Cloud Infrastructure Security
Resume:
SENIOR PROFESSIONAL
Cloud Infrastructure Specialist with 12+ years of experience across AWS, Azure, Windows/Linux systems, and enterprise networks. Proven expertise in AWS Control Tower, cloud migrations, infrastructure automation, and hybrid cloud security. Skilled in Azure AD and AWS Identity Center integration, VMware ESXi, and secure cloud networking. Currently enhancing skills in Terraform and DevOps. A R E A S O F E X P E R T I S E
Cloud Infrastructure & Enterprise IT Management
Windows/Linux Server & Systems Administration
AWS & Azure Cloud Operations
Cloud Migration & Multi-Account Governance
Network Security & Firewall Management
Identity & Access Management (IAM, RBAC, SSO)
Database & Application Deployment
Automation & Infrastructure as Code (IaC)
ITIL Processes (Incident, Change, Problem Management) Performance & Cost Optimization
Security, Compliance & Risk Management
Disaster Recovery & Service Continuity
P R O F I L E S UMMARY
Results-driven cloud professional with 12+ years of experience in AWS Landing Zone, Azure infrastructure design, multi-account governance, and cloud security. Proven in managing large-scale migrations and hybrid environments using AWS Control Tower, Organizations, Azure AD, VNet, and Key Vaults.
Skilled in deploying AWS (EC2, S3, VPC, IAM, Lambda, CloudFormation) and Azure services (Storage, NSGs, App Service, Azure Monitor). Hands-on with VMware ESXi, Check Point Cloud Guard, Fortinet, and Sophos. Strong in IaC, security compliance frameworks, and automation using PowerShell, Azure CLI, ARM, and Shell scripting.
Experience in Oracle/MySQL database management and app deployment (Glassfish, Tomcat, Nginx) with a focus on performance, cost-efficiency, and operational excellence.
T E C H N I C A L S K I L L S
Operating Systems & Server Management
Windows Server, Active Directory, Group Policy, DNS, DHCP, Security Groups Linux (Ubuntu, RedHat, Oracle Linux, AWS Linux), Patch Management, Server Hardening Cloud Platforms & Services
AWS: Control Tower, Landing Zone, EC2, S3, VPC, IAM, Lambda, CloudFormation, CloudTrail, Config, GuardDuty, WAF Azure: Resource Groups, VNet, Key Vault, Azure AD, RBAC, Policy, Monitor, ARM Templates Cloud Security: IAM, MFA, Azure AD (MS Entra), AWS Security Hub, Check Point CloudGuard (CNAPP+), Security Compliance Automation & IaC
CloudFormation, ARM Templates, PowerShell, Azure CLI, Shell Scripting Networking & Virtualization
VMware ESXi/vCenter, HA, vMotion, Virtual Machine Management Network Infrastructure: LAN/WAN, Routers, Switches, Wireless (Aruba, Cisco, D-Link), Firewalls (Checkpoint, Fortinet, Sophos) Storage & Backup
Storage Gateway, NAS, S3 Lifecycle Policies, Backup & Recovery, Disaster Recovery (DR), Business Continuity Planning (BCP) Database & Application Platforms
Oracle & MySQL Administration, Oracle APEX, ORDS, Jasper Reports Application Servers: Glassfish, Tomcat, Nginx; Performance Tuning & Optimization P R O F E S S I O N A L C E R T I F I C A T I O N S & T R A I N I N G S
Microsoft Certified: Azure Administrator Associate Issued Sep 2023
AWS Certified Solutions Architect Associate Issued July 2022
ITIL Foundation Training Completed
Microsoft Certified Systems Engineer (MCSE 2008)
Cisco Certified Network Associate (CCNA 2008)
W O R K E X P E R I E N C E
May 2024 - Jan 2025: Engro Technologies LLC, Dubai, United Arab Emirates, UAE IT Consultant
Designed and deployed AWS Control Tower Landing Zone from scratch, setting up Organizational Units (OUs), preventive and detective guardrails, and Service Control Policies (SCPs) for secure multi-account management.
Migrated multiple standalone AWS accounts into the Control Tower environment, standardizing logging, security, and compliance.
Migrated on-premise and standalone AWS applications into centrally governed AWS accounts protected by Check Point Cloud Guard WAF.
Led AWS migration initiatives using AWS Migration Hub, AWS Application Migration Service (MGN), and AWS Database Migration Service (DMS) to transition workloads from on-premises and legacy cloud platforms.
Integrated AWS Cloud with Check Point Cloud Guard and CNAPP+ solutions, replacing AWS WAF with centralized threat prevention, visibility, and compliance enforcement.
