Summary
Overview
Skills
Work History
Certification
LinkedIn Profile and Other Links
Education
Generic
JD Lincoln

JD Lincoln

New York,NY

Summary

Senior Cloud Engineer with 11+ years delivering production environments across AWS, Azure, and GCP at scale. Deep experience with Terraform/IaC (modular design, remote state, guardrails), cloud networking, and secure access controls (IAM/RBAC, least-privilege). Drive cross-team delivery through CI/CD, monitoring, and operational practices that improve stability and release confidence.

  • Terraform-first platform engineering: reusable modules, guardrails, and delivery patterns.
  • Production Kubernetes operations: upgrades, autoscaling, rollout safety, and incident readiness.
  • CI/CD and observability: reliable releases through automation, monitoring, and operational rigor.

Overview

11
11
years of professional experience
6
6
Certificate
4
4
years of post-secondary education

Skills

  • Cloud Platforms & Core Services: AWS (Organizations, Control Tower, IAM Identity Center, VPC, EC2, S3, RDS, EKS, Lambda, SQS/SNS, API Gateway) Azure (Entra ID, RBAC, Azure Policy, AKS, VNets, Private Link/Private Endpoints, Key Vault, Storage Accounts) GCP (Organization/Folders, IAM, Shared VPC, Cloud Router, Cloud VPN/Interconnect, Cloud DNS, Cloud Load Balancing, Cloud Storage, BigQuery)
  • Networking & Connectivity: AWS Transit Gateway AWS Direct Connect Azure ExpressRoute GCP Cloud Interconnect VPC/VNet design segmented routing/route tables DNS forwarding private connectivity security groups/NACLs egress controls
  • Infrastructure as Code & Configuration Management: Terraform (modules, remote state, workspaces) CloudFormation ARM Templates HashiCorp Sentinel Ansible AWS Systems Manager Parameter Store
  • Containers & Orchestration: Kubernetes (EKS/AKS/GKE) Docker Helm Kustomize GitOps ECS Fargate (K8s) NetworkPolicies
  • CI/CD & Automation:GitLab CI/CD Jenkins GitHub Actions Azure DevOps Pipelines AWS CodePipeline/CodeBuild/CodeDeploy OIDC/IAM roles for CI pipelines Maven Gradle Artifactory SonarQube Git (GitHub/GitLab)
  • Monitoring & Observability: Prometheus Grafana Splunk Datadog CloudWatch/CloudTrail Azure Monitor Application Insights Log Analytics GCP Cloud Monitoring/Logging
  • Security & Compliance: IAM RBAC least-privilege SSL/TLS SOC 2 HIPAA secrets management (Key Vault, Parameter Store, Secrets Manager) policy-as-code
  • Scripting & Development: Python Bash PowerShell Linux administration
  • Collaboration & ITSM: JIRA ServiceNow Confluence

