Cloud Engineer Azure Devops
Resume:
I am on an H*-B visa.
PROFESSIONAL SUMMARY
As Senior DevOps and Cloud Engineer with 6+ years of experience. Implementing, maintaining and designing robust CI/CD pipelines that ensure seamless, automated software delivery. I deeply rooted implementing and maintaining robust CI/CD pipelines that ensure seamless, automated software delivery. I specialize in build and release management using Azure DevOps (Azure Pipelines) and Jenkins, integrating various tools and platforms to automate testing, deployment, and monitoring workflows. I am also expertise in deploying and managing Azure infrastructure with a strategic focus on scalability, high availability, and hybrid cloud architecture solutions, while enforcing strong security and compliance standards. I have extensive experience in cloud-native application design and deployment, using microservices architecture and containerization technologies. I leverage tools like Azure Pipelines, Jenkins, SonarQube, and Nexus/Artifactory to streamline development lifecycles. I am proficient in Infrastructure as Code (IaC) with Terraform and Ansible, enabling repeatable provisioning and configuration of Azure resources. As a certified Kubernetes administrator, I bring hands-on experience orchestrating containers on Azure Kubernetes Service (AKS) and Amazon EKS and managing container registries (Azure Container Registry (ACR) and ECR). Iām skilled in Docker containerization and Kubernetes management, as well as scripting and automation in both Windows and Linux environments (PowerShell, Bash, Azure CLI). I have a strong background in hybrid cloud environments, integrating on-premises infrastructure with Azure via ExpressRoute and VPN for seamless, secure connectivity. Additionally, I have cloud migration initiatives, moving critical workloads from on-premises to Azure with minimal disruption using Azure migration services and best practices. Overall, My commitment to DevOps principles ensures security is integrated early and continuously throughout the software development lifecycle. I am recognized for my strong communication and collaboration skills, working effectively with development, operations, and QA teams to drive efficient delivery of applications and solutions, while also contributing to strategic cost optimization initiatives. My role often extends to managing and securing critical on-premises infrastructure as part of a unified hybrid cloud strategy, ensuring consistent operational practices across diverse environments.
TECHINCAL SKILLS
Cloud Platforms
Microsoft Azure, AWS
CI/CD Tools
Azure DevOps, Jenkins
SCM
GitHub, Azure Repos, Bitbucket
IaC & Configuration
Terraform, Ansible, Bicep, ARM Templates
Containerization & Orchestration
Docker, Kubernetes (AKS/EKS), Helm
Languages/Scripting
PowerShell, Bash, YAML, Python, Azure CLI, Groovy
Monitoring & Logging
Azure Monitor, App Insights, Log Analytics, Prometheus, Grafana, Nagios
Networking
VMs, Azure VNet, NSG, Load Balancers, Application Gateway, Azure Firewall, VPN, ExpressRoute, Private Endpoints, DNS, UDR, NAT Gateway, Front Door, Traffic Manager, VNet peering, Bastion, ACR, AKS, App service, Azure key vault, Routing tables, Private DNS, ACI.
Azure Services
Azure App Service, Azure Functions, Azure Container Registry (ACR), Azure Kubernetes Service (AKS), Virtual Machine Scale Sets (VMSS), Azure Storage (Blob, Files), Azure Site Recovery, Azure Backup, Azure SQL Database, Azure Active Directory (Entra ID),
Security
Entra ID, RBAC, Key Vault, WAF, Defender for Cloud, SSO, MFA
Databases
MySQL, Postgres, MS SQL, Cosmos DB
Operating Systems
Linux (Ubuntu, CentOS, RHEL), Windows Server
Other Tools
SonarQube, Nexus, JFrog, Azure Artifacts, Maven, Ant, Jira, Azure Boards, Confluence.
PROFESSIONAL EXPERIENCE
Sr. DevOps Engineer Health Partners Bloomington, MN Jan 2025 ā Current
Design, implementation, and management of highly scalable, secure, and cost-optimized Azure cloud infrastructure, driving continuous integration and deployment (CI/CD) for critical applications. My role is pivotal in transforming traditional practices into modern, cloud-native solutions, with a strong emphasis on microservices and robust DevOps integration.
