Azmat Firdous
// DevOps & Cloud Engineer //
Architecting robust cloud infrastructures and streamlining development pipelines with a passion for automation and security.
"The cloud is the new operating system."
- Satya Nadella
Work Experience
My professional journey and key contributions.
Responsible for Kubernetes (EKS) management with ArgoCD & KEDA, automating infrastructure using Terraform, and optimizing Azure DevOps CI/CD pipelines. Key duties include deploying applications on Amazon EKS, ensuring high availability and disaster recovery, managing vulnerability scanning, performing database administration, and Windows Server management. Also contributing to cloud migration efforts from AWS to GCP and overseeing the learning portal.
Key Achievements & Responsibilities:
- Setting up and managing ArgoCD for automated deployments and KEDA for event-driven auto-scaling of applications.
- Deploying, optimizing, and managing applications on Amazon EKS, ensuring high availability and robust disaster recovery strategies.
- Utilizing Terraform to automate the provisioning and management of infrastructure across AWS and GCP cloud environments.
- Managing and optimizing Azure DevOps CI/CD pipelines, and successfully migrating applications from manual deployment processes to fully automated CI/CD workflows.
- Implementing and managing comprehensive vulnerability scanning, continuous monitoring, and timely remediation of security threats.
- Performing essential database administration tasks, including restoration, backups, and routine maintenance for optimal performance.
- Managing Windows Server environments, including Active Directory, DNS, Group Policies, and security configurations.
- Overseeing the stability and performance of the company's learning portal.
- Actively participating in the strategic cloud migration project from AWS to GCP.
Technologies Used:
Serving as a DevOps and Security Consultant at PeakXV, reporting directly to the AVP of Security. Demonstrated proficiency in multi-cloud environments, including AWS, Azure, and GCP, by efficiently creating and managing cloud resources. Utilized Terraform to create AWS, Azure resources, automating infrastructure provisioning and ensuring consistency. Integrated Wiz, Wiz Sensor and Admission Controller into Kubernetes using Helm charts, ensuring seamless deployment, configuration and management of cloud workload security solutions. Implemented a robust logging solution by exporting Kubernetes logs to Amazon S3 using Filebeat and Logstash, enabling centralized log management and analysis for enhanced monitoring and troubleshooting capabilities. Developed and implemented Open Policy Agent (OPA) policies for Kubernetes deployments, ensuring adherence to security, compliance, and operational best practices across the cluster environment. Maintained a strong security focus, implementing robust security measures across cloud platforms. Implemented security solutions such as Mimecast, Cycode, Virtru, etc to safeguard cloud resources. Implemented Wiz for vulnerability management, actively identifying and resolving vulnerabilities to enhance system security. Implemented Rapid7 for log monitoring, ensuring real-time visibility into system events and potential threats. Contributed to resource optimization initiatives by ensuring the efficient use of cloud resources, leading to cost savings. Maintained comprehensive documentation related to security practices, procedures, and incident reports for future reference and auditing. Implementing CSPM and DSPM for enhanced cloud security.
Key Achievements & Responsibilities:
- Managed resources across AWS, Azure, and GCP, utilizing Terraform for AWS/Azure provisioning.
- Integrated Wiz, Wiz Sensor, and Admission Controller into Kubernetes using Helm charts for cloud workload security.
- Exported Kubernetes logs to Amazon S3 using Filebeat and Logstash for centralized log management and analysis.
- Developed and implemented Open Policy Agent (OPA) policies for Kubernetes deployments to ensure security and compliance.
- Implemented security solutions such as Mimecast, Cycode, and Virtru to safeguard cloud resources.
- Utilized Wiz for vulnerability management and Rapid7 for log monitoring.
- Contributed to cloud resource optimization initiatives leading to cost savings.
- Implemented CSPM (Cloud Security Posture Management) and DSPM (Data Security Posture Management) for enhanced cloud security.
