Manager Security
Resume:
Rick Li
Naperville, IL ***** 630-***-**** ac7x5i@r.postjobfree.com
Summary
Cloud-based large enterprise System Architecture, design and deployment senior position. Extensive hands-on experience in cloud computing architecture, technical design and implementation, including build, support and manage Iaas, Paas and Saas delivery models with strong critical thinking, analytical skills and problem-solving skills in various technical domains. Having In-depth experience in automation/configuration management with strong security knowledge and solid Networking understanding with complex architecture solutions.
Technical Skills
AWS services: VPC ( Subnet, EIP, ELB, VPC Peer Connection, NAT Gateway, Virtual Private Gateway,Internet Gateway, Route Tables, Endpoint, Security Group, NACL, Customer Gateway, VPN Connection), EC2 ( AMI, EBS, Key Pairs, KMS ),EFS, RDS, S3, S3 Cross-Region Replication, Glacier, Storage Gateway, AWS Lambda function, Route53, CloudWatch, CloudTrail, IAM, Secrets Manager, DMS, SQS, SNS, ECS, ECR, Docker, EMR, Elastic Beanstalk, DynamoDB, Redshift, CloudFormation, AWS Certificate Manager, AWS System Manager, Run Command, Parameter Store, AWS VPN Connection, AWF, AWS Transfer SFTP, Directory Service, WAF, SES.
Languages/Tools: AWS CLI, AWS SDK, DevOps CI/CD Automation ( Chef, Chef-Client, Cookbook, Recipes, Knife), Micron Deep Security, Trend Micron Application Manager, Alert Logic, Qualys Cloud Platform, Cisco Umbrella, IBM Qradar SIEM Github, Jenkins, CruiseControl, Python, Groovy, Java, C/C++, XML, JSON, JDBC, SQL, SHELL, JBoss/WildFly, Tomcat, NGINX, Apache Server, Weblogic, Websphere, Docker, Terraform, SVN, CVS, JIRA, Confluence, Crucible, big data Spark/Hadoop/HIVE/Zeppelin/Redshift, Kubernetes.
OS/Security Packages: Unix, Linux, Windows, FWSnort, NNT, PSAD, Qualys, ClamAV, GeoIP, iptables.
OO/DBMS/Network/Protocol: Oracle, SQL Server, Postgres, MySQL, MongoDB, Spark, Hadoop. TCP/IP/UDP/DHCP/VPN, ESB/SOA/EAI ( ActiveMQ, IBM MQ, RabbitMQ, JMS, Tibco RV ), Redis Sentinel, Postgre Cluster, CIFS, S3FS, IPSec, Http(s), TLS/SSL, SFTP, SSH, DNS, LDAP, X.509 PKI, GPG, SMAL, Auth0/OKTA, OAuth, OpenID Connect, ADFS, REST, SOAP, BGP, CiscoASA.
Professional Experience
LaunchPoint Corporation, Itasca, IL Aug. 2017 – Present. Cloud Infrastructure Architect
Led the efforts in Architecture, design and implementation of company cloud computing strategy, responsible for cloud application design, cloud management and monitoring. Automated the process Consignment of handling customer incoming data files which previously required 6 personal semi-manual working and dramatically reduced the cost of IT Department and enhanced the IT productivities.
Led the efforts of Architecting, Designing and Implementing Cloud Cost Reduction project. Designed and implemented the backup retention policies - AWS Lambda functions to nightly prune older AWS EBS Volumes, snapshots and AMI images, and tagged all cloud resources once they are created, this gave the Executive Leaders a clear picture of where the cost come from and which categories cost how much, also easy to manage the Cloud resources. Made the long-term storage strategy for all resources’ backup – S3/IA S3/S3 Glacial. Designed the EC2 instances start/Stop scheduler to reduce the cost of unnecessary running time. With combined all of these cost reduction efforts, the total cost of the AWS account is reduced from 89.96K to 65K. per month.
Provide technical support and guidance regarding cloud security, cloud network and other cloud infrastructure. Led the Data Encryption project to encrypt all EC2 instance’s EBS volumes, including Instance root EBS volumes to meet HIPAA compliance, reduced vulnerabilities and implemented security controls across cloud platforms.
Produced comprehensive architecture strategy for Cloud Solutions in product development and Data Service - AWS S3, ECS, ECR, Docker, S3 CRR, Redshift, Lambda Function, AWS SNS, AWS SQS, AWS CLI. Created Python/Shell/PowerShell scripts to manage AWS Cloud environment and automate the ETL Data Flow Process.
Established Security Procedures, standards development and Policy to meet HIPAA/HITRUST compliance requirements, and implementing Info Security Tools, such as AWS S3 client & server-side encryption, configure/deploy Alert Logic and Qualys Cloud Platform agent on every EC2 instance. Develop and manage enterprise cloud policies, standards and processes as well as partner with IT and business owners to ensure implementation of the Security.
Govern and monitor key risk indicators and liaise with other teams to ensure metrics are maintained.
led overall architectural efforts for delivering Cloud Infrastructure methodologies in next generation of platform and native Cloud business applications.