Centralized VPC Flow Logs and AWS CloudTrail logs from all member accounts into an S3 bucket in the Log Archive Account, integrated with Check Point for continuous monitoring and audit readiness. RAFIK AHMMED M
Mobile: +917********* / +971*********
E-mail: *****.******@*****.*** Location: Bengaluru, India LinkedIn: https://www.linkedin.com/in/rafik-ahmmed-m-9713a919/
Designed & managed cloud networking across multiple Availability Zones using VPCs, TGWs, NAT Gateways, IGWs, & Route 53.
Developed and deployed event-driven automation workflows using AWS Lambda and Python by leveraging AI tools to generate and refine code in a test environment before production rollout.
Automated patch management and AMI lifecycle using AWS Systems Manager (SSM) and Systems Manager Automation Documents.
Administered and integrated AWS Identity Center (formerly AWS SSO) with Azure Active Directory and on-premises Active Directory for centralized identity federation and access control.
Implemented AWS Security Hub, Guard Duty, AWS Config, and CloudTrail across accounts for continuous threat detection, compliance, and visibility.
Enforced least-privilege IAM practices using permission policies, role boundaries, and cross-account trust configurations.
Deployed Application Load Balancers (ALB), Network Load Balancers (NLB), and AWS WAF integrations for scalable and secure app delivery.
Provisioned and maintained Amazon RDS, CloudFront, AWS RAM, and Service Catalog to support enterprise applications and service publishing.
Implemented tagging policies, resource groups, and cost explorer dashboards to support FinOps and AWS cost optimization.
Deployed conformance packs and custom AWS Config rules for continuous compliance validation.
Conducted cloud architecture reviews and optimization sessions to improve performance, scalability, and security of AWS-hosted applications.
Utilized AWS Account Factory to standardize and streamline the provisioning of new accounts during enterprise-wide cloud adoption.
Aug 2023 - Feb 2024: Carl Zeiss, Bangalore, India Tech Lead
Managed Azure Active Directory (AAD) administration and integration with on-premises AD using Azure AD Connect.
Architected and deployed secure Azure infrastructure including Virtual Networks (VNet), Storage Accounts, and Resource Groups.
Managed Azure Active Directory (AAD) including Role-Based Access Control (RBAC) implementation and hybrid identity integration.
Configured Azure Backup and Azure Site Recovery (ASR) solutions for business continuity and disaster recovery.
Monitored Azure cloud environments with Azure Monitor, Log Analytics, and Azure Security Center to optimize security and performance.
Automated Azure administrative tasks using PowerShell scripting and Azure CLI to improve operational efficiency.
Led VMware vSphere administration including virtual machine management, HA clusters, vMotion, disaster recovery planning, and security hardening.
Administered EC2, S3, RDS, IAM, VPC, CloudWatch, and Lambda for secure, scalable cloud operations.
Configured VPCs, subnets, NAT, and Internet Gateways for optimized network architecture.
Managed IAM roles and policies for secure, compliant access management.
Configured CloudWatch for resource monitoring, alarms, and logging.
Deployed and optimized Nginx and Tomcat on EC2 instances for performance.
Monitored billing and usage to optimize costs and resource utilization.
Upgraded Oracle Database 19c from Single Tenant to Multitenant architecture, improving scalability and resource optimization.
Spearheaded the transition from Trellix Anti-Virus to Microsoft Defender for Endpoint, enhancing organizational security posture.
Resolved incidents, service requests, and managed service tickets in alignment with ITIL best practices using CheckMK monitoring tools.
Jul 2021 - Jun 2023: ITC Infotech India Ltd., Bangalore, India Technical Lead Consultant
Configured and managed AWS Landing Zones using AWS Control Tower with Organizational Units (OUs), guardrails, Service Control Policies (SCPs), and centralized logging through Security Hub, CloudTrail, and Config.
Led multi-account AWS environment setup, implementing secure VPC architectures, NAT Gateways, Transit Gateways (TGW), Route 53, and centralized Identity Center (AWS SSO) integration.
Administered Windows Server environments including Active Directory (AD), Group Policy Objects (GPOs), DNS, DHCP, and Certificate Services to maintain secure enterprise IT operations.
Performed Windows Server patching, hardening, user account management, and domain controller upgrades ensuring high availability and security compliance.
Managed VMware vCenter and ESXi environments including virtual machine deployments, HA clusters, DRS configurations, vMotion migrations, and VMware infrastructure patch management.
Automated AWS resource provisioning using AWS CloudFormation, AWS CLI, and serverless scripts to streamline cloud operations.
Deployed and managed EC2 instances, S3 storage with encryption policies, CloudWatch monitoring, and Lambda functions across hybrid AWS environments.
Implemented AWS Guard Duty, Config Rules, Security Hub integrations for continuous threat monitoring and compliance validation.
Executed on-premises to AWS cloud migration projects, including server lift-and-shift, storage replication, and network re- architecture for cloud readiness.
Utilized AWS Account Factory to standardize and streamline the provisioning of new accounts during enterprise-wide cloud adoption.
