available services on AWS + Docker + Kubernetes and deploy Java Spring Boot micro services. Create Helm template for Microservices.
- Develop meaningful monitoring, actionable alerting, logging, and availability dashboard/metrics that provide service health, usage, and performance data about the service to reduce or eliminate outage.
- Monitoring infrastructure and application uptime and availability to ensure functional and performance objectives.
- Manage Infrastructure as code via tools such as Terraform (Primary) and CloudFormation (secondary/ less used)
- Build AWS WAF for Tenants protect web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources. Rules added csrf, rfi-lsi-traversal, xxe, xss, restrict sizes etc.
- Apply GeoIP specific rules for OFAC, enable logging for WAF, load real time streaming logs into AWS Kinesis Firehose to S3 bucket. Create a lambda function to parse the logs and index it appropriately and ship to Elasticsearch. Create report in Kibana
- Write a lambda function to read environment variables from external data store for Oatuh2
- Design and implement cost-optimization in AWS environment to save a cost.
- Design and implement AWS Single Sign-On (AWS SSO) to grant your users access to AWS resources. Integrate with Azure AD using SAML 2-way authentication and setup replication for user/groups.
- Design, develop, test, & maintain automation tools for infrastructure & problem management analysis.
- Experience with distributed systems with high availability requirements and balancing the service reliability, sustainability, and technical debt for services running at scale.
- Demonstrated leverage of a methodical and analytical mindset during problem investigations and management of incidents.
- Develop CI/CD pipelines for Jenkins and GitLab. Configure Argo CD for Continues deployment.
- Build Strimzi Kafka platform in a multi node, mutli-AZ, configure end-to-end security with SSL/SASL-SCRAM-SHA-512 and provision on top of Kubernetes.
- Design, installation, operation, and the best practices for the Kafka components: Kafka Brokers, Kafka Zookeepers, Confluent Kafka Connect/Connectors, Confluent REST Proxy, Confluent Schema registry, Kafka KSQL.
- Build a Real time analytics solutions using Divolte andApache{Kafka,Superset,Druid} to set up a system that allows you to get a deeper understanding of the behavior of your customers. We used Druid to quickly ingest massive quantities of Kafka event data, and provide low-latency queries on top of the data
- Design and Implement monitoring solutions for Kafka Cluster using Prometheus and Grafana. Create Grafana dashboard.
- Hands-on experience in creating a backup & mirroring of Kafka Cluster brokers, broker sizing, topic sizing, h/w sizing, performance monitoring, broker security, topic security, consumer/producer access management (ACL).
- Expose Microservices/Kafka REST proxy via API Gateway and configure authentication Oauth2 with lambda to make it secure.
- Implementing security & authorization (permission-based) on Kafka cluster.
- Secure Java Spring Boot Microservices end-to-end in transit as well at rest (not offloading at Load Balancer)
- Provision API Gateway, CloudFront, ELB, NLB, Nginx Ingress, Kubernetes services, Deployment, Stateful sets,
- Provision an ELK stack with AWS Fully managed Elasticsearch, Kibana, Fluentbit on Kubernetes nodes.
- Deploy .Net core platform Identity and access management micro services on AWS ECS.
- Build Infrastructure as a code using Terraform.
- Create Ansible Playbooks for Database Backups- RDS- MySQL, SQL Server, PostgreSQL.
- Build OpenVPN server and configure the tunnel.
- Build AWS WAF for CloudFront to prevent the attacks.
- Build SFTP Gateway in highly available mode.
- Build AWS IPSEC VPN tunnel, VPC Peering, configure transit gateway, security groups, NACL.
Confidential
Lead Cloud Engineer
Responsibilities:
- Lead a team of 12 people. Work with Product owner to understand the requirement and define a technical approach to achieve the desired functionality for AWS Cloud Infra Apps.
- Create a Jira stories from epic, design document and list the technical approach steps so team has it ready before they start working on task. Perform estimation according to complexity of task and assign to a team member. Do peer programming, code reviews and unblock the team members for technical issues.
- Designed and Implemented AWS Organizations for Confidential cloud teams to centrally manage billing, control access, compliance, and security; and share resources across Confidential AWS accounts. Services used- CloudTrail, S3, AWS Config, Service control policies, SNS, Lamda, CloudWatch, apply password policies, RBAC, AWS SSO, IAM policies enforcement.
- Migrated AWS Cloud applications from Elastic Beanstalks (EBS) to Managed Kubernetes service (AWS EKS)
- Develop Collected plugin using Python
- Jenkins Migration: Challenging for each engineering team to perform version upgrades, security patching, and disaster recovery of their own Jenkins instances. Build a Jenkins service on managed Kubernetes platform which is high available and scalable. Created a migration plan by analyzing the old Jenkins instance, resource planning, sizing of the development efforts.
