Home

Militha - DevOps

[email protected]

Location: Dallas, Texas, USA

Relocation: yes

Visa: green card

MILITHA ANNAM Sr Security Engineer Phone: 9728369602 Email: [email protected] https://www.linkedin.com/in/militha-a-5b0b04112/ Professional Summary: Sr. DevSecOps Engineer 10 years of IT Experience as Cloud/DevOps Engineer comprising of Linux and System Administration with a major focus on AWS, Azure, OpenStack, Continuous Integration, Continuous Deployment, Configuration Management, Build/ReleaseEngineer, and Linux Systems Administrator with expertise in Private, Public, and Hybrid Cloud platforms along with using various tools like Docker, Kubernetes, Ansible, OpenShift, Puppet, Jenkins, Git, Maven.6+ Years of experience asa DevOps Engineerand 4 years of experience asa Network Administrator. Experience in AWS Services EC2, IAM, Subnets, VPC, Cloud Formation, AMI, S3, SNS, SES, RedShift, CloudWatch, SQS, Route53, CloudTrail, Lambda, Kinesis, and RDS and obtaining High Availability and Fault Tolerance for AWS EC2 instances utilizing the services like Elastic IP, EBS and ELB. Experience in Azure Services Azure active directory, CDN, Azure Data Factory, Azure SQL, Azure Function Apps, Cosmos DB, Azure backup, Logic apps, virtual machine, ACR, Azure Kubernetes Service, Azure monitor and obtaining High Availabilityto limit the duration ofdowntime and not eliminating. Experience in AWS Cloud Formation templates to create customized VPCs, subnets, and NAT to ensure successful deployment of Web applications, also expertise in AWS server-less compute service Lambda and used AWS lambda to trigger changes in data shifts and action by users and run the code in the Postgres DB. Experience in Azure Resource Manager so that templates that are written in cloud formation supportJSON and YAML to create an infrastructure template that contains services thathelp to setone or more parameters that contain the environment-specific configuration to achieve. Conducted regular cloud security assessments and risk analyses to identify vulnerabilities and implement mitigation strategies. Protected serverless application deployments with automated security measures for cloud computing settings. Experience in Converting existing Terraform modules to manage Azure Infrastructure by lowering human errors while deploying and managing infrastructure, working with Terraform to create stacks in Azure, and updating the Terraform scripts based on the requirement regularly. Experience in integrating Terraform with Ansible, and Packer to create and Version the AWS Infrastructure, designing, automating, implementing, and sustaining Amazon machine images (AMI) across the AWS Cloud environment. Expertise in Designing and implementing Continuous Integration (CI) throughout many environments utilizing Azure DevOps / Jenkins tools to provide an agile development process that is automated and repeatable, allowing teams to safely deploy code several times per day while ensuring Azure Kubernetes Services (AKS) are supported. Expertise in configuring the Monitoring and Alerting tools according to requirements like Prometheus and Grafana, setting up alerts, and deploying multiple dashboards for individual applications in Kubernetes. Experience in Azure IaaS, PaaS, Provisioning VM's, Virtual Hard disks, Virtual Networks, Deploying Web Apps and creating Web-Jobs, Azure Cosmos DB, Active Directory, Azure Windows server, Microsoft SQL Server, Microsoft Visual Studio, Windows PowerShell, Cloud infrastructure. Designed and enforced identity and access management (IAM) policies and procedures for cloud resources to maintain principle of least privilege. Experience in cloud automation and orchestration framework using AWS, Azure, and OpenStack. Implemented multi-tier application provisioning in OpenStack cloud, integrating it with PUPPET, migrating the application using MAVEN as a build tool. Experience in Ansible setup, managing hosts files, using YAML, authoring various playbooks and custom modules with Ansible, and working on Ansible Playbooks to automate AWS services like Launching EC2, Provisioning IAM, Configuring VPC, EBS, Monitoring using CloudWatch and CloudTrail. Hands-on experience with Puppet manifests for deployment and automation and have integrated Puppet with Jenkins to fully deploy onto a Jenkins server to provide continuous deployment and testing to automate the deployment of infrastructure. Experienced in working with the OpenShift Enterprise 4.2 to deploy containers using HELM Charts integrating with Azure DevOps Pipelines Experience in using Docker including Docker Hub, Docker Engine, Docker images, Docker Compose, Docker Swarm, and Docker Registry, and used containerization to make our applications platform consistent and flexible when they are moved into different environments. Experience in deploying Kubernetes Cluster on AWS and Azure cloud environments with master architecture and wrote many YAML files to create many services like pods, deployments, auto-scaling, load balancers, labels, health checks, Namespaces, Config Map, etc. Expertise in administering and automating operations across multiple platforms and Windows servers, Performed numerous server migrations on both Linux/Unix. Migrations include moving all clients and their data, configuration settings, testing, and