Cloud and DevOps Consultant

AWS Cloud DevOps and Infrastructure Engineer role for a migration of on premise legacy applications to AWS for a public sector client:

• Migration of legacy Biometric applications running on IBM products and infrastructure to AWS
• Provision Infrastructure in AWS using Terraform: VPC, EC2, ALB/NLB, ASG, Secrets Manager, IAM, KMS, Certificate Manager, Route 53, S3 and CloudWatch
• Work closely with Security personnel to Implement High availability and replication of IBM Security Directory Service in AWS
• Provisioning, configuration management and Deployment of infrastructure and applications using Terraform, Ansible, Atlassian Bitbucket and Bamboo into development, pre-production and production environments
• Participated in agile sprint backlog grooming, sprint planning and review in sprint retrospective

Technologies: AWS, Terraform, Hashicorp Vault, Ansible, Atlassian Bamboo CI/CD pipelines, Bitbucket, Git, Bash Shell, JIRA, Confluence, Kanban, Red Hat Linux, Amazon Workspaces, IBM SDS, IBM ISVA, Splunk, TrendMicro, Centrify, Flexera, Agile, Scrum

AWS Cloud DevOps and Infrastructure architect role for a migration project from UKCloud to AWS:

• Migration of VMware VMs from UKCloud to AWS using CloudEndure
• Provision Infrastructure in AWS using Terraform: VPC, EC2, ALB, SSM, Secrets Manager, Certificate Manager, S3, CloudWatch, RDS, Cost Explorer and Pricing Calculator
• Migration of PostgreSQL databases
• Configuration and deployment of different applications in development, pre-production and production environments
• Security review and remediation of AWS infrastructure for assurance purposes using AWS Security Hub, AWS Inspector, CloudTrail, CloudWatch, DarkTrace and Datadog
• Participate in production cutover and go live of migrated applications to AWS
• Implemented FinOps strategy which resulted in over £1 million annual savings in AWS operational costs
• Provide infrastructure support for AWS resources in development, test and production environments

Technologies: AWS, UKCloud, Terraform, GitLab CI/CD pipelines, Git, Bash Shell, PostgreSQL, JIRA, Confluence, Kanban, Ubuntu, Amazon Linux 2

AWS Cloud DevOps and Infrastructure architect role for a three tier web platform responsible for:

• Design, Development and implementation of Infrastructure as code using AWS CDK
• Design, Development and implementation of AWS Security services using Security Hub, WAF, Shield, Config, Cognito, Inspector, IAM security Analyzer, GuardDuty, SSM, Secrets Manager, KMS, Certificate Manager, encryption of RDS databases and EBS volumes
• Technical review of existing infrastructure, document, propose and implement security and feature enhancements
• Provision new and maintain existing infrastructure resources which included EC2, ALB, CloudFront, S3, WAF, Route 53 and RDS MS SQL Server, VPN and Transit Gateway
• Infrastructure as code using AWS CDK
• Provide infrastructure support for AWS resources in development, test and production environments

Technologies: AWS, Cloudformation, CDK, Azure DevOps, Git, Bash Shell, Typescript, node.js, JSON

AWS Cloud DevOps and Infrastructure architect role for a three tier web platform responsible for:

• Design, Development and implementation of Infrastructure as code using AWS CDK
• Design, Development and implementation of AWS Security services using Security Hub, WAF, Shield, Config, Inspector, IAM security Analyser, GuardDuty, SSM, Secrets Manager, KMS, Certificate Manager encryption of RDS databases and EBS volumes
• Technical review of existing infrastructure, document, propose and implement security and feature enhancements
• Provision new and maintain existing JIRA infrastructure resources which included EC2, ALB, CloudFront, Route 53, S3, WAF, Secrets manager and RDS MYSQL
• Perform Web application scanning and security penetration testing
• Provide infrastructure support for AWS resources in development, test and production environments

Technologies: AWS, Cloudformation, CDK, Azure DevOps, JIRA, Git, Bash Shell, Typescript, node.js, JSON

AWS Cloud DevOps engineer role with the Global Cloud Services AWS platform team which is responsible for the Adoption of AWS to enhance HSBC's ability to leverage latest technologies, to work and deliver at pace, and to build applications and services for customers at an unprecedented scale by: Defining and building the global AWS service catalogue that enables application teams across the bank to leverage Cloud services, Providing robust solutions based on the banks internal audit, compliance and security needs, in conjunction with industry best practices, Ensuring HSBC's use of AWS is secure and compliant with HSBC's Group standards and policies across technology, security and broader governance, Building toolkits that enable teams to leverage AWS services in self-service secure and compliant manner, Providing architectural and cloud engineering support to global project teams, Assuring, tracking and supporting solutions developed by other teams, and making them re-usable for others.