Developed and managed comprehensive build-and-release pipelines in Azure DevOps to automate testing, deployment, and monitoring across development, QA, and production environments.
Expertise with Azure technologies and services including IaaS/PaaS/SaaS and container experience (Docker /Kubernetes).
Experience with provisioning and managing the infrastructure using IAC tools such as Terraform for configuration management Ansible.
Migrating to On-perm health partner applications to Azure, leveraging Terraform and Azure DevOps for automated provisioning, secure networking, and optimized cost management.
Configured pipeline as code (YAML) and custom script tasks, and extended functionality by integrating third-party tools (SonarQube scanning analysis) via Azure DevOps extensions, resulting in a fully automated and repeatable release process for numerous projects.
Designed and implemented complex multi-stage YAML pipelines in Azure DevOps for CI/CD automation, integrating Infrastructure as Code (Terraform/ARM), application build, testing, and deployment workflows across multiple environments (Dev, Test, UAT and Prod).
Integrated Azure DevOps with GitHub and Azure Repos to enforce branch policies, implement gated check-ins, and enable automated pull request validations using custom build agents and security scanning tools.
Managed AKS clusters with meticulous configuration for scalability and reliability, including defining node pools and enabling comprehensive monitoring. Dynamic scaling was achieved through the implementation of Horizontal Pod Autoscaler and Vertical Pod Autoscaler, ensuring computing resources were adjusted based on workload requirements, optimizing performance and cost.
Design and deployment of cloud-native applications utilizing microservices architecture and Business-critical applications on Azure Kubernetes Service (AKS), ensuring independent deployment, networking, and scaling.
Experience in Deploying the Frontend (Angular, React JS) in Azure Static Web app and App service for easy integrating with Azure Devops and Git hub actions.
This design adhered to best practices by ensuring each microservice managed its own dataset, preventing hidden dependencies, and utilizing external services like Azure SQL Database or Azure Cosmos DB for persistent data storage, or mounting persistent data volumes via Azure Disk Storage or Azure Files, thereby avoiding data binding to local cluster storage.
Strategically deployed ingress controllers, including Azure Application Gateway, as API gateways to manage traffic
These gateways were instrumental in routing client requests to the correct back end microservices, providing a single endpoint for clients.
Offloading critical functionalities like SSL termination, authentication, and client rate limiting, significantly enhancing efficiency and security.
For AKS networking, leveraged Azure CNI alongside ingress controllers and private link integrations to optimize traffic flow, enhance security, and ensure seamless connectivity across microservices.
This comprehensive approach to AKS management and microservices architecture resulted in a substantial improvement in application performance and reliability.
Implemented Private Endpoints for secure, private access to Azure PaaS services like Azure Storage and Azure SQL Database from within the virtual network, eliminating public exposure and ensuring traffic remained within the private network boundary.
Implementing the DevOps security best practices throughout the Pipeline, by Integrating Azure Key Vault for Keys, Certificates and secrets. management in build and release processes to protect sensitive configuration data.
For regional resilience deploying the secondary key vault in secondary region and sync objects using Azure automations. Event Grid and Logic app integration with key vault to trigger real-time alerts for expiring Objects.
Automated security processes were a cornerstone of this approach. Integrated Static Application Security Testing (SAST) tools, notably SonarQube, into CI pipelines to analyze source code for security vulnerabilities upon every commit.
Regularly audited pipeline and cloud configurations for compliance with security policies and industry standards.
Ensured security best practices and compliance were integrated directly into DevOps processes, moving beyond reactive security to a proactive DevOps approach by identifying and mitigate vulnerabilities early in the software development lifecycle (SDLC).
Subjected Infrastructure as Code (IaC) templates security scans using tools like Microsoft Defender for DevOps to proactively monitor cloud resource configurations and minimize misconfigurations reaching production environments.
enforced container image security by configuring Azure Container Registry (ACR) with policies for image scanning and vulnerability assessments using Microsoft Cloud Container Defender.
This was complemented by using lightweight images with a minimal OS footprint and ensuring only trusted base images were used when building containers, further reducing the attack surface.
