Cloud Infrastructure Devsecops Engineer
Resume:
Lekkala Karthik
LinkedIn: linkedin.com/in/karthiklekkala
Email: ***************@*****.*** Phone: +1-713-***-****
Objective:
Results-driven Cloud and DevSecOps Engineer with over 12 years of hands-on experience in architecting secure, scalable, and automated cloud infrastructure across Azure, AWS, and Oracle Cloud. Proven expertise in CI/CD pipeline development, Infrastructure as Code (IaC) with Terraform, and container orchestration using Kubernetes (AKS/EKS). Adept at driving automation, enhancing cloud security, and aligning infrastructure with compliance standards such as SOC 2, HIPAA, and ISO 27001, Seeking to contribute to a dynamic and challenging environment where I can leverage my technical skills, expand my knowledge, and deliver high-impact solutions that empower teams and accelerate business outcomes.
Professional Summary:
A Dynamic professional with over 12 years of experience in DevOps and cloud engineering, specializing in a wide range of cloud platforms, tools, and services. Expertise spans Azure, AWS, and OCI, covering computing, networking, storage, load balancing, security, integration, databases, Observability, and container orchestration.
Designed and implemented scalable, highly available cloud architectures supporting mission-critical environments using Terraform, Bicep, and CloudFormation templates across Azure, AWS, and OCI, ensuring 99.99% uptime.
Integrated Terraform with Open Policy Agent (OPA) to implement policy-as-code, restricting teams from deploying cloud resources in unauthorized regions and SKUs.
Designed and implemented hybrid cloud networking solutions by extending on-premises infrastructure to the cloud using dedicated private connectivity options such as Oracle FastConnect, Azure ExpressRoute, and AWS Direct Connect. Configured secure Site-to-Site VPN tunnels as backup connectivity, to ensure high availability and seamless integration.
Proficient in designing and maintaining end-to-end CI/CD pipelines using Azure DevOps, Jenkins, and GitHub Actions, enabling automated builds, testing, and deployments for improved development efficiency and consistency. Integrated security practices by implementing SAST and DAST using SonarQube with quality gates, OWASP guidelines, and container image scanning with Trivy to ensure secure and compliant releases.
Proficient in Kubernetes administration tasks such as managing node pools, implementing RBAC, configuring ingress controllers, and setting up CI/CD pipelines, leveraging Argo CD for GitOps-based deployments, and with a strong focus on observability using tools like Prometheus, Grafana, Fluent bit, Elasticsearch, Kibana, and Dynatrace, ensuring comprehensive visibility, logging, and performance monitoring across AKS, EKS, and ECS clusters.
Migrated legacy Kubernetes workloads to Amazon EKS with pod-level RBAC and network policies, achieving HIPAA compliance across all environments.
Utilized Ansible extensively to automate and maintain server configurations across both Windows and Linux environments. Developed playbooks for patch management, software installations, user provisioning, and service configuration tasks.
Led successful migrations of on-premises workloads to Azure Cloud, utilizing the Azure Migrate tool, and established robust landing zones to ensure seamless application transitions. Conducted comprehensive assessments to evaluate infrastructure readiness, identify critical dependencies, and mitigate potential challenges.
Adept at developing detailed documentation (HLD and LLD) and providing post-migration training to operational teams for efficient management of Azure environments.
Strong leadership and team collaboration skills, fostering a DevOps culture focused on enhancing agility, reducing time to market, and optimizing costs.
Skilled in scripting with YAML, Shell, and Python to streamline deployments, monitor infrastructure, troubleshoot CI/CD failures, and ensure high availability and reliability.
Demonstrates a strong ability to quickly learn new concepts and adapt to evolving environments. Actively exploring and adopting AIOps practices to enhance infrastructure automation, intelligent alerting, and predictive issue resolution, showcasing a continuous learning mindset and a forward-thinking approach to modern IT operations.