verifying everything is correct with zero downtime. Experience in integrating Jenkins with various tools like Maven (Build tool), Git (Repository), SonarQube (code verification), Nexus/JFrog (Artifactory), and implementing CI/CD automation for creating Jenkins pipelines programmatically architecting Jenkins Clusters. AWS Code Pipeline, Code Build, and Code Deploy were used to implement CI/CD pipelines. Experience in working on version control systems like GIT and using Source code management client tools like Git Bash, GitHub, Git GUI, and other command-line applications. Experience in Branching, Merging, Tagging, and maintaining the version across the environments using SCM tools like GIT and Bitbucket, Subversion (SVN) on Linux platforms. I have experience utilizing Splunk as a monitoring tool to proactively detect and address infrastructure issues before they impact critical processes. Additionally, I have worked with Splunk event handlers to enable automatic restart of failed applications and services. Written Templates for AWS infrastructure as a code using Terraform to build staging and production environments. Experience withELK architecture and its implementation. Handled installation, administration, and configuration of ELK stack on AWS and performed Log Analysis. Experience in deploying and configuring Elasticsearch, Log Stash, Kibana (ELK), and AWS Kinesis for log analytics and experienced in monitoring servers usingSplunk, and CloudWatch. Experience in Group creation, monitoring, and maintaining logs for system status/health using Linux commands and Splunk system monitor. Writing new plugins in Splunk to monitor. Worked on customizing Splunk dashboards, visualizations, configurations, reports, and search capabilities using customized Splunk queries. Excellent hands-on experience working with monitoring tools such as Splunk, ELK and working with load balancing, Integrating, and monitoring with Splunk also checking the health of applications. Expert in writing scripts like Ruby, Perl, Power Shell, JSON, Node.js, YAML, Groovy, Bash/Shell, Python for automating the build and release process. Experience in Working with web servers such as Apache HTTP server, NGINX, Apache TOMCAT, and application servers such as Oracle WebLogic 9.x/10.x, IBM WebSphere 6.x/7.x/8.x, JBoss 4.1. Knowledge of using Routed Protocols like FTP, SFTP, SSH, HTTP, HTTPS, and Direct connect. And experience in Kickstart installations; support, configuration, and maintenance of Red Hat Enterprise Linux, CentOS. Experience in system administration working on multiplatform VMware, LINUX (Red hat, SUSE), UNIX (Oracle Solaris 9/10), and Windowsservers. Exposure to all aspects of the Software Development Life Cycle (SDLC) such as Analysis, Planning, Development, Testing, Implementation, and Post-production analysis of the projects. Technical Skills: Cloud Environment AWS, GCP, Azure, OpenStack Configuration Management tools Puppet, Ansible, Ansible Tower Build tools Maven, Ant, Docker, MS Build, NPM Automation tools Jenkins, Azure DevOps, GitLab, Terraform, CloudFormation Version Control tools GIT, GIT-lab, TFS, Bitbucket, GitHub, Subversion (SVN) Operation systems Red Hat Linux, SUSE, Ubuntu, CentOS, Windows, MacOS, UNIX Web servers Apache, Tomcat, JBOSS 4.x/5.x, IIS, NGINX, Web Sphere4.0/5.0 Database System MS SQL Server, MySQL, MongoDB, Oracle 9i/10g/12C, IBM DB2 Monitoring tools CloudWatch, Splunk, ELK-Xpack, GrayLog, Grafana, New Relics Networking DNS, DHCP, WAN, TCP/IP, NIS, NFS, SMTP, LAN, HTTP Scripting Python, Ruby, Bash shell, Power shell, JSON Virtualization Technologies VMware, Windows Hyper-V, Power VM, VirtualBox, Citrix Xen, Vagrant Programming Python, Groovy, Shell, PowerShell. CERTIFICATIONS: Certified Azure Administrator Associate. Certified AWS Developer Associate. Certified Kubernetes Administrator. Experience Role: Sr. Security EngineerDec 2022 to current Client:General Motors,Detroit, Michigan Responsibilities: Designed, provisioned, and managed AWS cloud infrastructures, including EC2, EBS, and S3 with cross-region replication, ELB, Auto Scaling, VPCs across multiple availability zones, RDS, and Route53 for optimal traffic routing. Implemented comprehensive cloud security measures using IAM, Security Groups, Network ACLs, and encryption techniques to safeguard data and applications. Worked with the different instances of AWS EC2, AWS AMI s creation, managing the volumes and configuring the security groups. Implemented RBAC for role-based access control and security policies was implemented in Kubernetes. Worked to guarantee secure cloud installations, security controls are included in infrastructure as code (IaC) templates. conducted routine security testing to find and fix vulnerabilities, such as dynamic application security testing (DAST) and static code analysis. Led Agile development teams in implementing CI/CD pipelines, leveraging Jenkins, Ansible Playbooks, Chef, and Kubernetes to automate build, test, and deployment workflows. Enhanced pipeline efficiency by integrating version control (Git) with build automation (Jenkins) and project tracking (Jira). Expertise in Docker containerization, from building images using Docker files to managing containers and volumes. Orchestrated microservices deployments using AWS ECS and