Instrumental in implementing Workload Identity Federation for Azure Deployments and service connections to achieve secure, PAT-less authentication for pipelines accessing Azure resources. This eliminated security risks associated with Personal Access Tokens (PATs) and streamlined authentication workflows.
Designed and implemented cost-optimized Azure cloud infrastructure by leveraging Azure tools like Azure Advisor and Azure Cost Management.
Applied specific techniques such as utilizing Azure Reserved Instances and Spot Virtual Machines for predictable and non-critical workloads, respectively, to achieve significant discounts.
Leveraged Azure Hybrid Benefit for existing on-premises licenses, implemented resource tagging for granular cost tracking, and proactively identified and shut down idle or unused resources.
Deployed and managed Azure SQL Databases, optimizing performance and cost by selecting appropriate service tiers (vCore-based vs. DTU-based models) per workload requirements.
Implemented high availability and disaster recovery configurations such as Active Geo-Replication and Auto-Failover Groups for critical databases to ensure business continuity. Configured automated backups with long-term retention and performed point-in-time restores in testing drills to validate recovery objectives (RPO/RTO)
Configured Azure Site Recovery (ASR) and Azure Backup for robust disaster recovery and data protection. Set up replication of critical on-premises workloads to Azure and orchestrated automated failover/failback procedures.
Sr. Cloud & DevOps Engineer United Health Group Pittsburgh, PA May2022 ā Dec2024
Collaborated with development teams by integrating Git, and Azure DevOps for streamlined CI/CD pipelines, enabling faster, more reliable code deployments and version control across distributed teams.
Developed custom pipeline templates and reusable variable groups for standardized deployment processes across microservices, improving maintainability and reducing pipeline duplication across projects.
I played a key role in setting up a sophisticated hybrid cloud setup, seamlessly integrating on-premises environments with Azure using ExpressRoute for secure, high-speed, and reliable connectivity.
Automated release approvals, environment provisioning, and artifact versioning using Azure DevOps service connections, key vault integrations, and environment-specific parameterization for both Azure and hybrid deployments.
This involved network design to ensure low-latency, high-throughput communication between disparate environments, including VNet peering and the strategic deployment of Azure Private Endpoints to securely connect on-premises systems to Azure PaaS services like Key Vault, Storage Accounts, and SQL Database over ExpressRoute, eliminating public exposure and ensuring traffic remained within the private network boundary.
Enforced NSG rules and Private DNS zones to control and secure name resolution and access within this hybrid architecture.
hybrid infrastructure by managing Linux and Windows servers both on-premises and within Microsoft Azure, ensuring 99.99% uptime and seamless scalability for mission-critical applications.
automated routine operations significantly using Shell scripting, PowerShell, and Azure Automation Runbooks, drastically reducing manual intervention, minimizing human error, and accelerating incident response.
Applied unified security controls, access policies, and compliance frameworks consistently across these hybrid environments. Azure Security Center, Azure Policy, and Role-Based Access Control (RBAC) were instrumental in ensuring regulatory adherence and minimizing risk across all platforms.
Collaborated with development teams by integrating Git, SVN, and Azure DevOps for streamlined CI/CD pipelines, enabling faster, more reliable code deployments and version control across distributed teams.
Managed containerized workloads that were strategically split between AKS clusters in Azure and on-premises Kubernetes clusters, with CI/CD pipelines orchestrated through Azure DevOps to facilitate smooth deployments and rollbacks across this distributed containerized environment.
Utilized Infrastructure as Code (IaC) methodologies extensively for automating infrastructure provisioning and management. Built and maintained multi-environment infrastructure (production, development, testing) using ARM templates and terraform, ensuring consistency, repeatability, and rapid provisioning across both cloud and on-premises resources.
Leveraged Helm charts for managing complex application deployments, allowing for reusability, version tracking, and easy rollbacks across different environments. These efforts resulted in streamlined hybrid deployments.
Built a comprehensive disaster recovery plan using Azure Site Recovery (ASR) and set up Azure Backup to protect all critical workloads to maintain the BC and DR.
Configured ASR to continuously replicate critical on-premises workloads (VMs and databases) to Azure, enabling rapid failover in case of on-prem outages.
