Cloud Security Engineer
Resume:
Lokesh Kanakamedala
Dallas, TX 409-***-**** ***.***@*****.***
Summary of Qualifications
Lead Cloud Engineer with expertise in Security, Operations, and Enterprise Architecture.
Extensive experience in cloud security technologies, processes, and strategic innovation.
Advanced proficiency in AWS and Azure services and cloud platforms.
Proven leadership in managing cross-functional teams and driving technological transformation.
Strong skills in technical strategy, information technology consulting, and architectural direction.
Expertise in agile methodologies, conflict resolution, and cross-functional collaboration.
Skills
Cloud Platforms: AWS (EC2, ECS, Lambda, VPC, ELB, S3, RDS, IAM, CloudWatch, and more) and Azure
DevOps Tools: Jenkins, Bitbucket, Terraform, GitLab CI/CD
Programming: Python
Monitoring & Logging: Splunk, ELK stack, CloudWatch
Security: AWS Security Hub, Config, Guard Duty, WAF, IAM, Security Groups, Network ACL’s
Version Control: Git
Project Management: Jira, Confluence
Operating Systems: Linux and Windows
Professional Experience
Client – Goldman Sachs, Richardson, TX. Aug 2024 – Present
Senior Cloud Security Engineer – Cards and Ledger Eng.
Responsibilities:
Managed cloud security solutions for a highly regulated banking application (Apple Card) by ensuring infrastructure security and compliance in a multi-cloud environment.
Led cloud infrastructure security by implementing and governing AWS security best practices, IAM controls, and Terraform Enterprise-managed infrastructure.
Developed CI/CD security measures using GitLab, ensuring secure software deployments while maintaining agility.
Monitored and secured cloud resources using Prisma CSPM for compliance governance and Qualys and Prisma CWPP for runtime scanning, proactively mitigating risks and vulnerabilities.
Partnered with risk management and compliance teams to track, prioritize, and remediate security findings related to cloud services for the card and ledgers teams.
Successfully reduced high and medium-risk findings to zero before the 2024 compliance deadline, ensuring a secure and compliant infrastructure.
Designed and implemented least-privilege access solutions to enforce security controls while minimizing operational impact.
Patched and secured Windows-based EC2 instances using AWS Systems Manager and automation scripts, ensuring compliance with security baselines and vulnerability management policies.
Supported audit requirements by preparing compliance reports, collecting evidence, and ensuring security configurations met industry and regulatory standards (e.g., SOC 2, PCI-DSS, and internal risk assessments).
Automated alerting and incident management through Splunk, PagerDuty, and AWS CloudWatch, ensuring rapid detection and response to security incidents.
Developed comprehensive documentation and security playbooks in Confluence, enhancing onboarding and knowledge sharing for new and existing team members.
Led security architecture reviews and collaborated with cross-functional teams to introduce best security practices in cloud deployments.
Provided technical mentorship and training to security engineers, DevOps, and infrastructure teams to build a culture of security awareness.
Key Achievements:
Achieved zero critical, high, or medium-risk findings in 2024 by implementing proactive risk reduction strategies.
Streamlined incident response by implementing Splunk dashboards, automated alerting, and real-time remediation processes.
Optimized security controls with Terraform-based policy-as-code implementations, ensuring seamless enforcement of compliance policies across environments.
Environment:
AWS (EC2, VPC, ELB, RDS, S3, IAM, CloudTrail, CloudWatch, Lambda, Config, Guard Duty, WAF, Security Hub) Terraform Enterprise GitLab CI/CD Splunk PagerDuty Prisma CSPM Prisma CWPP Qualys Python Confluence
Client – Goldman Sachs, Dallas, TX Jan 2024 – Aug 2024
Lead Cloud Consultant – Internal Audit
Responsibilities:
Leveraged cloud security and risk management expertise to proactively assess and mitigate security and operational risks across Goldman Sachs' cloud infrastructure.
Audited CI/CD pipelines for controls, security measures, and best practices, ensuring secure and efficient software delivery processes.
Inspected Implementation of Checkmarx Cloud for application security in the cloud, cloud-native vulnerability scanners, Cloud workload protection platforms (CWPP), or cloud security monitoring tools.
Performed Compliance Testing for Cloud Regulations.
Reviewed Log Management procedures and Retention Periods of different types of logs stored in ELK Stack.
Assessed resiliency of back-end applications running on ECS containers using Docker, ensuring high availability and fault tolerance in cloud environments.
Knowledge of Kubernetes security scanning and remediation techniques.
Partnered with cloud engineering, security operations, and business stakeholders to remediate identified security issues and ensure continuous improvement.
Reported audit findings and recommendations to Goldman Sachs management for cloud control improvement.