Technical Skills:
Cloud Platforms
Azure, AWS, and OCI
Infrastructure as Code (IaC)
Terraform, Bicep, and CloudFormation template
CI/CD
Azure Pipelines, Jenkins, and GitHub Actions
Containerization & Orchestration
Docker, Docker swarm, ECS, ACS, AKS, and EKS
K8 Package & Configuration Management
Helm, and Kustomize
System Configuration Management
Ansible
Automation & Scripting
Python, Shell, YAML, and PowerShell
Version Control
GitHub, Bitbucket, and AWS CodeCommit
Monitoring & Logging
Prometheus, Fluentd, Fluentbit, and Elasticsearch
Distributed Tracing
Application Insights, AWS X-Ray, Datadog, Dynatrace, and Jaeger
Data Visualization
Grafana, Kibana, and Azure Dashboard
GitOps
Argo CD
Security & Code Quality
SonarQube, Trivy, OWASP(ZAP), and Prisma Cloud
Database Technologies
Oracle Database, SQL Server, MySQL, PostgreSQL, and MongoDB
Application Build
Maven, NPM, and Ant
Web Servers & Application Servers
Apache Tomcat, Nginx, IIS, and WebLogic
Operating Systems
Windows Server, and Linux (Ubuntu, CentOS, RHEL)
Compliance & Standards
SOC 2, HIPAA, ISO 27001, and CIS Benchmarks
Professional Summary:
PROJECT #1 May 2022 – Till date
Client: GE Appliances, Louisville, Kentucky, United States
Role: DevOps & Cloud Architect
Environment: Azure, Azure DevOps, landing zone, Terraform, Bicep, AKS, Ansible, and PowerShell
Responsibilities:
Designed, deployed, and managed highly available and scalable cloud infrastructure on Azure using the Cloud Adoption Framework (CAF), ensuring alignment with organizational goals.
Architected and implemented Azure Landing Zones, provisioning networking, identity, and resource organization using Terraform and Bicep to automate cloud resource management and optimize provisioning times.
Designed and implemented Azure networking services, including VNets, Subnets, NSGs, ASGs, Route Tables, Application Gateway, VPN Gateway, Traffic Manager, Front Door, and ExpressRoute to ensure secure and efficient cloud communication.
Worked with multiple Azure services including Virtual Machines, VM Scale Sets, APIM, Service Bus, Application Insights, Azure Monitor, Log Analytics, Azure Policy, Microsoft Entra ID, AKS, and Azure Arc for seamless cloud management and monitoring.
Worked extensively on Docker-based containerized applications using Azure Container Service (ACS) and Azure Kubernetes Service (AKS), enabling high availability and seamless scalability of workloads.
Implemented end-to-end observability for AKS clusters by deploying Prometheus for metrics collection and integrating it with Grafana for real-time visualization. Configured Fluent Bit for log forwarding to Elasticsearch and integrated with Kibana to enable centralized log analysis and visualization.
Implemented distributed tracing for AKS-deployed microservices with Azure Application Insights.
Architected Terraform codebase with module versioning and lifecycle management, powering infrastructure deployments with near-zero drift.
Designed and deployed solutions using Azure services like App Service, Logic Apps, and Function Apps, ensuring efficient and reliable cloud-based application delivery.
Utilized Azure Key Vault for secure secret management and integrated it with Azure DevOps pipelines to fetch secrets at runtime, ensuring secure handling of credentials, tokens, and configuration values during CI/CD build and deployment processes.
Secured Azure storage solutions, including Blob Storage, Queue Storage, Disk Storage, Azure Backup, and Azure Site Recovery (ASR), ensuring data integrity and disaster recovery preparedness.
Conducted security assessments and penetration testing of Azure landing zones in adherence to Cloud Security Alliance (CSA) best practices, identifying vulnerabilities and recommending remediation strategies to mitigate risks.
Developed automation scripts using PowerShell to deploy Azure API Management policies and update backend service URLs, enhancing operational efficiency.
Implemented disaster recovery solutions using Terraform, ensuring business continuity and minimizing downtime during outages.
Automated configuration management with Ansible, improving system reliability and reducing manual errors across cloud environments.
Containerized applications using Docker and configured Azure Container Registry (ACR), streamlining image management and CI/CD pipeline integration.
Collaborated with cross-functional teams to ensure efficient and secure development and deployment workflows, fostering a culture of continuous integration and delivery.
Collaborated with the Security and Compliance teams to pass SOC 2 and ISO 27001 audits with zero critical findings.
Conducted regular cost and usage analyses of Azure environments using industry-standard tools, including Azure Cost Management, Azure Advisor, and Resource Graph Explorer. Implemented cost optimization strategies that improved resource efficiency and reduced overall cloud expenditures.
