SUMMARY:

• AWS Certified Solution Architect - Professional and DevOps Engineer-Professional
• Overall 17+ years of experience in prepping servers, monitoring, maintaining in heterogeneous environment including AWS cloud
• 12+ years of extensive experience as a System Administrator in various flavors of Linux operating systems including Debian, Ubuntu, RedHat, CentOS
• Professional experience designing and deploying scalable, highly available, and fault tolerant infrastructure and application architect on AWS Cloud
• Working experience with asset configuration and management, logical access control, data encryption, network configuration and management and security logging and monitoring in AWS environment.
• Expert level knowledge and hands on experience in AWS resources including VPC, IPSec VPN, EC2, S3, EBS, ELB, Autoscaling, CloudWatch, CloudTrail, CloudFront, WAF, KMS, EMR, Data Pipeliine, ElastiCache, SES, SNS, SQS, WorkFlow, RDS, Redshift, Glacier, Route 53, IAM, STS, Lambda etc.
• Ability to effectively address data security concepts in public cloud as it relates to customer needs including an in depth understanding of Federated Security/Single Sign On, AWS IAM and Encryption.
• Expertise in DevOps automation, continuous integration, and scripting abilities specifically with Chef, Jenkins, Bamboo, AWS CLI and shell scripts.
• Ability to work closely with business to understand and in corporate non-functional requirements in the application architecture
• Broad knowledge in systems monitoring, alerting and analytics
• Design and deploy reliable, secure, efficient, and cost-effective systems in the cloud

TECHNICAL SKILLS:

Operating systems: RedHat, Debian, Ubuntu, CentOS, Mac OS X OS/2, DOS, Windows (NT, 95, 98, 2000, 2003, XP, Vista, Win7).

Applications: Apache, Nginx, DNS (bind), Exim, Sendmail, SMTP, FTP (vsftp, proftp, tftp), SSH, DHCP, IPTABLES, Squid, Samba etc.

Database Platform: MySQL Database Administration - maintenance, performance tuning, security, backup and recovery. RedShift administration and maintenance

Languages: Bash Scripting

Proxy servers: Squid, Wingate, Winproxy

Web Filtering: Squid, iptables, FortiNet

Firewall configuration: NAT, Masquerade, iptables, FortiNet UTM

Mail SMTP: Sendmail, Exim, Qmail, AWS SES, AWS WorkMail

POP3/IMAP: pop3d, courier.

Security: Snort, nmap, SSH, SSL, TCP Wrappers, ClamAV, McAfee

Network Data Backups: NFS, Samba, Rsync, rsnapshot, tar etc.

File Sharing: Samba, NFS, FTP, TFTP, SFTP, WinSCP, Windows File Server, AWS EFS

Virtualization/Cloud Compting: VMWare ESXi 4.0 Server, AWS

Directory Services: OpenLDAP, FreeRADIUS, Samba

Other OpenSource Softwares: phpBB, MRBS, BugZilla, Confluence Wiki, GLPI, OpenVPN etc.

Monitoring and Alerting: Nagios, Cacti, MRTG, OPManager, NetFlow Analyzer, Webmetrics, Alertbot, AWS CloudWatch

Networking: Ethernet Networking, TCP/IP, HTTP, SMTP, NFS, TFTP, SMB, IPX,AppleTalk, AWS VPC Working experience in managing Linux Servers on HP Proliant Servers M100 G5, DL380 G6, HP DL585 6G

Remote Admin: VNC, Remote Desktop, Remote Admin, PCAnywhere, Putty

Continues Deployment: Bamboo, Jenkins

Repositories: SVN, Git, Bitbucket

Configuration Management: Chef, AWS OpsWorks

PROFESSIONAL EXPERIENCE:

Confidential, New York

Sr. Technical Infrastructure Architect

Responsibilities:

