Summary
Overview
Work History
Education
Skills
Timeline
Generic

Yannick Nche

Dallas,Texas

Summary

I am an enthusiastic Azure DevOps Engineer with 7 years of experience looking for an exciting and challenging position to utilize my comprehensive skills in automating, configuring, and fine-tuning Azure cloud environments to maximize performance and foster innovation.

Overview

7
7
years of professional experience

Work History

Azure Security Engineer

State of Louisiana - Office of Technology
09.2022 - Current
  • Established the cloud-based identity and access management (IAM) system Microsoft Entra ID (formerly Azure Active Directory) for cloud infrastructure support, including administration, support, and troubleshooting efforts.
  • Provided B2B and B2C configurations, user and group management, and access policies, among others.
    Implemented and managed the Azure AD Single Sign-On (SSO) authentication method; integrated Microsoft 365 Suite and other 3rd party applications; architected integration of On-Prem identity infrastructure and cloud Active Directory with the use of the latest version of Azure AD Connect, and Azure Landing Zone, adhering to established design principles across eight design areas, improving network performance; established and managed Azure Key Vault, including restricted user permissions and regulated access policies, and Azure Firewall to safeguard Azure Virtual Network resources; implemented and administered Azure Application Gateway load balancer (OSI layer 7) for web applications traffic management, and Azure Front Door for secure and scalable web delivery.
  • Established Azure role-based access controls (Azure RBAC), following the principle of least privilege (PoLP) 256-bit key length AES-256 encryption, using FIPS-approved algorithms for FIPS 140-2 cryptography, and Microsoft Purview Insider Risk Management for Azure Active Directory.
    Deployed, configured, and administered Azure Virtual Machines (VMs) with Azure Virtual Network, Virtual Private Network (VPN), and Azure ExpressRoute through IP addresses securitization and establishing network security groups.
  • Automated access through use of customized PowerShell scripting, as needed, Azure AD Identity Governance, and ensured compliance with Azure Policy.
  • Managed Azure File Share deployments, facilitating collaborative work environments and enhancing data accessibility for cross-functional teams.
  • Collaborated closely with cross-functional teams to design and execute a CI/CD pipeline in Bitbucket, facilitating automated image creation and deployment using Azure Container Registry and Azure Kubernetes Service.
  • Implemented and maintained nine Azure App Service instances, four Azure Functions, and two Service Bus solutions, achieving a 99.9% uptime and reducing deployment time by 20% through streamlined processes.
  • Provided high level user support, including authentication, passwords, and account access for Azure AD issues; and migrated Azure AD on-prem to cloud for user utilization.
    Scaled and implemented network infrastructure by configuring Azure Virtual Network (VNet), connected multiple Virtual Networks in Azure with Azure Virtual Network peering, and segmented Azure VNet into subnetworks with subnets.
  • Designed and deployed an API gateway to streamline access to backend services and enforce security policies.
  • Provided thorough documentation for technical processes and procedures; collaborated with technical and business teams on providing client solutions; and implemented multi-factor authentication (MFA) and Conditional Access policy of Assignments and Access controls.
  • I deployed a Splunk Enterprise instance on Azure VM and configured it to receive and store all syslog traffic from our firewalls for a period of three months. Additionally, I created a Splunk dashboard to monitor the syslog data.
  • Developed infrastructure as code (IaC) templates using Bicep to provision Azure resources efficiently and maintain consistency across environments.