PROJECT #2 May 2022 – May 2024
Client: Reinhart Foodservice, Chicago, Illinois, United States
Role: DevOps and Cloud Engineer
Environment: AWS, EKS, ECS, Argo CD, Terraform, Jenkins, GitHub actions, GitHub, and Jaeger
Responsibilities:
Worked with a wide range of AWS services, including Amazon EC2, EC2 Auto Scaling, AWS Lambda, API Gateway, CloudWatch, and IAM to build and maintain scalable, secure cloud environments.
Secured AWS environments by implementing robust IAM policies, security groups, network ACLs, and encryption practices for data at rest and in transit, ensuring compliance with industry best practices and mitigating security risks.
Designed and implemented AWS networking services, including VPC, Application Load Balancer (ALB), Site-to-Site VPN, Route 53, Global Accelerator, Direct Connect, CloudFront, and AWS WAF, optimizing network security, availability, and performance.
Architected and secured AWS storage solutions, including Amazon S3, SQS, FSx, EBS, AWS Backup, and AWS Elastic Disaster Recovery (AWS DRS), ensuring high availability, data integrity, and disaster recovery capabilities.
Collaborated with stakeholders to understand business requirements and design scalable, high-availability cloud architectures that meet organizational and compliance standards.
Led migration and modernization of on-premises applications to AWS, improving performance, scalability, and operational efficiency through cloud-native architectures.
Utilized Infrastructure as Code tools such as Terraform and CloudFormation Templates to automate resource deployment and configuration, ensuring consistency and reducing provisioning time.
Implemented governance and compliance policies, enforcing organizational standards and industry regulations to ensure cloud resources align with security and compliance requirements.
Implemented container security practices, including image scanning and runtime protection, to secure containerized applications and ensure safe deployments.
Deployed workloads to Amazon EKS with pod-level RBAC and network policies, achieving HIPAA compliance across all environments.
Set up and managed monitoring solutions using Prometheus and Grafana to provide real-time visibility into system performance, enabling high availability and proactive issue resolution for microservices deployed on Amazon EKS.
Provisioned and managed Amazon ECS clusters using the Fargate launch type, creating task definitions and deploying containerized applications via ECS services, enabling scalable and serverless container orchestration with minimal infrastructure management.
Implemented distributed tracing using Jaeger and configured it to export trace data to Elasticsearch. Integrated Jaeger Query for trace visualization, enabling efficient debugging and performance monitoring of microservices
Provided training and knowledge transfer to cross-functional teams, empowering them with the necessary skills to manage and maintain secure and efficient cloud environments.
Demonstrated strong problem-solving and troubleshooting abilities, with a focus on optimizing system performance, reliability, and continuous improvement.
Led post-incident reviews (PIRs) and root cause analysis (RCA), implementing preventive measures to reduce recurring failures.
Conducted internal DevSecOps training workshops and developed onboarding guides for tools like GitHub Actions and Prisma Cloud.
PROJECT #3 August 2020 – May 2022
Client: Pacific National, Sydney, New South Wales, Australia
Role: DevOps & Cloud Architect
Environment: OCI, ATP, OMC, MQL, Shell scripting, API Gateway, WAF, OCI DI, GitLab and Docker
Responsibilities:
Contributed to a migration project, transitioning from legacy SOACS to Oracle Integration Cloud (OIC).
Provisioned various Oracle Cloud services using Terraform, including Oracle Integration Cloud (OIC), Oracle Data Integration, Object Storage, OCI Functions, API Gateway, and ATP Databases.
Deployed OIC integrations to the OIC environment through GitLab CI/CD pipelines, automating the process of moving code from the development environment to higher environments.
Developed and managed APIs with appropriate security policies for rate limiting and data validation.
Utilized Oracle native monitoring tools to track the performance of OIC integrations, data integrations, and other Oracle Cloud services, creating custom dashboards with Monitoring Query Language.
Enabled private connectivity to OIC instances via a private load balancer, while public access to OIC was secured through a Web Application Firewall (WAF).
Designed optimized multi-stage Docker files to reduce image size and improve build performance, ensuring faster deployments by separating build and runtime dependencies.
Regularly patched OIC agent virtual machines (VMs) every quarter to mitigate security vulnerabilities.
Implemented shell scripts to monitor certificate expiration dates and developed retry scripts for OIC integrations to ensure reliability.
