Sai Harsha Naramreddy
Summary
Senior Cloud Security Engineer with over 10 years of progressive experience in IT Security, specializing in designing, deploying, and securing enterprise multi-cloud environments across AWS, Azure, and GCP. Proven leadership in cloud security architecture, DevSecOps transformation, and enterprise-wide security strategy execution. Expert in Kubernetes, Terraform, CI/CD automation, API security, and regulatory compliance frameworks, including NIST, MITRE ATT&CK, and CIS. Demonstrated success in leading cross-functional teams, engaging executive stakeholders, and driving organizational adoption of cloud security best practices.
Overview
9
9
years of professional experience
1
1
Certification
Work History
Senior Cloud Security Engineer
Comerica Bank
11.2024 - Current
- Serve as senior engineer driving enterprise cloud security strategy, partnering with executive stakeholders and architecture teams to establish security standards and reference architectures across AWS, Azure, and GCP environments.
- Spearheaded Infrastructure as Code (IaC) initiatives using Terraform and CloudFormation for AWS, Azure, and GCP, ensuring scalable, compliant provisioning of cloud services aligned with NIST 800-53 and CIS benchmarks.
- Lead cross-functional coordination with infrastructure, application, and engineering teams to deploy security policies and resolve complex issues with minimal business disruption.
- Designed and implemented advanced API security frameworks integrating MuleSoft and API Gateway, enforcing OAuth 2.0, rate limiting, threat protection, and request validation to secure enterprise API endpoints.
- Designed and optimized Docker images and deployed Kubernetes workloads via Amazon EKS, driving SaaS operational consistency and accelerating AI-based fraud detection workloads.
- Created reusable Helm charts to streamline deployment of Python and JavaScript microservices, enhancing agility across multi-cloud environments.
- Architected and implemented CI/CD pipelines with Jenkins, GitHub Actions, and Azure DevOps, achieving 50% faster deployments with robust automation, security-left integration, and continuous compliance checks.
- Automated operational tasks via Python, Bash, and PowerShell scripting, aligning with AI Ops trends and reducing manual workload by 30%.
- Integrated Snowflake data pipelines on AWS with Kinesis, Glue, and Redshift, improving data protection and analytics performance by 30%.
- Enforced enterprise-wide data protection and compliance controls by securing S3 via lifecycle policies and IAM least privilege, monitoring with CloudWatch, CloudTrail, Splunk, and third-party SIEM tools.
- Led threat modeling initiatives aligned with MITRE ATT&CK framework to proactively identify security gaps, integrating automated remediation workflows into CI/CD pipelines.
- Designed and deployed serverless applications (AWS Lambda, API Gateway) for lightweight SaaS solutions, reducing compute costs while maintaining robust security posture.
- Provided senior-level escalation support to Cyber Security Operations Center, recommending strategic enhancements to threat detection capabilities and cloud security posture.
- Collaborated with Cyber Security teams to refine access controls, IAM roles, and MFA policies, strengthening enterprise security posture and reducing attack surface.
- Championed IT security standards and innovative cloud-native solutions, driving organizational adoption and continuous improvement.
- Ensured seamless integration with Salesforce, aligning CRM workflows with secure cloud architecture and data governance best practices.
Cloud Security Engineer
Western Union
11.2022 - 11.2024
- Led enterprise cloud security architecture design, establishing perimeter protections and risk mitigation strategies across multi-account AWS environments supporting global operations.
- Designed and implemented Kubernetes RBAC for multi-tenant clusters, enhancing Cyber Security posture by enforcing least privilege and automating compliance audits.
- Managed hybrid cloud infrastructure, connecting on-premises systems to AWS via Direct Connect, implementing secure failover strategies for Salesforce and core SaaS operations.
- Architected and deployed AWS Control Tower Landing Zones for multi-account governance, embedding preventive and detective guardrails to enforce data protection and regulatory compliance with NIST and CIS standards.
- Automated Terraform and Ansible workflows to provision AWS, Azure, and GCP resources, reducing manual errors by 40% and accelerating multi-cloud deployments.
- Implemented enterprise SIEM solutions using Splunk for real-time threat detection, log aggregation, and automated incident response, improving security incident response time by 35%.