Client - The Depository Trust & Clearing Corporation (DTCC)-Dallas, TX Jun 2021- Jan 2024
Product Lead – Senior Cloud Platform Engineer
Responsibilities:
Led a cross-functional team (developers, Ops engineers) to implement a new cloud-based security solution using a CI/CD pipeline that helped customers achieve regulatory compliance from self-healing systems triggered by monitors, near real-time metrics, & log information. (Config, SSM, Lambda, CloudWatch, and Splunk).
Launched an alternative compliance tool that runs on Jenkins with manual triggering jobs - for bulky remediations requiring downtime or following the extensive process. (Jenkins, AWS, Python, and Splunk)
Implemented innovative features in new software releases, involved collaborating with product managers to understand market needs, analyzing user feedback, and prioritizing functionalities to ensure high user adoption and business value.
Developed and maintained infrastructure as code using Terraform and AWS CloudFormation.
Implemented log management and monitoring solutions using Splunk and CloudWatch.
Collaborated with development teams to integrate security best practices into the DevOps workflow.
Managed and optimized source code management systems including GitHub, Bitbucket, and Perforce
Implemented and maintained Atlassian suite (Jira, Confluence) for project management and documentation
Developed Splunk dashboards for efficient monitoring of cloud remediation and automation processes, enabling proactive identification and resolution of potential issues.
Developed and implemented cost-efficient strategies that helped customers reduce their cloud spending while maintaining high levels of performance and availability.
Partnered with Financial Management and Technology partners to ensure deployment plans for new/enhanced services are transitioned successfully into operations.
Led the development of a custom security compliance platform that automated security checks, reducing audit preparation time by 60%.
Implemented centralized logging and monitoring solutions for real-time visibility into security events.
Identified and implemented process improvements for vulnerability management, reducing remediation time by 50%.
Productized backup and restore procedures, including data retention policies and archiving, leveraging Python automation.
Experienced in building and maintaining robust observability platforms and implementing resiliency strategies to ensure high system availability and performance.
Migrated and centralized AWS Cloud metrics, traces, and logs into Splunk for comprehensive cloud observability and enhanced troubleshooting capabilities.
Collaborated with Architecture, Ops, and security teams to develop and implement security playbooks for incident response and vulnerability management processes.
Managing business relationships with key stakeholders (Product, Business, and IT), understanding their business problems, and appetite for business risk, and guiding them on IT strategy and direction.
Productized backup and restore procedures, including data retention policies and archiving, leveraging Python automation.
Maintain and update critical tools and infrastructure with a strong focus on Cloud-based services and Technology.
Contributed to creating system support documents, operational run books, and job aids in Confluence.
Accomplishments:
Automated remediation tools delivering improved Compliance and enhanced security controls.
Successfully implemented Expense Optimization strategies for cloud infrastructure and applications, resulting in significant cost savings of ~ 60K $ Monthly
Environment: AWS (EC2, VPC, ELB, S3, RDS, Cloud Trail, Route 53, IAM, Cloud watch, Cloud Formation, EMR, Athena, Beanstalk, KMS, ACM, Guard Duty, Cloud Trail, Config, CloudWatch, WAF, AWS Security Hub, IAM Roles, Security Groups, Network ACLs, AWS Cost Explorer, AWS Trusted Advisor, AWS Cost and Usage Report, AWS Budgets Kinesis, DMS, SNS, SQS and Systems Manager), AWS CLI, OPA, Gitlab, Jenkins, Bitbucket, Python, Terraform and Splunk.
Client - The Depository Trust & Clearing Corporation (DTCC)-Dallas, TX Feb 2019- May 2021
Cloud Compliance and Security Engineer
Responsibilities:
Acted as point of contact to executive leadership for dimensioning, managing, and driving remediation of information security risk within the context of the DTCC Cloud Infrastructure.
Provided front-line support for all information security-related issues, such as Managing SSL Certificates, security policy compliance, handling data confidentiality issues, Monitoring, Detection, and responding to emerging threats.
Ensured adequate automated security solutions and controls were in place throughout the Cloud platform and services using tools like Dome9 and a homegrown tool.
Implemented and managed cloud-specific technical security policies based on CSA security guidance.
Proficiency in defining and managing security configuration baselines aligned with CIS benchmarks and internal policies
Expertise in vulnerability management tools such as Brinqa.
Knowledge of Kubernetes security scanning and remediation techniques.
Troubleshot the recurring security findings, pinpointing the root cause and implementing solutions to prevent recurrence.
Leveraged SIEM tools (e.g., Splunk) to analyze security logs and identify potential threats, enabling proactive security monitoring.
Designed and implemented secure database access controls and firewall configurations.
Designed and implemented a consolidated logging solution on Cloud WAF (secure firewall configuration) mitigating potential security risks by restricting inbound/outbound traffic.
Consolidated WAF logs from multiple AWS accounts into a central SecOps Log Management Account and forwarded them to an SIEM tool for comprehensive threat monitoring and analysis. This enhanced our ability to detect and respond to security incidents across the entire cloud environment.
Collaborated and communicated with functional-area specialists, cloud architects, and security specialists to design, configure, and/or develop security solutions for the cloud platforms.