Played a key role in evaluating, establishing and conducting proof of concepts of various new ideas and providing direction to the Infrastructure and Operations teams with regards to AWS cloud services - AWS EFS, SQS, Lambda Function, SNS, CloudFormation, ELB, Resource Group, System Manager, AWS and big Data and streaming Technologies - AWS EMR, Apache Spark/Hadoop/HIVE/Zeppelin/Redshift by using Lambda and Kappa architectures with the focus on improving the availability, lower cost, scalability, and operational efficiencies.
Created Cloud/Network Environment Access Policies with AWs IAM and access management PKI. Setup DevOps security compliance, best practices, such as, each user has to be assigned with security policies for its proper group/role with AWS IAM, and all EC2 linux hosts only allow SSH Key based login, as well as, all customer data has to be encrypted on resides or in the flight.
Provided daily updates to Company CIO on priorities, risks, and status of various cloud projects and efforts, such as, Policy, Standards, Capacity planning, effective Cost, Security, products and services.
Created VPC, Subnets, VPC Peer Connection, Security Group, VPN, NACL, Route Tables, etc for all Cloud projects, such as the project EverTeam Cloud System and Security projects with Enterprise Network Security tools, such as, Cisco Umbrella, IBM Qradar and Qualys to provide HIPAA and HITRUST regulatory compliance and risk management. Develop cloud reference architectures, governance policies, security models, and best practices for all future coming projects.
Developed ackup and recovery strategy for applications and RDS DB on AWS Cloud Environment.
Applied patches to fix discovered vulnerability.
As the role of Technology advisor and transformation leader responsible for executing technology roadmap to meet the company's long term business strategy, roadmap and goals.
Responsible for building strong relationships with senior business leaders to ensure alignment.
Providing SaaS hosting and integration expertise across LPV, Cloud vendors and Client platforms.
Infogix, Naperville, IL Sept. 2008 – 2017 Aug. Sr. Cloud Infrastructure Engineer
Responsible for SAAS product deployments, configuration and Operations in AWS cloud production environment. Programmed CloudRamp ( a set of bash functions with aws cli ) to launch Infogix Enterprise Products Deployment in AWS Cloud. Created Chef Cookbooks/Recipes for the Products configuration management, including:
oEnvironment definition and launch - using chef 'data bag' for the environment spec file.
oEnvironment launch - bash functions using AWS APIs
oEnvironment configuration - Handled by chef cookbooks, which provide node bootstrap, all Linux configuration tasks, production installation and configuration, as well as use chef environments to handle product deployment on Dev, Test and Prod environments. Deploy Big Data analytical product Sagacity on EMR and Elastic Beanstalk environment . Written Lambda function to use Route 53 API to register/deregister DNS entries for launched EC2 instances. Setup Elastic Application Loader for HA featured Products deployments. Configured and deployed Auth0-enabled Authentication for all Infogix cloud deployments for Customer environments. Used AWS EFS/NFS as the shared file system for clustered Product nodes. Configured Apache HTTP Server as Reverse Proxy to serve secured products accesses. Configured Bation Hosts to allow SSH into private subnet ‘s EC2 instances. Configured NAT Host to provide private instances outgoing connectivity to the Internet while blocking incoming traffic from the outside world. Configured VPC Peering connection between Product AppServerVPC and WebServerVPC to enhance overall security of production environments. And configured ManageEngine’s Application Manger to provide the depth monitoring on Infogix SAAS products in AWS cloud.
oEnvironment operations - Cloudramp automate the day-to-day operational tasks such as server restarting, product deployments and upgrades
oEnvironment managements -Developed Python AWS Lambda functions to manage various resources with tagging EBS volume, RDS instances, SNS email notification, CloudWatch, EC2 AMI snapshots and volume backup snapshots. Run scheduled Lambda Functions to stop/restart EC2 instances in DEV/QA environments to cut the cost of Cloud operation.
Led various projects in platform team:
Design and implements software infrastructure and development tools to support enterprise software products and platforms. Such as:
oExtending ant capability by creating new ant tasks and integrate Findbug with ant tasks.
oWriting Annotation preprocessor to auto-generate deployment codes for Infogix products
oConfigure and deploy various clustering Application Servers with scripts ( JBoss, Wildfly and Websphere)
oEncryption and decryption of communication among Jgroups cluster members.
oCreate product patches for customer supports
oSetup/Configured CI/CD Chef Server/Jenkins to automate infrastructure configuration and products/patches deployment in AWS cloud with Chef cookbooks, recipes, Shell, AWS CLI and Python.
oProvided Auth0/OKTA authentication service for AWS Cloud deployments to use Auth0 as an enterprise-grade platform for identity service and providing secured SSO.
Led in the core Java development efforts of software products Infogix Assure and Infogix ER with Agile/Scrum methodology.
Early Career Chicago, IL 1993 – 2008 Sr.software engineer/Contractor
Worked with Motorola, Citadel InvestmentGroup, ABN AMRO Bank, Goldman Sachs, Allston Trading and Orbitz, using the skills of C++/Java/EJB/Application Servers/TCP/DB/JDBC/LDAP/Linux/Shell/XML/X.509 PKI.
Education M.S. in Computer Science, Uni. of Cincinnati, Cincinnati, OH.
Contact this candidate