Embedded vulnerability scans in CI pipelines for both application-level dependencies and container OS packages using OWASP Dependency-Track.

Set up AWS IoT MQTT message broker and authentication/authorization through IAM and client certificates.

Deployed Airflow over EKS and assisted with Amazon EMR and AWS Glue set up.

Set up AWS RDS (PostgreSQL) and Elasticsearch with controlled network access and IAM authentication.

Exposed back-end microservices running on EKS via an API gateway, with Amazon Cognito handling the authentication. Additionally, used CloudFront CDN to serve the front end stored in S3.

Created on-demand sandbox environments with Spinnaker, Jenkins, and Terraform, which enabled developers and QEs to isolate new feature changes, test them thoroughly, and perform repeatable performance tests.

Set up, hardened, and maintained the EKS and Kubernetes clusters. Managed accesses, resources, autoscaling, and availability of the services running within, all through Terraform.

Introduced infrastructure as code (IaC) using Terraform, with which the existing infrastructure was imported and managed.

Implemented CI/CD pipelines using Jenkins and Spinnaker, both modularly and with self-service.

Set up on-demand testing environments using Kubernetes and Docker.

Automated the generation of ModSecurity WAF rules whitelisting all the application's public endpoints, along with their deployment to Apache.

Automated releases with Ansible and Jenkins, where the pipeline would release each project, run the QA jobs, and roll back in case of issues.

Stabilized Jenkins builds through containerization. Docker Compose was used to start the container build process along with the required services.

Improved CI builds to enforce quality and security standards with static code analysis, duplication check, and test coverage rules.

Integrated Ethoca Alerts into the platform by implementing two independent microservices and refactored common logic into separate libraries, simplifying the development of new microservices.

Provided secure coding for features along with writing automated tests and peer code reviews.

Unified accesses through Okta and integrated it with AWS SSO, QuickSight, K8s dashboards, Cloudflare, and GitHub.

Set up Cloudflare's Zero Trust network to secure internet access for employees and authorize access to the VPCs on AWS.

Implemented role-based access control and encryption at rest for all persistent services: ElastiCache/Redis, RDS/Postgres, Elasticsearch, RabbitMQ, and S3.

Configured AWS security services: CloudTrail, GuardDuty, Inspector, WAFV2, and Config. Used SSM for authorizing and auditing access to EC2.

Set up monitoring, alerts, and centralized logs with CloudWatch and Datadog.