We provide IT Staff Augmentation Services!

Sr. Cloud Security Architect Resume

Bellevue, WA


  • Cloud Computing Architecture (Public, Private, and Hybrid) and Cloud Migration Strategies (AWS/GCP/Azure: Compute, Network,
  • Security, Storage, Backup & Recovery, Data Protection, Virtualization, Cloud Management - IAAS, PAAS, SAAS).
  • Cyber Security Strategies, Cyber Intelligence, Gemalto/SafeNet Encryption Key Management (KeySecure, LUNA SA HSM), Identity and Access Management (IAM), Vulnerability Assessments, Security & Compliance Audits (PCI/DSS, SOX, NIST, etc.)
  • Enterprise Mobility Management: Confidential Enterprise Mobility Management - BYOD/COPE: Mobile Device Management (MDM), MAM, MCM, and MEM.
  • Data Center Design and Consolidation: Infrastructure & Endpoint Security, Enterprise and Infrastructure Applications, Systems Management, Infrastructure Assessments.
  • Trusted Advisory Services: Enterprise Architecture Assessment, Validation, Optimization & Enhancement
  • Pre-Sales and Presentation: Strong presentation skills with a high degree of comfort speaking with executives, adept at managing stakeholders at all levels. Top-notch Pre-Sales Consulting experience as well as providing information/responding to RFI’s, RFP’s, Proposals. Strong team leadership/mentoring skills, capable of working effectively with Government and commercial customers, 3rd party and internal corporate staff organizations.


Cloud Technologies: IAAS (VPC/EC2), PAAS, SAAS.

Amazon Web Services (AWS): EC2, VPC, S3 cloud storage, AMI, EBS, Snapshots, Elastic IP, Elastic Load Balancers, AWS IAM, Security Groups, Monitoring, RDS Database Management MS SQL, MySQL, Oracle, Route 53, Storage Gateway, Cloudfront CDN, Cloud Formation Services.

Google Compute Platform: (Hybrid Cloud, Google Compute Engine, App Engine) - GCP Projects, IAM, GCDS, ADFS, Firewalls, Google InterConnect, Cloud Path, NAT Gateway, Big Query, Pub/Sub, Cloud Resource Manager, Deployment Manager, GCloud and Gsutil utilities (SDK), Cloud Storage, Applications, Middleware, StackDriver.

Office 365: SAAS - Migration strategy for Microsoft Exchange Online, SharePoint Online, Lync Online, ADFS 2.0, Office Professional Plus, Office Web Apps.

Microsoft Azure: (Private Cloud, IAAS, PAAS) - Applications, Data, Runtime, Middleware, O/S, Virtualization, Servers, Storage, Extension of On-Premise Active Directory to the Cloud.

VMware: VMware VCloud Director, Virtualization concept and management tools.

Federation and IAM: ADFS 2.0 - ADFS Proxy and Federation Servers, Identity and Access Management consulting based on Confidential 's industry leading best practices. Solutions deployed include Confidential Identity Manager, IdentityMinder, SiteMinder, CloudMinder, LDAP, Ping Identity’s PingFederate and other Advanced Authentication services. Authorities ( Confidential ) and DRM, Microsoft Forefront Identity Manager 2010.

Security Information Management (SIEM): Cyber Security Strategies, Skybox Firewall rule optimization and policy management, Confidential Security Command Center (eSCC), Enterasys SIEM/ NAC, eTrust Audit, SEOS, iTechnology, PIK, Cisco Security Tools MARS, CSM.

Web Application Optimization: MemCached/Membase Server, ElastiCache, Confidential Steelhead & Bluecoat Appliances.

Operating Systems: Cisco IOS 11 & 12, Catalyst OS, Microsoft Windows Server 2012 R2, 2008 R2, 2008, 2003, Windows 8 & 7, Windows XP, HP-UX 11, Netware 4.11, Novell SFT III Servers, BSD UNIX O/S.


Citrix Farms: XenApp Servers, NetScaler (LB/GSLB), ADNS and Access Gateways

Video Technologies: Live Streaming (Wowza and Adobe Streaming Platforms HLS, HDS, DASH), Video-on-Demand, Mediaroom IPTV, Codecs, Encoding/transcoding, Flash (.flv), Silverlight, Windows Media Video (.wmv), AVI, MPEG, Windows Media Audio (.wma).

VoIP Signaling Protocols & Components: RSVP, DiffServ, 802.1p (CoS), 802.1q, DSCP, QoS, SIP, H.323, MGCP, IAX, RTP, RTCP. Components Call Processing servers, IP PBX, Asterisk, Talkswitch, Media/VoIP Gateways, Unified Messaging platforms, IP Phones, PoE devices. VoIP Codec G.711 (A-law, u-law), G723.1, G729a, G729b.

