SUMMARY

• 9+ years of overall experience in IT.
• 7+ years of experience working as a Cloud Security Engineer, AWS Infrastructure Engineer.
• Worked on Enterprise Users Single Sign On through browser and through services with third party application hosted in enterprise or cloud using Active Directory Federation Services.
• Designed, Configured, and managed public/private cloud infrastructures utilizing Amazon Web Services (AWS) including EC2, Auto - Scaling, AWS Config, Shield, Firewall, Audit Manager, Cognito, Elastic Load Balancer, S3, Cloud Front, RDS, VPC, Route53, Cloud Watch, Cloud Formation, IAM, Lambda, EBS, RDS, SNS, SQS.
• In-depth knowledge of Cloud Computing Strategies (IaaS, PaaS, SaaS) & building, deploying in and maintaining the cloud environment.
• Strong knowledge of AWS Lambda, Amazon Simple Queue Service (Amazon SQS), Amazon Simple Notification Service (Amazon SNS), and Amazon Simple Workflow Service (Amazon SWF)
• Strong knowledge with Web Services, API Gateways and application integration development and design.
• In-Depth Knowledge with IAM principals (Users, Groups, Roles, Policies), Provided Delegation of Access between accounts using STS Assume Role Tokens Following hub and Spoke Model.
• Configured and supported SAML 2.0 with various partners to create SSO/FEDERATION between our Identity Provider Landing page and Service Provider's Applications
• Has experience in bash and python scripting with focus on DevOps tools, CI/CD and AWS Cloud Architecture and Azure Infrastructure Deployment.
• Created and wrote shell scripts (Bash), Ruby, Python and PowerShell for automating tasks. Administered tasks like taking backups, expanding file system disk space, creating NFS mounts.
• Experience with Subversion Control, Build, Configuration Management tools like GIT, MAVEN, CHEF, DOCKER, ANSIBLE, and Integration & Monitoring tools like JENKINS and Unix, Linux, and Windows Environment.
• Experience with Azure in infrastructure support, systems architecture, Integration, automation and middleware planning, implementation, performance, and support across distributed and mainframe platforms.
• Working with Route 53, DNS failover and setting up Latency based routing, weighted routing policies. Worked with scripting Automation for JavaScript, Linux/Unix, Python, Perl, Bash, Ruby.
• Experience with Tools like Jira, Confluence, Slack, Federation Services like Identity provider and Service provider for Single sign on with SAML 2.0 Authentication.

PROFESSIONAL EXPERIENCE

Senior Cloud Security Engineer

Confidential

Responsibilities:

• Designed the Federation Architecture with Hub and Spoke model using the SAML authentication for Single Sign On (SSO).
• Used API Gateway to establish communication from Jira server hosted in On Premise to trigger AWS lambda functions deployed in AWS cloud and automated creation of IAM Roles.
• UsedAWS InspectorandGuard Dutyto perform Port scanning and perform recommended patches accordingly. Also providesDLP (Data Loss Prevention)Solutions to Enterprise.
• Integrated third party SIEM tools like JupiterOne and Threat Stack tools with AWS to provide 24/7 monitoring and alerting and as part of this integration used SQS to send the notifications from cloud trail and then to the SIEM tools.
• Created and managed AWS IAM roles through automation using Terraform to integrate into infrastructure.
• Enabled AWS Shield and AWS Network Firewall to safeguard the applications security from DDoS attacks.
• Enabled and utilized AWS Trusted Advisor to inspect accounts and provide reporting and remediation recommendations.
• Used AWS Cognito for data synchronization and allow users to sign in.
• Automated Security Baselines for S3 buckets such as setting up bucket ACLs, Enabling Public Block Access and using bucket policies to provide least privilege.
• Identify internal and external threats or vulnerabilities and remediate security.
• Performs information security incident response and incident handling based on risk categorization and in accordance with established procedures (Detection, Triage, Incident analysis, Remediation and Reporting).
• Ensure governance and compliance to published Information Security policies and standards.
• Articulated audit findings, risks, and detailed recommendations to upper management.
• Supported management through risk identification, control testing and process improvement procedures.
• Implemented company policies, technical procedures and standards for preserving the integrity and security of data, reports and access.
• Managing, provisioning, Application Deployment & Multi-Tier Orchestration using Ansible automation.
• Used AWS Audit Manager to performance audits on industry frameworks SOC2, HIPAA, NIST.
• Deployed Domain Controller Servers in Dev, Test and prod through automation using Ansible playbooks.
• DevelopedSecurity Patternsand controls For AWS to Enforce (Automate) Security on the AWS Services that Enterprise Uses. This Security Patterns are compliance ofNIST, CIS Benchmarks (Center for Internet Security)and custom standards and AWS Best practices.
• Created Active Directory (AD) groups as part of the Federation for the Single Sign On (SSO) using SAML Authentication between the Identity provider and Service Provider (AWS).
• Audit and Review the user Policy’s in all Enterprise AWS Accounts to provide the Least- Privilege via Roles and Policy’s.
• Worked with Incident Response Team to develop an incident plan for Authentication response Failure. Provisioned Identities using IAM solution OKTA for Enterprise.
• Identifies regulatory changes that will affect information security policy, standards and procedures and recommends appropriate changes.
• Develops and implements security standards, procedures, and guidelines for multiple platforms and diverse systems environments (e.g., corporate, distributed and client server systems).