Kubernetes. Developed and implemented a comprehensive cloud security operating model aligned with the NIST Cybersecurity Framework to ensure robust protection across all cloud environments. Designed and implemented security best practices for AWS Lambda functions, ensuring compliance with organizational and regulatory requirements. Implemented monitoring and logging solutions using Amazon CloudWatch, AWS CloudTrail, and the ELK Stack. Integrated security tools into CI/CD pipelines to automate vulnerability scanning and compliance checks. Executed efficient data migrations using AWS Server Migration Service (SMS), Database Migration Service (DMS), and Snowball. Experience in Implemented Infrastructure as Code using AWS CloudFormation and Terraform to enhance security and compliance. Engaged with new cloud technologies and participated in their secure implementation. Created and kept up-to-date playbooks and runbooks for incident response suited for DevSecOps procedures. To encourage a security-conscious culture across the company, security awareness training sessions were held for stakeholders. Supervised the implementation and management of web application firewall (WAF) and API security testing tools. CloudWatch was used to monitor AWS apps and resources, and alerts were set up for proactive monitoring. Implemented cost-saving strategies by automating start/stop schedules for AWS resources with Ansible Playbooks, triggered via Jenkins. Worked on Red Hat Open Shift platform and AWS for managing Docker containers and Kubernetes Clusters using Linux, Bash/Shell Scripting. Conducted security assessments and ensured compliance with best practices for new cloud services. Experiences in Implementing state-of-the-art security measures including web application firewalls (WAF), intrusion detection/prevention systems (IDS/IPS), and data leakage prevention for cloud environments. Defined and implemented measures to reduce identified security risks. Implemented proper encryption and lifecycle policies for data storage solutions utilizing AWS S3, Glacier, and EBS. Managed and secured containerized applications using Docker and Kubernetes. Expert Amazon Auto Scaling and Elastic Load Balancing to implement fault tolerance and high availability techniques. Completed AWS migration projects from cloud environments to on-premises data centers. Experienced in Maintaining current knowledge of AWS capabilities, services, and best practices via certification and ongoing education. Implemented and managed cloud security controls, including identity and access management (IAM). Involved in privilege access control is implemented in AWS settings using managed IAM roles and policies. Used the AWS-CLI to suspend an AWS Lambda function. Used AWS CLI to automate backups of ephemeral data-stores to S3 buckets, EBS. Utilized AWS Systems Manager, Ansible, and Puppet for secure configuration management and automation. Developed Lambda functions for automated security incident response, such as real-time threat detection and mitigation. Developed individual security improvement concepts and decision templates for risk treatment.. Conducted security evaluations and put best practices for AWS environments into effect. Carried out AWS service optimization and performance adjustment for increased effectiveness. Enforced cloud security best practices by configuring IAM roles, security groups, and policy management. Experienced in Utilized Network ACLs, VPNs, and encryption to create a secure networking environment across all cloud services and data storage solutions. Role: SecurityEngineer Jan 2020 to Nov 2022 Client: State of Kentucky, Frankfort, Kentucky Responsibilities: Worked on Microsoft Azure Cloud to provide PaaS support to clients. Create and Maintain automation through Python and Power Shell Script Designed and executed a disaster recovery strategy by recommending the replication of a subset of on-premises machines to Azure IaaS, including detailed planning for SQL Server and SharePoint data synchronization. Well-versed in using Azure Infrastructure as a Service (IaaS), Provisioning VMs, Virtual Networks, Deploying Web Apps, Microsoft SQL Server, using ARM Templates, and Azure DevOps CI/CD pipelines. Implemented Azure Site Recovery and Azure Backup solutions, facilitating seamless migration from on-premises to Azure cloud environments. Enhanced operational efficiency by utilizing Log Analytics for comprehensive data collection and issue resolution. played a part in the development of containerized environments and secure microservices architectures. Leveraged Azure Functions to develop serverless applications, integrating HTTP Triggers and Application Insights for enhanced monitoring and load testing via Azure DevOps Services. Involved part in threat modeling exercises to find and eliminate security flaws in infrastructure and program architectures. Assured to enhance DevSecOps procedures by being informed about new security risks and industry best practices. Involved inDevSecOps processes, security technologies like intrusion detection systems (IDS) and security information and event management (SIEM) platforms are managed and monitored. established and upheld security norms and policies in both the development and operational contexts. facilitated security awareness