• Played key role in migrating the existing on-premise applications to AWS VPC.
• Responsible for asset configuration and management, logical access control, data encryption, network configuration and management and security logging and monitoring in AWS environment.
• Responsible for building VPC in US and EU region on AWS with complete security at multiple level using Security Groups, NACLs, WAF.
• Responsible for creating Well-Architected Application on AWS using Autoscaling, SQS, SNS, ELB, Caching and database layer as necessary.
• Design and deploy reliable, secure, efficient, and cost-effective systems in the cloud
• Created an AWS Identity and Access Management role for specific privileged user with cross-account access to resources in AnnalectAssets AWS Account.
• AWS resource tagging to identify and categories resources by function, environment, project, platform criteria.
• Built-out fault-tolerant NAT Instances (for routing outbound traffic from EC2 instances in private subnets) using custom monitoring and bootstrap script that update route table programatically.
• Setup and managed in-house NAS using SAMBA on Ubuntu platform
• Configured Highly Available AWS S3 endpoint and NAT gateway
• Setup automated processes to download data from sFTP and sync to AWS S3.
• Created CloudFormation templates to buildout new server or application stack with RDS, Autoscaling
• Responsible for Configuring, Managing, Administering and Securing AWS VPC network and all AWS Resources and also maintaining cloud applications.
• Responsible for managing hosted GlobalScape FTP and OpenVPN and hosted bitbucket repository.
• Working closely with PMO, Developers and QA team from building the infrastructure and application troubleshooting.
• Developing Cloud Formation Scripts for AWS Orchestration, Python
• Design high availability applications on AWS across availability zones and availability regions
• Design applications on AWS taking advantage of disaster recovery design guidelines
• Configuration management and automation with Chef, Python, and Boto
• Extensively worked on migrating applications like PHP, Python, .Net etc from on-premise data centre to AWS Cloud
• Technical point of contact to plan, debug and navigate the operational challenges of cloud computing.
• Experience in using AWS SDK, Boto, Python, AWS CLI
• Setting up environments for migrating the workloads, which includes setup of Git repository, Bamboo server and database.
• Extensively worked in setting up the AWS VPC, IPSec VPN tunnel and OpenSWAN Software tunnel connecting EU and US VPC securely.
• Setup of Cloud Watch alarms, setting up CloudTrail, creating cloud formation templates, creating S3 buckets
• Responsible for creating DNS records, migrating from other domains and DNS cut over
• Automated several operations using bash script on Bamboo
• Responsible for deploying SSL Certs across AWS ELB and CloudFront
• Setting up Autoscaling for an application using bootstrap scripts taking care of updating code and environment specific configuration files (from s3) on server
• Created Data Pipeline Definition templates and configured scheduled data pipeline jobs on AWS for plportal (annalect gateway) application
• Setup CloudFormation template to launch EC2 instance with and w/o other layers like autoscaling, ELB and RDS
• Responsible for rolling out WAF, front-end to CloudFront in order to mitigate vulnerabilities and to protect application from DDoS and Layer 7 attacks.
• Responsible for setting up, configure and maintain Tableau Platform
• Setting up RedShift cluster and manage the access.
• Responsible for setting up 3-node MongoDB Cluster on AWS VPC.
• Configured MySQL, MongoDB Backup and Restore script and automated backup via Bamboo.
• Configured CloudWatch Alarms with Performance Metrics and other Custom metrics (load, memory) for EC2, RDS, RedShift, ELB etc.
• Created the hardening script and automated the hardening process with CloudFromation template.
• Implemented SAML2.0 federated user access to AWS Management Console Login with ADFS
• Setup resources groups, metrics and alerts on Loggly
• Automated the process of transcoding mp4 videos (P&G) to hls format using AWS ElasticTranscode, Lambda, S3 and SNS
• Setup and Manage Marathon Cluster with Mesos, Chronos and Zookeeper
• Automating the manual tasks for routine jobs and deployment process.
• Moving all the scheduled cron type tasks on centralize Bamboo Server including cron jobs running on Utility Server
• Review, fix the security loop holes and apply security at all layers following the AWS’s Trusted Advisor.
• Automating responses to security events for CloudTrail, AWS Config, TrendMicro etc by using required metrics and setting up alert on loggly.
• Maintaining performance efficiency for applications.
• Review Backup Process and validate the Backup Restoration time to time.
• Configuring build plans on Bamboo in order to automate the deployment process.
• Understand the DR strategy and determine the fault-tolerant architecture employed for Annalect’s critical assets.
• Configured aggregation of CloudTrail logs across AWS accounts and region into singe S3 bucket to perform security analysis, track changes to AWS resources, troubleshoot operational issues and to demonstrate compliance with internal policies and regulatory standards.
• Automated log handling process with AWS Lambda for blacklisting bad IPs in AWS WAF
• Working on Data Encryption (Client-Side and Server-Side) and Key management securing data at rest and in transit for data in S3, EBS, RDS, RedShift etc.
• Storage configuration understanding data characteristics and workload demand
• Responsible for setting up SNS notifications for multiple system events.
• Managing multiple resources and tags on AWS VPC
• Following AWS Trusted Advisor recommendation for optimizing cost, improving systems performance, and closing security gaps.
• Working on resource management of security-related and cost-related items using AWS Config (to determine the current configuration, understanding of the configuration change history, monitor configuration changes) for security analysis, audit compliance, change management, troubleshooting and discovery of resources.
• Review and analysis Network ACLs and Security Groups time to time.
• Automated EBS snapshots job (daily and monthly) based on TAG on EBS volume using AWS-CLI tool
• Responsible for controlling access to AWS resources using AWS IAM, MFA, Cross-Account policy
• Responsible for configuring CloudFront (CDN) with adequate path patterns following best practices for caching objects based on cookies/header forwarding settings.
• Responsible for setting up autoscaling for an web application and processing server layer.
• Following best practices to protect against potential DDoS attacks such as SYN flood, UDP flood, HTTP GET flood by using WAF, NACLs, Security Groups, ELB, CloudFront, CloudWatch, TrendMicro Deep Security etc
• Responsible for implementing WAF for protection against the OWASP Top 10 web application vulnerabilities and also rate limiting and blacklisting of know bad actors automatically by using Lambda function.
• Created CloudWatch alarms that taking care of EC2 Auto Recovery and Auto Reboot for instances that failing System Status Check and Instance Status Check.
• Responsible for evaluating architectures using a consistent set of principles
• Overall support for an application built on cloud including spinning up new instances.
• Diagnose and drive problems and issues to resolution.
• Setting up HTTP security headers across all application protecting against certain type of attacks