Work History

Senior Cloud Engineer

Estes Express Lines
Richmond, VA
08.2025 - Current
  • Established a policy-driven multi-cloud model: AWS as the primary product platform, GCP for data/analytics, Azure for directory resilience, and on-prem for non-migrated systems, enabling consistent integrations through standardized guardrails.
  • Enabled consistent identity governance across AWS, Azure, and GCP by using Azure Entra ID for centralized user and group management and mapping roles into AWS IAM Identity Center, Azure RBAC, and GCP IAM to simplify access management and reduce entitlement drift.
  • Built an AWS multi-account landing zone using AWS Organizations and Control Tower, standardizing account baselines, centralized logging, and governance controls (SCPs/guardrails) to reduce drift and accelerate workload onboarding.
  • Architected an AWS Transit Gateway hub-and-spoke network connecting 20+ accounts and 70+ VPCs, enforcing network segmentation through route-table design, attachment policies, and controlled egress patterns for predictable connectivity.
  • Implemented private connectivity between AWS and GCP networks for application and analytics integration, using environment-appropriate connectivity options, segmented routing, and DNS forwarding to support consistent, internal-only name resolution.
  • Built Azure platform foundations, including subscription governance, baseline logging/monitoring, Private Endpoints with Private DNS, and network segmentation patterns to support enterprise controls and resilience.
  • Delivered GCP analytics foundations by implementing VPC guardrails, IAM/service account standards, Cloud DNS, and baseline Cloud Logging/Monitoring to onboard data workloads with consistent controls.
  • Industrialized multi-cloud Terraform delivery by defining module conventions, remote state patterns, and environment promotion workflows, backed by Golden Path reference stacks for landing-zone foundations, improving change safety and provisioning consistency at scale.
  • Deployed and operated Kubernetes platforms across EKS, AKS, GKE, and on-prem—cluster lifecycle, version upgrades, core add-ons, and node pool management—while enforcing least-privilege access via standardized RBAC to streamline secure onboarding.
  • Standardized application deployment across managed and on-prem Kubernetes by delivering a portable “Golden Path” (Helm/Kustomize structure, required metadata, resource defaults, probes, ingress standards, and environment overlays) to enable repeatable releases.
  • Established cross-cloud operational visibility by standardizing dashboards and alerting for Kubernetes, network connectivity, and platform dependencies using Datadog and cloud-native telemetry, improving triage speed and incident readiness.
  • Improved disaster recovery readiness by validating cross-cloud and on-prem dependencies through DR exercises, then updating recovery documentation and runbooks to enable faster, more predictable restoration.

Site Reliability Engineer

Bank of America
Jersey City, NJ, USA
04.2022 - 06.2025
  • Owned reliability engineering across AWS, Azure, and GCP for tier-1 platforms; built SLO dashboards and error budgets, improved alert signal-to-noise, led incident bridges and RCAs, and drove remediation backlogs to prevent recurrence.
  • Delivered production-grade observability by federating Prometheus across clusters, building Grafana dashboards, and correlating signals from CloudWatch metrics, CloudTrail audit logs, and Splunk logs; implemented SLI tracking and SLO-based paging policies that cut MTTR 50%+ and improved alert fidelity.
  • Built Python and Bash automation for incident response playbooks, including service health validation, upstream/downstream dependency checks, controlled remediation actions, and post-incident data capture, improving consistency and speeding recovery.
  • Collaborated with DevOps and Release Management to standardize production change workflows using CI/CD guardrails (approval checklists, quality gates, artifact promotion, and tested rollback plans), improving release consistency for tier-1 services.
  • Reduced configuration drift by standardizing multi-cloud delivery across AWS, Azure, and GCP with a Terraform module library and CI pipelines for networking, IAM/RBAC, centralized logging, and security baselines.
  • Supported production Kubernetes across EKS, AKS, and GKE with upgrade readiness checks, resilient node pools, autoscaling policies (HPA/Cluster Autoscaler), and progressive rollouts protected by PDBs (canary/blue/green).
  • Partnered with Security to implement group-based authorization and periodic access reviews across AWS, Azure, and GCP, removing stale privileges and improving audit readiness for tier-1 platforms.
  • Standardized secrets and encryption across AWS, Azure, and GCP using cloud-native key management and secret stores; enforced rotation, access reviews, least-privilege policies, and Kubernetes-safe secret injection for production workloads.
  • Enabled GKE workloads to reach AWS VPC-only services over HA VPN (BGP) into an AWS TGW hub with segmented routing and controlled egress; implemented Cloud DNS conditional forwarding to Route 53 Resolver inbound endpoints for private AWS zone resolution.
  • Strengthened PostgreSQL reliability with the DBA team across cloud-managed services (RDS/Aurora, Azure Database for PostgreSQL, Cloud SQL), strengthening HA/failover, performance baselines, and backup/restore runbooks.
  • Developed Postman collections for GKE microservices and serverless APIs to validate authentication, critical transactions, and error handling across environments using parameterized variables and datasets.

