Summary
Overview
Work History
Education
Skills
Certification
Languages
Timeline
Generic

UMAR KHAN

Corona,CA

Summary

Dynamic Cloud and DevSecOps Architect with extensive experience in designing, automating, and securing cloud infrastructure across Azure and AWS. Proven ability to deliver highly available, scalable, and fault-tolerant solutions utilizing cloud-native services, Infrastructure as Code (IaC), Role-Based Access Control (RBAC), and security best practices. Specialization in end-to-end automation through tools such as Terraform, PowerShell, Python, YAML, and CI/CD pipelines using GitHub Actions and Azure Pipelines enhances operational efficiency. Recent projects include prototyping AI infrastructure with Azure AI Services and deploying intelligent workloads secured through advanced methodologies such as private endpoints and managed identity.

Overview

13
13
years of professional experience
1
1
Certification

Work History

Lead Cloud Platform Engineer

Cloudifyi Solutions - Humana
03.2022 - Current
  • Architected and implemented secure, highly available cloud solutions in Azure using Azure Landing Zones, Virtual Networks (VNets), Network Security Groups (NSGs), Azure Firewall, and Private Link to enforce robust security boundaries.
  • Deployed and managed production-grade Kubernetes clusters on AKS, handling node scaling, resource quotas, and namespace-level RBAC
  • Implemented secrets management strategies across AWS KMS and Azure Key Vault in a hybrid cloud environment, ensuring consistent encryption and key rotation policies
  • Automated key rotation and secret lifecycle management using Azure Key Vault policies and AWS KMS automatic rotation, reducing risk of credential exposure
  • Defined and maintained Kubernetes manifests (Deployments, Services, ConfigMaps, Secrets) to standardize application delivery across environments
  • Built end-to-end GitOps pipelines using ArgoCD and Helm charts to automate application rollouts, rollbacks, and environment promotion across dev, staging, and production
  • Designed and executed comprehensive Disaster Recovery strategies—including Azure Site Recovery (ASR), backup solutions, and Active-Active/Active-Passive architectures—to meet business continuity goals aligned with RTO and RPO targets.
  • Designed and implemented Role-Based Access Control (RBAC) policies to govern resource permissions across Azure subscriptions and resource groups under Azure IAM
  • Integrated Azure Managed Identities to eliminate credential-based authentication for app-to-service communication
  • Implemented end-to-end onboarding solutions for customers transitioning to Azure, covering Landing Zones, Compute Layer, and Application Onboarding, while integrating with team APIs for Vault onboarding, Terraform Cloud (TFC) onboarding, and Azure AD integration.
  • Drove GitOps practices by integrating Terraform with GitHub Actions and Azure DevOps Pipelines, enabling automated validation, plan/apply workflows, and approval-based infrastructure deployments.
  • Proof-of-concept deployments for Azure AI Services with Terraform (including azureml_cognitive_account and azureml_ai_services), validating scalable infrastructure-as-code provisioning. Utilized Azure AI Foundry to manage AI lifecycles, integrating secure model deployments, role-based access controls, and telemetry alongside Azure ML and Key Vault.
  • Automated credential lifecycle management with HashiCorp Vault and Azure Key Vault, alongside certificate rotation automation using Venafi. Designed and deployed Infrastructure as Code (IaC) solutions with Terraform to automate provisioning and governance across Azure.
  • Utilized Veracode for static and dynamic application security testing (SAST and DAST), conducting scans, triaging vulnerabilities, and collaborating with development teams on remediation and secure coding practices. Integrated SonarQube within CI/CD pipelines for automated code quality and security analysis, configuring rules and quality gates to uphold coding standards and remediate security risks.
  • Implemented Prisma Cloud scanning for container and cloud security, configuring policies to detect vulnerabilities, misconfigurations, and compliance violations.
  • Embedded Prisma scanning into CI/CD workflows for continuous security monitoring, conducting risk assessments and recommending mitigation strategies to safeguard cloud and container environments.

Cloud Platform Engineering Expert

Allstate
09.2024 - 02.2026
  • Led Azure infrastructure engineering efforts as a lead engineer, architecting and maintaining cloud environments at enterprise scale
  • Migrated Terraform state management from Terraform Enterprise (TFE) to env0, improving pipeline flexibility and reducing operational overhead
  • Optimized container/VM image build processes, streamlining CI/CD pipelines and reducing build times
  • Enabled and integrated Azure AI services into the cloud platform, expanding organizational ML/AI capabilities
  • Managed Terraform module lifecycle end-to-end, including versioning, testing, and validation using Terratest to ensure infrastructure reliability
  • Authored and enforced Azure security policies using Azure Policy and/or Terraform, ensuring compliance with enterprise security standards

Solutions Architect

Perficien
04.2022 - 03.2023
  • Guided and influenced existing partners on recommended upgrades and enhancements to integrated solutions.
  • Worked with customers or prospective customers to develop integrated solutions and lead detailed architectural dialogues to facilitate delivery of comprehensive solution.
  • Managed project planning, resource allocation, scope, schedule, status and documentation.
  • Created and implemented innovative business solutions to support corporate objectives.
  • Supervised deployments and provided troubleshooting and user support.
  • Worked closely with product teams to define and prioritize partner feature requests
  • Managed project scope, schedule, status and documentation.
  • Worked with clients post-implementation on user testing, debugging, support and maintenance.

