Senior Cloud Engineer Resume Example SMS Data Products Group Inc.

SENIOR CLOUD ENGINEER

Professional Summary

Enthusiastic Senior Cloud Engineer/Solutions Architect, with hands-on cloud security and DevOps engineering experience, implementing several cloud technologies in Azure, AWS, Oracle and Google Cloud platforms, with more than six (6+) years of experience working as a consultant to several fortune 500 & 100 customers, managing server infrastructures, Information Security, Risk Management, Compliance, implementation/Migration and data center operations. I'm eager to contribute to your team success through hard work.

Certifications

AWS Certified Cloud Practitioner - Certified
AWS Certified Solutions Architect Associate - Certified
AWS Developer Associate - Certified
AWS Certified Security Specialty - (In-View)
Certified Scrum Master (CSM) - Certified
ITIL Foundation - Certified

Skills

Database Querying Languages; PostgreSQL, MySQL, SQL server, NOSQL/DynamoDB. Jenkins, Puppet, Chef, Terraform, Ansible. AWS Inspector, AWS Shield, Macie, Guard Duty, AWS Secret Manager, Cloud Passage, Qualys, Nessus, OpenVAS, Symantec DLP.
(IDS/IPS) SIEM (AlienVault).

Firewalls & Log Analysis, SIEM, etc.
Orchestration Services ECS, Docker Containers, Elastic Beanstalk – Amazon Web Services (EC2, EBS, S3, IAM, AMI, VPC, VPC Peering, NACL, Security Groups, Route53, Auto Scaling, ELB, SNS, Cloud Watch and Cloud Formation). Palo Alto Prisma Cloud, Dome9, Barracuda Cloud Guardian Security.

Work History

06/2019 to 06/2020

Senior Cloud EngineerSMS Data Products Group Inc. – Reston, VA

Designed security architecture processes that enable the enterprise to develop and implement secure solutions and capabilities that are in compliance with U.S. Army for AWS Gov Cloud IL5.
Designed of security next-generation firewalls, intrusion prevention systems, DDoS solutions, SSL-terminating load balancers, WAF, security groups and NACL.
Served as the Lead AWS Security Architect for SMS on the US Army Enterprise IT-as-a-Service (EITaaS) Program.
Primarily responsible for the design, build, of enterprise level platforms and infrastructure. Focusing on AWS Cloud-Native infrastructure with Microsoft Server workloads.
Built AWS CloudFormation using the Infrastructure as Code (IaC) approach. The environment was built following NIST 800-53 security guidelines, in compliance with the DoD SRG IL5 risk impact level.
Developed designs using extensive experience and knowledge of cloud service providers such as Amazon Web Services (AWS) or, Microsoft Azure/Office 365.
Provided advanced support, troubleshooting, architectural design, and management of the overall health of managed infrastructure solutions.
Security Management Working knowledge of DoD HBSS, ACAS, STIGs, and IA Vulnerability Management (IAVM).
Configured multi-account architecture, identity and access management, governance, data security, network design, and logging within provisioned AWS Landing Zones using AWS Cloud Formation.
Automated snapshot backup, stopping and starting EC2 servers using Ansible playbook I wrote.
Manually built over 300 VPCs, creating both private and public subnets, security groups, network access lists and configuring internet gateways to drive traffic to VPC.
Reviewed/Monitored entire environment and execute initiatives to reduce failures, defects, and improve overall performance.
Provided incident management support on escalated trouble tickets when necessary.
Deployed hundreds of Amazon Workspaces and App Stream 2.0 for end users due to Covid-19 work from home measures.
Deployed Palo Alto VM1 & VM2 Series Firewall in AWS, configured High Availability (HA) pair in AWS.
Deployed and configured Palo Alto Panorama Product to manage several firewall, creating a one click deployment solutions to firewalls on the network.
Designed, built, upgraded, and operated multiple cloud environments. Hands-on installation & configuration within the AWS/Azure Clouds & DoD Data Centers.
Enabled Cloud Trail log file validation so that any changes made to the log file itself after it has been delivered to the S3 bucket is trackable to ensure log file integrity.
Turned on Redshift audit logging in order to support auditing and post-incident forensic investigations for a given database.
Enabled CloudTrail log file validation so that any changes made to the log file itself after it has been delivered to the S3 bucket is trackable to ensure log file integrity.
Turned on Redshift audit logging in order to support auditing and post-incident forensic investigations for a given database.
Performed security monitoring, security event triage, and incident response; coordinate with other team members and management to document and report incidents.
Operational experience with network security appliances with a clear understanding of the architecture behind secure networks, DMZ's, NAT's, rule placement, VPN setup, and system maintenance.
Led root cause analysis, debugging, support, and postmortem analysis for security incidents and service interruptions.
Enabled Cloud Trail across all geographic regions and AWS services to prevent activity monitoring gaps.
Enabled Cloud Trail log file validation so that any changes made to the log file itself after it has been delivered to the S3 bucket is trackable to ensure log file integrity.
Enabled access logging for Cloud Trail S3 bucket so that you can track access requests and identify potentially unauthorized or unwarranted access attempts.
Assisted in the build, deploy and tune process of scalable systems that automate security event detection, response and repeatable tasks.
Kept up to date on emerging vulnerability, response, mitigation, threat landscape trends and use this knowledge to drive proactive threat monitoring.
Participated in creating innovative ways to use a wide range of security event data to advance detection methods.
Introduced, provided and reviewed architectural work in local projects in a joint approach with the local companies based on secured architecture development method
Made recommendations, gains approval, and develops implementation strategies for new technologies based on necessity.
Conducted large scale projects and research through all stages: concept formulation, definition of metrics, determination of appropriate methodology, research evaluation and final research report
Demonstrated understanding and experience with relational datasets, data warehouses, data mining and data analysis techniques.