Cloud Engineer

Aetna (CVS Health)
Hartford, CT
01.2020 - 02.2022
  • Delivered compliant Azure foundations for healthcare workloads (compute, data, networking, secrets) using VMs, Azure SQL, VNets, Storage, Key Vault, and NSGs to support production services.
  • Standardized provisioning with reusable Terraform modules and ARM templates across QA/stage/prod; enforced performance and compliance patterns through IaC reviews.
  • Implemented Azure governance guardrails using Azure Policy (tagging, diagnostics settings, approved configurations) to reduce drift and strengthen audit readiness.
  • Built Azure DevOps CI/CD for Java/Python microservices with automated tests, policy checks, and security scanning aligned to HIPAA/SOC 2 practices.
  • Implemented centralized observability using Azure Monitor, Application Insights, and Log Analytics, enabling actionable dashboards and alerting across Linux/Windows estates.
  • Automated patching, agent installs, and configuration management using Ansible and PowerShell, reducing manual effort and improving baseline compliance.
  • Authored runbooks and DR procedures (VM lifecycle, VPN failover, backup recovery); supported incident response/RCA and drove cost optimization via Azure Cost Management.

DevOps Engineer

Maybank
New York, NY, USA
04.2017 - 12.2019
  • Supported day-to-day DevOps and platform operations across development and QA environments, including build automation, infrastructure provisioning, and deployment support.
  • Built and maintained CI/CD pipelines using Jenkins, Git, and Maven for Java applications; integrated artifact uploads to Nexus and quality scanning with SonarQube.
  • Containerized applications using Docker and deployed to AWS ECS and Fargate to simplify deployment workflows and improve scalability.
  • Wrote and maintained Terraform scripts and CloudFormation templates to provision EC2, RDS, and VPC resources in AWS; applied best practices for modularization and reuse.
  • Used Ansible to automate patching, agent installations, and application configuration across Linux servers.
  • Monitored applications and system health using AWS CloudWatch and created custom alarms for log patterns and CPU/memory thresholds.
  • Provided operational support for Cloudera Hadoop ecosystem, including job monitoring (YARN/Spark), disk/log cleanup automation, and service restarts across HDFS and Impala nodes.
  • Developed Bash scripts to automate Hadoop job diagnostics, log archival, and cluster health checks.
  • Collaborated with developers to troubleshoot deployment issues, test rollback strategies, and tune pipeline performance.
  • Handled secrets and parameter management using AWS Parameter Store; implemented secure deployment practices including SSL and IAM-based access control.

System Administrator

Digi Key Electronics
San Francisco, CA, USA
09.2015 - 03.2017
  • Administered Linux/Unix systems including patching, kernel tuning, filesystem management, and performance monitoring across physical and virtual infrastructure.
  • Automated daily maintenance and backup routines using Bash scripts and Cron jobs; supported scheduled log rotation and disk usage alerts.
  • Monitored infrastructure and internal apps using Nagios and Grafana; implemented basic alerting for CPU, memory, and storage anomalies.
  • Assisted with basic operational support for an on-premises Cloudera Hadoop environment, including HDFS disk cleanup, log monitoring, and node availability checks.
  • Supported Oracle and PostgreSQL databases, including backup jobs, minor patching, and storage capacity planning.
  • Managed user access policies with LDAP and Active Directory, including account provisioning and group membership audits.
  • Investigated hardware failures and networking issues; documented findings and coordinated with data center support teams.
  • Authored internal SOPs for patching, server builds, system backups, and OS-level security baselines.

Certification

  • Certified Kubernetes Administrator (CKA)
  • AWS Certified Solutions Architect – Associate
  • AWS Certified Security – Specialty
  • Microsoft Certified Azure Administrator Associate
  • Microsoft Certified: Azure Solutions Architect Expert
  • HashiCorp Certified Terraform Associate
  • Google Cloud Professional Cloud Architect (Exam scheduled: March 2026)

LinkedIn Profile and Other Links

Personal Profile: https://bold.pro/my/jhalak-das?vsid=452cc435-6c01-4d90-a8b9-72c0405a3676

LinkedIn: www.linkedin.com/in/jd-lincoln

Certificates Validation: https://www.credly.com/users/jhalak-das/badges#credly

Microsoft Cert Validation: https://learn.microsoft.com/en-us/users/jhalakdas-2492/credentials/b10b8ab67038203c?ref=https%3A%2F%2Fwww.linkedin.com%2F

Education

Bachelor of Business Administration -

Leading University
01.2007 - 04.2011
JD Lincoln