ENVIRONMENT: AWS IAM, Inspector, Guard Duty, Active Directory, Shield, Security Hub, Trusted Advisor, EC2, S3, CloudWatch, VPC, Lambda, SNS, SQS, API Gateways, Terraform, Ansible, Ansible Tower, Splunk, Jira, Confluence, Slack, Federation Identities.

Cloud Security Engineer

Confidential - Chantilly, VA

Responsibilities:

• Extensive Experience working with Jira for creating Projects, Workflows and User access Management.
• Streamline the Process of Access Management, Threat Detection, Remediation Pipeline, Automation Detection.
• Automated Communication channels through notifications service’s like SNS and SES.
• Used Simple Email Service (SES) as part of building automation pipelines to notify security team whenever there is a bucket uploaded without a Block public access enabled/ Bucket given public access or data uploaded to S3 buckets is unencrypted.
• Installed CloudWatch agent on EC2 servers and used SNS service to notify Slack channel for server downtime or utilization increases more the 80 percent CPU.
• Understanding of the NIST Cybersecurity Framework (CSF)
• Experience working with different security and monitoring tools like Jupiter One, Threat Stack, StrongDM to automate and remediate security vulnerabilities to Cloud Infrastructure.
• Experience in performing and/or participating in technical assessments in direct support of a major compliance effort (e.g. SOC1, SOC 2, HITRUST, HIPAA, PCI, or ISO)
• Working with different scripting languages like Python, Groovy script and Terraform for automation.
• Used AWS Config to Analyze the Cloud infrastructure and build Auto Remediation for configuration drifts that are out of compliance.
• Exercised implementing Tagging resources in AWS Accounts and used these tags for auditing, cost exploration and security remediate actions.
• Used IAM Access Analyzer for access management and to identify the resources with elevated privileges.
• Developed Automation Pipeline in AWS to Remediate Security incidents using different AWS services like AWS lambda, cloud watch, cloud trail and scripting like python and groovy script.
• Used AWS Macie to Analyze PHI/PII data in S3 buckets and write custom quires to enable visibility into the resources that have access to the privileged buckets.
• Applied Industry Standards like CIS Benchmarks, NIST, HIPAA and OWASP Top 10 to Implement security in AWS Cloud
• Used Amazon Detective for security investigation and analysis, used this service mostly to identify un-authorized access, abnormal behavior like too Many requests from same API, console/API access from unexpected location, API call during midnights.

AWS Infrastructure Engineer

Confidential - Richmond, Virginia

Responsibilities:

• Automated Lambda Functions using Python that can Fetch AWS Services, Actions from AWS Web pages and Create Policy templates to use as part of the Pipeline.
• Automated Pipeline of Role Creation that are used as Service Roles for Cross-Account access.
• Created Step Functions as part of Role Automation to Read JIRA Input and Fetch Pre-Generated Policies from S3 bucket.
• Created JIRA Page that is used a Frontend page for requesting Role Creation. This Page helps users to raise tickets and initiate the role Creation Pipeline once Ticket is submitted.
• Automated fetching of IAM policies and JIRA Input from user using Lambda functions and Step Functions.
• Implemented Service Control Polices to Enforce Least Privilege on Identities and Control Tower is used to automate Creation of Landing Zone and Child Accounts
• Automated CI/CD pipeline using Code Commit, Code Build, Code Deploy and Code Pipeline. This pipeline will initiate Creation of Role when users submits role JIRA Ticket.
• Created MySQL Database tables that are used as JIRA Backend to fetch the AWS Services, App ID’s, and AWS Account Numbers.
• Created Role’s using the Pre-Generated IAM Policy Templates based on the JIRA Input.
• Configured Cloud Watch to monitor the Role creation and alerts whenever a new role is created.
• Identifies regulatory changes that will affect Information Security Policy, standards and procedures and recommends appropriate changes.
• Used Divvy Cloud and Splunk to achieve Compliance and Industry Standards. Followed NIST, HIPAA and Hi Trust Compliance.
• Used AWS Config to implement Custom and Pre-defined Rules to Achieve Data Privacy and Remediate on Critical issues that are observed.
• Created Cloud Formation Stack’s Based on JIRA Input and Pre-Generated Policies that are used for Role creation and This Stacks will be used for Future Role Provision Comparison.
• Used Guard Duty and AWS Inspector to Scan the infrastructure and Recommend on Findings on Infrastructure Network.

ENVIRONMENT: EC2, S3, IAM, Step Functions, Lambda Functions, MySQL, Code Commit, Code Deploy, Code Pipeline, Python, Java.

Software Developer

Confidential

Responsibilities:

• Design and development of WINDOWS applications using C# 4.0, AngularJS, .NET MVC 4.0, ADO.NET, XML, AJAX, LINQ and SQLServer2012.
• Worked on a Windows 98 PDA retailer app which is used to get product details when a barcode is scanned by the PDA.
• Worked on complete Agile Scrum methodology and User Interface web development in accordance with requirement.
• Designed and developed web pages using HTML, XHTML, CSS, and jQuery, AngularJS.
• Worked with business system analysts to understand the requirements to ensure that right set of UI modules been built.
• Maintaining the dynamic and secure websites and web-based applications, including widgets, and templates.
• Built the Responsive Web pages using Bootstrap and Media queries to support various kinds of devices.
• Designed the front-end applications, user interactive (UI) web pages using web technologies likeHTML5 and CSS3.
• Worked on CSS Background, CSS Positioning, CSS Text, CSS Border, Pseudo classes, Pseudo elements etc.
• Made enhancements to existing CSS and DIV tags, made upgrades using Twitter Bootstrap model.
• Used advanced level of jQuery, AJAX, AngularJS, Bootstrap, and CSS layouts.
• Implemented Presentation layer using CSS Framework, AngularJS, Wire-framing, and HTML5.
• Developed data formatted web applications and deploy the script using client-side scripting using.
• Developed Single Page Application (SPA) using Angular JS Framework.
• Developed Web Application to replace the existing and legacy Website using Angular JS Framework.
• Develop, install, and configure the applications in the PDA.

Web Developer

Confidential

Responsibilities:

• Design and development of web application using JavaScript, jQuery, HTML, CSS and SQL Server 2010/2008
• Responsible for testing, troubleshooting the technical issues and fixing the bugs.
• Work with the business analysts to analyze the requirements.
• Involvement in complete software development lifecycle of the project.
• Write TSQL queries and create indexes on SQL tables.
• Interact with the client for requirements gathering, enhancing the product and provide necessary assistance during the user acceptance testing.
• Developed programs to port the xml data to the database to make the website XML driven.
• Story board design and multiple role web authentication.
• Worked with CSS Selectors, classes, pseudo classes, and Inheritance and cascade concepts.
• Used CSS to embed the online videos for product introduction.
• Implemented Caching, Session State, and Cookie Management, view state, POST and GET techniques.
• Profound Knowledge in Document Object Model (DOM) and DOM functions.
• Worked with several jQuery plugins to make Rich Internet Applications to look intuitive.
• Built dynamic e-mails by using HTML, XHTML, CSS and JavaScript.
• Used AJAX, JSON along with jQuery to request data and response processing.
• Usage of Dependency Injection, DOM manipulation, Directive and Module design.
• Involved in peer-to-peer code reviews and functional testing.