12/2017 to 06/2019

Consultant: AWS Solutions Arch/Cloud Security EngrCapital One Bank – Reston, VA

Provided expertise to client's early adoption strategy such as end user training, evangelizing cloud solutions, bringing experience and best-practice in the AWS cloud ecosystem.
Proactively monitor resources and applications using AWS Cloud Watch including creating alarms to monitor metrics such as EBS, EC2, ELB, RDS, S3, SNS and configured notifications for the alarms generated based on events defined.
Established the appropriate monitoring and alerting of solution events related to performance, scalability, availability and reliability.
Experience in deploying and monitoring applications on various platforms using Elastic Beanstalk, setting up the life cycle policies to back the data from AWS S3 to AWS Glacier.
Worked on infrastructure with Docker containerization.
Strong Knowledge creating ANT/ MAVEN with Puppet build script for Deployment.
Expertise in Docker containerized environment, hosting web servers on containers, building docker images using Docker file.
Provisioned AWS Landing Zones to create a customized baseline of AWS accounts, networks, and security policies.
Configured multi-account architecture, identity and access management, governance, data security, network design, and logging within provisioned AWS Landing Zones.
AWS – built VPCs from scratch, creating private and public sub-nets, creating security groups and network access lists, configuring internet gateways, OpenVPN, creating AMI, understanding of user access management/role based access/multi factor authentication and API access, configuration of auto scaling and elastic load balancer for scaling services, configuration of SNS to send notifications and Cloud Watch to collect logs and metrics.
Worked with engineers and development teams to ensure that architecture solutions are compliant with security frameworks, such as NIST, FedRAMP, ISO 27001/27002, PCI, etc.
Designed and contributed to security architecture processes that enable the enterprise to develop and implement secure solutions and capabilities that are clearly aligned with the business, technology, and threat drivers
Participated in application and infrastructure projects and other business initiatives to provide security-planning guidance with the following drivers: reduce risk, protect business applications while ensuring the highest level of data and infrastructure (endpoints, servers, networks, data center, cloud) security
Reviewed and evaluated current access routes, sites, vendor integration points, and security platform v integrations; recommended improvements and develop corrective strategies to improve security prior to implementation
Assisted with designed and security oversight of next-generation firewalls, intrusion prevention systems, DDoS solutions, SSL-terminating load balancers, WAF, security groups and NACL
Recommended and managed transmission protection requirements for all environments (systems, applications, containers, etc.) such as VPC peering best practices, SSL certificate management, key pairs, etc.
Performed security monitoring, security event triage, and incident response; coordinate with other team members and management to document and report incidents.
Participated in deep architectural discussions to build confidence and ensure customer success when building new and migrating existing applications, software and services on AWS platform.
Technical liaison between the customer's service engineering & support teams.
Create a case to increase AWS Workspaces to 150 for a customer and Deployed all 120 Workspaces for customer's end users offshore and nearshore in Mexico.
Presentation skills with a high degree of comfort speaking with executives, IT Management, and developers; strong communication skills with an ability to right level conversations.
Architecting/operating solutions built on AWS Platform; Deployed Palo Alto, F5, Aviatrix Transit Gateway boxes and configured boxes with customer's requirements.
Experienced with "on-premise to cloud" migrations and IT transformations with the aid of AWS solutions.
Designed and implemented monitoring and protection capabilities to help identify and protect against DoS attacks, MITM, EC2 instance compromise, secret compromise, etc.
Developed tactical response procedures for security incidents
Performed security monitoring, security event triage, and incident response; coordinate with other team members and management to document and report incidents.
Operational experience with network security appliances with a clear understanding of the architecture behind secure networks, DMZ's, NAT's, rule placement, VPN setup, and system maintenance.
Led root cause analysis, debugging, support, and postmortem analysis for security incidents and service interruptions.
Enabled Cloud Trail across all geographic regions and AWS services to prevent activity monitoring gaps.
Enabled Cloud Trail log file validation so that any changes made to the log file itself after it has been delivered to the S3 bucket is trackable to ensure log file integrity.
Enabled access logging for Cloud Trail S3 bucket so that you can track access requests and identify potentially unauthorized or unwarranted access attempts.