- Maintained comprehensive documentation related to security practices, procedures, and incident reports.
Technologies Used:
Held the role of DevOps Engineer at Monsoon Fintech, reporting directly to the CTO and collaborating closely with the lead developers. Successfully led the migration of resources from Azure to Google Cloud Platform (GCP). Utilized Terraform for resource provisioning, ensuring efficient and automated infrastructure management. Played a crucial role in enhancing security measures, particularly in preparation for the CISA audit. Implemented Teleport VPN for secure and efficient remote access to all resources. Successfully implemented a Data Loss Prevention (DLP) solution, safeguarding sensitive data and preventing unauthorized data leakage. Enhanced data security and access control while facilitating remote work capabilities. Designed and enforced fine-grained access policies for users, enhancing security while providing role-based access to resources. Detected and halted a security breach involving cryptocurrency mining on a production server. Automated routine tasks and processes to improve operational efficiency and reduce manual errors. Optimized cloud resources in GCP, resulting in cost savings and improved resource utilization. Maintained comprehensive documentation of infrastructure configurations, security policies, and procedures. Supported knowledge transfer and on-boarding of team members.
Key Achievements & Responsibilities:
- Successfully led the migration of resources from Azure to Google Cloud Platform (GCP).
- Utilized Terraform for automated resource provisioning in GCP, ensuring efficient infrastructure management.
- Played a crucial role in enhancing security measures in preparation for the CISA audit.
- Implemented Teleport VPN for secure and efficient remote access to all resources.
- Successfully implemented a Data Loss Prevention (DLP) solution, safeguarding sensitive data.
- Designed and enforced fine-grained access policies for users, enhancing security and role-based access control.
- Detected and halted a cryptocurrency mining security breach on a production server.
- Automated routine tasks and processes to improve operational efficiency.
- Optimized GCP cloud resources, resulting in cost savings and improved resource utilization.
- Maintained comprehensive documentation of infrastructure configurations and security policies.
- Supported knowledge transfer and on-boarding of team members.
Technologies Used:
Managed AmazonWeb Services - ELB, EC2, S3, RDS, SNS, Auto-Scaling, CloudWatch etc. Expertise in architecting secure VPC solutions in AWS with the help of Network ACLs, security groups, public and private network configurations. Create S3 buckets and also managing policies for S3 buckets. Experience in managing and maintaining IAM policies for organizations in AWS to define groups, create users, assign roles and define rules for role-based access to AWS resources. Create snapshots and amazon machine images (AMIS) of the instances for backup and creating replicas. Hands on experience in writing Ansible scripts for server upgrades. Hands on experience in deploying infrastructure with Ansible. Automated build and deployment using Jenkins to reduce human error and speed up the processes. Manage systems routine backup, scheduling jobs, enabling cron jobs, enabling system logging and network logging of servers for maintenance. Provide technical support by troubleshooting day-to-day issues with various Servers on different platforms. Monitored and managed Servers and Services Using CloudWatch. Using GitHub for version control.
Key Achievements & Responsibilities:
- Managed a wide range of AWS services including ELB, EC2, S3, RDS, SNS, Auto-Scaling, and CloudWatch.
- Architected and implemented secure VPC solutions in AWS using Network ACLs, security groups, and public/private network configurations.
- Managed S3 bucket policies and IAM policies for organizations, defining groups, users, roles, and role-based access rules.
- Created snapshots and Amazon Machine Images (AMIs) for instance backup and replication.
- Authored Ansible scripts for server upgrades and automated infrastructure deployment.
- Automated build and deployment processes using Jenkins, reducing human error and improving speed.
- Managed routine system backups, scheduled jobs (cron jobs), and configured system/network logging for server maintenance.
- Provided L2/L3 technical support, troubleshooting day-to-day issues with various servers on different platforms.
- Monitored server and service health using CloudWatch, implementing alerts for proactive issue resolution.
