• Secure Infrastructure & Networking: Engineer AWS infrastructure across 40+ accounts and 2,000+ servers, utilizing VPCs, Transit Gateways, Direct Connect, security groups, NACLs, and Palo Alto firewalls; align with NIST standards and reduce network incidents. Deploy and manage ELB Palo Alto solutions. Collaborate daily with AWS Senior Solutions Architects from Amazon to optimize and modernize the cloud environment. • AWS Services & Infrastructure: Manage EC2, Lambda, RDS, S3, EBS, and 100+ TB FSx for NetApp, plus ALB/ELB and CloudFront, maintaining 99.99% uptime for healthcare supporting 16 million Californians. • Infrastructure as Code & Automation: Automate AWS provisioning with Terraform Cloud, Brainboard, and GitHub CI/CD, reducing deployment times by 40% and ensuring secure, consistent environments. • Cost Optimization: Deliver $50,000 USD in annual AWS savings by driving resource optimization, cost monitoring, and best practices across accounts. • DevSecOps: Integrate Checkmarx SAST into CI/CD pipelines, strengthening application code security and compliance. • Security & Compliance: Implement GuardDuty, Security Hub, WAF/Shield, AWS Config, IAM, SCPs, Entra SSO, and KMS encryption, achieving HIPAA, state, and NIST compliance. • Observability & Incident Response: Enhance visibility with CloudTrail, VPC Flow Logs, and Splunk SIEM, boosting threat detection by 50% and improving response. • Endpoint & Container Security: Secure 2,000+ endpoints (Windows/Linux) with OS hardening and CrowdStrike Falcon, reducing vulnerabilities by 45%. • Cloud Migration & Modernization: Lead migration of 1,000+ on-prem servers to AWS; leverage Rubrik and AWS Backup for resilience and rapid recovery. • Threat Intelligence & Governance: Continuously monitor threats, partner with ISO, and remediate military-issued POAMs for strong security posture. • Government Compliance: Ensure cloud security and compliance with California state and U.S. federal regulations.

Cloud Security & DevSecOps: • Spearheaded secure architecture design across AWS, integrating DevSecOps practices to reduce incident response time by 25%. Secure Infrastructure & Networking: • Engineered AWS VPC networks (subnets, NAT Gateways, VPC peering, security groups, NACLs) to enforce segmentation and least‑privilege controls. AWS Operations: • Deployed and managed 1,000+ AWS servers (EC2) with automated provisioning, scaling, patching, and monitoring—boosting uptime and reducing manual tasks. Security & Compliance: • Implemented AWS GuardDuty, Inspector, Security Hub, WAF, and Shield for real‑time threat detection, vulnerability assessment, and DDoS protection. Infrastructure as Code: • Developed secure, modular infrastructures using Terraform and Terraform Cloud, embedding encryption, centralized logging, consistent tagging, monitoring, and IAM controls. Data Protection & IAM: • Centralized secrets and encryption key management via AWS Secrets Manager and KMS; integrated Azure Entra ID for SSO, MFA, and role‑based access controls. Observability & Incident Response: • Established comprehensive monitoring with CloudTrail, CloudWatch, and Datadog, creating custom alert dashboards and SIEM integrations to accelerate threat detection. Endpoint & Container Security: • Hardened Windows and Linux systems using PowerShell/Bash scripts; deployed CrowdStrike Falcon for endpoint protection and Prisma Cloud for container (EKS/ECS) security. Cloud Engineering & Cost Optimization: • Led cloud migrations and optimized configurations, achieving ~25% cost savings through instance rightsizing, S3 lifecycle management, and strategic use of Reserved Instances. Automation & Governance: • Implemented automated security, compliance, and audit reporting with Go, PowerShell, and Python; standardized configuration management with JSON, YAML, and HCL.

