Cloud Engineer
Resume:
Mithika Pawar
**********@*****.***
Linkedin : https://www.linkedin.com/in/mithika-p/
Summary:
● With extensive experience in the IT Field, I am a highly skilled Cloud Security Engineer and DevOps professional with a strong background in Multi-Cloud Platforms (AWS, AZURE, GCP) and their features.
● Highly adept at designing and implementing secure cloud environments, employing robust security measures across diverse cloud platforms, while also demonstrating proficiency in writing efficient code for building and versioning infrastructure across multi-cloud environments.
● Implemented Identity and Access Management (IAM) in Web Application Security (SSO) and a diverse range of skills in the Information Security Domain and have a very good record of implementation, administration, maintenance & support of IAM products.
● Skilled in ensuring compliance with industry standards (such as GDPR, and HIPAA) and implementing security controls across AWS, Azure, and Google Cloud Platform (GCP).
● Actively engaged in automating AWS EC2/VPC/S3/SQS/SNS-based processes through the utilization of Terraform, Ansible, Python, and Bash Scripts.
● Developed AWS CloudFormation Templates to create custom sized VPCs, subnets, EC2 instances, ELBs, and security groups, ensuring efficient infrastructure deployment.
● Hosted a new system on AWS utilizing tools such as Shell and Ruby scripting, IAM, S3, CloudFront, RDS, ElastiCache, Application Load Balancers, Route53, Docker, ECS, ECR, CloudWatch, GitHub Actions, Terraform, and EC2.
● Strong experience in self-healing Server Infrastructure development on AWS cloud, extensive usage of AWS-EC2, VPC, CLI, S3, Route53, Cloud Formation, CloudFront, SNS, SQS, and Cloud Trail.
● Successfully managed Kubernetes resources within AWS, utilizing Terraform to scale deployments and ensure efficient resource allocation.
● Played a key role in migrating the old system from in-house/on-premises servers to AWS cloud servers.
● Developed and maintained OPA policies in Rego, enforcing security and access control rules across microservices, APIs, and cloud environments in line with the policy-as-code approach.Provisioned environments to deploy code in Azure VM and migrated applications from On-Premises to PaaS.
● Proficient in GCP services including Compute Engine, App Engine, Cloud Storage, Cloud SQL, Cloud Bigtable, Cloud Functions, and Cloud Pub/Sub.
● Expert in effectively countering phishing attacks using Proofpoint, CLEAR, TRAP, and TAP, ensuring comprehensive protection against email-based threats.
● Integrated CSP control policies into CI/CD pipelines and automated workflows to ensure continuous policy enforcement across cloud infrastructure deployments.
● Experienced in working with OpenShift containers, effectively maintaining pods, and managing Kubernetes for automating deployment, scaling, and management of containerized applications.
● Strong understanding of AKS security best practices, including pod security policies, network policies, and secrets management, to enhance cluster security.
● Utilized Docker to implement a high-level API, enabling the use of lightweight containers for process isolation.
● Experienced in providing incident response for potential security threats by leveraging event data from diverse IT systems components, including IDS/IPS, Firewalls, Web Access Security, DLP systems, and other sources.
● Experienced with coding in distributed computing domain using technologies Java, XML and Strong knowledge of Web Access Management and SSO technologies (Okta, SAML, and OAuth).
● Exemplify compliance with ISO 27001/27002, adhere to relevant data protection laws and regulations (GDPR, CCPA), and implement industry best practices as a DevSecOps Senior Cloud Engineer
● Proficient in cloud-native security technologies, including Identity and Access Management (IAM), Virtual Private Cloud (VPC), Security Groups, Network Access Control Lists (NACLs), and Security Information and Event Management (SIEM) solutions.
● Knowledge of asynchronous programming and handling asynchronous tasks using callbacks, Promises, and async/await.
● I have experienced working on version control systems like Subversion and GIT and using Source control management client tools like Visual SVN, Tortoise SVN, SVN X, Uber SVN, Stash, Source Tree, GIT Bash, GitHub, GIT GUI, and other command line applications, etc.
