AMULYA.

T
[email protected]|+1 908-986-0061

Professional Summary:

Results-driven Sr Cloud Security Engineer/AWS Security Engineer/IAM Security

Engineer professional with notable success in planning, analysis, and implementation of
security initiatives in the cloud. Strengths in providing comprehensive management of
server infrastructures and data center operations. Implementing upgradable, scalable,
Hyper-converged infrastructure helping clients achieve business agility, scalability, high
availability, and flexibility while providing strong AWS ecosystem expertise and building
bridges between other teams. Deployed OpenVPN into EKS with self-service ca
certification authority using corporate central authentication. Motivated and passionate
DevOps engineer focusing on AWS,Using EC2 , Lambda and K8S,experienced with
cloud service(Cloudfront/ALB/EC2/S3)

Configured and implemented Okta Identity and Access Management (IAM) solutions to
manage user authentication, authorization, and single sign-on (SSO) across multiple
applications.Developed custom Okta integrations using the Okta API and SDK to automate
user provisioning and de-provisioning processes.

Experience with migrating Windows VMs; able to assess Vmware environment and
identify remediation issues; managing day-to-day of vCenter, vCloud, vSphere, and
vRealize suite enterprise for hybrid cloud environment

Certifications

 AWS Cloud Practitioner – Certified

 AWS Certified Developer Associates - Certified
 AWS Certified Solutions Architect - Certified

Skills:

Amazon Web Services (EC2, K8S,EBS,ALB, S3, IAM, Permission Boundaries, AMI, VPC,
VPC Peering, NACL, Security Groups, Route53, Auto Scaling Group, ELB, SNS, Service
Control Policies, CloudWatch, Elastic Beanstalk, Cloud Formation) AWS CodeDeploy,
AWS CodeCommit, AWS CodeBuild, AWS CodePipeline, AWS Firewall, Control Tower
concepts, Security Hub, Security Guardrails etc.

Professional Experience:

Cloud Security Engineer( J.B. Hunt Transport, Inc ) Dec 2021 - Present

 Managed enterprise scale solutions that leverage the following AWS Services: EC2,
S3, EBS, SSM, DynamoDB, EMR, CloudFormation, RDS, CloudFront, VPC, Route53,
ALB,NLB IAM, CloudWatch, Elastic Beanstalk, Lambda, etc.
 Expert in internet technologies and network protocols, including DNS, HTTP, basic
load balancing configurations using ELB/ALB
 Hands-on experience in performance tuning, including the following: (load
 Balancing, web servers, content delivery Networks, Caching (Content and API).
 Built Cloud Security Architecture Specifications for multiple Information Security
Domains including but not limited to; Cloud, Networking, Endpoint, SDLC, etc.
 Researched, recommended, deployed and managed tools that assist in ensuring the
availability, security, consistency, manageability and cost efficiency of our product
infrastructure.
 Used AWS Macie to Analyse PHI/PII data in S3 buckets and write custom queries to
enable visibility into the resources that have access to the privileged buckets.
 Used Amazon Detective for Security investigation and analysis, used this services
mostly to identify unauthorized access, abnormal behaviour like too many
requests from the same API, console/api access from unexpected location, API call
during midnights.
 Used IAM Access Analyzer for access management and to identify the
resources with elevated privileges.
 Collaborated with cross-functional teams to integrate Okta with other
enterprise systems such as Active Directory, HRIS, and cloud-based
applications.
 Developed Helm charts for the containerized version of the application
 running on-premise, deployed it to EKS Kubernetes.
 Set up cross-account IAM roles and policies, created and updated AWS
resources such as EKS, ECS,AKS Kinesis, Fargate, Lambda functions,
Transit gateways, IAM roles and policies, Athena, and others.
 Monitored Okta performance and conducted regular audits to ensure
compliance with industry standards and regulatory requirements.
 Conducted security assessments and vulnerability scans of Okta
infrastructure to identify and remediate potential threats and risks.
 Created Multi- Domain Single Sign-On solution using Cookie Proider
 Worked on Open Token Adapter to establish SSO between two native
applications
 Experienced in configuring SSO with pingaccess using out of the box and
custom developed authentication schemes
 Participated in and possibly eventually own the operations and engineering
processes that are audited as part of our SOC2 Type 2 certification. (We have been
certified since 2019).
 Planned and maintained continuous delivery, coordinate hotfixes and feature
releases.
 Organized programs to develop the VMWare marketing strategies.
 Designed and implemented technology solutions based on VMware products and
provided support for escalated performance issues within this product suite.
 Manage shared storage for vSphere ,VMWare clusters,resource pools
 Used & deployed Service Control Policies through control tower to protect
organizational assets.
 Configured AWS Multi Factor Authentication in IAM to implement 2 step
authentication of user's access using Google Authenticator and AWS Virtual MFA
 Created Multi Factor Authentication (MFA) for instance RDP/SSH logon, worked
with teams to lockdown
 In conjunction with Support, I assisted in responding to customer issues by
collecting information for the Support team to communicate to customers and for
the Engineering team to use to make fixes.
 Perform daily system monitoring and troubleshooting for Mission customers, which
includes verifying the integrity and availability of cloud infrastructure, server
resources, systems and key processes, reviewing system and application logs, and
 verifying completion of scheduled jobs such as backups, live data.