Microsoft: Microsoft Azure, Office 365, Active Directory, Federation Services - ADFS, IPTV Mediaroom 1.2, MS Exchange Server 2010, 2007, 2003, MS ISA Server, SNA Server, MS SQL Server 2014, 2012, 2008, 2005, 2000, 7.0, SMS 2.0, Site Server 3.0 Commerce Edition, IIS 7.5, 7.0, 6.0, Microsoft FrontPage Server Extensions 2002 & 2000.

Enterprise Software/Applications: Microsoft Productivity Applications, Cisco Unity, Cisco Call Manager, Ciscoworks LMS/CSM, Confidential NSM/Unicenter Software, ArcServe, Confidential Directory, MS Office Suite 2010 and 2013, Lotus Notes 4.6 & 5.0, Lotus SmartSuite, Novell GroupWise.

LAN/WAN/MAN IBM/HP IGESM Blade Servers, HP IGESM, FEC, Protocol Analyzers, VoIP telephony devices, Next-Gen Firewalls, Juniper SG appliances, Bluecoat MACH5 & SG Proxy, VPN gateways, Cisco Nexus 5100, Cisco Routers, Cisco Catalyst 3548, 3550, 3560, 4006, 4510R, 4908, 5000, 6006, 6509 switches, Cisco CSS Content Smart Switches, F5 Load balancers, Aironet Wireless devices, 32 bit (x86) and 64 bit Servers. Server Virtualization (VMware, HyperV), Fault tolerance hardware and software implementation Stripe set with parity (RAID 5), Disk Mirroring & Duplexing (RAID 1) and RAID 0.


Confidential, Bellevue, WA

Sr. Cloud Security Architect


  • Web Application Firewall - Incapsula (Imperva)
  • VPC, Subnets, ELB, Auto Scaling, Security Groups, NACL, AWS Config
  • File Integrity Monitoring (FIM) - Tripwire Enterprise
  • Anti-virus, Anti-malware, HIDS/HIPS - Trend Micro Deep Security
  • Encryption: Data in Transit - TLS 1.2.
  • Encryption Key Management: Data-at-rest - TDE, AWS KMS, SafeNet KeySecure and AWS CloudHSM (SafeNet LUNA SA).
  • Patch Management, Vulnerability Management and Penetration Testing Strategies.
  • Fraud detection, monitoring and alerting solution.
  • Log and event forwarding (System logs, CloudWatch, CloudTrail, AWS Config), aggregation to Splunk SIEM Platform.
  • Application Performance Monitoring ( Confidential Wily, New Relic, App Dynamics)
  • Cost Optimization and Cloud Management platforms POC's.
  • Collaboration with application teams on the use of Lambda, Cloud Formation Templates (JSON), deployment orchestration, automation, and security configuration management via Jenkins and Puppet where possible.


Senior Cloud Architect


  • Consulting and Advisory Expertise for large-scale AWS and Hybrid Cloud Architecture
  • Deployment of application delivery environments
  • Managing Scope of Work for projects, Timelines and parallel work activities


Senior Enterprise Security Architect

  • Responsible for Highly Scalable IAM Solution Design, technical leadership, implementation, configuration, support, maintenance and administration of the Confidential Identity Manager Solution set for the Enterprise. Installed and upgraded Confidential Identity Manager IAM products that included: software configuration management, 3rd party software integration.
  • Worked closely with the Identity Management team to ensure proper provisioning of Confidential SiteMinder users, user account administration activities, provided on-call system monitoring support, analyzing and troubleshooting issues.
  • Provided performance monitoring and measurement support, resolved IDM environment issues. Documented installation procedures and configurations, transferred technical and operational knowledge to BoC employees prior to departure.


Senior Cloud and Enterprise Mobility Architect

  • Cloud Migration Strategy: assisted clients with Cloud migration strategy and cloud preparatory workshops. Designed Cloud Architecture including provisioning of Amazon AWS services in the Virtual Private Cloud (VPC) and EC2 Infrastructure.
  • Configuration of Auto-scaling, Application Monitoring, Ingress and Egress Security Groups, Snapshots/Image Management. Implemented EC2/VPC, S3 cloud storage, AMI, EBS, Snapshots, Elastic IP, Elastic Load Balancers, Security Groups, Monitoring, RDS Database Management: MS SQL, Route 53, Dynamo DB, Storage Gateway, Amazon Cloudfront, and Cloud Formation Services.
  • Provided Identity and Access Management related consulting services based on Confidential 's industry leading best practices to clients. Solutions include Confidential Identity Manager, IdentityMinder, SiteMinder, CloudMinder, Confidential Directory, LDAP and other Advanced Authentication services. Provided technical design guidelines and documentation that included: Solution Architecture Overview (SAO), Solutions Architecture Specification (SAS) and the Solution Run books.