Sr. Web & System Administrator

Responsibilities:

• Responsible for Configuring, Managing & Administering overall VPCs, EC2, RDS, CloudFront, CloudWatch. S3, ELB and also providing applications support for deployment with Chef on AWS Cloud.
• Implemented OpenVPN solution to connect remote users to AWS VPC and on-premise DC, responsible for administering and maintaining it at all.
• Responsible for managing hosted OpsCode Chef account and deploying application using Chef cookbooks/recipies.
• Responsible for managing and controlling users (internal and external vendors) access on hosted Bitbucket Repository.
• Overall support for an application built on cloud including spinning up new instances with chef and further code deployment and configuration update with chef recipes.
• Working closely with PMO, Developers and QA team from building the infrastructure till code deployment and application troubleshooting.

Linux Administrator

Responsibilities:

• Working on LAMP stack on CentOS platform.
• Responsible for implementing, maintaining EC2 instances (CentOS), Autoscaling, Cloudwatch, ELB, EIP and SES solutions
• Redesigned and implemented Nagios/Cacti setup for monitoring servers and applications, configured sites and url monitoring with Alertbot and Webmetrics.
• Assisting developers for deploying drupal sites codes throught subverion in Dev, Staging and Prod environment.
• Configured Hudson server with Apache Tomcat.

System and Network Administrator

Responsibilities:

• Implemented security standards for linux servers infrastructure including build standard as weill as regular testing of the environment and monitoring using Nessus, SNORT, Tripwire, nmap etc
• Responsible for LAN, WLAN and WAN network operations, database and systems backup and network security at ESPNCricinfo.
• Played key role in deployment of IT infrastructure across ESPNCricinfo office, deployed most of the network services on Linux platform including DNS, DHCP, Samba, Squid, ftp, smtp, nfs, OpenLDAP, FreeRadius etc..
• Maintained and enhanced IT infrastructure, involving design, implementation, and migration.
• Played key roll in Disney SAP implementation at ESPNCricinfo to facilitate SAP Server access to all employees using SAPgui and Citrix Metaframe.
• Performed software installation, upgrades/patches, troubleshooting, and maintenance on Linux servers at office network as well as UK Datacentre.
• Administered and maintained Apache, Exim, PHP, DNS(bind), MySQL across ESPNCricinfo Servers.
• Successfully configured "Load balancing Apache Virtual Hosting Cluster Server Setup" on two HP x86 Servers and migrated workload of LAMP, tomcat, phpBB forums from older to newer server.
• Setup Apache Virtual Hosts with Round-Robin DNS Load balancing in production e.g. Espn.com.au, quiz.cricinfo.com, feedback.cricinfo.com, forums.scrum.com, forums.soccernet.com, feedsuk.cricinfo.com
• Setup and configured Squid, SSH, FTP (proftp), DHCP, NFS, SAMBA, FileServer across network.
• Installed and maintained openLDAP and FreeRadius Server with integration for VPN and Intranet Servers authentication.
• Configured IPTABLES across Cricinfo Servers to enhance server security.
• Proactively monitored Cricinfo production, Dev servers and Network resources with Nagios.
• Managed Wiki, BugZilla, Confluece Wiki, Subversion (SVN).
• Active member of “ESPNCricinfo Maint” team to establish and maintains user accounts, profiles, access privileges for users, files and folders and security.
• Configured and maintained phpBB forums for ESPNscrum and ESPNsoccernet.
• Responsible for providing feeds to client by creating authenticated url over cricinfo feeds server as and when required.
• Designed, developed, and implemented automated backup and restoration procedures for filesystem, SVN and MySQL databases in real time.
• Worked closely with Software Engineering and Application Support to isolate and repair problems as well as help drive the operational enhancements into the products on Linux platform.
• Monitored and managed ESPNCricinfo Mail Server (Exim based); managed Cricinfo DNS server for creating and updating zones and records.
• Setup and managed ntop for monitoring network traffic, MRTG for bandwidth montioring and nagios/cacti for servers and network devices monitoring.
• Experience with open source tools, configured and managed bugzilla, confluence wiki, mrbs, glpi, phpBB etc.
• Deployed, maintained Vmware ESXi 4.1 at ESPNCricinfo, Bangalore office and successfully consolidated 15 existing physical systems/servers to virtual and also deployed new servers.