Solutions Architect Access Management
Resume:
Name: NERVILLE ACHERA
Address: UPEER MARLBORO. MD 20772
Tel: 720-***-****
Email: ad5bb7@r.postjobfree.com
Skype ID: Nerville Achera
AWS Certified
Summary of Qualifications:
I am an experienced and highly motivated certified AWS solutions Architect/Engineer with about 8+ years of experience in the AWS platform and 10+ in IT environments with proficiency in cloud orchestration, security, identity & access management, monitoring and event management, governance & compliance, and patch management, self-service and ops analytics in AWS and Azure platforms.
Technical Skills:
AWS Security: AWS Security Hub, AWS Guard Duty, AWS Shield, AWS Firewall Manager, AWS Inspector, IAM, Security Groups, NACL etc.
Monitoring & Event Management: AWS CloudWatch (Events & Logs), AWS SNS.
Identity & Access Management: AWS Organization, AWS IAM, AWS AD Connector, AWS Workspaces, AWS Secrets Manager, etc.
Governance & Compliance: AWS Config Rules, AWS Organization, AWS Control Tower, AWS Trusted Advisor, AWS Budgets, AWS License Manager, etc.
Used Terraform and Cloud formation for IAC.
Automation language: JSON YML. Python, boto3 libraries
Cloud Orchestration/Automation: AWS CloudFormation, AWS Lambda, AWS Systems Manager, AWS SSM Parameter Store, Ansible, Docker, Kubernetes, EKS, ECS.
Network: VPC, VGW, TGW, IGW, NGW etc.
Application Delivery: Jira, Jenkins, Bitbucket, AWS Code Pipeline, AWS Code Commit, Blue/Green deployment, Elastic Beanstalk AWS Platform: AWS CloudFormation, AWS Lambda, AWS Systems Manager, S3, VPC, EC2, ELB, RDS, SNS, SQS, Route53, CloudFront, Service Catalog, AWS Auto Scaling, Trusted Advisor, CloudTrail CloudWatch etc.
Data Protection: AWS Certificate Manager, AWS KMS, Snapshot Lifecyle Manager, AWS Cloud HSM,
Self Service: Service Catalog
Image & Patch: AWS SSM Patch Manager, AWS Golden AMI Pipeline.
Certifications
AWS Certified Solutions Architect – professional
AWS Certified Solutions Architect-- Associate
AWS Certified Security Specialty
Azure Fundermentals
Certified Scrum Master
CompTIA Security+
Education
Bachelor of Science 10/2008- 08/2011
Professional Experience
AWS Solutions Architect
ACCENTURE (state of Maryland/State of California). 7/9/2020- Present
Created and managed IAM policies for 36 accounts
Participated in development of strategic cost optimization.
Deployment Infra support engineer.
Participated in weekly patching of linux servers.
Cleaned and documented patching reports on excel spread sheets.
Ansible deployment
Used terraform for infrastructure as code extensively to deploy network infrastructures.
Automate the process of capturing public endpoints using python and lamda functions.
Developed and elaborated data classification, management, and disaster recovery strategy.
Developed and efficient patching solution by combining the potentials of WSUS server and SSM
Leveraged control Tower for multi account management.
Migration using cloud Endure, AWS server migration servers and AWS database migration service.
Developed a sound and efficient security strategy for the environment.
Conducted knowledge transfer sessions with entire team of 26. 13 are now certified AWS solutions architect (associate).
EKS/ECS pilot implementation in the DEV environment.
Supported middle where products as a support engineer (Apache, Apache tomcat, Nginx, etc) .
Deployed a data lake pipeline (Rds, Dynamo DB,S3,Glue,EMR, RedShift, Quick Sight.
Azure fundamentals.
AWS Solutions Architect 12/2018 –06/30/2020
CITI GROUP
Developed and leveraged baseline and custom guardrails, policies, centralized policy enforcement, tagging policies and a well architected multi account environment.
Implemented Machine Image Pipeline and integrated Patch Management
Migrated legacy applications to AWS cloud environment.
Leveraged Docker to build, test and deploy applications in different environments.
Developed LLDs for migrating various applications including network sizing, Instance types, names, tags etc.
Developed required and optional tagging reference documents for automation, compliance, and consolidated billing.
Used terraform to create and deploy infrastructure.
Developed baseline VPC and Network design including leveraging VPN connectivity and Direct Connect
Developed baseline AWS account security, implemented/integrated end-point protection, vulnerability scanning and intelligent threat detection.
Built serverless architecture with Lambda integrated with SNS, Cloud watch logs and other AWS services.
Leveraged automated DevOps tools deployment and Blue-green deployment patterns and strategies.
Configured CI/CD Pipelines using Jenkins connected to GitHub and build environments (Dev, stage & Prod)
Implemented IAM best practices and role-based access control.
Implemented AWS Organization to centrally manage multiple AWS accounts including consolidated billing and policy-based restrictions.
Exposure to data lakes using tools like s3, lambda function, GLUE, EMR, MySQL. QuickSight and AWS redshift
Implemented Control Tower Preventive and Detective guardrails and leveraged Account Factory, integrated with Lambda for new AWS account creation and setup.
Setup Ansible control master - slave nodes and developed playbooks to automation configuration of servers across environments.