PROJECT #4 August 2019 – August 2020
Client: Judo Bank, Melbourne, Victoria, Australia
Role: DevOps Tech Lead
Environment: Azure, AWS, OCI, CI/CD, IaC, Kubernetes and Observability
Responsibilities:
Led end-to-end design and implementation of scalable CI/CD pipelines across multi-cloud environments (Azure, AWS, OCI), reducing release cycles.
Defined DevOps best practices, governance models, and automation standards, driving consistent deployments and improved system reliability across teams.
Architected Infrastructure as Code (IaC) frameworks using Terraform enabling version-controlled, reproducible infrastructure provisioning.
Managed and mentored cross-functional DevOps teams, fostering a culture of automation, continuous improvement, and DevSecOps integration.
Implemented centralized monitoring and alerting systems using Prometheus, Grafana, Azure Monitor, and EFK stack to ensure proactive issue resolution.
Influenced product release strategies by integrating automated testing, canary deployments, and blue-green deployment models.
Deployed multi-region failover strategies and disaster recovery solutions, ensuring high availability in cloud environments.
Provided training and knowledge transfer to cross-functional teams, empowering them with the necessary skills to manage and maintain secure and efficient cloud environments.
PROJECT #5 December 2017 – August 2019
Client: City of Gold Coast, South East Nanango, Queensland, Australia
Role: DevOps Engineer
Environment: Oracle Data Guard, FastConnect, OMC, Patching and Exadata Database
Responsibilities:
Configured and managed Oracle Data Guard for high availability and disaster recovery of Oracle databases, ensuring data consistency across primary and standby databases.
Implemented and monitored DRG (Dynamic Routing Gateway) for secure and scalable connectivity between OCI Virtual Cloud Networks (VCNs) and on-premises environments.
Established FastConnect to provide dedicated, low-latency, and secure private connectivity between on-premises data centers and OCI regions.
Performed Exadata Database server patching, including quarterly PSU and critical patch updates to ensure compliance, performance, and security.
Configured proactive monitoring and alerting using Oracle Management Cloud (OMC) to track system health, performance, and anomalies.
Used Oracle Object Storage for scalable, durable storage of backups, logs, artifacts, and other static content across environments.
Leveraged Oracle Functions (FaaS) to automate event-driven tasks such as backup triggers, notifications, and data processing pipelines.
PROJECT #6 December 2015 – December 2017
Client: T-Mobile, Bellevue, Washington, United States
Role: System Administrator
Environment: Oracle SOA, OSB, Apache HTTP Server, SQL, WLST scripting and Automation
Responsibilities:
Installed and configured Oracle WebLogic Server to support enterprise-grade Java EE applications. Deployed Java applications to WebLogic environments, including WAR and EAR packages using both admin console and automation scripts.
Configured Apache and Oracle HTTP Server (OHS) as proxy web servers for WebLogic to handle incoming traffic and improve scalability and availability.
Applied necessary configuration changes to WebLogic server environments based on application or infrastructure requirements.
Validated and executed SQL queries in backend databases (e.g., Oracle DB, MySQL) to assist development and troubleshooting efforts.
PROJECT #7 October 2013 – December 2015
Client: IBM, Boston, Massachusetts, United States
Role: Technology Integration Engineer
Environment: WebLogic, OHS, OAM, OIM, Shell Scripting and Oracle Database
Responsibilities:
Manager (OIM), and Oracle Access Manager (OAM) servers with minimal downtime.
Installed and configured IBM WebSphere Application Server for legacy application support and hybrid environments.
Integrated Web servers (Apache/OHS) with WebLogic, and Host Integration Server (HIS) with WebSphere for seamless communication between middleware and backend systems.
Upgraded WebLogic Server from version 12.2.1.0 to 12.2.1.1 as part of platform modernization efforts with minimal application downtime.
Automated repetitive and manual tasks related to WebLogic upgrade and configuration using Shell/Python scripting and WLST (WebLogic Scripting Tool)
Education Qualification:
Bachelor of Technology from Jawaharlal Nehru Technological University, Hyderabad (2007 – 2011)
Certifications:
Azure Solutions Architect (2DCEBE35B01BDCA7)
OCI Architect Professional (274267336OCICAP2021OPN)
Azure Administrator Associate (A6088CB6FCF61E95)
OCI Architect Associate (274267336OCIAA2020CA)
Azure Data Fundamentals (8A3EF2F1F510D955)
Contact this candidate