Performed both scheduled and ad-hoc scans using various Vulnerability Management Platforms.
Developed custom baseline configurations within scanning tools to address specific organizational needs
Streamlined vulnerability management process by identifying areas for improvement and implementing corrective actions.
Collaborated with DevOps teams to seamlessly integrate Checkmarx scans within the existing CICD pipelines.
Established clear remediation processes for identified vulnerabilities, improving development team efficiency in addressing security issues.
Collaborated with security teams to develop and implement security playbooks for incident response and vulnerability management processes.
Designed IAM roles and policies for services and users in IAM limiting to Actions and resources required.
Provided effective resolutions to issues and escalated problems with knowledgeable support.
Stayed closely with external auditors and internal audit teams in managing and supporting the audits.
Effectively communicated complex security concepts to both technical and non-technical audiences, fostering security awareness
Supported implementation, modification, and improvement of sponsor risk management framework workflow and parts. Driving secure coding initiatives across the company by defining training, identifying weaknesses, and educating developers.
Accomplishments:
Driven and remediated many applications for data protection, access, and privilege concerns in the Cloud resulting in improved compliance across the organization.
Environment: AWS (EC2, VPC, ELB, S3, RDS, Cloud Trail, Route 53, IAM, Cloud watch, Cloud Formation, EMR, Athena, Beanstalk, KMS, ACM, Guard Duty, Cloud Trail, Config, CloudWatch, WAF, Kinesis, DMS, SNS, SQS), AWS CLI, Jenkins, Bitbucket, Python, Terraform, Splunk, Dome9.
EA Learn INC, NJ Sept 2016- Jan 2019 Cloud DevOps Engineer – Infrastructure Support
Responsibilities:
Deployed AWS services specifically VPC, EC2, S3, EBS, IAM, ELB, and Cloud Watch using AWS Console and Command Line Interface.
Operated in partnership as part of larger delivery teams which include project managers, business analysts, architects, developers, and change management professionals.
Experienced in engineering a detailed design of highly available, high-capacity geographically distributed applications.
Authored proof-of-concept prototype applications for demonstration and evaluation purposes.
Tested and troubleshot applications and documented issue resolutions for the development team.
Generated reports and analyzed usage, capacity, and performance of storage and backup systems.
Oversaw costing, design, build, and management of infrastructure environments needed in the AWS hosting platform.
Automated infrastructure using Terraform and made it auditable by storing infrastructure changes to a version control system like GIT.
Created Snapshots and Amazon Machine Images for backup and creating clone instances.
Configured VPC with multiple private/public subnets in different availability zones for high availability.
Worked on automating Secure deployments and configuration management tasks with Chef on Cloud Ec2 instances.
Used Jira for Bug Tracking, Nagios and Graphite for System monitoring, Cloud Watch, and Cloud Trial for monitoring the cloud environment, and used SNS for notifying in case of exceeding the threshold.
Assisted in migrating on-premises applications to AWS cloud.
Contributed to the development of internal tools using Python and Java.
Participated in on-call rotations and helped resolve production issues.
Collaborated with QA team to implement automated testing processes.
Accomplishments:
Designed highly available, Cost-saving, fault-tolerant systems using multiple EC2 instances, Auto Scaling, Elastic Load Balance, and AMIs.
Implemented a data processing pipeline using AWS Lambda functions, S3, SNS, SQS, and other services.
Environment: AWS (EC2, VPC, ELB, S3, RDS, Cloud Trail and Route 53, IAM, Cloud watch, Cloud Formation), AWS CLI, AWS Auto Scaling, Nagios, Terraform, Chef, JSON, Maven, Git, Jenkins, Unix/Linux, Shell scripting.
Anjalee Business Solution- Hyderabad, TL May. 2013-Dec 2014
Systems Administrator- Infrastructure Support
Responsibilities:
Planned and monitored version control, release, and configuration management for application development and maintenance.
Maintained, and troubleshooted issues in Linux servers.
Established cron jobs scripts on production servers.
Monitored system activities like CPU, memory, disk, and swap space usage to avoid performance issues.
Serviced and configured Ubuntu, and Centos on remote and desktop servers.
Installed patches and packages using RPM and YUM in Red Hat Linux.
Created and modified users and groups with SUDO permission.
Identified and resolved setup and network connectivity issues using net stat and ping tools.
Kept a flexible schedule and resolved after-hours and weekend emergencies quickly and accurately.
Accomplishments:
Monitored system performance and prevented resource exhaustion using ssh, vmstat, iostat, netstat, and nmon.
Worked with other administrators to strategize and improve systems/productivity.
Education
Master’s Degree, Engineering Management, Lamar University
Bachelor's Degree, Electrical and Electronics Engineering, KL University
Certificates
AWS Solutions Architect Professional
AWS Certified Security – Specialty
AWS Certified Developer Associate
Cisco Certified Network Associate (CCNA).
Contact this candidate