Senior Solutions Architect


  • Mobile Security / Mobile Application Management (MAM)
  • Mobile E-mail Management (MEM) / Mobile Device Management (MDM)
  • Mobile Content Management / BYOD - Bring your own device
  • Integration of ADFS 2.0 (for SSO) with Cisco Identity Services Engine (ISE) and Cisco Anchor Controllers, WLC’s, Access Points for wireless access to corporate resources.


Senior Solutions Architect


  • Confidential ( Confidential ) Solution Deployment: Cisco Identity Services Engine (ISE), Mobility Services Engine (MSE) and Confidential Network Control System (NCS).
  • Cisco Wireless Design for the Enterprise (Controllers, Access Points, AD integration).
  • BYOD: Confidential MDM, Secure E-mail Gateway solution for Microsoft Exchange and Confidential ( Confidential ).
  • Multi-tiered NextGen firewall framework - (Palo Alto), Skybox Firewall rule optimization and policy management.
  • Confidential architecture, re-design, systems layout.
  • Network Access Control (NAC), Vulnerability Assessment (VA) and Penetration testing project, enhancements to Enterprise Authentication Methodology.
  • WAN Optimization and Citrix NetScaler Firmware upgrade and Replacement Project.
  • Disaster Recovery, Storage, and Backup Project.
  • IAM: Single-Sign-On / ADFS 2.0, Identity and Access Management initiative and review of Microsoft Forefront Identity Manager 2010
  • HRIS: Global HRIS Initiatives - Workday, Mobile and Follow-you printing project.
  • Service Access Management: Microsoft Azure Cloud RFI, review and vendor presentations, leads technical brainstorming sessions for Global AD federation (ADFS 2.0), SSO and future “Cloud” migration paths.
  • “Unified” Enterprise Monitoring/Management Solution: NSM, SIEM & IPS/IDS.
  • Network Infrastructure and Operating System hardening Standards.
  • Security Awareness and Initiatives.


Senior Solutions Architect

  • Cloud Migration Strategy: assisted clients with Cloud migration strategy and ADFS 2.0 planning workshops. Configured EC2, VPC, and S3 cloud storage, AMI, EBS, Snapshots, Elastic IP, Elastic Load Balancers, Security Groups, Monitoring, and RDS Database Management: MS SQL, MySQL, Oracle, Route 53, Dynamo DB, Storage Gateway, Amazon Cloudfront, and Cloud Formation
  • Identity and Access Management (IAM) related consulting services based on Confidential 's industry leading best practices to clients. Solutions include Confidential SiteMinder, CloudMinder, AuthMinder, RiskMinder, IdentityMinder LDAP and other Advanced Authentication services. Provided technical design and implementation documentation that included: Solution Architecture Overview (SAO), Solutions Architecture Specification (SAS) and the Solution Run books.
  • Infrastructure Stabilization Initiative: Corporate Network and Security upgrade project. Scalable, Disaster Recovery focused Infrastructure Design, rollout of Cisco Routers, Switches, Cisco ASA 5500 Firewalls, Cisco Security Management Tools and advanced Networking and Security technologies to improve end-to-end network security enhance performance and visibility to meet the business requirements. Worked on Server consolidation strategy for moving physical servers to HyperV 2.0 Virtualized servers.
  • Optimized network for full performance and WAN optimization support, documented all steps and staging, provided knowledge transfer to IT personnel.
  • Evaluated Cloud Computing models: SaaS, PaaS and Iaas, conducted cloud strategy sessions with the business units. Worked with SMB clients to create "Cloud Migration Strategies", streamlined archival and retrieval capabilities to realize operational efficiency, enhance productivity and eliminate manual processes (automation).


Senior Enterprise Architect/Trusted Adviser


  • Enterprise Security Architecture Blueprint: Lead team of Engineers that defined the Corporate “Unified Threat Management” Solution Strategy.
  • Enterprise Monitoring Project ( Confidential ): Confidential Solution set to provide enterprise monitoring metrics, ITSM/ITIL processes, resources/reporting management.
  • Comprehensive and Reconstructive Network Analysis: Deployed Network Instruments (NI) Confidential, taps and the Observer Management Console to monitor and gather performance data.
  • Confidential WAN Acceleration Project: Deployed Confidential Steelhead WAN Acceleration Appliances to select datacenters and branch offices.
  • Confidential Consolidation Project (WAN): WAN Consolidation initiatives, reduced data centers and consolidated a considerable number of physical servers and leveraged VMware virtualization technology.

Hire Now