- Deploy Jenkins on managed Kubernetes and performed scaling configuration to meet the increased performance needs and did capacity planning for Infrastructure.
- Created Kubernetes clusters using helm, cluster-autoscaler, cert-manager, logging-operator, metric-server, signal-fx agent, spot-termination handler, kube2iam, external-dns, nginx-ingress, OpenEBS.
- Migrated the legacy monitoring checks from Nagios to modern advanced SaaS based platform SignalFX and routed them to PagerDuty to alert Operations for any critical alerts.
- Deployed Qualys security sensors on all Docker container images stored in ECR to improve the container security and prevent against the security vulnerabilities.
- Implemented the log analytics solution by capturing the log for Kubernetes clusters and sent to Sumo Logic for real time monitoring.
- Enable New Relic APM for Customers using Confidential Cloud products.
- Evaluate the new product Buy v/s Build with a clear recommendation & plan to implement.
- VPC peering for Kubernetes clusters for different AWS accounts.
- Scrum master to handle the two different scrums in Nexus model, performed sprint planning, define approach, sizing and estimations, resource planning, identify dependencies and unblock team. Create sprint reports/velocity charts.
- Performed EKS cluster upgrade, configure cluster metrics for container, Pods, instances & configured SignalFX monitoring dashboard to alert on any failures. Monitoring dashboards using Grafana.
- Supported and deployed the serverless computing lambda-based applications through CloudFormation stacks and CodePipeline.
- Working in Agile/Scrum model and part of DevOps team for fast and effective delivery of projects
- Planning for migrating applications from Monolithic to Microservices
- Implemented predictive alerting for growth in volume usage using machine learning algorithm for Cloud Infrastructure in SignalFX.
- Improved AWS Cloud monitoring: Improved Reporting on Sites In/Out of Monitoring. Confidential only monitors a single Prod environment on each cluster. Sometimes customers are not added to monitoring, or monitored apps are de-provisioned. We created a report and sent to BI tool DOMO by using AWS S3 connector API by writing a Jenkins Job.
- Maintain the server configuration using Terraform, Ansible. Setup RBAC in ISTIO
- Change management, release management, and send the release notes to stakeholders.
- Supported Workflow Notifications to receive feedback about workflow status changes and get alerted on failures. Workflows send notifications to SNS topics, each stage its own, to which the Workflow Notifications service SQS queue is subscribed during the deploy process. Service interacts with the queue and publishes human readable messages to the Slack, SignalFX, PagerDuty
- Confidential Hosting operations using workflows (e.g., volume resize) send a notification via AWS Simple Notification Service. This Microservice subscribes to SNS topics via an SQS queue (i.e., converts push to pull notifications to retain state) and sends a message to Slack channel 'workflow-events' on workflow status changes. On workflow failures, it sends an alert to PagerDuty.
- Debug the issues with Container logs which are directed to CloudWatch.
- Identify key stakeholders, listen to their needs, and consult with critical stakeholders to gain trust and acceptance.
- Drive the program team to develop clear plan and deliverables and ensure programs are on time, on budget, and at the required quality level.
- Responsible for risk, issue, and change control logs.
- Ensure all program documentation is updated and maintained to include program initiation documents, plans, risk, and issue logs, change control documents, & any other relevant information for the program.
- Identify dependencies with other programs and manage those carefully.
- Communicate effectively with all executive sponsors and stakeholders across all the stages of the program life cycle. Manage program status reports and budgets.
- Built Packer AMI for Amazon Linux 2 for Kubernetes worker node by installing security packages.
- Written deployment manifest for Microservice application and helm chart to manage the packages.
- Track application issues in Bugsnag and make sure it is resolved within specified SLA.
- Troubleshoot application issues from container logs.
- Jenkins Job to build a container image using Dockerfile, push it to ECR and use the latest image tag to deploy app using helm upgrade.
- Identify issues with individual ingress controller pods and terminate/restart them as needed.
- Proactively participate in the planning & design phases of product development & act as scrum master
- Promote and execute best practices, tools, and methodologies.
- Use expert level configuration management skills to write manifests and modules to deploy, configure, and manage servers with Puppet, Ansible, or Terraform
- Work with Confidential ’s engineering and Operations teams to identify inefficiencies in our current services, then propose and implement appropriate AWS cloud service solutions.
- Perform self-directed research for quality, infrastructure, and product improvements using Agile techniques such as backlog grooming, technical analysis, and sizing.
- Define and build a continuous integration/delivery pipeline using tools like Jenkins.
