Cloud Architect Software Engineer

Location:

Elkridge, MD

Salary:

200000

Posted:

April 28, 2025

Contact this candidate

Resume:

Haris Shahid

DevSecOps Engineer & Cloud Architect 18+ years

Experience Summary

Adaptable DevOps/Cloud Architect & Software Developer with a strong passion for learning and adapting to new challenges. Have worked as a DevSecOps Engineer using multiple cloud platforms, mostly AWS, for the past 10 years even though I started out as a full stack Java software Engineer. Expertise spans architecture, cloud-native infrastructure, CI/CD pipelines, and diverse application development. Known for thriving under pressure, solving complex problems, and achieving critical acclaim in cross-functional teams.

Relevant Accomplishments/Skills

DevSecOps Solutions & Enhancements: Designed and built fully automated self-service DevOps CI/CD pipeline susing multiple different orchestration tools like Jenkins, TeamCity, GitLabs, CodePipeline, CodeCommit, GitHub etc.

Infrastructure Automation: Designed and built fully automated Infrastructure as Code (IaC) pipelines for various client projects using a plethora of tools like AWS CloudFormation, their Python Boto3 API, Hashicorp tools like Packer, Terraform, Vault (among other tools used for secret management) and CONSUL (among other tools used for environment configuration management).

Image builds and Container Orchestration: Extensive experience building images using multiple tools like Docker, ContainerD, PodMan and Kaniko on both Windows and Unix with underlying code written in multiple languages like Java, .NET, Python and JavaScript. Also worked with writing deployment scripts and CI/CD pipelines for deploying and running containers on multiple orchestration platforms like Kubernetes (EKS, GKE and OpenShift) as well as fully managed solutions like Fargate and CloudDeploy.

Subject Matter Expert: Advised on DevSecOps cloud solutions for clients including financial institutions (CSS, T.Rowe, TDA etc.) and federal organizations (HHS, CMS). Worked across sectors & industries.

Streamlined DevOps: Propelled a self-service DevOps platform using Over The Shelf (OTS) applications at Customer Value Partners (CVP) for the CMS WETG project, enhancing efficiency for 20+ vendor development teams.

Cloud Transformation: Worked for Common Securitization Solutions (CSS) since it’s early inception days for 3 years in total. Possess unique experience of Common Securitization Cloud Stack. You understand CSS platform architecture, infrastructure, and complexities associated with building messaging systems in AWS cloud. Orchestrated migration of Common Securitization Solutions (CSS) physical data center to AWS cloud, pioneering innovative PaaS and IaaS solutions.

Cost Optimization: Utilized Cloud Economics to save CSS substantial costs via automated instance management and optimized resources.

Testing: Extensive experience writing every type of fully automated unit, integration, functional, performance, end-to-end, acceptance etc both as a developer and a DevOps engineer. Recently involved with writing fully automated tests for testing IaC to ensure flawless end-to-end execution even before the infrastructure is actual provisioned.

Enterprise Test Automation: Pioneered open-source Enterprise-wide Test Automation Framework & Platform (ETAP) at T. Rowe Price, optimizing testing procedures across departments.

Application Development: Created impactful applications for TD Ameritrade, Discovery Channel, and TDA. Facilitated efficiency gains and garnered recognition.

Technology Enhancements: Spearheaded tech shifts like moving TDA's Retail Website App to Tomcat stack, improving development efficiency fourfold.

Automation Excellence: Introduced streamlined, automated development, testing, and delivery frameworks with diverse tools and languages, optimizing processes.

Mentorship & Training: Guided and onboarded junior developers and DevOps engineers through knowledge sharing, workshops, and tailored tools.

Java Instructor: Conducted a comprehensive 3-month crash course teaching Java/J2EE concepts, design patterns, and APIs at Xceltech Inc.