- Utilized GitHub for version control and collaborative development.
Technologies Used:
Technical Skills
Click on a skill to learn more about it.
Cloud Platforms
AWS
AWS
Amazon Web Services: A comprehensive cloud platform offering a wide range of services like compute, storage, and databases.
GCP
GCP
Google Cloud Platform: Google's suite of cloud computing services, providing infrastructure, data analytics, and machine learning tools.
Azure
Azure
Microsoft Azure: A cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.
DevOps & Automation
Jenkins
Jenkins
Jenkins: An open-source automation server for building, testing, and deploying software.
GitHub Actions
GitHub Actions
GitHub Actions: Automate, customize, and execute your software development workflows right in your GitHub repository.
Terraform
Terraform
Terraform: An infrastructure as code tool for building, changing, and versioning infrastructure safely and efficiently.
Kubernetes
Kubernetes
Kubernetes: An open-source system for automating deployment, scaling, and management of containerized applications.
Ansible
Ansible
Ansible: An open-source automation tool for configuration management, application deployment, and task automation.
Docker
Docker
Docker: A platform for developing, shipping, and running applications in containers.
ArgoCD
ArgoCD
ArgoCD: A declarative, GitOps continuous delivery tool for Kubernetes.
KEDA
KEDA
KEDA: Kubernetes-based Event Driven Autoscaling. Scales applications based on event metrics.
Helm
Helm
Helm: The package manager for Kubernetes, helping you define, install, and upgrade complex Kubernetes applications.
Git & GitHub
Git & GitHub
Git: A distributed version control system. GitHub: A platform for hosting and collaborating on Git repositories.
Monitoring & Logging
Prometheus
Prometheus
Prometheus: An open-source monitoring and alerting toolkit originally built at SoundCloud.
Grafana
Grafana
Grafana: An open-source platform for monitoring and observability, allowing you to query, visualize, alert on, and understand your metrics.
Elastic Stack
Elastic Stack
Elastic Stack (ELK): A suite of tools (Elasticsearch, Logstash, Kibana, Beats) for searching, analyzing, and visualizing data in real time.
CloudWatch
CloudWatch
Amazon CloudWatch: A monitoring and observability service for AWS cloud resources and applications.
Programming & Scripting
Python
Python
Python: A versatile, high-level programming language known for its readability and extensive libraries.
Bash
Bash
Bash: A Unix shell and command language, widely used for scripting and system administration.
Java
Java
Java: A class-based, object-oriented programming language designed for portability across platforms.
Security Tools
Wiz
Wiz
Wiz: A cloud security platform that provides visibility and risk assessment across cloud environments.
Rapid7
Rapid7
Rapid7: Provides cybersecurity solutions, including vulnerability management, incident detection, and log management.
SonarQube
SonarQube
SonarQube: An open-source platform for continuous inspection of code quality to perform automatic reviews with static analysis.
Mimecast
Mimecast
Mimecast: A cloud-based email management service for security, archiving, and continuity.
Cycode
Cycode
Cycode: An application security posture management (ASPM) platform, securing the entire software development lifecycle.
Virtru
Virtru
Virtru: Provides data-centric security solutions, focusing on email and file encryption.
Teleport
Teleport
Teleport: An identity-native infrastructure access platform for engineers and security professionals.
OPA
OPA
Open Policy Agent (OPA): An open-source, general-purpose policy engine that unifies policy enforcement across the stack.
Canary Deployments
Canary Deployments
Red Canary deployments involve deploying their security operations platform to monitor and respond to threats across various endpoints, cloud workloads, and other assets. This includes deploying sensors/agents to collect telemetry data and analyzing it for malicious or suspicious activity.
Project Showcase
Selected projects demonstrating my skills and expertise.
Certifications
My credentials and qualifications.
Tata Technologies
TestDome
Amazon Web Services
Get In Touch
Let's connect! Reach out for collaborations or opportunities.