- Assist Dev teams to migrate applications to Docker-based PaaS platform using Kubernetes.
- Analyze monitoring trends and raise customer- or product-related issues to the necessary teams.
- Build and customize dashboards for teams. Using Ansible to add CIS security checks for Ubuntu and CentOS AMIs.
- Contribute as part of a larger team to maintain a deep understanding of system functionality and architecture, with a primary focus on the operational aspects of the service (availability, performance, change management, emergency response, capacity planning, etc.)
Confidential
DevOps Engineer
Responsibilities:
- Responsible for configuring the release activities on critical enterprise level and web applications.
- Automate deployment process from development to production environment.
- Responsible for maintaining and deploying DevOps builds in UAT and Production environments.
- Build and release DevOps software baselines, code merges, branch and label creation and interfaced between development and infrastructure.
- Containerize the application using Docker. Build custom Docker image and deploy into production. Write Dockerfile.
- Troubleshoot performance and configuration issues in a CICD environment.
- Setup and buildAWSinfrastructure various resources, VPC EC2, S3, IAM, EBS, Security Group, Auto Scaling, and RDS in Cloud Formation.
- Worked on moving middleware applications - infrastructure (IAAS) automation onAWSEC2.
- Utilized CloudWatch to monitor resources such as EC2, CPU memory, Amazon RDS DB services, Dynamo DB tables, EBS volumes; to set alarms for notification or automated actions and to monitor logs for a better understanding and operation of the system.
- Setup DevOps system to dynamically add webservices from server using Docker, Nginx & GitLab CI.
- Created scripts for DevOps system administration andAWSusing languages such as BASH & Python.
- Working with web deployment technology specifically Linux/Nginx/Apache/Tomcat.
- Monitoring applications health through Splunk dashboard.
- Deployment & management of many servers via Ansible script, utilizing cloud providers as a direct Jira.
- Managed Build results in Jenkins and Deployed using workflows.
- Built and Deployed Java/J2EE to a web application server in an Agile continuous integration environment and automated the whole process.
- Worked on high-volume crash collecting and reporting DevOps system, built with Bash.
- Developed Processes, Tools, Automation for Jenkins based Software for Build system and delivering Java SW Builds.
- Maintain and track inventory using Jenkins and set alerts when the servers are full and need attention.
- Developed build and Deployment Scripts using ANT and MAVEN as build tools in Jenkins to move from one environment to other environments.
- Developed performance testing script for measuring application performance.
- Coordinate with Oracle DBA to tune performance of DB instances.
- Maintained and Administered GIT Source Code Tool in DevOps
- Installing, setting up & Troubleshooting Ansible scripts, created and automated Java platform environment setup.
- Setup and maintenance of automated environment using Ansible withAWS environment.
- Writing Ansible playbook scripts to automate our Java build/deployment process and do an overall process improvement to any manual processes.
- Maintained Servers and management Java application that can use to build and deployment of existing Java applications environment.
Environment: AWS, Ansible, Jenkins, Docker, Docker Swarm, Cloud Watch, EBS, EC2, Route 53, Lambda, RBS, S3, Glacier, IAM, VPC, Cloud Front, Dynamo db, GIT, Maven, Jenkins, Bash Scripting, Ansible, JIRA, Java, JUnit, Tomcat, ServiceNow, DevOps, Splunk, Nagios, Kubernetes, JSON
Confidential
System Engineer
Responsibilities:
- Worked with different Businesses, Java Application, and Infrastructure Teams to plan the migration for Separation.
- Assisted in Creating and maintaining various DevOps related tools for the team such as provisioning scripts, deployment tools, and development and staging environments onAWS.
- Involved in Designing and deployingAWSJava solutions using EC2, S3, RDS, EBS, Elastic Load Balancer, and Auto scaling groups.
- Used IAM to create new accounts, roles, and groups.
- Configured Elastic Load Balancers with EC2 Auto scaling groups.
- Created Branches, Tags for each DevOps release and particular environments using GIT and merged the branches after the Code Freeze.
- Automation of DevOps deployment process using shell script.
- Involved in the Continuous Integration of the automation framework with Jenkins.
- Written code in Perl to develop & deploy continuous test cases, in combination with CI tools like Jenkins.
- Assisted in migrating applications from Ant to Maven.
- Experience in configuring and managing Chef Cookbooks for managing DevOps deployment infrastructure.
- Used Chef to setup Continuous Delivery pipeline.
- Developed a Chef role for Zabbix-agent which will be integrated into the to the CICD pipeline.
- Performed back end testing on Oracle Database by writing SQL queries.
- Adding and granting permissions in LDAP for single sign on internal applications.