Implemented tagging policies, resource groups, and cost explorer dashboards to support FinOps and AWS cost optimization.
Deployed conformance packs and custom AWS Config rules for continuous compliance validation.
Led ITSM process management including incident handling, change management, and service request fulfilment through ServiceNow platform.
Architected and deployed secure Azure infrastructure including Virtual Networks (VNet), Storage Accounts, and Resource Groups optimized for performance and security.
Administered Azure Active Directory (AAD) and implemented Role-Based Access Control (RBAC) for secure identity and access management.
Configured Azure Key Vault for managing application secrets and certificates with high security standards.
Implemented Azure Backup and Azure Site Recovery (ASR) to protect critical business data and ensure disaster recovery readiness.
Monitored Azure resources using Azure Monitor, Log Analytics, and Activity Logs to maintain operational excellence and compliance.
Automated Azure deployments and resource administration using Azure CLI and PowerShell scripting. Jan 2020 - Apr 2021: Star CRM SDN BHD, Bangalore, India IT Manager
Managed AWS services (EC2, S3, RDS, IAM, VPC, CloudWatch, Lambda) to ensure secure, scalable, and efficient cloud operations
Ensured secure, scalable, and efficient cloud operations across AWS services (EC2, S3, RDS, IAM, VPC, CloudWatch, Lambda) and Azure (Virtual Machines, VNet, Storage Accounts).
Designed and deployed Azure Virtual Networks (VNet), Subnets, and Network Security Groups (NSGs) to optimize security, performance, and scalability.
Configured Azure Active Directory (AAD) with Role-Based Access Control (RBAC) and Conditional Access Policies to ensure secure identity management.
Automated cloud infrastructure deployments using Azure Resource Manager (ARM) Templates, Azure CLI, and PowerShell scripts for repeatable provisioning.
Implemented disaster recovery strategies using Azure Site Recovery (ASR) and managed Azure Backup for efficient data protection and service restoration.
Managed Azure Security Center to monitor and ensure compliance with industry standards and internal security policies.
Utilized Azure Monitor, Azure Log Analytics, and Application Insights to monitor system performance and resolve issues proactively.
Deployed and managed web servers on Azure VMs, optimizing performance for applications hosted in Azure environments (Nginx, Tomcat, Glassfish).
Integrated Office 365, Azure AD, and Jasper Reports for enterprise reporting and collaboration. Nov 2018 - Dec 2019: OPT IT Technologies India Pvt. Ltd., Bangalore, India Project Manager
Developed and implemented Business Continuity Plans (BCP) to mitigate organizational risks
Led IT infrastructure planning, design, and troubleshooting for seamless operations
Managed multiple IT projects, ensuring on-time delivery, cost efficiency, and business alignment
Directed teams of 10+ engineers across client locations, driving execution, performance, and customer satisfaction
Oversaw IT operations, resource management, and cross-functional team collaboration
Migrated enterprise data to cloud storage, enabling secure remote access and collaboration
Strengthened IT policies, network security, and compliance frameworks
Delivered projects within scope, timeline, and budget by optimizing resources and risk mitigation
Designed and executed disaster recovery plans to ensure business continuity Jun 2015 - May 2018: Tarnea Technology Solutions Pvt. Ltd., Bangalore, India Network Administrator
Designed, implemented, and troubleshot IT infrastructure for seamless operations
Managed Windows Servers, Active Directory, DNS, DHCP, Group Policies, and WSUS
Administered Linux servers (Ubuntu, Red Hat) across diverse IT environments
Configured and maintained VMware ESXi 5.5, 6.0 for virtualized infrastructure
Secured networks by managing FortiGate and Cyberoam firewalls
Deployed and maintained Aruba, Cisco, and D-Link access points for wireless connectivity
Configured Cisco routers and switches to optimize network performance
Monitored systems with Nagios for proactive issue detection and resolution
Diagnosed and resolved wired/wireless network issues with ISPs and vendors
Managed NAS storage and implemented robust backup strategies
Administered Office 365 and integrated Active Directory for enhanced productivity
Installed and managed SUITE CRM for streamlined client management
Demonstrated expertise in Microsoft Azure and MySQL database administration P R E V I O U S E X P E R I E N C E
Oct 2013 - May 2015: Netsys Technologies Pvt. Ltd. (GTP), Bangalore, India System Administrator Nov 2010 - Oct 2011: APNA Technologies & Solutions Pvt. Ltd., Bangalore, India System Administrator Jun 2009 - Jun 2010: PROMPT IT Services Pvt. Ltd., Dubai, UAE Network Support Engineer E D U C A T I O N
Bachelor of Commerce S V University, Tirupati, Andhra Pradesh 2016 Date of Birth: 15th May 1980 Nationality: Indian Driving License: UAE and India Marital Status: Married Passport: Valid Passport Available
Contact this candidate