Education, Certifications and Training

BS Computer Science, University of Maryland Baltimore County, 2005

MBA, University of Maryland University College, 2011

AWS Certified DevOps Engineer – Professional

Technical Skills

Languages

Databases

Applications / Tools

Methodologies / Frameworks

Systems / Network Platforms

C++

Oracle

Hashicorp Packer

Agile

Windows (All Versions)

Java

SQL Server

Hashicorp Terraform

SAFe Agile

RedHat Enterprise Linux

SQL, PL-SQL

MySQL

Hashicorp Consul

Waterfall

Suse Linux

HTML, XML

Postgres

Hashicorp Vault

Extreme/Paired Programming

Ubuntu Linux

Groovy

Hashicorp Vagrant

A lot of Java Frameworks:

Sprint, Struts, REST, SOAP, Jersey, RabbitMQ, SonarQube, Quartz, TestNG, Junit, RestAssured, Selenium, Hibernate, EJBs, iBatis, Jackson, gRPC etc.

VM Ware

Python

RDS (Oracle, MySQL, Postgres)

Chef

A lot of JavaScript Frameworks:

NodeJS, DOJO, JQuery etc.

Fedora

Ruby

Docker

TDD

Solaris

Bash

CloudFormation

BDD

PowerShell

AWS/GCP

Scrum

Windows Batch

S3/Cloud Buckets

JavaScript/AJAX/Node/Angular/DOJO

Cloud Foundry

UML

Jenkins, TeamCity, Concourse, ArgoCD, CloudBuild

Assembly

JIRA, Rally, ServiceNow, Remedy

Python/Jython

CloudWatch, NewRelic

YAML, Helm, kubectl, Kubernetes/EKS/GKE, handlebars, kustomize

Git, Bitbucket, GitHub, GitLab, SCM Manager, SVN, PVCS, CVS, Crucible

TeamSite

Artifactory/Nexus/Ivy, GCP Artifact Registry & Container Registry, AWS Elastic Container Registry

HP Fortify, HP WebInspect, WhiteHat, OWASP

JMeter, BlazeRunner, StormRunner

Citrix VDI, Virtual box, VMWare

Tomcat, WebSphere, WebLogic, JBoss, Spring Boot

Cloud Experience

AWS Focus

AWS Infrastructure Scripting - Terraform, CloudFormation, Boto API, AWS CLI

AWS Storage Services - S3, EFS, EBS, ECR

AWS Compute Services - EC2, ECS/Fargate, EKS, ECR, Lambda

AWS Database Services - RDS, DynamoDB, Redshift, Aurora, Elasticsearch

AWS Networking Services - VPC/VPC peering, Transit Gateways, Private Link, VPN, Public and Private Subnets, Security Groups, NACL, API Gateway, Route53, Direct Connect, Elastic Load Balancing (Classic, Network, Application)

AWS Developer Services - Code Pipeline, CodeBuild, CodeCommit, CodeDeploy, Elastic Beanstalk, Cloud9

AWS Management and Governance Services - AWS Organizations, CloudWatch, CloudTrail, Auto Scaling, Trusted Advisor, AWS Config, Cloud Custodian

AWS Security, Identity, Compliance Services - IAM, Certificate Manager, Secrets Manager, Vault, KMS

AWS Application Integration Services - SNS, SQS, SES

AWS Customer Service Software - Amazon Connect

AWS Client Applications - Python based boto3, AWS SDK (CLI), Terraform

GCP Focus

GCP Infrastructure Scripting - Terraform, CloudFormation, JS and Python APIs, GCloud CLI

GCP Storage Services – Buckets, Google Cloud Storage, Artifact Registry, Container Registry, Cloud SQL

GCP Compute Services – Compute Instance, Cloud Run, GKE

GCP Database Services – Cloud SQL, Elasticsearch, Redis, MongoDB

GCP Networking Services - VPC/VPC peering, Transit Gateways, Private Link, VPN, Public and Private Subnets, Security Groups, NACL, API Gateway, Cloud DNS, Google Managed SSL Certs, Load Balancing (Classic, Network, Application)

GCP Developer Services – Cloud Build, Cloud Deploy

GCP Management and Governance Services – Logs Explorer, Metrics, Event Viewer

GCP Security, Identity, Compliance Services - IAM, Certificate Manager, Secrets Manager

GCP Application Integration Services - Pub/Sub

GCP Client Applications - Python and JS based APIs, GCloud CLI

Professional Experience

Capital One Sr. Software Engineer November 2024 – Present

Capital one software development team focuses on building and innovating in the financial industry, leveraging technology like AI, machine learning, and cloud computing to create products and experiences that empower customers and revolutionize banking.