Senior DevOps Engineer

CU Direct
11.2020 - 03.2022
  • Led infrastructure design and automation using Terraform, Ansible, and PowerShell primarily across Azure, with some AWS involvement, including proof-of-concept projects and large-scale production deployments.
  • Provisioned and managed Azure resources and environments using Terraform, Azure Resource Manager (ARM) templates, and Terraform Cloud, integrating with CI/CD pipelines via Azure DevOps, GitHub Actions, and Octopus.
  • Developed reusable Terraform modules for Azure landing zones, virtual networks (VNets), Application Gateways, API Management, and hybrid connectivity solutions, ensuring secure and scalable multi-tier architectures.
  • Implemented security and compliance automation by configuring Azure RBAC, Managed Identities, Azure Policy, Azure Security Center, and integrating custom OPA (Rego) policies.
  • Managed containerized deployments using Azure Kubernetes Service (AKS) and Azure Container Instances, enabling blue/green and canary deployments through Azure DevOps pipelines and Azure Application Gateway routing.
  • Created and maintained multi-stage CI/CD pipelines with YAML templates in Azure DevOps, Octopus, and TeamCity, automating build and release workflows for .NET applications and migrating projects and artifact feeds between organizations.
  • Automated daily operational tasks with PowerShell scripting and collaborated with development teams to troubleshoot .NET applications and implement monitoring using Azure Monitor, Log Analytics, and custom solutions.
  • Architected and consolidated Azure DevOps organizations and agent pools to enhance security, optimize resource management, and migrate workloads from legacy tools such as TFS, Octopus, and TeamCity.
  • Facilitated client migrations from on-premises and other cloud platforms to Azure, establishing both brownfield and greenfield environments while driving continuous improvement in SDLC processes and industry best practices.

DevSecOps Engineer

Wedgewood
05.2015 - 12.2020
  • Provisioned and managed Terraform Enterprise and its containerized agent pools running on AKS.
  • Developed and maintained Vault modules including mounts, policies, data documents, auth backends (Kubernetes, LDAP), JWT roles, and generic endpoints, alongside implementing HashiCorp Vault as a security management solution.
  • Created automation scripts for customer data intake and validation, triggered workflows via GitHub Actions, and utilized Infrastructure as Code (IaC) with Terraform for Azure, Google Cloud, and deployment pipelines using Azure Pipelines and Azure DevOps.
  • Migrated team projects and code repositories from TFS/TFVC to Azure DevOps and Git, creating build and release pipelines for web applications, SQL Server deployments, and managing environments across DEV, QA, UAT, and PROD.
  • Managed and configured Team Foundation Server, integrated web applications with ADFS authentication, and configured SharePoint 2016 setup, including migration from on-premises to cloud using ShareGate.
  • Developed custom .NET jobs for calculations and reporting, performed database administration including SQL Server setup, upgrades (2012-2017), maintenance, and performance tuning, and managed SQL Server Reporting Services (SSRS) upgrades.
  • Configured and deployed monitoring solutions with SolarWinds for infrastructure and applications, and troubleshot network issues involving MDM, firewall, ADFS, and ShoreTel phone systems.
  • Managed and deployed Microsoft 365 F&O environments supporting platform lifecycle services and debugged production issues during smoke tests.

Application Developer

Wedgewood
06.2013 - 05.2015
  • Developed applications using C#, JavaScript, SQL Server 2016, and Kendo UI for AngularJS.
  • Created software applications for Windows systems.
  • Participated in discussion meetings with clients.
  • Collaborated closely with team members on tasks such as troubleshooting and debugging.
  • Designed and developed automated test scripts.
  • Provided customer support training once the application was completed.
  • Modified existing software to correct errors, adapt to new hardware, and improve performance.
  • Collaborated with developers and performance engineers to identify performance bottlenecks.
  • Worked with network engineers to maintain a stable environment for applications.
  • Wrote multiple stored procedures for daily reports on SQL Server.
  • Responded to user requests to query data from databases.
  • Utilized Team Foundation Server to deploy code in DEV, QA, UAT, and Production environments.
  • Monitored and troubleshot servers in all environments.
  • Performed SQL Server backups and restores.

Education

Bachelor of Science - Computer Engineering

California State University
Long Beach, California
08-2020

Skills

  • Infrastructure Automation - Terraform, PowerShell, Bash, Ansible, Python
  • Infrastructure and Application Security
  • DevOps Tools - Github, Azure DevOps, Jenkins, Octopus, Team City
  • Integration Systems for IaC - Terraform Cloud, Env0, Terraform Enterprise
  • HashiCorp Products - Vault, Packer, Terraform
  • Orchestration - AKS, ACI, ACR, Kubernetes, Docker, Packer
  • Security Tools - SonarQube, Veracode, Sentinel, Prisma, Wiz, OPA, Checkov
  • Golden Images Automation - Packer, Kitchen, Ansible
  • Clouds - Azure, AWS, GCP
  • AI - MCP Servers, Agentic Mode AI
  • AI - RAG based chat bot solution on Infrastrucure Docs

Certification

  • AZ-700 (Azure Networking Associate)
  • AZ-305 (Azure Solutions Architect)
  • Associate Cloud Engineer Certification (Google)
  • AZ-500 (Azure Security Engineer)
  • AZ-400 (Azure DevOps Architect)
  • HashiCorp Terraform Associate (003)
  • AZ-104 (Azure Administrator)
  • CKA (Certified Kubernetes Administrator)

Languages

English
Pushto
Urdu
Hindi

Timeline

Cloud Platform Engineering Expert

Allstate
09.2024 - 02.2026

Solutions Architect

Perficien
04.2022 - 03.2023

Lead Cloud Platform Engineer

Cloudifyi Solutions - Humana
03.2022 - Current

Senior DevOps Engineer

CU Direct
11.2020 - 03.2022

DevSecOps Engineer

Wedgewood
05.2015 - 12.2020

Application Developer

Wedgewood
06.2013 - 05.2015

Bachelor of Science - Computer Engineering

California State University
UMAR KHAN