Continuously used the security posture by applying timely OS and application patches via Azure Update Management across both Azure VMS and On-prem.
secure and efficient networks using Azure Virtual Networks, Network Security Groups, Azure Firewall, and Load Balancers, ensuring high-throughput, low-latency, and secure connectivity across both cloud and on-premises resources.
Managed and monitored VPN (Virtual Network Gateway) connections and encrypted security using public internet connections from on-premises/organizations to Azure environment, while ExpressRoute provided high reliability, security, and speed with private internet connections
Optimized network traffic and connectivity by managing TCP/IP packets and DHCP, further leveraging Azure ExpressRoute for secure, high-speed hybrid cloud communication. These optimizations improved network throughput
Managed containerized workloads across environments, splitting workloads between Azure Kubernetes Service (AKS) in the cloud and Kubernetes clusters on-premises.
Utilized Azure DevOps pipelines for continuous integration and deployment of container images to both AKS and on-prem clusters, enabling consistent deployment processes.
Coordinated rollouts and rollbacks of microservice releases using Helm and Kubernetes deployment strategies, achieving smooth updates with minimal downtime regardless of whether services were running in Azure or on-prem.
Implemented DevOps principles by integrating security controls and compliance frameworks (Azure Security Center, Azure Policy, RBAC) directly into hybrid CI/CD pipelines, ensuring a "shift left" security approach and continuous monitoring throughout the development and deployment lifecycle.
Proactively hardened the security posture through automated patching via Azure Update Management and continuous vulnerability remediation identified by Azure Security Center, embodying a continuous security improvement loop.
Maintained and optimized hybrid cloud infrastructure, managing on-premises servers alongside Azure resources. Set up Azure ExpressRoute and VPN gateways to connect the on-prem data center to Azure, ensuring secure, low-latency connectivity between legacy systems and cloud services.
Developed and managed CI/CD pipelines using both Jenkins and Azure DevOps. Automated build and release processes for multiple applications, deploying on-premises Windows/Linux servers as well as Azure VMs and App Services. This automation eliminated manual deployment errors and enabled more frequent releases.
Implemented Infrastructure as Code using Terraform and ARM templates to provision Azure environments. Provisioned Azure Virtual Machines, Azure SQL databases, storage accounts, and networking components via code, allowing rapid, consistent environment replication for development, testing, and disaster recovery.
Led the migration of several on-premises applications to Azure cloud with minimal downtime. Refactored some legacy applications to run in Azure App Services and migrated databases to Azure SQL Database and MSSQL.
Established cutover plans and data synchronization to ensure a smooth transition to the cloud.
Deployed and configured a range of Azure services including Azure App Services, Azure Storage, and Azure Functions to modernize enterprise applications. Enabled one healthcare web application to scale out using Azure App Service auto-scaling, improving its performance under peak load by 30%.
Integrated Azure Entra ID with on-prem Active Directory for unified identity management. Implemented single sign-on and role-based access control for applications and DevOps tools, streamlining user management across hybrid environments.
Established comprehensive monitoring for both on-prem and Azure resources. Deployed Azure Monitor and Log Analytics for cloud resource monitoring and integrated for on-premises system monitoring. Set up alerting (email/SMS) for critical incidents (CPU, memory, network thresholds), improving responsiveness to infrastructure issues.
Utilized Azure Key Vault to centralize sensitive configuration such as database connection strings and API tokens. Key Vault secrets were referenced in both on-prem automation scripts and Azure ARM templates, enhancing security and compliance.
Employed Infrastructure as Code (IaC) methodologies to automate infrastructure provisioning and configuration in a consistent way. Used Azure Resource Manager (ARM) templates and Terraform scripts to define and deploy entire environments (network, VMs, storage, etc.) for development, testing, and production.
By treating infrastructure definitions as code, achieved repeatability and minimized configuration drift between environments. New environments could be brought up quickly and with identical settings, aiding both high availability and disaster recovery preparations.
Implemented a identity solution to unify user authentication across on-prem and Azure.
Deployed Azure AD Connect to synchronize on-premises Active Directory identities with Azure Active Directory (Entra ID), enabling users to seamlessly use single sign-on (SSO) for both on-prem and cloud applications. This synchronization ensured consistent credentials and facilitated applying uniform RBAC policies for accessing resources, regardless of environment, thereby simplifying account management and enhancing security.