Key Responsibilities and Achievements:

DevSecOps Expertise: Acted as a knowledgeable expert on various DevSecOps subjects.

Lead Vulnerability Management Engineer: Spearheaded process automation tasks and acted as a lead on triaging, aligning and then fixing compliance, vulnerability, cybersecurity and configuration compliance issues as part of the data Enterprise Management Program (EMP) serving team.

Automated Provisioning and Pipelines: Designed and implemented automated provisioning and CI/CD/CT pipelines using AWS for DEV/QA/BETA & PROD environments using Jenkins, TeamCity, Bitbucket/Git, Nexus/Artifactory, Ansible, and more tools.

Mentorship: Interviewed, onboarded, and educated junior members of the EMP serving team.

Cloud Economics Analysis: Utilized cloud economics to analyze and implement cost reduction strategies for virtual hardware procurement in AWS.

Secrets Management: Automated secrets creation, deployment, and retrieval using AWS/GCP SecretsManager or HashiCorp Vault.

Cost-Saving Strategies: Created decommissioning scripts and environment shutdown automation to reduce costs.

Artifact Deployments: Automated deployment of artifacts as RPMs via YUM using Jenkins Chef Ruby and BASH scripting into Artifactory.

Oracle Database Optimization: Designed and implemented a single Oracle 12c Pluggable Container Database (PDB/CDB) VM instance for cost savings.

HA and DR Solutions: Designed and implemented HA and DR solutions for CSP and other internal tools across multiple AWS Virtual Private Clouds (VPCs).

Deployment Coordination: Led coordinated deployments to DEV/TEST/PROD/GSE environments and provided off-hours support.

Static and Dynamic Testing: Configured and performed HP Fortify scans for Static Application Security Testing (SAST) and HP WebInspect Scans for Dynamic Application Security Testing (DAST).

Automated Jenkins & GitHub Actions: Fixed build issues. Created automated GitHub actions and integrated CloudGenie to automate the upgrading of certain tasks via actions.

Report Analysis and Integration: Analyzed tool reports, automated centralized report uploads, and managed tickets for issue.

Mainframe Data Port & Integration: Integrated IBM Z Series mainframe with WebSphere Application Server on Cloud using z/OS Connect EE and IBM MQ to enable secure, real-time data access from CICS and DB2 subsystems. Configured RESTful APIs, JMS messaging, and secure network connectivity to support hybrid cloud application deployment. Our product capabilities span AWS as well as IBM I and Z Series for our core lending systems and integrate with a variety of supporting technologies (e.g., ESB, IAM, Doc Man).

Common Securitization Solutions Sr. DevOps Architect July 2024 – November 2024

Common Securitization Solutions (CSS) is a joint venture between Fannie Mae and Freddie Mac, focused on creating a Common Securitization Platform (CSP) for trading mortgage-backed securities. My role involved developing CSP's technology and operational platform to facilitate core back-office operations for the Single Security, aligning Fannie Mae and Freddie Mac components.

Key Responsibilities and Achievements:

DevSecOps Expertise: Acted as a knowledgeable expert on various DevSecOps subjects.

Lead DevSecOps Engineer: Spearheaded process automation tasks and acted as the Lead DevSecOps Engineer on the DevOps self-service environment redesign using IaC with CloudFormation & Terraform.

Automated Provisioning and Pipelines: Designed and constructed automated provisioning and CI/CD/CT pipelines using AWS for DEV/QA/BETA & PROD environments using Jenkins, TeamCity, Bitbucket/Git, Nexus/Artifactory, Chef, and more tools.

Mentorship: Interviewed, onboarded, and educated junior members of the DevOps team.

Cloud Economics Analysis: Utilized cloud economics to analyze and implement cost reduction strategies for virtual hardware procurement in AWS.

Secrets Management: Automated secrets creation, deployment, and retrieval using AWS/GCP SecretsManager or HashiCorp Vault.

Cost-Saving Strategies: Created decommissioning scripts and environment shutdown automation to reduce costs.

Artifact Deployments: Automated deployment of artifacts as RPMs via YUM using Jenkins Chef Ruby and BASH scripting.