Senior Azure DevOps Engineer

Microsoft
12.2020 - 08.2022
  • Worked on the CPLAT team, specialized in Azure DevOps services, including Azure Repos (Git Repositories), Azure Boards (Agile), Azure Pipelines (CI/CD), Azure Artifacts (dependencies), and Azure Test Plans (test management module); directed Azure Administration, including addressing VM redundancy and availability issues with Azure Availability Sets; managed auto-scaling identical VMs with Virtual Machine Scale Set (VMSS) and Azure Application Gateway load balancer (OSI layer 7) for web applications traffic management; setup and oversaw Azure Virtual Network (VNet), and Network Security Group (NSG); administered Azure Storage and Azure Blob scalable accounts; provided security controls and Azure Storage Service Encryption (service-side encryption); monitoring and tracking with Azure Monitor and Azure Application Insights (analytics); managed on-prem and cloud data with Azure Virtual Networks, on-prem data with Azure VPN Gateways; expanded bandwidth with Azure ExpressRoute for Azure and Microsoft 365 suites; addressed security issues with Azure Key Vault and Azure Firewall; deployed and managed data with infrastructure as code (IaC) tools, like Azure Resource Manager (ARM) and Terraform; oversaw Azure migrations with tools from Azure Migrate hub; used Kusto Query Language (KQL) and SQL for Azure products scripting; and crafted highly-customized Azure-based solutions for clients.
  • Directed and resolved GitLab integration issues; administered GitHub repositories with Pull Requests (PRs), including Git Hooks and submodules in providing code versioning and releasemanagement; adopted a Git branching strategy; and built CI/CD pipelines with Git.
  • Managed clusters of Docker and containerized applications automation and scaling with Kubernetes.
  • Integrated Azure Virtual Desktop with Azure Active Directory (AAD) for seamless user authentication and access control, ensuring compliance with security and regulatory standards.
  • Configured and optimized virtual machine (VM) configurations, storage solutions, and network settings to enhance the performance and reliability of Azure Virtual Desktop deployments.
  • Implemented monitoring and alerting solutions for Azure SQL databases using Azure Monitor and Azure Log Analytics, enabling proactive management and
  • Orchestrated proactive threat assessments on Azure cloud resources and Windows laptops, identifying gaps in detection mechanisms and devising robust strategies to mitigate potential intrusions.
  • Conduct regular assessments and performance optimizations to enhance the efficiency and reliability of AVD environments.
  • Collaborate with cross-functional teams to analyze client requirements, design customized AVD solutions, and provide ongoing support.
  • Led the migration of on-premises databases to Azure SQL Database, ensuring minimal downtime and preserving data integrity.
  • Leveraged expertise to recognize emerging attack patterns and recommended targeted mitigation strategies, contributing to a proactive approach to threat management and incident response.

DevOps/Systems Engineer

Trinitech Consulting
10.2018 - 09.2020
  • Worked as the System Administrator/Engineer in a mixed Windows/Active Directory, Solaris 10/11, RedHat 9/Linux, and Centos 6/7/8 environment.
  • Designed, optimized, and maintained Windows Server 2016's Active Directory, working with Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP).
    Installed and managed Solaris and CentOS servers, including Server Patching and Server Hardening to protect against cyberattacks.
    Integrated Unix/Linux into Windows Active Directory by setting up, configuring, and deploying Server Message Block (SMB) Protocol with Samba Server.
    Set up Lightweight Directory Access Protocol (LDAP) on RedHat Linux and Active Directory.
  • Worked with a range of Amazon products, including administration of AWS Services, working with AWS Command Line Interface (CLI), Amazon Elastic Compute Cloud (EC2) and Virtual Private Cloud (VPC) for virtual computing, Amazon Simple Storage Service (S3), Amazon Elastic Block Store (EBS), and Amazon Glacier for storage, Amazon Route 53 Cloud Domain Name System (DNS), AWS CloudTrail for tracking to ensure governance and compliance, AWS Identity and Access Management (IAM) to manage accessibility, AWS Trusted Advisor for AWS best practices, Amazon Relational Database Service (RDS), AWS Elastic Load Balancing (ELB) for web traffic distribution, Amazon CloudFront for media streaming on a Content Delivery Network (CDN), Amazon ElastiCache for distributed in-memory key-value environment, AWS Elastic Compute Cloud, and Amazon CloudWatch for full stack monitoring.
  • Worked with a range of network protocols, like TCP/IP, DHCP, DNS, NFS, CIFS, and NTP; file systems, like HFS, UFS, swap (RAM), EXT4 (Linux), CIFS, ZFS (Unix); monitoring and searching through big data with Splunk; and file compression with tar (Linux), Gzip (web), and bzip2 (open source).
  • Proficient in a variety of network tools to include Secure CRT, SolarWinds, Proteus (IPAM), and Active Directory.
  • Implemented and managed AWS solutions, including EC2 instances, S3 storage, RDS databases, and IAM policies, adhering to best practices and compliance standards.

Education

Bachelor's degree - BA

University of Yaounde II

Diploma - Computer Networking And Telecommunications

Paul's Computer Institute
Cameroon
05.2001 -

Diploma -

Zoom Technologies
India
05.2001 -

Skills

Bashundefined

Timeline

Azure Security Engineer

State of Louisiana - Office of Technology
09.2022 - Current

Senior Azure DevOps Engineer

Microsoft
12.2020 - 08.2022

DevOps/Systems Engineer

Trinitech Consulting
10.2018 - 09.2020

Diploma - Computer Networking And Telecommunications

Paul's Computer Institute
05.2001 -

Diploma -

Zoom Technologies
05.2001 -

Bachelor's degree - BA

University of Yaounde II

Similar Profiles

CREATE PROFILE
Yannick Nche