- Developed advanced monitoring and alerting frameworks with Prometheus, CloudWatch, and ELK Stack, enabling proactive threat detection aligned with industry threat intelligence and MITRE ATT&CK tactics.
- Implemented robust backup and disaster recovery strategies across Snowflake and SaaS platforms, ensuring 99.9% high availability and data resilience.
- Built secure CI/CD pipelines using Jenkins, GitLab, and GitHub Actions, deploying Python and JavaScript microservices with integrated security scanning, static code analysis, and vulnerability assessments.
- Conducted comprehensive threat modeling and penetration testing reviews to proactively identify and mitigate vulnerabilities in cloud infrastructure.
- Enforced multi-factor authentication (MFA), managed SAML-based SSO for Salesforce and internal tools, and aligned identity security with global Cyber Security standards.
- Collaborated with senior stakeholders to evaluate alternative security solutions, providing strategic technical guidance on cloud security investments.
- Applied advanced networking security concepts including routing protocols, DNS security, firewall rule optimization, and protocol analysis to secure cloud perimeters.
Senior DevSecOps Engineer
Amgen Inc
08.2022 - 11.2022
- Collaborated with security leadership and executive stakeholders to align AWS IAM configurations with NIST 800-53 and industry standards, enhancing access control and reducing attack surface across cloud environments.
- Led change management processes for security implementations, coordinating with change review boards to ensure seamless adoption of security controls.
- Implemented Multi-Factor Authentication (MFA) for AWS IAM users, strengthening account security and protecting sensitive pharmaceutical research data across cloud environments.
- Built and maintained Helm charts to standardize application deployments and simplify configuration management across Kubernetes environments.
- Integrated Kubernetes clusters with centralized secrets management systems like HashiCorp Vault and AWS Secrets Manager for secure credentials handling.
- Optimized resource allocation and cost efficiency by tuning Kubernetes pod limits/requests and leveraging cluster autoscaling features, reducing cloud spend by 25%.
- Led incident response and troubleshooting for production Kubernetes clusters, leveraging kubectl, metrics-server, Prometheus, and Grafana for real-time diagnostics and root cause analysis.
- Conducted comprehensive security assessments of Kubernetes RBAC implementations and API security controls, providing actionable recommendations to improve access control and security posture.
- Integrated AWS IAM with third-party authentication providers (Okta, SAML), enabling secure external access to AWS resources while maintaining compliance with security policies.
- Collaborated with DevOps teams to implement automated monitoring and alerting systems using PowerShell and Python, providing real-time visibility into application performance and system health.
- Automated the enforcement of governance controls and security policies across multiple AWS accounts using AWS Control Tower, reducing manual efforts by 50% and operational risks.
- Integrated Control Tower guardrails to enforce preventive and detective controls, ensuring continuous compliance with regulatory requirements and organizational security standards.
- Implemented SIEM solutions (Splunk) for real-time threat detection and automated responses to security incidents, improving incident response capabilities by 40%.
- Developed microservices-based architectures ensuring scalability, security, and robustness in both independent and agile team environments.
- Applied MITRE ATT&CK framework methodologies to threat hunting activities and security control validation.
Cloud Infrastructure Engineer
HCL Technologies Ltd
01.2017 - 01.2021
- Designed and implemented Federation Architecture using Hub and Spoke model with SAML authentication for Single Sign-On (SSO), automating AWS IAM access key rotation to maintain security best practices.
- Led API security initiatives implementing AWS API Gateway with advanced security controls including IAM-based authorization, Cognito integration, OAuth 2.0, request validation, and rate limiting.
- Configured public cloud IAM policies and roles to enforce least-privilege access, minimizing security risks and aligning with cloud security best practices and compliance requirements.
- Automated cloud operations workflows using Terraform and AWS CloudFormation, ensuring rapid provisioning and consistent infrastructure management across multi-cloud environments.
- Developed comprehensive monitoring and alerting systems using AWS CloudWatch, Azure Monitor, and Prometheus, enabling proactive management and real-time visibility into cloud services performance.
- Designed and deployed scalable and highly available cloud infrastructure on AWS and Azure using Infrastructure as Code (IaC) tools like Terraform and CloudFormation supporting enterprise workloads.
- Implemented secure VPC architectures with subnets, route tables, NAT gateways, security groups, and private connectivity options to support multi-tier applications and comply with regulatory requirements.
