💼 Work Experience
IT Security Engineer
Institute of Physical Science and Technology, UMD- Containerized 3 applications with Docker multi-stage builds and orchestrated deployments across Kubernetes clusters using Helm charts with Pod Security Standards and ArgoCD GitOps, reducing configuration drift by 40%.
- Hardened multi-tenant Linux file servers (500+ users) by implementing RBAC policies, SELinux mandatory access controls, automated patching with Ansible, and centralized logging to Splunk, achieving CIS benchmark compliance.
- Led cloud migration of 22 on-premises services to managed EKS with Terraform/Terragrunt, implementing network policies, HPA, and RBAC, cutting deployment cycles from 3 days to 4 hours.
- Administered Microsoft 365 and Entra ID (Azure AD) for 500+ users, configuring conditional access policies, MFA enforcement, and RBAC permissions, reducing unauthorized access incidents by 45%.
- Managed Active Directory, Group Policy Objects, DNS, and DHCP services across multi-site Windows Server environment, automating account provisioning and cutting access-related support tickets by 60%.
- Deployed and maintained VMware vSphere virtualization infrastructure supporting 50+ VMs with automated snapshots and Veeam backup solutions, achieving 99.9% uptime and RTO under 4 hours.
- Built observability platform integrating Prometheus, Grafana, and OpenTelemetry; defined SLI/SLO dashboards with Alertmanager runbooks, reducing mean time to resolution by 35%.
Cloud Security Engineer
AquilaTest Inc.- Enforced security on EKS clusters using OPA Gatekeeper policies, Falco runtime threat detection, and Calico network segmentation, sustaining 99.9% uptime and reducing external threat surface by 80%.
- Engineered zero-trust access model using AWS SSO, RDS encryption with KMS, and least-privilege IAM policies with condition keys, directly enabling successful SOC 2 Type II certification with zero findings.
- Supervised 25+ offensive security assessments across AWS infrastructure (EC2/S3/Lambda/IAM) and performed comprehensive IAM audit of 50+ policies for 1000+ users, identifying 40+ critical vulnerabilities and 10+ privilege escalation vectors.
- Designed CI/CD pipelines using Jenkins and GitHub Actions with Trivy container scanning and Checkov IaC validation, blocking 20+ vulnerabilities pre-production.
- Managed firewall administration (Palo Alto) and VPN infrastructure, implementing access control lists and network segmentation, blocking 500+ threats monthly.
- Automated AWS infrastructure provisioning (EC2/S3/Lambda/RDS) with Terraform modules and implemented cost tagging, reducing monthly spend by 15%.
Senior Cloud Engineer
LTIMindtree- Designed and deployed HIPAA/HITRUST-compliant Azure infrastructure for 3 insurance clients using Terraform modules, implementing encrypted storage, private endpoints, and guardrails, increasing client NPS by 20%.
- Integrated Azure Sentinel SIEM across 500+ resources with custom KQL correlation rules and Logic Apps automated remediation playbooks, detecting and blocking 28 active threats including credential stuffing and lateral movement attempts.
- Administered Windows Server 2019/2022 and Hyper-V virtualization, deploying servers using Terraform and configuring backup/disaster recovery with Veeam, maintaining 99.9% system availability.
- Managed Microsoft 365 and Exchange Online for 2000+ users, configuring email policies, SharePoint sites, Teams administration, and providing Tier 2 technical support, resolving 95% of tickets within SLA.
- Implemented Kubernetes workload monitoring with Prometheus/Grafana stack and Azure Monitor; established error budget tracking and FinOps dashboards.
- Drove compliance automation for HIPAA/HITRUST/CIS using Azure Policy and Microsoft Defender, improving client security posture from 70% to 95% in 8 months.