• Contribute to the security controls in place that ensure the security of HSBC's assets that evolve continually with AWS improvements and evolving project needs based on HSBC's AWS Security patterns
• Build and Automate tooling and services that help many projects in more than 200 AWS accounts to build services in a secure and efficient way
• Develop robust artefacts including code modules that help project teams to get their security profiles right before any infrastructure is built
• Write technical documentation to guide project teams utilise the shared services developed by the Global Cloud Services
• Provide first line support for AWS services in development, pre-production and production accounts
• Provision new and Maintain existing infrastructure resources in AWS using Terraform, Cloud-formation, AWS CLI and SDKs
• Provide infrastructure support for AWS resources including DirectConnect, Organisation, IAM, ACM, VPC, EC2, Auto-Scaling, Lambda, API Gateway, Route 53, S3, RDS, SQS, SNS, SES, SSM, Athena, DynamoDB, Kinesis, CloudTrail, CloudWatch, GuardDuty, Config, Inspector, Trusted Advisor, Sidecar Proxy in development, test and production environments
• Provide support, maintenance, provisioning and scanning of HSBC standard Windows, RedHat and Amazon Linux base AMIs
• Provide Mentoring and coaching to HSBC application DevOps teams with AWS infrastructure and tools

Technologies: AWS, Terraform, Ansible, Serverless, Jenkins, JIRA, Confluence, Enterprise Git, Nexus, Bash Shell, Python, JSON, JQ, docker, Splunk, Qradar, Alert API and XMatters

DirectLine group had adopted AWS cloud services to build out Strategic Claims Online and Fraud Analytics capabilities. These were run as two projects which are working together to provide the common cloud foundation requirements. AWS Build/DevOps engineer role responsible for delivering fully automated infrastructure as code on Amazon Web Services.

• Working closely with Amazon Web Services Consultants, DLG Networking, Business solutions Security architects and Third party vendors to design and deliver a secure cloud solution for the DLG's cloud foundation layer, Strategic Claims online and Fraud Analytics projects
• Designed and deployed re-usable Terraform templates for provisioning Virtual Private Cloud, Private and Public Subnets, Routes and Route Tables, Security Groups and NACLs, Internet and Virtual Private Gateways, VPC Peering, Elastic load balancers, Route 53 DNS, EC2 instances, Launch configurations and Auto-scaling, S3 data storage and IAM
• Implemented Amazon Machine Image baking processes for base OS, Middleware and Applications using Hashicorp packer. Security hardening of RedHat Enterprise Linux AMI's
• Implemented bootstrapping and configuration changes to application instances using provisioning tools
• Implementation of AWS IAM, Single-Sign-On and VPC peering for inter and Intra AWS accounts
• Implementing DNS service using AWS Route 53
• Implemented VPN tunnels between an on premise data centre and several AWS VPCs in collaboration with DLG's on premise Networking team
• Implemented and deployed Foundation tools on EC2 instances on Linux and Windows platforms: Jenkins, Nexus, SVN, Fortinet FortiGate VM, Bluecoat ProxySG, Qualys, RSA Analytics, Active Directory Domain controller, CyberArk
• Implemented and deployed Fraud Analytics tools on EC2 instances: R, SAS, and SFTP
• Implementation of an automated data transfer from on premise data centre into AWS Data Lake
• Implemented and deployed EC2 instance Patch management for Red Hat Linux and Windows
• Implemented an automated nightly EBS snapshot backups of EC2 instances using Cloudformation, Lambda, Cloud watch and DynamoDB
• Implemented an automated Disaster Recovery in AWS
• Delivered various technical and process documentation: Detailed Level Design (DLD), Security, Functional Testing and Service transition documents
• Liaise with Live Services and Information Security teams to transition the project into BAU/production
• Provided training and Mentoring to BAU/production support staff

Technologies: Terraform, Cloud Formation, Packer, Jenkins, Subversions, Nexus, Lambda, Bash Shell, Python, Node.js, AWS CLI