Oracle Database Optimization: Designed and implemented a single Oracle 12c Pluggable Container Database (PDB/CDB) VM instance for cost savings.

HA and DR Solutions: Designed and implemented HA and DR solutions for CSP and other internal tools across multiple AWS Virtual Private Clouds (VPCs).

Deployment Coordination: Led coordinated deployments to PROD/GSE environments and provided off-hours support.

Static and Dynamic Testing: Configured and performed HP Fortify scans for Static Application Security Testing (SAST) and HP WebInspect Scans for Dynamic Application Security Testing (DAST).

Report Analysis and Integration: Analyzed tool reports, automated centralized report uploads, and managed tickets for issues.

Dragos Inc. Sr. Software Engineer (FIPS) September 2023 – July 2024

As a Senior Software Engineer at Dragos Inc., you focus on ensuring industrial cybersecurity in the face of rising threats. Your role involves enabling FIPS using OpenSSL 1.1 for critical tools like NGINX, RabbitMQ, and Vault. Through complex Docker image-building scripts, you recompiled tools with FIPS-enabled OpenSSL (CorSSL) and devised rigorous tests for both tools and dependencies. Your documentation efforts include a comprehensive rebuild process and a client-friendly Whitepaper explaining the FIPS process.

Key Responsibilities and Achievements:

FIPS Implementation: Enabled FIPS using OpenSSL 1.1 for NGINX, RabbitMQ, and Vault.

Docker Image Automation: Developed intricate scripts for Docker image creation, ensuring tools and dependencies were FIPS compliant.

Modified Source Code: Made mi or modifications to Java, Python and GO Lang code while rebuilding the off the shelf tools from scratch to enable FIPS.

Testing Expertise: Created and executed complex tests for rebuilt tools, dependencies, and Docker images.

Documentation Leadership: Documented the entire rebuild process and authored a Whitepaper for client understanding.

Subject Matter Expertise: Acted as a Subject Matter Expert in DevSecOps, AWS, and GCP cloud platforms.

Solution Design: Contributed to designing and implementing solutions for various technical challenges and Proof of Concepts (POCs).

EKS and GKE Cluster Management: Established Elastic Kubernetes Service (EKS) and Google Kubernetes Engine (GKE) clusters.

End-to-End Automation: Orchestrated fully automated infrastructure, app deployment, logging, and monitoring.

Technological Proficiency: Utilized a range of technologies, including Gradle/Maven, Helm, YAML, Kustomize, Jenkins, and more.

Autoscaling and Utility Integration: Implemented autoscaling (Vertical Node and Horizontal Pod) and integrated various utility apps/tools.

Code Quality: Ensured code readability, robustness, adaptability, repeatability, and extensibility from inception.

Automation with Python : Used Python to quickly automate various tasks like writing test modules for subscribing and listening to queues and/or topics as well as for reading and parsing large JSON/YAML documents for environment configuration management and much more.

Nuvalence Sr. Software Engineer II June 2021 – September 2023

Nuvalence is a thriving technology consultancy firm empowering clients with cloud architecture and product solutions. At Nuvalence I led diverse projects across public and private sectors, specializing in DevSecOps, cloud migrations, and infrastructure automation.

Key Responsibilities and Achievements:

Subject Matter Expertise: Provided expertise in DevSecOps and AWS/GCP cloud platforms, guiding successful solutions for varied clients.

Mentorship and Leadership: Managed Junior Software Engineers, offering guidance, career support, and weekly check-ins.

Cloud Migration and Infrastructure: Designed and executed AWS and GCP cloud migrations, ensuring seamless transitions from "lift & shift" to cloud-native setups.

DevSecOps Automation: Implemented end-to-end DevSecOps automation using Infrastructure as Code (IaC) principles, with Terraform and other HashiCorp tools.

CI/CD Pipeline Development: Created efficient CI/CD/CT pipelines for software deployment, employing best practices and various CI/CD tools.

Modified Source Code: Made minor modifications to existing Java, Python and GO Lang for off the shelf products to better fit our deployment needs.

Collaborative Team Lead: Led DevOps Engineers within teams, orchestrating rapid infrastructure setup, management, and task delegation.