Senior Cloud Security Engineer (Zions Bancorporation) June 2020 - Aug 2021
 Designed, deployed and monitored infrastructure in public clouds (AWS, Azure)
using Infrastructure as Code (Terraform, CloudFormation, Ansible).
 Used IAM to control access management and to enforce least privilege using
permissions boundaries and resource based policies.
 Drove incidents to resolution by coordinating with engineering teams.
 Partnered to improve automation and orchestration for manual processes
required to operate and deploy cloud services.
 Designed the architectural frameworks solution (IaaS, PaaS, SaaS) that best suits the
clients web application hosting demands in the AWS cloud platform, leveraging
AWS services such as EC2, Elastic Beanstalk, S3 web hosting, ECS, Lambda, AWS
Fargate, with focus on integrated and automated service delivery.
 Built VPCs from scratch, creating private and public subnets, creating security
groups and network access lists, configuring internet gateways, OpenVPN, creating
AMI, understanding of user access management/ RBAC/Multi factor
authentication and API access, configuration of auto scaling and elastic load
balancer for scaling services if a configured threshold has been exceeded,
configuration of SNS to send notifications and Cloud Watch to collect logs and
metrics, spinning both Windows and Linux EC2 instances as needed.
 Improved our incident management lifecycle to identify, mitigate, and learn from
reliability risks.
 Proposed, developed and supported automation solutions for source code
deployment and configuration management.
 Performed changes to infrastructure outside of documented runbooks such as
software upgrades and patching.
 Developed internal and customer facing cloud services (serverless and container-
based) in AWS using AWS ECS.
 Designed storage solutions for mission critical data in common databases
(PostgreSQL) and cloud services (S3, DynamoDB, etc.).

Cloud Security Engineer (Teamitek Inc.,) Jan 2018 - June 2020

 Designed and setup a virtual network using the Azure Virtual networks, Azure
resource groups, Azure subnets, Azure firewall to restrict the egress to the internet,
Azure Bastion, Azure Network Security groups, Public IPs, Azure Virtual network
NAT and leveraged Azure DNS Zones, Azure App Services and created a public
hosted zone with the CNAMEs, Alias records pointing to the infrastructure.
 Evaluated the access to Linux/windows Azure VMs, Azure Postgres DB using Azure
Bastion, Azure CLI and from an Isolated landing zone and using Azure services like
Storage Blobs, Managed disks, Virtual machine scale sets, Load balancer, and Private
Endpoints.
 Managed the DNS certificates for a registered domain and the Customer managed
Keys using the Azure app service certificates, Azure Key Vault.
 Created a solution for clients to use the backup data center in disaster recovery
situations by automating the transit gateway peering between multiple accounts,
regions, and organizations
 using the Boto3 and python scripts stored in AWS Code Commit and providing it
as a one-click AWS Code build operation.
 Devised an automated way to Identify and delete the unused security groups
across all the accounts in an Org and inform the account owners using AWS SNS.
 Written many functions in AWS Lambda to filter the resources using the tags,
display details of the resources, find SSM-managed instances in account and several
other use cases, and enforce restrictions on the ways to access the resources and
actions in the resources using the SSM Documents, Run commands.
 Created a real-time dashboard to view the resource usage and other cost
visualizations in AWS Quick Sight by integrating the AWS Event Bridge, AWS
Athena, and AWS Glue crawlers and AWS Lambda service to filter and transform the
data streams by attaching the functions to Kinesis streams.
 Maintained DNS Hosted zone in AWS Route53 with domain registration, record
sets, and different traffic flows based on the path. Imported and leveraged the SSL
certificates using AWS Certificate Manager.
 Performed aggregations, wrote queries and procedures using the swagger and
console way for MongoDB and in Atlas cloud offering native MongoDB.
 Experience with version Control, Build, and Configuration Management tools like
GIT, MAVEN, CHEF, DOCKER, ANSIBLE, and Integration & Monitoring tools like
JENKINS and Unix, Linux, and Windows Environment.
AWS DevSecOps Engineer: (Verizon)Feb 2016 - Dec 2017