workshops for development teams to increase knowledge of threat mitigation techniques and safe coding standards. Experience secrets and sensitive data using HashiCorp Vault, ensuring secure storage, access control, and rotation of secrets. Experienced in conducting static container scanning using tools like Trivy and Snyk to identify security vulnerabilities and misconfigurations within container images. Experience sBOM (Bill of Material) tools such as Syft and Grype to generate comprehensive inventories of software components and dependencies within container images. Ensured network security through secure configuration of VPCs, security groups, and firewalls. Collaborated closely with IT teams to ensure secure software development and deployment practices. Experience in Utilizing Prometheus and Grafana was used to monitor Kubernetes clusters and applications. Configured secure Amazon VPC environments with proper subnetting, routing, and security group policies. Utilized Kubernetes and Docker for the runtime environment for the Continuous Integration/Continuous Deployment system to build, test, and deploy. Created Jenkins jobs to deploy applications to the Kubernetes Cluster. Developed and maintained security dashboards and reports to provide visibility into security posture and compliance status. Created reproducible builds of the Kubernetes applications, managed Kubernetes manifest files, and managed releases of Helm packages. Implemented sBOM-based vulnerability management processes to enhance transparency and traceability of software supply chain. Automated security compliance checks and audits to ensure adherence to regulatory requirements (e.g., GDPR, HIPAA, PCI DSS). Implemented secrets management solutions to securely manage and rotate cryptographic keys, passwords, and API tokens. Implemented multi-factor authentication (MFA) and single sign-on (SSO) solutions to enhance access controls. Evaluated and implemented cloud-native security solutions such as AWS Security Hub or Azure Security Center. Deployed and managed a Nagios-based monitoring infrastructure, overseeing system performance and application server health across multiple environments. Experience static container scanning using tools like Trivy and Snyk to identify security vulnerabilities and misconfigurations within container images. Established AWS Direct Connect and VPN connections with strong encryption protocols. Integrated sBOM generation into CI/CD pipelines to automatically generate and update BOMs for each container image build. Excellent knowledge in Azure compute services, Azure Web apps, Azure Data Factory & Storage, Azure Media & Content delivery, Azure Networking, Azure Hybrid Integration, and Azure Identity & Access Management. Conducted regular reviews and optimizations of cloud resource usage to ensure cost-effectiveness, employing Azure Cost Management tools. Implemented Kubernetes to deploy scale, load balance, scale and manage Docker containers with multiple-spaced version. Experience in configured PAM (Privileged Access Management) solutions like CyberArk to control and monitor access to privileged accounts and systems. Contributed to the improvement of static container scanning and sBOM tools by providing feedback, feature requests, and bug reports to tool vendors and open-source communities. Utilized Kubernetes and Docker for the runtime environment for the Continuous Integration/Continuous Deployment system to build, test, and deploy. Created Jenkins jobs to deploy applications to the Kubernetes Cluster. Experience in using Namespaces for Kubernetes were implemented for resource isolation and multi-tenancy. Created Azure SQL Database, performed monitoring and restored Azure SQL database. Performed migration of Microsoft SQL server to Azure SQL database. Assured compliance with industry standards and corporate policies through the implementation of Azure Policy and Azure Blueprints, enhancing governance and compliance across cloud deployments. Led cross-functional teams in high-stakes projects, facilitating knowledge-sharing sessions on cloud best practices and DevOps tools to enhance team skills and productivity. Role: Cloud Security Engineer May2018 to Dec 2019 Client: Citi Bank, Tampa, Florida. Responsibilities: Led the design and implementation of scalable PaaS solutions on Microsoft Azure Cloud, enhancing client operations. Developed and maintained automation scripts in Python and PowerShell to streamline workflows and reduce manual intervention. Implemented AWS Key Management Service (KMS) to manage encryption keys used by Lambda functions for data encryption at rest and in transit. Spearheaded the deployment of Azure Log Analytics using Kusto Query Language, optimizing resource monitoring and configuring proactive alerts to improve SLA adherence. Proficient in utilizing Azure DevOps and GitLab for robust CI/CD pipelines, facilitating efficient build and deployment processes across multiple environments. Expert in managing end-user experiences through Intune, including user onboarding, license management via Web API, and CloudPC provisioning. Specialized in deploying Line of Business (LOB) and storing applications across Windows, CloudPC, and macOS devices, ensuring successful deployment and continuous monitoring. Configured device settings for