VPN and ExpressRoute Connectivity: Managed and monitored VPN gateways (Azure Virtual Network Gateways) that provided encrypted tunnels over public internet for remote offices and ensured these connections were resilient. Simultaneously managed the ExpressRoute connection for primary site connectivity, tuning BGP routes and circuit settings for optimal performance.
By combining VPN (for backup/failover and less critical traffic) with ExpressRoute (for critical low-latency traffic), achieved a highly reliable network connectivity strategy.
Performed regular throughput tests and failover drills between ExpressRoute and VPN to guarantee high availability of network connectivity to Azure.
Set up Azure Private Endpoints to connect on-prem systems privately to Azure PaaS services such as Azure Key Vault, Storage Accounts, and SQL Database.
This eliminated exposure of these services to the public internet all traffic between on-prem applications and Azure services traversed the ExpressRoute private peering.
Configured associated Private DNS Zones for name resolution of these private endpoints and enforced NSG rules to tightly control access, resulting in a secure end-to-end architecture for sensitive data flows.
Leveraged hybrid cloud management tools (Azure Monitor) for unified visibility and governance of resources across on-prem and Azure.
Tracked inventory and resource utilization across environments to avoid sprawl and ensure efficient usage of compute and storage. Implemented tagging and cost management policies to allocate and optimize cloud spend per project; regularly reviewed cost reports to find and eliminate unused resources, achieving cost savings while meeting performance needs.
Automated configuration management and patching of on-prem servers using Ansible playbooks. Tasks such as middleware installation, config file updates, and security patch deployment were executed via automation, ensuring consistency across dozens of servers and reducing manual effort significantly.
Collaborated with security and networking teams to ensure best practices in a hybrid cloud. Applied network segmentation and Azure Firewall rules to limit access to sensitive systems.
DevOps Engineer Swiggy Chennai, TN Jan 2020 - Mar 2022
Involved in DevOps migration/automation processes for building and deploy systems.
Consulted and recommended client in Build and Release Management Implementation.
Used SCM/Build tools for Developers. Helping to resolve all SCM/Builds issues like merge conflicts, compilation errors, missing dependencies, Branching/Merging/Tagging.
Worked with Ansible playbooks for virtual and physical instance provisioning, Configuration management and patching through Ansible.
Automated using Ansible shell scripting with attention to detail, standardization, processes, and policies.
Working with (IAC) to provision the resources from Azure and if we make mistakenly created any resources manually in the portal then immediately will import them under terraform state.
Worked in an agile development team to deliver an end-to-end continuous integration/continuous delivery (CI/CD) product in an open-source environment using tools like Ansible, Azure pipelines.
Creating the service principle for establishing connection between the cloud portals and in azure app registration
Self-hosted agents provide flexibility, control, and scalability for building and deployment processes.
auto scale the self-hosted agents and to secure them set up firewall and grand limited access to agents and monitoring suspicious activity.
Skilled in configuring and maintaining compute resources and disk space on self-hosted agents connected to Azure Pipelines, ensuring high availability and performance in development and test environments.
Authenticating and Authorizing Azure Resources A Service Principal can be used in Azure DevOps to authenticate and authorize access to Azure resources securely. It acts as an identity for automated tools to access Azure services.
Monitored and maintained compute resources and disk space issues on self-hosted agents connected to Azure Pipelines for development and test environments.
For AKS networking, leveraged Azure CNI alongside ingress controllers and private link integrations to optimize traffic flow, enhance security, and ensure seamless connectivity across microservices.
For public-facing applications, Layer-7 load balancers utilized such as Azure Application Gateway, Front Door, and Traffic Manager for HTTP/HTTPS traffic distribution, global routing, caching, and Web Application Firewall (WAF) capabilities, ensuring high availability, performance, and robust security. Configured User-Defined Routes (UDRs) to control network traffic flow within virtual networks.
Rigorously implemented Identity and Access Management (IAM) using Entra ID for secure user authentication and authorization across multiple applications, including configuring Single Sign-On (SSO) and Multi-Factor Authentication (MFA) to enhance user experience and strengthen security.