- Monitoring DevOps infrastructure using Nagios.
- Worked in maintaining integrity of Linux Servers by performing security and patching operations on a regular and planned way.
- Automate the tasks that can be automated by helping Java developers.
Environment: AWS, Chef, Jenkins, Ant, Maven, Java, XML, Python, Shell, GIT, LDAP, Nagios, SiteScope, SQL, Oracle, Splunk, Windows.
Confidential, Memphis, TN
System Engineer
Responsibilities:
- Installed, Configured & administered Oracle WebLogic Server 10.0 MP1, 10.0 MP2, 11g and Webserver Apache in Development, Test and Production Environments.
- Extensive working experience in setting up multiple domains, including machines, managed servers, node managers and cluster environments.
- Deployed Java applications (WAR, JAR and EAR) using WLST, Anthill.
- Maintained Load balancing, high availability and Fail over for the servers.
- Configured and administered Java JDBC, JMS, JNDI, objects in Weblogic Server 9.x, and 10.x.
- Installed and configured iPlanet/Apache Plug-ins for WebLogic.
- Installed and configured SiteMinder for Sunone.
- Configured and created Java JMS queues & topics, Connection Factories, Datasource, connections pools & multi connection pools.
- Extensively involved in tuning the server.
- Set up Secure Sockets Layer (SSL) communication between iPlanet & WebLogic Application Server.
- Worked on Tuning the Weblogic Application Server, Java Applications and Web Servers by changing the Heap Size parameters and tuning JVM’s Garbage Collector.
- Writing various posting scripts for log rotation, log analysis.
- Migrated WebLogic Server applications from existing version 9.2 to 10.0.
- Involved in performance tuning of Java JVM and used Garbage collection Algorithms for better performance.
- Monitor and manage the WebLogic server instances using WSLT and for the automation purpose.
- Involved in troubleshooting and fixing day-to-day problems of the Java applications in production, production-Fix and testing environments.
- Configured LDAP using directory Server for user authentication.
- Installed BEA patches using Smart Update tool and troubleshooting Java application and post- installation issues.
- Installed and Configured Wily Introscope and to monitor WebLogic servers.
- Provided 24x7 on-call support for Java production / nonproduction environments.
Environment: Red Hat Linux, Oracle WebLogic, Java/J2EE, UNIX, SVN, Bamboo, Nexus Jira, Chef, Remedy, Python, Ruby, Shell Scripts, Tomcat, Jenkins.
Confidential
System Administrator
Responsibilities:
- Monitor Unix Servers running SUN Solaris 9/10, AIX, and HP in a 24 X 7 environment.
- Managing the User and Java Application Account creations and deletions for the SUN Servers.
- Managing the File Permissions/Directories/Ownerships.
- Resetting of password for user accounts/unlock user accounts.
- Password ageing for root and other user accounts.
- Downloading/installing/removing & upgrading OS/Java app packages on Global Zone/Non-Global Zone
- Created new file systems/extending the space of existing file system/Housekeeping for the file systems.
- Mount and Unmounting file system/ Renaming the File system Mount point.
- File systems check for inconsistent file system/Modifying the default file system parameters.
- Permissions to users on UNIX servers to run cron jobs.
- Scheduling of automatic repetitive Jobs with the help of At and Cron.
- Managing NIS Server / Client Configuration & Troubleshooting.
- Configuring of AutoFS & Troubleshooting.
- Adding/Deleting of routing tables
- Troubleshooting the network issues (E.g., Traceroute, Ping, snoop).
- Coordinating with Network team to resolve the network related issues.
- Monitoring of Java System Stability and Performance using vmstat, iostat, and netstat to determine the
- System and network health.
- Troubleshooting the performance issue.
- Monitoring System Performance of Virtual memory, Managing Swap space, Disk and CPU Utilization.
- Swap Memory Management.
- Setting up the ssh and rsync for Java application deployment between development/test servers and
- Environment servers.
- Performing jump start and Flash installation.
- Building of Servers/zones. Decommissioning of the servers/Zones.
- Installation of VERITAS volume manager
- Creating of disk groups, sub disks, plexs and logical volumes.
- Creating the new VERITAS file systems/Resizing the volumes and increasing file systems.
- Moving the volumes between the Disk Groups.
- Disk mirroring O.S and RAID implementation using Solstice Disk Suite and VERITAS Volume Manager.
- Identifying the hardware errors and coordinating with the hardware vendor for replacing.
- Administering (Creating, Mount/Unmount, File System Integrity, Backup/Restore) the File Systems (UFS, NFS).
- Installing, upgrading, and removing operating systems and Java application packages and patches.