Cloud Infrastructure Analyst
Auridence Technologies Pvt Ltd
- 12.2016
- Assisted in configuring and managing AWS security groups, Network ACLs, and IAM policies to enforce security best practices and least privilege access controls.
- Participated in the implementation of CI/CD pipelines using Jenkins and AWS CodeDeploy, automating application deployments and reducing manual intervention.
- Monitored cloud infrastructure health and performance using AWS CloudWatch, creating custom dashboards and alarms for proactive issue detection.
- Collaborated with senior engineers to implement backup and disaster recovery solutions using AWS Backup and cross-region replication strategies.
- Assisted in migrating on-premises applications to AWS cloud, including assessment, planning, and execution of lift-and-shift migrations.
- Supported the implementation of VPN and Direct Connect solutions for secure hybrid cloud connectivity between on-premises datacenters and AWS.
- Participated in security assessments and compliance audits, ensuring cloud infrastructure aligned with organizational security policies and industry standards.
- Configured AWS CloudTrail for logging and monitoring API activities, supporting security incident investigations and compliance reporting.
- Assisted in cost optimization initiatives by analyzing AWS cost and usage reports, implementing tagging strategies, and rightsizing EC2 instances.
- Documented cloud infrastructure architectures, standard operating procedures, and runbooks for knowledge sharing and operational continuity.
- Gained foundational experience with networking concepts including subnets, routing tables, NAT gateways, and VPN configurations in AWS environments.
- Provided technical support for troubleshooting cloud infrastructure issues and participated in on-call rotation for production support.
Education
Master's - computer science
Southern University
01.2022
Bachelor's - computer science
JNTUA
01.2015
Skills
- Cloud Platforms: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP)
- Infrastructure as Code (IaC): Terraform, AWS CloudFormation, Ansible
- Containerization & Orchestration: Docker, Kubernetes, Amazon EKS, Amazon ECS, Helm
- DevOps & CI/CD Tools: Jenkins, GitHub Actions, GitLab CI, Azure DevOps, AWS CodePipeline
- Monitoring & Logging: AWS CloudWatch, AWS CloudTrail, Prometheus, Grafana, ELK Stack, Splunk, SIEM solutions
- Security & Compliance: NIST 800-53, MITRE ATT&CK Framework, ISO 27001, CIS Benchmarks, HITRUST, SOC1 & SOC2, PCI-DSS, IAM, MFA, RBAC, AWS Control Tower, Guardrails
- API Security & Management: API Gateway security, MuleSoft integration, Apigee, OAuth 20, API threat protection, rate limiting, request validation
- Serverless & Microservices: AWS Lambda, API Gateway, Kubernetes microservices architectures
- Networking & VPC: VPC design, subnets, NAT gateways, Route Tables, Direct Connect, VPN, routing protocols, DNS, firewall configurations
- Secrets & Identity Management: AWS IAM, AWS Secrets Manager, HashiCorp Vault, SAML SSO, Cognito, Okta
- Scripting & Automation: Python, Bash, PowerShell
- Backup & DR: AWS Backup, cross-region replication, disaster recovery planning, business continuity
- Data & Big Data: AWS Kinesis, Glue, Redshift, DynamoDB, RDS, S3 lifecycle management
- Version Control & Collaboration: GitHub, GitLab, Bitbucket
- Quality & Governance: SonarQube, automated policy enforcement, compliance monitoring, change management
- Threat Intelligence: Malware analysis, vulnerability management, threat modeling, penetration testing, security incident response
- Project & Process: Agile, Scrum, Infrastructure strategy, multi-cloud deployments, hybrid cloud integration, change review boards
Certification
- AWS Certified Solutions Architect - Associate
- AWS Certified Security Specialty
Timeline
Senior Cloud Security Engineer
Comerica Bank
11.2024 - Current
Cloud Security Engineer
Western Union
11.2022 - 11.2024
Senior DevSecOps Engineer
Amgen Inc
08.2022 - 11.2022
Cloud Infrastructure Engineer
HCL Technologies Ltd
01.2017 - 01.2021
Cloud Infrastructure Analyst
Auridence Technologies Pvt Ltd
- 12.2016
Bachelor's - computer science
JNTUA
Master's - computer science
Southern University