Cloud Architect & DevOps Engineer Specialist

Hemanth Nagapudi

***************@*****.*** 346-***-**** USA LinkedIn

Summary

Cloud Engineer with 4+ years of experience in designing, implementing, and managing secure, scalable cloud environments on AWS and Azure. Skilled in cloud architecture, automation, infrastructure as code, networking, security, and compliance. Experienced in optimizing performance, cost, and operational efficiency while leveraging DevOps practices, monitoring tools, and governance frameworks to enable reliable and efficient cloud solutions. Technical Skills

• Cloud Platforms & Services: AWS (Organizations, Control Tower, VPC, Transit Gateway, GuardDuty, Security Hub, CloudTrail, Config, IAM, KMS, Secrets Manager, IAM Identity Center), Azure (Migrate, Database Migration Service, Data Factory, AKS, App Service, Monitor, Log Analytics, Application Insights, Sentinel, Automation, Logic Apps, Cost Management, Reserved Instances).

• Infrastructure as Code (IaC) & Automation: Terraform, Bicep, CloudFormation, Azure DevOps CI/CD pipelines, GitHub Actions, Python scripting, Bash scripting, automated account provisioning, resource orchestration.

• Networking & Security: VPC segmentation, hub-and-spoke architecture, SCP policies, IAM role automation, multi-region KMS encryption, access governance, compliance guardrails (SOC2, PCI, SOX), identity and access management.

• Cloud Migration & Modernization: Lift-and-shift, re-platforming, re-architecting, containerization (AKS), workload assessment, dependency mapping, migration planning, validation, and testing.

• Monitoring, Logging & Observability: Azure Monitor, Log Analytics, Application Insights, QuickSight dashboards, automated alerts, centralized logging, continuous monitoring workflows, operational excellence.

• Cost Optimization & FinOps: Azure Cost Management, resource right-sizing, auto-scaling, Reserved Instances, cost monitoring dashboards, automated optimization scripts, reducing operational expenditures.

• DevOps & CI/CD Practices: Continuous integration and deployment, automated testing, pipeline orchestration, infrastructure versioning, GitHub Actions, Azure DevOps, code quality checks, deployment automation.

• Governance, Compliance & Documentation: Cloud governance frameworks, architecture diagrams, RFCs, runbooks, best practices documentation, compliance reporting, security audits, and knowledge transfer sessions. Professional Experience

Cloud Engineer, Brex 10/2024 – Present Remote, USA

• Worked on Building a Secure Multi Account AWS Landing Zone for Financial Compliance by assisting in defining account hierarchy governance, VPC segmentation, and security boundaries while collaborating with Security, SRE, and Compliance teams during requirement gathering workshops to ensure alignment with SOC2, PCI, and SOX standards.

• Architected AWS Organizations with a hub and spoke network using Transit Gateway, VPC peering, IAM boundaries, and CloudFormation templates while producing architecture diagrams, RFCs, and compliance documentation which improved cloud governance alignment by more than 90%.

• Implemented AWS Control Tower SCP policies, AWS Config, centralized CloudTrail, GuardDuty, Security Hub, and Amazon EKS clusters to enforce preventative guardrails and secure containerized workloads, increasing configuration consistency and compliance adherence across all engineering AWS accounts by over 95%.

• Developed automated account vending through AWS Service Catalog, Terraform modules, GitHub Actions pipelines, and Python validation scripts reducing manual provisioning efforts by more than 80% and ensuring every new account inherited mandatory baseline security configurations.

• Improved multi account security posture by integrating KMS multi-region encryption, Secrets Manager rotation, IAM Identity Center SSO mappings, and automating IAM role creation using Bash and Python scripts enhancing access governance accuracy beyond 92%.

• Supported organization wide landing zone rollout by migrating legacy accounts, creating QuickSight compliance dashboards, conducting engineering training, and establishing continuous monitoring workflows which improved PCI, SOC2, and SOX visibility and adherence by more than 96%. Cloud Engineer, Capgemini Technology Services 05/2020 – 07/2023 Bengaluru, India

• Initiated modernization of CDW, IFBP, and CAH applications collaborating with application owners, architects, and business teams conducting requirement gathering sessions, workload inventory, and risk analysis achieving 95% coverage of platforms and documenting all findings.

• Assessed 12+ legacy workloads classifying VMs, web apps, databases, and batch jobs using Azure Migrate, Dependency Analyzer, and Assessment Reports estimating cost, risk, and complexity achieving 92% assessment completion while keeping detailed documentation for internal reference.

• Planned migration waves and strategies defining lift-and-shift, re-platform, and rearchitect approaches using Azure Architecture Center best practices creating detailed roadmap and cutover plan ensuring 90% SLA alignment with all plans fully documented for governance.

• Executed migrations using Azure Migrate, Database Migration Service, Data Factory, and Python automation scripts leveraging IaC with Terraform and Bicep, containerizing applications using AKS for scalable orchestration and modernizing other workloads on App Service, achieving 88% deployment automation while maintaining detailed logs and documentation.

• Validated migrated workloads through functional, performance, and disaster recovery testing implementing monitoring using Azure Monitor, Log Analytics, Application Insights, and Bash scripts configured alerts, dashboards, and automated remediation achieving 97% system reliability and maintaining detailed validation reports.

• Optimized cloud resources using Azure Cost Management, Reserved Instances, auto-scaling, and right-sizing automated via Python scripts producing FinOps dashboards, achieving 18% operational expenditure reduction with full documentation of cost improvements and recommendations.

• Delivered fully modernized CDW, IFBP, and CAH platforms on Azure with CI/CD pipelines in Azure DevOps integrated security policies governance monitoring and logging providing knowledge transfer sessions and keeping full migration, test, and monitoring, achieving 93% team readiness.

• Enhanced operational excellence by using automated backup, recovery, security compliance using Azure Automation, Sentinel, and Logic Apps optimizing monitoring and alerting workflows achieving 95% operational efficiency while documenting processes, runbooks, and best practices. Education

Master of Science in Computer Science 08/2023 – 05/2025 University of Houston – Houston, TX, USA

Bachelor of Technology in Computer Science and Engineering 08/2017 – 05/2021 National Institute of Technology – Agartala, India Projects

Serverless E-commerce Application Deployment

• Designed and deployed a fully serverless e-commerce platform using AWS Lambda, API Gateway, DynamoDB, and S3, enabling auto-scaling, high availability, and cost optimization while ensuring secure access and monitoring through CloudWatch and IAM policies. Multi-Region Disaster Recovery Setup

• Used a multi-region disaster recovery solution on Azure using Site Recovery, Storage Replication, and Traffic Manager, ensuring minimal downtime, automated failover, real-time monitoring, and compliance adherence for mission-critical applications with optimized performance and cost efficiency.

Contact this candidate