Leveraged DevOps tools for deploying the applications in Cloud platforms, automating the tasks
in cloud and on-premises, and integrating the services with dependency.

 Administered the EKS and AKS clusters in multi-cloud AWS and Azure referencing
the On-premises Kubernetes workloads and handled deployments with AWS ECR,
Helm charts, and other DevOps tools.
 Adapted DevOps process and set-up up the infrastructure for Jenkins, Ansible, GIT,
Bitbucket, Docker, JIRA, and other tools for phases of the lifecycle.
 Created the monitors, alarms, and dashboards in Nagios, Dynatrace, Grafana,
Datadog, Kibana, AWS CloudWatch, and Azure monitor to have a better view of
troubleshooting an outage or to identify the anomalies in the performance of the
infrastructure.
 Resolved the incidents and alarms generated by the monitoring tools with specific
actions and checked for patterns and anomalies to anticipate performance issues in
peak hours.
 Integrated the CI/CD processes and tools for the application production
deployments in clustered Glassfish4 and WebLogic servers without downtime as
well as self-services for those servers.
 Working knowledge on implementing the AWS Architectures into the AWS cloud
platform as per the build documents and by creating the services like AWS VPC,
AWS Compute, AWS Storage and Networking boundaries using Security Groups,
AWS Network Firewall.
 Automated the cloud infrastructure setup using the Terraform scripts, Jenkins, and
Git tools and reduced the human effort up to 80%. This starts with the Jenkins input
of the parameters and using the terraform scripts and GIT for the source
management to create the infrastructure and all the dependent service-linked
roles, IAM profiles as well as traffic routes.
 Created infrastructure using the terraform in Azure cloud referencing the cloud
agnostic architectures and used the terraform multi-cloud deployment strategies.
 Written configuration files in YAML, JSON, XML, and scripts in PowerShell to
automate the tasks. Scheduled cron jobs to create dumps, and network analysis.
 Designed and implemented the High availability for the Compute in cloud platforms
 using different autoscaling policies and resolved the issues for the applications
during peak business hours.
 Devised disaster recovery solutions for cloud workloads by providing cost-
optimized solutions and redirecting the traffic to on-premises infrastructure to
handle the workloads and reduce downtime.
 Assisted in planning the data and workload migration of the on-premises to the
cloud by comparing the cost, the effort required to maintain, and strategies to
migrate using the AWS offered tools, AWS Pricing, and Cost Calculator.

DevOps Engineer: (Viatris) Dec 2012 - Jan 2016

 Developed IaaS: Reduced the business impact to 50% and human effort by
automating the multi-region cluster of API Gateway and Cassandra DB
deployments and self-services leveraging CI/CD, Source management, and
configuration management tool and this was a pilot project offered to the client
with billing and documented the scenarios to deploy, use self-services and
troubleshooting.
 Better understanding – networking, Load balancing, Web Servers, App servers,
database, storage, Integration with logging, monitoring, alerting, dashboards, and
Documentation.
 Involved in creating and setting up the application main components which are
infrastructure design, deployments, Load balancing, Integration with new tools for
better analysis, and End-user support.
 Assisted the migration of applications from On-premises infra to OpenShift and
then OpenShift to AWS which involves Planning, Assess, Migrate and Optimize
phases.
 Created detailed analysis reports in Microsoft Excel using the pivot tables and
visualizations by importing the KPI data from data sources.
 Assisted in Migration of ELK cluster to AWS cloud using the Elastic orchestration
mechanism, and enterprise-level strategies for the data migration.
 Created automation to provide the access to users, create thread and heap dumps,
and rotate the logs using cronjobs and periodical backups. Created a dashboard to
monitor the health checks of multiple applications.
 Experienced in throttling the applications requests, path-based traffic routing, and
traffic denial based on the Ip address using the NetScaler application.