Karthik Venkatesh Ratnam
Cambridge,MA
Summary
With over 8 years of experience in systems, infrastructure, cloud computing, and AWS networking and security, I excel in AWS infrastructure management using CloudFormation, Terraform, Jenkins, Linux, host services, and cloud monitoring apps. I am skilled in automating deployment using Python and Terraform for AWS services such as EC2, S3, CFT, SNS, ELB, RDS, CloudWatch, VPC, and Autoscaling.
I have a proven track record of configuring environments and deploying applications using cloud management tools. I have designed and implemented CI/CD DevOps delivery systems for multiple teams, implementing an innovative test framework that significantly reduced capital expenses in cloud environments.
In my role as a security engineer, I have conducted extensive research and online investigations to identify security breaches in various cloud environments. I have expertise in threat hunting, network monitoring, and remediating security issues.
I am adept at identifying, reporting, and resolving security violations, as well as establishing and satisfying information assurance and security requirements based on user, policy, regulatory, and resource demands.
I have performed vulnerability and risk analysis of systems to maintain high security standards, utilizing Security Continuous Monitoring tools such as ArcSight, Qualys, and Splunk.
Overview
9
9
years of professional experience
1
1
Certification
Work History
Public Cloud Engineer
Workday, Inc.
CAMBRIDGE, USA
06.2022 - Current
- Designed and developed code to deploy and maintain systems and applications running Workday services in the public cloud
- Planned, built, and configured network infrastructure within VPC with public and private subnets, configured routing tables, and internet gateway
- Collaborated with development teams to implement secure coding practices, reducing security vulnerabilities in code
- Analyzed, assessed, and recommended security controls for FedRAMP compliance
- Developed templates for AWS infrastructure as code using Terraform to build staging and production environments
- Set up CI/CD pipeline integrating various tools with Jenkins to build and run Terraform jobs for infrastructure creation in AWS
- Utilized EC2, S3, Cloudformation, CFT, SNS, VPC, CloudWatch, AutoScaling, Route53, and ELB services for log analysis and performance metrics
- Coordinated with external auditors and internal control owners to support internal and external audits/assessments such as FedRAMP, ISO 27001, PCI-DSS, SOC 2, and NIST 800-53
- Conducted security assessments and vulnerability scans, identifying and addressing critical vulnerabilities in the cloud environment using security monitoring tools
- Defined Docker and Kubernetes artifacts for all Microservices and integrated Docker registry with pipeline as code using Jenkinsfile
- Integrated various services like ldap, bastion, chrony, OIDC, PIDP from different AWS environments with Hashicorp Vault and Consul
Cloud System Admin
Sana Biotechnology
CAMBRIDGE, USA
08.2021 - 06.2022
- Managed all components in Amazon cloud infrastructure to ensure overall site availability, performance, and monitoring environments, including determining alert strategies and tuning
- Deployed and managed scalable systems with high availability on AWS
- Monitored and troubleshot site performance issues for server and software vulnerabilities, managed upgrade and patching efforts, developed and managed configuration scripts for Amazon hosted infrastructure services such as VPC, EC2, RDS and S3
- Deployed AWS Workspaces and infrastructure in AWS using Terraform
- Developed action plans to accomplish short, medium and long-term vulnerability management goals to reduce risk
- Provided and managed detection response service involving in-depth analysis of Tanium, Axonius, Prisma Cloud and Crowdstrike malware incidents including host isolation, process disruption and creation of suppression rules
- Maintained and created cloud instances, storage, and other cloud services, patched vulnerabilities on cloud-based servers, performed backup/restoration operations, provisioned new servers, configured firewalls, and set up monitoring systems
Cloud Consultant (Security)
Amazon (AWS)
CHICAGO, USA
02.2021 - 08.2021
- Developed CI/CD solutions utilizing CodePipeline, CloudFormation, Control Tower, and Landing Zone
- Provided consulting & advisory services to non-profit organization customers to design secure and cost-effective environments with high availability and fault-tolerant infrastructure
- Facilitated a non-profit organization customer's transition to AWS by conducting infrastructure/application portfolio discovery and analysis, implementing AWS best practice multi-account strategy, guardrails, and app migration strategy
- Designed, deployed, and maintained enterprise-class security, network, and systems management applications within AWS environment
- Created technically compliant and secure Cloud solutions, offering on-demand services for seamless project and program migration into unique cloud environments
- Implemented task automation to enhance process and quality improvement, including infrastructure as code, security automation, and routine maintenance automation
- Conducted data migration from on-premises environments to AWS
- Supported business development lifecycle, including Business Development, Capture, Solution Architect, Pricing, and Proposal Development
- Evaluated, designed, developed, and deployed additional technologies and automation for managed services on AWS
Cloud Support Engineer (Security)
Amazon AWS
DALLAS, USA
11.2018 - 01.2020
- Collaborated with AWS Premium Support Security Team to deliver exceptional customer support
- Utilized iperf, MTR, traceroute, dig, and iptables packet capture tools to troubleshoot network issues