● Successfully implemented and utilized AIOps platforms like Big Panda and Moogsoft for intelligent event correlation and alert management, improving incident response times and reducing alert noise.
● Skilled in front-end development with .NET, utilizing technologies like Razor syntax and JavaScript frameworks
(e.g., Angular or React) to create interactive and user-friendly web interfaces.
● Actively collaborated with cross-functional development team members to analyze evolving client requirements and identify potential system solutions.
● Extensive expertise in Project Life Cycle Management with a strong background in Agile methodologies and working on Rally stories.
● Proficient in leading Agile practices to drive project success, ensuring efficient collaboration, and delivering valuable solutions.
TECHNICAL SKILLS:
● Cloud Environment- AWS, DevOps, EC2, VPC, EBS, AMI, SNS, RDS, EBS, ELB, RedShift, Elastic search, CloudWatch, Cloud Formation, Cloud Trail, SNS, SQS, IAM, Aurora, AWS REST API, Hashi Corp Vault, AZURE, GCP.
● Configuration Management Tools- Chef, Puppet, Ansible.
● Infrastructure Security: Cloud front, WAF, IDS/IPS, AWS Shield, VPC Endpoints, CVE Framework, TCP/IP, DNS, YARA, STIX, TAXII
● CI/CD Tools - Jenkins, Harness AgroCD.
● Build Tools- ANT, Maven, Sonar, Nexus, Terraform, Cloud Formation.
● Version Control Tools- Git, Git Guardian, Apache subversion, GitHub, Bitbucket, Kafka.
● Logging & Monitoring Tools: Nagios, SolarWinds/New Relic, Splunk, CloudWatch, Logs, AWS Config, Zabbix, Grafana, ELK, EFK, Kafka, Datadog.
● Virtualization - Vagrant, Docker, Podman, Citrix.
● Container Management Tools - Docker Swarm, Kubernetes, Mesos, AWS, ECS, OpenShift.
● Programming/Scripting Languages- JavaScript, Python, PHP, JSON, YAML, Bash,Groovy, shell.
● Servers- Apache Tomcat, WebLogic, WebSphere, Windows Server 2012.
● Bug/Issue Tracking- JIRA, ServiceNow.
● Operating systems- Red Hat Enterprise Linux, CentOS, Ubuntu, Unix, Windows Server 2012/14/16.
● Databases- MySQL, MongoDB, Cassandra, PostgreSQL, SQL Server, No SQL. PROFESSIONAL EXPERIENCE:
Client – Citi Bank, Irving, Texas October 2023 – Present Role: SR. Cloud Security Engineer/SRE
Responsibilities:
● Expertise in installing, configuration & administering Jenkins on Linux machines along with adding/updating plugins like GIT, Ansible, sonar, checkstyle, deploy to container, build pipeline etc.
● Managed Jenkins plugins and administration with Groovy scripting, including CI setup, build automation, and security. As part of the next-gen team, developed automated builds and deployment platforms, coordinating code promotions and deployments with Harness and GitHub.
● Implemented Kubernetes clusters with pods, replication controllers, namespaces, and health checks also integrated with Hashicorp Vault to inject configurations at runtime.Openshift for developing new projects, services for load balancing and adding them to available routes, and troubleshooting pods via ssh and logs.
● Setting up Azure Active Directory permissionsfor team and managing all support services.Deployed Azure Iaas virtual machines(Vms) and cloud services (paas role instances) into secure VNets and subnets.
● Created an endpoint for the ephemeral test, which builds a workspace with jdk 11 and java 17 using the STS (Spring Tool Suite) tool. Implemented Swagger/Swagger UI to streamline endpoint documentation.
● Extensive experience wif containerization and related technologies like Docker, Kubernetes and OpenShift, from creating initial development pipelines through production.
● Monitored aqazure infrastructure through System Center Operation Manager(SCOM).
● Created and Designed web service using ASP.net and C to implement UCID.
● Worked on Microsoft Azure(public) cloud to provide Iaas support to client. Created Virtual Machines through poweershell script and azure portal.