AWS Engineer 05/2016 – 12/2018
Infosys- USA
Responsibilities
Managed provisioning of AWS infrastructures using CloudFormation
Design for high availability and business continuity using self-healing-based architectures, fail-over routing policies, multi-AZ deployment of EC2 instances, ELB health checks, Auto Scaling, and other disaster recovery models.
Created patch management using Systems Manager automation for multi-region and multi account execution.
Implemented preventive guardrails using Service Control Policies (SCPs)
Implemented detective guardrails using AWS config and Cloud Custodian
Designed and implemented for elasticity and scalability using Elastic Cache, CloudFront – Edge locations, RDS (read replicas, instance sizes) etc
Implemented security best practices in AWS including multi factor authentication, access key rotation, encryption using KMS, firewalls- security groups and NACLs, S3 bucket policies and ACLs, mitigating DDOS attacks etc
Implemented Jenkins, GitHub and Git for version control, code build, testing and release and CI/CD.
Monitored end-to-end infrastructure using CloudWatch and SNS for notification.
Used AWS system manager to automate operational tasks across AWS resources.
Used System Manager to automate operational tasks across WK AWS infrastructure.
Setup AWS Single Sign On (SSO) for on premise Active Director (AD)
Developed and documented security guardrails for AWS Cloud environments
Built custom images through docker server, docker compose with multiple local containers and created production grade workflows and a continuous application workflow for multiple images.
Implemented multiple container deployments to AWS and maintained sets of containers with deployments.
Setup, Configured, and used Ad Hoc ansible Command.
Designed secured, cost optimized, highly available and fault tolerant infrastructure in AWS.
Architected and configured Dev/Stage/QA environments in AWS (VPC, subnets, security groups, EC2 instances, load balancer, RDS, Redis, route53, etc).
Implemented security best practices in AWS including multi factor authentication, access key rotation, role- based permissions, enforced strong password policy, configured security groups and NACLs, S3 bucket policies and ACLs, etc.
Optimized cost through reserved instances, selection and changing of EC2 instance types based on resource need, S3 storage classes and S3 lifecycle policies, leveraging Autoscaling etc
Leveraged EC2 Create Snapshot API call to create snapshots of EBS Volumes on scheduled intervals.
Configured CloudWatch alarm rules for operational and performance metrics for our AWS resources and applications.
Monitoring from end-to-end view of runtime systems CPU, bandwidth, disk space and log files using NewRelic
Deployed and configured infrastructure using cloud formation and Ansible.
Architected and implemented continuous integration and deployment pipelines using Jenkins and other CI tools.
AWS- Solutions Architect 09/2013 – 04/2016
JJTech Inc- Maryland-USA
Responsibilities:
Performed applications installation, upgrades/patches, troubleshooting, maintenance, and monitoring Linux servers.
Installation, configuration, and administration of Enterprise Linux
Created, managed and administered user accounts security and SSH password less login.
Network configuration & troubleshoot issues with respect to network and configuration files.
Configuring Apache, NFS.
Create users, groups and give permissions on bear metal servers.
Task automation, service management and application deployment using Ansible and Jenkins
Build and configured Linux servers from scratch with type one hypervisors for virtualization and network components.
Perform security setup, networking, system backup and patching for both AWS, and on-premise environments.
Architect high availability environment with auto scaling & Elastic Load Balancer
Securely deploy MySQL Primary DB and its read replica in private subnet with multi AZ for disaster recovery and best practice
Migration of high availability webservers and databases to AWS EC2 and RDS with minimum or no downtime
VPC build with Private and Public Subnet couple with VPNs setup back to on premise datacenter and cooperate offices.
VPC peering with other Accounts allowing access and routing to service and users of separate account to communicate.
SSL setup for Apache and Nginx application couple with AWS ELB SSL for all http to https thereby maximizing security.
Network, CPU, Disk and connectivity monitoring with CloudWatch and setup to trigger alarm and notify system administrators.
Aide setup for and configured for logs files detail monitoring and alerts notification when changes are made.
Performed root-cause analysis of recurring issues, system backup, and security setup.
Security groups configured and locked down to the various authorized subnet and ip addresses in AWS.
Automated deployment, configuration and security settings using Ansible.
Experienced in Github (cloning a Git repository, creating a branch, pushing to Git from local, making PR, etc).
Microsoft SQL Database Administrator:
Techno-communications -Yaounde 12/2011-08/2013
Responsibilities: -
Experience in planning, implementing and administering High availability and Disaster recovery solutions like Log Shipping, Mirroring, Replication, Clustering and Always on availability group.
Installing service packs and patches on SQL server2008 and 2005.
Resolve performance issues using SQL native tools like Database Engine Tuning Advisor, SQL server profiler, Activity monitor, Windows performance monitor, DBCC, Store procedures, DMVs, and DTAs.
Provide a 24/7 dedicated support to users in production, development and testing servers and responded on Tickets based on requirements.
Experience in maintenance plans: database backups, integrity checks, update database statistics and index maintenance using GUI and T-SQL.
Strong Experience in SQL server upgrade, patching and data migration from MS Server 2005 to 2008R2 and 2008.
Experience in designing, creating, configuring, monitoring, maintaining, upgrading and supporting databases and database objects like views, indexes, stored procedures, functions, and triggers based on logical design models, user requirements and physical constraints.
Experience in import/export data from various sources using import/export wizards, Bulk insert, BCP and DTS/SSIS packages.
Contact this candidate