secure Azure AD and Hybrid AD joins for Windows 10 and CloudPc, enhancing device securityand compliance. Developed and managed Conditional Access (CA) policies for Intune-managed devices to protect corporate resources. created and put into use safe cloud architectures by utilizing both third-party and native security features. managed and supervised cloud security solutions, such as cloud workload protection platforms (CWPPs) and cloud access security brokers (CASBs). Experience in Configuring AWS API Gateway with Lambda authorizers for token validation and authentication, enhancing security for serverless APIs. Driven all microservice builds out to the Docker registry and then deployed to Kubernetes using Jenkins and pipelines. Demonstrated expertise in Windows Defender ATP, leading efforts to strengthen endpoint security and threat protection. In-depth knowledge in integrating and managing devices with Azure AD via Intune, ensuring seamless access control and device management. Made significant contributions to cloud transformation projects, guiding teams through complex cloud migrations and architecture optimizations. Conducted comprehensive security assessments and risk analyses for cloud platforms. Developed and implemented robust security concepts to address identified risks. Played a pivotal role in decision-making processes, contributing to the strategic planning and execution of cloud services adoption, which resulted in enhanced operational efficiency and reduced costs. Fostered strong collaboration between development, operations, and security teams to ensure seamless integration of DevOps practices. Led initiatives to break down silos, which significantly improved deployment frequency and reduced lead time for changes, enhancing overall productivity and agility. Jenkins pipelines were created to automate the building of microservices, the storage of Docker images, the deployment of Kubernetes, and the integration of Ansible-driven deployments with Bitbucket. Pioneered the development of advanced automation frameworks using Python and PowerShell, which automated critical processes such as infrastructure provisioning, configuration management, and compliance checks. Web application firewalls (WAFs) and API security testing instruments were implemented and controlled. Included runtime protection and image scanning as container security measures to safeguard containerized systems. Identified and fixed security concerns in cloud infrastructure installations using infrastructure-as-code (IaC) security scanning technologies. Conducted comprehensive performance tuning and optimization of Azure cloud environments, utilizing Azure Monitor and custom Kusto queries. Committed to continuous learning and professional growth, obtaining certifications in Azure Administrator and Azure DevOps Engineer. Actively mentored junior team members and led workshops on cloud best practices and automation techniques, contributing to the development of a highly skilled IT department. Role: Security Engineer July 2013 to Aug 2017 Client: Imaginate Technology, Hyderabad, India. Responsibilities: Designed and maintained robust CI/CD pipelines using tools like Jenkins, GitLab CI, and CircleCI, significantly automating the software release process, improving deployment frequency by 40%, and reducing deployment failures. using and overseeing intrusion detection systems (IDS), firewalls, and endpoint protection programs, among other security measures. perforation testing, vulnerability scanning, and security assessments were carried out to find and reduce security threats. carried out forensic analysis, put remedial measures into place, and responded to and looked into security problems. To guarantee adherence to regulatory standards, security policies, processes, and documentation were created and maintained. Designed and executed secure network designs and configurations in cooperation with cross-functional teams. managed security infrastructure, encompassing identity and access management (IAM) programs and security information and event management (SIEM) systems. Collaborated with QA teams to integrate automated testing frameworks like Selenium and JUnit into the CI/CD pipeline, significantly enhancing code quality and reducing time-to-market by 25%. Implemented infrastructure as code (IaC) using Terraform and Ansible to automate the provisioning and management of cloud environments, reducing manual setup efforts by 60% and ensuring consistency across development, testing, and production environments. To encourage a culture of security awareness, staff personnel received training and direction on security awareness. evaluated and suggested security solutions and technology to improve overall security posture. took part in evaluations and audits of security to confirm adherence to industry best practices and standards. Stay up to date on new security trends and threats to proactively reduce risks. Conducted thorough security audits of the CI/CD pipeline and integrated security practices into the development lifecycle, utilizing tools like SonarQube and OWASP ZAP to enhance application security posture. Keywords: continuous integration continuous deployment quality analyst javascript sthree database active directory information technology microsoft California