● Integrated OPA policies with Kubernetes Admission Controllers, Terraform, and CI/CD pipelines, automating security checks and reducing misconfigurations in production by 20%
● Created Angular components, Directives, Services and Reactive forms to collect input from user.
● Experience in GCP networking, including VPCs, Cloud Load Balancing, Cloud DNS, and Cloud Armor for building secure, scalable, and highly available applications in the cloud.
● Worked on creating the Kubernetes Pods, Services, ConfigMaps, Deployments and Rollouts by writing YAML and creating the resources using Kubectl.
● Worked on.Net security features such as Form-Based Authentication and Role-Baseld Authentication
● Proficient in integrating Helm Charts with CI/CD pipelines, automating the deployment process and enabling continuous delivery of application.
● Expertise in cloud platforms such as Amazon AWS and Google Cloud, with hands-on experience in Google Kubernetes Engine (GKE) for container orchestration and scaling.
● Created Python scripts using cloud SDKs (e.g., Boto3 for AWS, Azure SDK, and google-cloud for GCP) to manage, monitor, and provision cloud resources, streamlining infrastructure as code (IaC) processes.Responsible for converting existing systems to an infrastructure ass code (ARM, Bicep while maintaining platform stability.
● Worked on TFS version control, Code review and autobuilds to secure webAPI.
● Created Docker containers by Docker -Compose, Docker_ Machine for testing applications in QA environments and automated the deployments and scaling of containerized applications.
● Deployed an org by giving the org teams and roles in PROD with appropriate policies using terraform scrpits to make it feasible.
● Proficient in configuring and managing GKE clusters, optimizing deployment pipelines, and implementing automated scaling and self-healing capabilities to maintain system availability and performance.
● Successfully completed software baselines, code merges, branch and label construction in Subversion and GIT, and assisted with migration from Subversion to Git.
● Proficient in integrating Helm charts with CI/CD pipelines and automating integrating process Client – MUFG Bank Limited, Charlotte, NC December 2020 – September 2023 Role - Sr. Cloud DevSecOps Engineer/ Lead SRE
Responsibilities:
● Managed and deployed virtual machines in Windows Azure, establishing communication using endpoints. Configured shared access signature (SAS) tokens and storage access policies in Azure cloud infrastructure for enhanced security and access control.
● Migrated 20+ servers including relational databases (SQL) and websites to Microsoft Azure Cloud, and AWS Cloud, ensuring a smooth transition and improved scalability.
● Implemented enterprise-level Azure IaaS solutions and Infrastructure as Code (IaC) using AZ CLI/PowerShell, Bash, and JSON templates, and established CI/CD pipelines with Azure.
● Demonstrated proficiency in utilizing Azure Media and Content Delivery services, Azure Networking, Azure Hybrid Integration, Azure Identity and Access Management, Azure Data Factory, Azure compute services, IIS on Windows, and Azure Web Apps.
● Expertise in disaster recovery and high availability (HA) architecture in GCP, leveraging services like Cloud Spanner, Cloud SQL, and Cloud Pub/Sub to ensure system resilience and uptime.
● Expertly set up and managed various AWS Services, including EC2, RDS, VPC, S3, Glacier, CloudWatch, CloudFront, and Route 53, to support the organization's infrastructure needs.
● Proficient in configuring Web Application Firewalls, VPCs, Subnets, ELBs, Auto Scaling, Security Groups, NACLs, and AWS Config for enhanced security measures.
● Strong background in implementing cloud security best practices in GCP, including configuring IAM, Service Accounts, Cloud Identity-Aware Proxy, and enforcing compliance with organizational security standards.
● Utilized hands-on experience in writing CloudFormation API modules to automate infrastructure management, enabling the automatic creation of ECS Fargate, VPCs, Autoscaling groups, Load balancers, and S3 buckets in AWS.
● Designed and implemented highly available, fault-tolerant architecture for web applications using GCP services like App Engine, Cloud Load Balancing, and Cloud SQL.