Managed fine-grained access control through Role-Based Access Control (RBAC) and implemented Conditional Access Policies to provide an additional layer of security by enforcing specific access conditions.
Extensively utilized Managed Identities and Service Principals for secure, automated authentication of applications and pipelines to Azure resources, eliminating the need for hardcoded credentials.
Deployed and managed Azure SQL Databases, configuring vCores or DTUs to optimize cost and performance based on workload requirements. Ensured high availability through Active Geo-Replication and Auto-Failover Groups, crucial for business continuity and disaster recovery. Configured automated backups and point-in-time restores to meet stringent recovery objectives.
Leveraged Azure Blob Storage for long-term data retention and archival, with lifecycle management policies automatically tiering data across hot, cool, and archive tiers based on access patterns, ensuring compliance with retention policies while optimizing storage costs.
Experience in writing Ansible manifests and modules to automate the deployment process and to integrate ansible manifests into Azure pipelines for a continuous delivery (CD) framework.
Configured and monitored distributed and multi-platform servers.
Worked on AZURE or deploying VM instances consisting of various flavors via., RHEL, CentOS, Ubuntu in both Linux, and Windows.
Developed by Java app to build and deploy scripts using Gradle and Ant, Maven as to build tools in Azure pipelines to move from one environment to other environments.
Created a full CI/CD process. Automated Build and Deployment Platform and coordinating code build promotions and orchestrated deployments using azure pipelines and GitHub.
Build Java code on to different azure pipelines as per the schedule.
Experience in working in .Net application and branching, Tagging, Release Activities on Version Control Tool GIT and Azure Repo.
Worked on automating Schedule Build and Release which are an aid in scheduling dev, model, and prod jobs and disables the job after execution, as self-service to developers.
Restricted user access/service accounts access over jobs on Azure Pipelines using Assign and managing Security settings for security purposes in development and for test environments provide the access for Test Access.
Worked as a Release Engineer for Enterprise Applications.
Researched and implemented code coverage and unit test plug-ins like find bugs, check style and with Maven.
Responsibility to perform the Security Scans, defect tracking, defect reporting and defect reproducing using SonarQube.
Manage releases to make sure the code goes to live with Quality and security.
Created RESTful APIs in Java environment using Node.JS using react.JS framework.
Developed JavaScript code to feed data-tables of Google Charts API with data, then draw charts with animation effect.
Designed Frontend within object-oriented JavaScript Framework like Bootstrap, Node.js
Build & Release Engineer Alight Hyderabad, TG May 2019 - Dec 2019
Designed and managed CI/CD pipelines in Azure DevOps for Java (Maven) and .NET applications, automating build, test, packaging, and deployment stages across multiple environments.
Created reusable YAML pipeline templates and variable groups in Azure DevOps, standardizing build and deployment processes across projects and reducing setup time for new applications.
Integrated unit testing, code coverage, and SonarQube scans into build pipelines, improving code quality by catching issues early in the cycle.
Configured pipeline triggers for continuous integration on pull requests and scheduled nightly builds, ensuring faster feedback loops and proactive detection of build failures.
Automated artifact packaging and publishing into Nexus repository using Maven tasks in pipelines, ensuring traceability, versioning, and rollback support.
Implemented multi-stage release pipelines in Azure DevOps for deployments into Dev, Test, UAT, and Production environments, ensuring approvals and gated deployments followed compliance policies.
Collaborated with developers to troubleshoot pipeline failures by analyzing build logs, fixing dependency conflicts, and tuning build scripts, which improved pipeline success rates and developer productivity.
Defined and enforced branching strategies (feature, release, hotfix) and merge workflows in Git and SVN to align with automated build and release pipelines.
Developed automation scripts in Shell and ARM templates to provision Azure resources (VMs, Managed Disks, Blob Storage) on demand for pipeline deployments.
Integrated Ansible playbooks into release pipelines for post-deployment configuration and application setup, ensuring consistent environments across teams.
Implemented build caching for Maven dependencies in pipelines to reduce build times and optimize agent usage.
Used Azure Key Vault integration within pipelines to securely handle secrets, connection strings, and service credentials.
Contact this candidate