- Implemented Cloud Security Services such as CloudTrail, AWS Config, ACM, Organization, KMS, GuardDuty, SSO, Shield, AWS WAF, and Amazon Macie
- Advised customers on Security Architecture, Best Practices, and Solutions for cloud environments
- Coordinated with Service team to implement backend fixes and code changes as required
- Automated AWS resources including Route53, S3, EC2, Cognito, IAM roles, and AWS account management
- Built and configured AWS infrastructure using VPC, EC2, S3, IAM, EBS, Security Group, Auto Scaling, and RDS in Cloud Formation JSON templates
- Participated in weekly on-call global profile primary rotations to ensure 100% SLA maintenance and reduce resolution time
- Demonstrated expertise in security technologies such as NGFW, WAF, and endpoint security
Network Security Engineer
Caterpillar
PEORIA, USA
05.2017 - 10.2018
- Configured and Troubleshooted Cisco Routers (3600, ISR- 4451 and 4431) and Switches (2960, 3750, 3850)
- Provided level 2/3 support for ISE related issues, including off-shift and weekend support functions, escalated and engaged with L4 vendor support teams for monitoring and alert management of all components related to the ISE solution
- Engaged across other GIS infrastructure domains to address level 2/3 ISE support issues such as PKI Server, LAN, WAN, Web Acceleration, Security, and AnyConnect
- Implemented new service requests on Cisco ASAs (Firepower) and Checkpoint firewalls
- Executed weekly changes outside of regular business hours for standard network requests like routers, switches, and firewall
- Configured, supported, and troubleshot L2 / L3 (EIGRP, OSPF, BGP) adjacency and reachability issues using tools such as Wireshark, nmap, and Cisco's built-in debugging utilities
- Implemented Continuous Integration (CI) and Continuous Delivery (CD) processes using Jenkins to automate routine jobs
Solution Engineer
Bedroc
FRANKLIN, USA
03.2016 - 03.2017
- Collaborated with clients such as LifePoint, Asurion, and Change Health Care as a network consultant to implement and troubleshoot various network issues related to Cisco routers, switches, Palo Alto firewall, and Check Point firewall
- Configured and troubleshooted Cisco Routers - 3600, ISR- 4451 and 4431, ASR-1000-X, Switches - 3750, 3850, 2960 using VRFs, HSRP, VRRP, VLANS, STP, ETHER-CHANNELS utilizing routing protocols (Static and Dynamic (OSPF, BGP)), physical cabling, stacking, IP addressing, LAN-WAN Networks
- Demonstrated expertise in AWS services including EC2, S3, VPC, AutoScalingGroups, IAM, CloudTrail, CloudWatch, CloudFront, SNS, and RDS
- Conducted daily administration of Palo Alto firewalls encompassing Threat prevention, URL filtering, IPSEC and SSL VPN's, zone-based integration, syslog analysis, and wildfire feature utilization in Panorama 7.1
- Configured SNS to alert Information Security team for any changes in the AWS environment, Inspector runs, and noncompliant resources based on AWS Config Rules
- Implemented and managed Palo Alto Firewalls (PA-200, PA- 3000, PA-5020), Cisco ASA firewall like ASA- 5525X and 5555-X (Cisco Sourcefire) utilizing ACL, Firewall, SSL VPN, AAA (TACACS+ & RADIUS), and numerous security policy rules and NAT policy rules, created Zones
- Contributed to the creation of Python scripts for network automation
Education
Master of Science - Telecommunication Technology And Technician
Souther Methodist University
Dallas, TX05-2015
BE - Electronics And Telecommunication
Xavier Institute of Engineering
Mumbai, IN05-2013
Skills
Integration tools: CloudWatch, Jenkins, Ansible, GIT
Cloud AWS: EC2, IAM, S3, VPC, CloudTrail, AWS Config, ACM, Organization, KMS, AWS GuardDuty,
SSO, Shield, AWS WAF, Amazon Macie, AWS LoadBalancer (ELB), CloudFormation, Lambda, Glacier, GCP, AWS ContorlTower, AWS Inspector
Networking: TCP/IP, NIS, NIS, NFS, DNS, WAN, LAN, SMTP, SSH, FTP, HTTP/HTTPS
Operating System: Linux
Ticketing tools: Jira, Confluence
IaaC tool: Terraform, CloudFormation
Monitoring Tools: Wireshark, Qualys, splunk
Vulnerability Management Tools: Wireshark, Qualys, splunk, Wiz, Nessus, Elastic Stack , Prometheus
Regulatory Compliance: NIST 800-171, HIPAA, SOX, ISO 27001
Certification
- AWS Certified Solutions Architect - Professional
- AWS Solutions Architect - Associate
- AWS Certified Security - Specialty
- Certificate of Cloud Security Knowledge (CCSK) - Cloud Security Alliance
- Associate Cloud Engineer - Google
- HashiCorp Certified: Terraform Associate
- Certified Information Systems Auditor (CISA) - ISACA
- AWS Certified Developer - Associate (DVA)
- Cisco Certified Network Professional- (CCNP-Security)
Timeline
Public Cloud Engineer
Workday, Inc.
06.2022 - Current
Cloud System Admin
Sana Biotechnology
08.2021 - 06.2022
Cloud Consultant (Security)
Amazon (AWS)
02.2021 - 08.2021
Cloud Support Engineer (Security)
Amazon AWS
11.2018 - 01.2020
Network Security Engineer
Caterpillar
05.2017 - 10.2018
Solution Engineer
Bedroc
03.2016 - 03.2017
Master of Science - Telecommunication Technology And Technician
Souther Methodist University
BE - Electronics And Telecommunication
Xavier Institute of Engineering
Similar Profiles
MELVIN D. BASKINMELVIN D. BASKIN
Director of Information Governance at Workday, Inc.Director of Information Governance at Workday, Inc.
JEN HELMSJEN HELMS
SR Manager, Product Management & Compliance, US Payroll at Workday, Inc.SR Manager, Product Management & Compliance, US Payroll at Workday, Inc.
Adrian ReynoldsAdrian Reynolds
Principal HCM Consultant at Workday, Inc.Principal HCM Consultant at Workday, Inc.
Jessica CaudleJessica Caudle
Sr. Product Advisor at Workday, Inc.Sr. Product Advisor at Workday, Inc.
Nicole MeyersonNicole Meyerson
Senior Marketing Specialist at Cognex CorporationSenior Marketing Specialist at Cognex Corporation