Contract Proposals: Identified opportunities to expand services for existing clients, leading to successful contract modifications.

Technical Solutions: Developed and proposed technical solutions, including proof-of-concept designs, to secure contracts with private and state-owned organizations.

Onboarding and Training: Created documentation and conducted demos, workshops, and mentorship programs for colleagues across hierarchies.

Talent Acquisition: Assisted in interviewing and hiring Software Engineers, Performance Testing, and DevSecOps Engineers.

Automation and Efficiency: Automated manual processes, enhancing organizational efficiency and reducing costs.

Performance Testing Infrastructure: Created automated provisioning and teardown of AWS and GCP environments, incorporating extensive infrastructure setup for performance testing environments.

Secret Management Automation: Automated secret management using cloud-native services and HashiCorp Vault.

Internal Solutions: Proposed solutions enhancing employee productivity and project efficiency.

Security and Monitoring: Implemented security measures, logging, monitoring, and alerting, ensuring robust security and site reliability.

Kubernetes Expertise: Built and managed multiple EKS and GKE clusters/environments for diverse applications, using automation and best practices.

Innovative Scripting: Developed complex modularized Packer, CloudFormation, Terraform and Helm scripts for fully automated environment creation and app deployment.

Software Enhancement: Contributed to software back-end enhancements, bug fixes, data migration, and legacy system integration.

Python Development: Created a Data Migration Service for parsing and importing legacy data into new systems.

Static Code Analysis: Integrated Fortify and SonarQube for static code analysis and vulnerability scanning, ensuring code quality.

Hotfix Automation: Designed a fully automated hotfix process for quick bug fixes in UAT and PROD environments.

Deployment Coordination: Participated in maintenance and deployment calls, promoting new versions to UAT and PROD on a bi-weekly basis.

Continuous Improvement: Identified and addressed issues flagged by Fortify and SonarQube, making code changes, as necessary.

Automation with Python : Used Python to quickly automate various tasks like deployment, monitoring and environment configuration management as well as one of batch processes for uploading documents to a FTP server and much more.

APM via Elasticsearch, Kibana & Logstash: Designed, deployed, and maintained scalable Elasticsearch clusters, developed custom Kibana dashboards for real-time data visualization, and implemented Logstash pipelines for efficient data ingestion and transformation.

Customer Value Partners Lead Technologist, CMS April 2018 - June 2021

Customer Value Partners (CVP) is dedicated to aiding clients in healthcare, national security, and the public sector to overcome transformational challenges using strategic thought leadership and practical technology solutions.

Key Responsibilities and Achievements:

Subject Matter Expertise: Offered expertise in DevSecOps, AWS/GCP cloud platforms, and related topics to shape effective solutions.

Leadership and Mentorship: Managed Junior Software Engineers, guiding their growth, career progression, and addressing needs.

Cloud Migration and DevSecOps: Led AWS and GCP cloud migrations, adopting "lift & shift" or cloud-native strategies based on client requirements.

Technical Solution Design: Developed proposals and solutions to address gaps in existing contracts and secure new ones. Also, designed and implemented solutions, including proof-of-concepts, to tackle technical challenges to ensure winning the contract.

Onboarding and Training: Created documentation and conducted workshops, demos, and mentorship programs for colleagues across all levels.

Talent Acquisition: Participated in hiring Performance Testing and DevSecOps Engineers for various client projects.

Automation and Efficiency: Streamlined manual processes, enhancing efficiency and reducing operational costs.

Performance Testing Infrastructure: Orchestrated automated provisioning and teardown of AWS-based Performance Testing infrastructure.

Internal Process Enhancements: Proposed and implemented solutions to enhance internal operational efficiency and effectiveness.

CMS Projects: Collaborated on the Affordable Care Act (ACA) Website Quality Control (WQC), FIVS, Medicare/Medicaid and QMARS projects, setting up CI/CD solutions on AWS.

CI/CD Pipeline Service: Implemented a self-service one-click Jenkins as a CI/CD service for 25+ DEV teams on the WQC project using the latest CloudBees Core (kubernetes) version.