● Automated container deployment and management workflows with Python scripts, working with Docker, Kubernetes, and Helm to streamline containerized environments.
● Used Python to automate deployments and operations for serverless applications on platforms like AWS Lambda, Azure Functions, and Google Cloud Functions.
● Strong expertise in cloud security practices, including SSL certificates, IAM (Identity and Access Management), and Service Accounts in GCP, ensuring secure access to resources and compliance with best practices.
● Strong knowledge on mitigation of DDoS attack’s, IPsec & SSL implementation on Wildfires and PaloAlto firewalls.
● Troubleshooting issues related to SSO, authentication and authorization, as well as troubleshooting LDAP issues.
(TID, LID mapping methods). Assistee users to get familiar with VSTS.
● Competent in most applications scan penetration tools using commercial and non-commercial applications and methodologies such as OWASP Top 10, HP Web Inspect, SQL Inject Me and Access Me.
● Created a Golden Image Pipeline to automate the creation of AMIS with the puppet installation through linux and publish the AMIS in all the accounts
● Provisioned the Fips and also sentinel one to the AMI creation pipeline. This will make sure that the FedRamp rules are being followed.
● Hands-on experience in defining Kubernetes manifests, configuring deployments, services, ingresses, and other resources within Helm Charts.
● Leveraged Nagios Core monitoring tool for alerting servers, switches, and network data transmission through custom plugins, working on both Linux and Windows systems as DevSecOps Engineer.
● Created Ansible playbooks to automate machine creations, SQL server deployments, cluster server configurations, and MySQL installations.
Client- LPL Financial, Charlotte, NC September 2017 – November 2020 Role - Cloud Infra Devops Engineer / Lead SRE
Responsibilities:
● Proactively gathered information from clients and developers to create comprehensive Infrastructure Requirement Documents (IRD) outlining system and network requirements for all enterprise applications.
● Designed and implemented Infrastructure as Code (IaC) using tools like Terraform and Ansible, increasing scalability and reducing provisioning time by 50%.
● Managed and maintained cloud-based environments (AWS, Azure) using Infrastructure as Code (IaC) principles, ensuring secure configurations and adherence to compliance standards.
● Orchestrated infrastructure management in AWS Console, orchestrated automated deployments using CloudFormation, and seamlessly integrated Puppet code with APIs to optimize and expand infrastructure management at scale.
● Implemented a robust deployment pipeline using Jenkins CI to seamlessly deploy tagged versions of applications to AWS Beanstalk, ensuring efficient and reliable application releases.
● Actively utilized Azure Cloud services, Azure storage, Azure CLI, Azure Active Directory, and Azure Service Bus, while effectively managing the client's Microsoft Azure-based PaaS and IaaS environment.
● Utilized Terraform to develop and customize 10 modules, automating the provisioning of infrastructure on Azure and ensuring scalability and reliability of the environment.
● Effectively migrated a legacy on-premises application to GCP, utilizing Compute Engine, Cloud Storage, and Cloud SQL services, resulting in enhanced scalability and cost-efficiency of the application.
● Reviewed and updated system categorization using CVE Framework, FIPS 199, and Initial Risk Assessment following NIST 800 guidelines.
● Independently recognized, responded to, and mitigated security threats and incidents, including writing IDS
(Intrusion Detection System) and signatures based on threat intelligence feeds.
● Configured and integrated Identity Aware Access solutions, such as Single Sign-On (SSO) and Multi-Factor Authentication (MFA), to ensure secure and authorized access to applications and resources based on user identities and privileges.
● Utilised Git and CI/CD tools, including Jenkins and Argo CD, to automate deployment processes while maintaining security and compliance standards.
● Implemented a robust continuous integration system utilizing Maven, Ant, Jenkins, Ansible, and other tools for seamless integration, faster builds, and flawless deployments.
● Leveraged MCollective, Hiera, and custom Ansible modules to enhance automation capabilities.
● Created Bicep templates to integrate with Azure DevOps. Written YAML template and integrated Bicep template as a task.
● Configured multi-container Docker applications using Docker-Compose, leveraging YAML format for the configuration file.
