Solutions Architect Cloud

SANTOSH PALMURKAR

Cloud Solutions / Infrastructure Automation Architect

Contact – 314-***-****, ****************@*****.***

LinkedIn - https://www.linkedin.com/in/santosh-palmurkar-9433b7139/

Qualifications Profile

A certified multi-cloud (Amazon / Microsoft / Google Cloud / SAP) solutions architect with 24+ years of experience with recent years concentrated around design and implementation of end-to-end cloud migration strategies aimed at zero unplanned downtimes. Single point of contact as an architectural leader for designing and deploying secure, multi-region, cost-optimized cloud infrastructure. Expertise in cloud spend / resource optimization across the enterprise by developing / refining / customizing digital transformation key performance indicators / dashboards and quantify outcomes against cost savings, staff productivity, operational resilience, business agility and sustainability.

Professional Experience

Federal Reserve Bank Of St. Louis / Department Of Treasury, Orlando, FL

Senior Cloud Solutions / Data Architect February 2022–Present

Design conceptual, logical and physical Architecture of FPS (Fiscal Projection System) – a greenfield AWS cloud native application using a SaaS solution (One Stream). Presented a cost analysis dashboard showcasing existing on-prem licensed software (Oracle, Hyperion, JBoss, Legacy SOAP service clients) costs against cloud infrastructure highlighting a savings of 38% (YoY) based on pay as you go model offered by AWS.

Spearhead scalable, highly available, resilient, multi-region infrastructure deployments and periodic disaster recovery exercises to recover quickly from disruptions by complying to recover point objective and recovery time objective (RTO / RPO). Ensured mean time to recover (3 hours) SLA is not breached resulting in 99.9% (YoY)system uptime.

Orchestrate and design the security framework by consolidating data points from security services and configured integrations with amazon partner network (APN) partners, resulting in bringing down security vulnerabilities by 40% (YoY). Implemented auto remediation actions / workflow which further decreased these findings by additional 12% (YoY).

Collaborated with DevOps and platform teams, leading the creation and implementation of a comprehensive multi-region CI/CD solution with mandatory resource tagging, DevSecOps best practices leveraging GitlabCI, which assisted in building a list of unused resources, notifying line of business owners and optimizing / shutting down resources not in use. This resulted in lowering the overall cloud spend by 18% YoY.

Leveraged Federal Enterprise Architecture (FEAF) to only allow AWS services which are FedRAMP high approved which resulted in 100% compliance and governance to federal standards.

Design and implement a cloud monitoring framework to assist CloudOps teams in proactive decision making and corrective actions which enabled them to avoid outages and reduce the overall incident count by 30% (Y0Y).

Administered IAM / SSO / permission sets for all business and technical users and other stakeholders while keeping security guardrails in check.

Virtusa / Reliance Standard Life Insurance (RSLI), Philadelphia, PA

AWS Landing Zone / Infrastructure Automation Architect - Practice & Delivery February 2020–January 2022

Design, make recommendations, and guide the RSLI Cloud Center of Excellence (CCOE) team by setting up a Terraform Landing Zone (TLZ) across the organization reducing the lead time and time-to-value (by 50% MoM) to deploy pre-backed new AWS tenants / accounts with pre-requisite infrastructure components which meet finance, security, and architectural guidelines.

Organized terraform code into pre-built modular templates – enforcing security baselines (identity, networking, policies, logging, and guard duty) using built-in policies and guardrails enforcing best practices across all cloud accounts / subscriptions reducing security vulnerabilities by 35% YoY.

Automated account provisioning via the AVM solution from AWS. Implemented Policies (SCPs), RBAC / IAM roles (break glass roles, explicit deny, etc.) and permission boundaries in terraform to ensure security and compliance. Implemented version-control for all policies and baseline configurations for traceability. Set up centralized logging (Cloudtrail, Config, VPC Flow Logs) and send logs to a dedicated log archive account.

Member of CCOE / CE / CA teams and contributed towards building a modernization strategy roadmap timeline. RACI matrices across the CA / Security / Network / Platform / Application / PMO / Audit teams, providing sandbox environments, prepare the environments with the Zero Trust / Least Privilege principle policy. The key goals were collaboration, socialization, documentation with cross-functional teams, and constant progress.

Architected and implemented Integration Hub (AWS Cloud Native Application) as part of the IT platform modernization initiative. Design physical architecture for iHub, which facilitates RSL data center connectivity to AWS Cloud via Direct Connect (VIF Failover between regions) and inter-VPC communication via Transit Gateway. Implemented Cross-Account CloudWatch Dashboards for executive leadership for observability.

AWS Professional Services / Jabil Circuit, St. Petersburg, FL

Cloud Solutions / Data Architect January 2019 – January 2020

Build DevOps pipelines to automate Infrastructure creation/deployment, frontend/backend / rules-engine / database pipelines integrated with GitHub for seamless deployments.

Architect CloudFormation templates via CodePipeline in the Shared Services Account to deploy Infra/Code across all environments eliminating the scope for human intervention / errors.

Ensured cloud spend is not more than 50% (MoM) of the savings from decrease in on-premises data center costs.

Introduced proactive notifications and response mechanisms reduce the mean time to detect and respond to unplanned outages / incidents by 40% YoY.

Architected organization wide resource vending via AWS Service Catalog which resulted in 22% (YoY) decrease in security incidents due to resource misconfiguration and security posture vulnerabilities.

Partner with AWS professional services team to set up / automate VPC / CIDR block architecture across environments. Define VPN Gateway/attachment, set up direct-connect, and configure VIFs for on-prem to AWS dedicated connectivity. Configure route tables / VPC endpoints and security groups for inter-subnet communication which resulted in robust, resilient, and secure internal networks.

Employed a combination strategy of renewable energy usage and infrastructure efficiency promoting green computing initiatives. Presented waste reduction metrics by compiling om-premises infrastructure waste recycled and disposed off in landfills as against environmentally friendly manner.

Key Skills

Governance - Cloud Center of Excellence / Practice

Networking - MPLS, VIF, Direct Connect, Transit Gateway, Palo Alto, Panorama

Security / IAM - RBAC, Service Control Policies, Config, Guardrails

DevOps / Infrastructure as Code - Terraform, CDK, Cloud Formation, Service Catalog, Systems Manager

Single Sign On / MFA - Sailpoint, Ping Identity, OKTA, Azure AD, PagerDuty, SAML

Multi-region / multi-tenant - Disaster Recovery, RTO/RPO/MTTR, Failover, Failback

Observability / Monitoring - Splunk, NewRelic, DataDog, Grafana, AMG, Fault Injection

Framework / Regulations - FEAF, FedRAMP, Zachman, TOGAF, ITIL, GDPR, HIPAA, PCI, DSS, NIST, SOX -

Certifications

AWS Certified Solutions Architect – Professional Google Cloud Certified – Professional Cloud Architect

Microsoft Certified: Azure Solutions Architect Expert Microsoft Certified: Azure Solutions Architect Expert

Prior Professional Career

Master of Computer Applications, Osmania University – July 2001

Prior Professional Career

Walt Disney World – Senior Technical Manager, Southeast Region for RCG Consulting Services February 2015 – October 2018

Marriott Vacations Worldwide Corporation – Technical Manager May 2007 – December 2014

Blue Cross Blue Shield, Citibank, GE Capital and Assured Health Insurance – Technical Lead January 2003 – April 2007

Contact this candidate