Infrastructure Provisioning: Designed and coded IaaS Packer, CloudFormation and Terraform scripts for automated DevOps infrastructure (AWS) provisioning on the WQC project using EC2 instances.

Jenkins Pipeline Enhancement: Improved Jenkins pipeline jobs and automation scripts, using diverse scripting languages.

Technical Support: Assisted DEV teams with technical questions and troubleshooting using CloudBees Jenkins Core based CI/CD service.

Production Support: Participated in on-call support for WQC DevOps infrastructure, resolving critical issues in real-time.

Artifact Management: Implemented JFrog Artifactory & Xray as a global artifact repository solution for 25+ DEV teams on the WQC project.

Docker Implementation: Installed and configured Docker for secure use with CloudBees Jenkins core by the developers.

Security and Compliance: Automated solutions with rigorous security, GOV (FedRamp) standards adherence, and industry best practices.

Elastic Kubernetes Service (EKS): Created EKS Clusters/Environments for running CloudBees Core, deploying complex Packer and Terraform scripts.

Secret Management Automation: Automated secret management using cloud-native services or HashiCorp Vault.

Amazon Connect Setup: Established Amazon Connect for healthcare.gov, enabling omnichannel customer service interface.

Static Code Analysis: Integrated Fortify and SonarQube for code analysis, identifying and addressing security vulnerabilities.

Automation with Python : Used Python to quickly automate various tasks like deployment, monitoring and environment configuration management as well as used the AWS Boto3 API to automate the provisioning of AWS infrastructure as code (IaC).

T. Rowe Price Lead Software Developer En-Test (SDET) July 2017 - March 2018

T. Rowe Price Group, Inc. is a globally recognized asset management firm that has embraced modern technologies and methodologies, transitioning to Agile (Scrum) methodology while adopting AWS Cloud infrastructure and HashiCorp tools for comprehensive CI/CD & CT pipelines.

Key Responsibilities and Achievements:

Agile Transformation: Led the adaptation of Agile methodology (Scrum) as the IDS API Service's first adopter at the company.

Enterprise Test Automation Platform (ETAP): Designed and implemented a framework using Gradle-based Java projects for integration, regression, and performance testing.

RESTful & gRPC API Service: Spearheaded the creation of a major RESTful & gRPC API Service as a milestone project to move intra-company Clients/Departments from legacy systems to a modern architecture.

Technical Leadership: Acted as Lead Software Engineer for process automation tasks and often as SCRUM master for Agile projects.

Test Automation Implementation: Transitioned automated testing of the IDS API Service to the newly established ETAP framework.

Custom Validators: Created custom testing validators for data validation, encompassing data types, length, values, and more.

Data Quality Tests: Developed comprehensive business logic test cases known as Data Quality tests for each endpoint, ensuring accurate data flow and adherence to requirements.

Custom Loggers: Designed and implemented custom loggers, recording REST and streaming call metrics and response times.

Secrets Management: Automated the creation, deployment, and retrieval of secrets using cloud-native services or HashiCorp Vault.

Manual Testing and Bug Tracking: Executed manual testing and logged bugs in JIRA until full automation was achieved.

JIRA Administration: Managed testing tasks in JIRA, creating tasks for each endpoint developed per sprint.

Demos and Training: Conducted numerous company-wide demos and training sessions on ETAP Framework and the IDS API project.

Continuous Testing (CI) Automation: Implemented Gradle-based Java projects for CI, fetching dependencies from an internal Artifactory instance.

Requirements Retrieval: Automated retrieval of requirements documents from SharePoint via secure HTTPS REST calls for use in testing and validation.

Data Retrieval Automation: Automated data retrieval using credentials from HashiCorp Vault to fetch data from the application's MySQL RDS.

DevOps Expertise: Utilized extensive previous experience as a Senior DevOps Engineer to provide expertise on various DevOps subjects.

Performance Testing: Developed a comprehensive JMeter performance test suite, automating the entire performance testing process.

Monitoring and Alerts: Utilized AWS Console, CloudWatch, and New Relic for network traffic monitoring and performance testing, setting up alerts for system health.

Production Support: Provided round-the-clock production support for the IDS API platform, ensuring its stability and reliability.

Common Securitization Solutions Sr. DevOps Architect June 2015 - July 2017