● Proficient in HTML5 and CSS3, complementing Angular development to create visually appealing user interfaces.
● Utilized Ansible with multiple modules for component-specific configurations, including Kafka, Zookeepers, MySQL, Logstash, HTTP collectors, and Schema registry.
● Configured EC2 instances to create and update a Kafka cluster, ensuring efficient and scalable deployment.
● Implemented robust monitoring and alerting system for microservices using Prometheus and Grafana, ensuring real-time visibility into system performance and critical issue detection.
● Designed cross-platform Python scripts to manage infrastructure on different operating systems (e.g., Linux, Windows) and environments, ensuring consistency across distributed systems.
● Deep understanding of Linux networking concepts, including IP addressing, routing, firewall configuration
(iptables), and network troubleshooting.
● Utilized Ansible for Automated continuous deployment (CD) of ELK stack, including the configuration of nodes, deployment failure reporting, and management of Ansible server for node configuration.
● Efficiently managed Ansible Playbooks with well-defined roles for streamlined deployment processes. Client- Petco San Diego, Ca February 2015 –August 2017 Role - Cloud Platform Engineer / SRE
Responsibilities:
● Demonstrated expertise in cloud-based architectures and proficiency in developing effective migration strategies.
● Designed and deployed AWS cloud infrastructure, utilizing services such as EC2, Route53, S3 buckets, RDS, EBS, ELB, Auto-Scaling, AMI, ELK Stack, and IAM.
● Utilized Python-based Lambda functions in AWS Lambda to invoke Python scripts for data transformation and generation of analytical reports, ensuring end-to-end traceability and defining key business elements extracted from Aurora.
● Created and maintained scripts using AWS APIs (boto3 or AWS CLI) to automate security tasks, improving operational efficiency by 30%.
● Established database infrastructure on AWS using RDS, implemented storage solutions with S3 buckets, and configured instance backups to S3 for data protection and recovery.
● Deployed Azure Infrastructure as a Service (IaaS) virtual machines (VMs) and Cloud services, ensuring secure placement within Virtual Networks (VNETs) and subnets.
● Led the migration of on-premises cloud storage to Windows Azure using Azure Site Recovery and Azure backups, ensuring data integrity and availability.
● Configured 20 Shared Access Signature (SAS) tokens and implemented Storage Access Policies in Azure Cloud Infrastructure to enhance security and control access to resources.
● Integrated Jenkins with 3 popular DevOps tools, including Nexus, SonarQube, and Ansible, enhancing the software development and delivery process.
● Implemented security enhancements in IAM, S3, Security Groups, NACL, IGW, NFW, VPC, Endpoints, and other AWS resources to mitigate potential risks and ensure compliance.
● Configured and managed Web Application Firewalls (WAF), VPC, subnets, ELB, Auto Scaling, Security Groups, NACL, and AWS Config to secure cloud environments.
● Developed and implemented a highly efficient Continuous Deployment pipeline by seamlessly integrating Jenkins with Terraform, reducing deployment time by 40%.
● Strong understanding of the REST architectural style and used it to build scalable and reliable APIs and familiar with the different types of RESTful APIs, such as SOAP and RESTful Web Services.
● Performed maintenance and management of LDAP server while leveraging Chef for efficient processing of JavaScript across all nodes.
● Implemented Apache Directory Server for local network and integrated RHEL instance with Active Directory in AWS VPC.
● Experience in using Argo CD with other CI/CD tools like Jenkins, GitLab CI/CD, or Azure DevOps for end-to-end automation.
● Created and maintained technical documentation in Atlassian Confluence, providing comprehensive and up-to- date documentation of security configurations, processes, and procedures.
● Utilized Atlassian Jira ticketing and project management, effectively managing and tracking security-related tasks and projects.
● Collaborated with cross-functional teams to conduct security reviews and assessments, identifying vulnerabilities, and recommending remediation strategies.