• Configured, implemented, design and managed cloud-native technologies and services, including virtual machines, web servers, tunnels, CDN, load balancer, Apache server, database server, SSL/TLS, cloud firewalls, and WAF (Web Application Firewall), Cisco/Juniper LAN/WAN technologies, using AWS, Azure and GCP for an extensive organization to achieve a high level of availability and uptime for the platform. • Improved the security posture of critical systems by implementing a Continuous Monitoring and Continuous Diagnostic program for the clients that reduced the number of vulnerabilities found by 200% and increased the overall security score by 80%. Using Wiz, Aqua, JFrog, Prisma Cloud and Snyk. • Increased cloud migration of company-owned applications by 60% introducing cloud-based solutions to customers, leveraging Cloud Computing. • Deployed Web Application Firewall (WAF) into the cloud, cloud security, to improve security by 91% of protecting against threats. • Deployed Cloud Security Solutions (Azure FW, Prisma Palo Alto Networks, Fortinet and crowdstrike). • Improved delivery time of security metrics by 30% by automating the reporting process with CI/CD systems, reducing the time spent on manual reporting. Using Wiz, Aqua, JFrog, Prisma Cloud and Snyk. • Developed a system automation solution using Azure, Azure DevOps, and AWS, reducing the average time to restore service from 2 hours to 15 minutes. • Implemented modern Authentication methods, standards, and protocols such as OAuth/Open ID Connect, 2FA/MFA, adaptive/ contextual/ passwordless authentication to improve the security of web applications and services, by adding additional layers of authentication. • Regularly performed vulnerability assessments and penetration testing on cloud infrastructure and applications, utilizing Burp Suite to identify and remediate security weaknesses and proactively address potential threats.

• Helped the server to increase its uptime from 90% to 99% by setting up a monitoring system for the server’s status, and maintain the server updated at the fastest time possible. AWS CloudWatch (AWS) - Azure Monitor (Azure) • Configured several cloud services to deliver a functional web application with a 99.999% SLA, including: Virtual Machines, Web Servers, Tunnels, CDN, HTTP Load Balancer, Apache Server, Database Server, SSL/TLS. Linux Administrator and some python. Working in Azure, Google Cloud Platform and Oracle Cloud Infrastructure. Deployed Cloud Security Solutions, Fornitet and crowdstrike. • Implemented Cloud solutions using Azure and AWS and moved data from on-prem to the cloud to increase uptime, enhance customer experience and reduce costs by 40%. AWS Snowball/Snowball Edge, Azure Import/Export Service. • Implemented systems to improve performance and reliability, resulting in a decrease of system down time by 25%, and an increase in server response times by 50%. Leveraging AWS CloudWatch, Auto Scaling and RDS. • Automated the setup of new services and clusters, reducing the time to provision environment from weeks to hours. Using Terraform. • Automated infrastructure deployment and management using Infrastructure as Code (IaC) tools: AWS CloudFormation, Terraform and Azure Resource Manager (ARM templates) for efficient resource provisioning and configuration. • Developed and executed policies, Security Groups, Network Access Control Lists and Network Virtual Private Clouds to secure network traffic and provide a secure and reliable service to customers.

• Provided technical support to over 200 users, installing & configuring computer hardware, software, and networks. Windows and Linux Server. • Automated routine Linux administration tasks using shell scripting (Bash) and configuration management tools (e.g., Ansible) to improve efficiency and consistency. Proactively monitored system logs and performance metrics to identify and troubleshoot potential issues before they impacted users. • Improved network performance and reliability by installing, maintaining, and troubleshooting internal office network and phone system equipment, including servers, switches, routers, access points, VPNs, and firewalls. • Ensured data security and system uptime by installing and supporting a wide range of hardware and software, including Windows, Linux, and Mac servers, desktops, laptops, printers, and network devices. • Enhanced system performance and security for critical applications by administering a fleet of Linux servers utilizing Red Hat Enterprise Linux (RHEL) and Ubuntu distributions. Performed tasks like user and group management, package installation and configuration, system hardening, and routine maintenance.

Western Governors University - Utah, USA

Western Governors University - Utah, USA

Download Certificate

Download Certificate

Download Certificate

Download Certificate

Download Certificate

Download Certificate

Download Certificate

Download Certificate

Download Certificate

Download Certificate

Download Certificate

Download Certificate

Download Certificate

Download Certificate