01/2015 to 11/2017

Consultant; Solutions Architect/Cloud EngineerWalgreens – Deerfield, IL

Designed and implemented system security and data assurance
Hands-on experience writing Production-ready automation code to implement solutions with Puppet, Ansible, CloudFormation or similar - e.g.: Chef, Terraform.
Experience in building applications of various architecture styles like Micro-services architecture consisting of Restful web services and Docker container based deployments.
Configured Docker container for branching purposes.
Strong interpersonal, organizational, and communication skills with the ability to work effectively across internal and external organizations and virtual teams.
Proven experience in systems and cloud network design and development.
Deployed Docker Engines in Virtualized Platforms for containerization of multiple apps.
Strong understanding of information processing principles and practices.
In-depth technical knowledge of networks, storage systems and computing platforms including Amazon AWS, .NET, Windows, and CI/CD pipelines.
As a last line of defense against a compromised account, I ensured all IAM users have multi-factor authentication activated for their individual accounts, and limited the number of IAM users with administrative privileges.
Rotated IAM access keys regularly and standardize on a selected number of days for password expiration to ensure that data cannot be accessed with a potential lost or stolen key.
Turned on Redshift audit logging in order to support auditing and post-incident forensic investigations for a given database.
Encrypted data stored in EBS as an added layer of security.
Encrypted Amazon RDS as an added layer of security.
Enabled required ssl parameter in all Redshift clusters to minimize the risk of man-in-the-middle attack.
Restricted access to RDS instances to decrease the risk of malicious activities such as brute force attacks, SQL injections, or DoS attacks.
Encrypted highly sensitive data such as protected health information (PHI) or personally identifiable information (PII) using customer-controlled keys.
Granted the fewest privileges possible for application users.
Involved IT security teams throughout the application development lifecycle.
Inventoried and categorized all existing custom applications deployed in AWS.
Assisted with designed and security oversight of next-generation firewalls, intrusion prevention systems, DDoS solutions, SSL-terminating load balancers, WAF, security groups and NACL
Recommended and managed transmission protection requirements for all environments (systems, applications, containers, etc.) such as VPC peering best practices, SSL certificate management, key pairs, etc.
Created functional design specifications, Azure reference architectures, and assist with other project deliverables as needed.
Provided recommendations with respect to cloud migrations and prepare technical implementation roadmaps for Azure adoption.
Designed state-of-the-art technical solutions on Azure that address customers requirements for scalability, reliability, security, and performance and leverage existing investments in Azure/MS platforms.
Configuration and deployment experience in two of the following: Azure PaaS technologies, Azure apps technologies such as AzureSQL, Azure Tables, Cache, SQL Server DW, Azure AD etc., Azure IaaS Technologies such as VMs, Virtual networks, Express Routes, Standard/Premium storage etc.
Firm grasp on cloud security, leveraging Windows operating systems, Active Directory, AD integration.
Well versed in designing and building Azure solutions that include high availability, multi-region and multi-set architectures using virtual networks, availability sets and affinity groups.
Familiar with infrastructure as code, specifically Terraform and Azure Resource Manager.

07/2012 to 12/2013

Consultant; Information Security EngineerNike, Inc – Beaverton, OR

Created incident response processes, procedures and maintained security documentation.
Worked with the client to ensure that the respective business, application, data and technology perspectives are in line with the organization's technology and governance strategies, policies and standards.
Established and maintained disaster recovery procedures for current and new technologies.
Reviewed and identified vulnerabilities while creating and analyzing metrics on the state of the system.
Demonstrated experience working with senior management on highly sensitive projects that require the utmost discretion and maintaining strict confidentiality on all data, records, and tasks as required.
Conducted assessments of threats and vulnerabilities; determines deviations from acceptable configurations, enterprise and local policy; assessed the level of risk; developed and recommended appropriate mitigation countermeasures in operational and non-operational situations.
Performed assessments of systems and networks within the network environment and enclave, identified where those systems/networks deviates from acceptable configurations, enclave policy, or local policy.
Measured effectiveness of defense-in-depth architecture against known vulnerabilities.

Education

Expected in 12/2020

Bachelor of Science: Cloud System Administration
Western Governors University - Online

06/2019

Certificate of Completion: Cloud Security Architecture And Operations
SANS INSTITUTE - Washington, DC

Resume Overview

Companies Worked For:

SMS Data Products Group Inc.
Capital One Bank
Walgreens
Nike, Inc

School Attended

Western Governors University
SANS INSTITUTE

Job Titles Held:

Senior Cloud Engineer
Consultant: AWS Solutions Arch/Cloud Security Engr
Consultant; Solutions Architect/Cloud Engineer
Consultant; Information Security Engineer

Degrees

Bachelor of Science : Cloud System Administration
Certificate of Completion : Cloud Security Architecture And Operations

Senior Cloud Engineer Resume Example

Resume Score: 80%

Resume Overview

Create a job alert for [job role title] at [location].

Similar Resumes