Client - NORTHWESTERN MUTUAL, MILWAUKEE August 2013 – December 2014 Role - Cyber Security Engineer
Responsibilities:
● Used monitoring tools like SolarWinds/New Relic to provide Application troubleshooting of multiple server processes, and application response times and use Extra Hop to troubleshoot errors and configuration issues on the network.
● Worked on Splunk tool for monitoring all the Kubernetes clusters for efficient cluster visibility, proactive monitoring, and triggering action.
● Performed comprehensive Root Cause Analysis (RCA) for major incidents, uncovering underlying issues and implementing preventive measures to enhance Mean Time to Failure (MTTF) and eliminate recurring problems.
● Implemented automated monitoring and anomaly detection mechanisms, leveraging tools such as APM
(Application Performance Monitoring) and log analysis platforms, to proactively detect performance bottlenecks, system failures, and potential issues, resulting in a significant decrease in Mean Time to Repair (MTTR).
● Implemented streamlined incident response procedures, establishing clear escalation paths, and communication protocols, and leveraging advanced incident management tools, leading to a substantial reduction in Mean Time to Resolution (MTTR) and enhanced service reliability.
● Designed and implemented highly available applications on AWS using Availability Zones and Regions, while ensuring effective system monitoring and alerts through AWS CloudWatch.
● Utilized SIEM tools and intrusion detection/prevention systems to monitor security logs and events, resulting in 40% faster incident response times.
● Developed security automation scripts using Python, PowerShell, and Bash, reducing manual efforts by 50%.
● Managed identity and access management (IAM) controls, reducing the risk of unauthorized access by implementing role-based access controls (RBAC).
● Conducted risk assessments and developed risk mitigation strategies, ensuring compliance with industry standards and regulations (e.g., GDPR, PCI-DSS).
● Assisted with design and security oversight of next-generation firewalls, intrusion prevention systems, DDoS solutions, SSL - termination load balancers, and WAF.
● Recommended and managed transmission protection requirements for all environments (systems, applications, containers, etc.) such as VPC peering best practices, SSL certificate management, key pairs, etc.
● Collaborated with cross-functional teams to implement and maintain secure containerization technologies such as Docker and Kubernetes, ensuring secure and efficient deployment of applications.
● Effectively utilized Ansible Tower to efficiently manage multiple nodes and maintain inventory for various environments.
● Implemented log collection in ELK (Elasticsearch, Logstash, Kibana) by installing FileBeat on all cluster nodes to send log data to Logstash. Applied filters to preprocess log data before forwarding it to Elasticsearch.
● Set up JIRA as a defect-tracking system and configure various workflows, customizations and plugins as needed. Accenture LLC – Hyderabad, INDIA May 2012 - February 2013 Client - Novartis
Role - Network Engineer
Responsibilities:
● Assisted in designing and implementing secure LAN and WAN connectivity, including MPLS, VPNs, and leased lines to ensure reliable and secure communication between different locations.
● Configured, installed, and maintained network switches and routers including VLANs, routing protocols (such as OSPF and BGP) and ACLs for 25+ devices.
● Conducted network performance monitoring and analysis for 15+ networks to optimize data transmission efficiency.
● Assisted in vulnerability scanning and patch management activities, addressing 50+ network vulnerabilities.
● Deployed and managed network security controls, such as firewalls and intrusion detection/prevention systems.
● Contributed to network documentation, including diagrams, standard operating procedures, and security policies for multiple projects.
● Configured and maintained secure remote access solutions for 60+ remote employees and partners.
● Conducted network troubleshooting and root cause analysis for connectivity issues and security incidents, resolving 30+ cases.
● Configured and managed VPNs and other secure communication channels for 5+ remote sites.
● Participated in network audits and assessments to ensure compliance with security standards and regulations.
● Expertly managed branching and merging of code lines in GIT, resolving conflicts during merges and ensuring smooth code integration.
● Configured network access control measures, including access lists and authentication mechanisms.
● Actively pursued professional development, staying up to date with emerging network security technologies and industry best practices.
EDUCATION DETAILS:
Bachelor’s Degree: Computer Science and Engineering, India, 2011.
Contact this candidate