Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Ashok Kumar

Cloud Security Engineer
Chennai

Summary

Security Engineer with 9+ years of experience securing on-prem and cloud-native workloads across Azure, specializing in Ansible Automation, Infrastructure security, Vulnerability Management, AKS security, IAM. Proven experience in securing Linux/Windows workloads, Kubernetes clusters, implementing Zero Trust and enforcing standards using CIS benchmarks.

Overview

9
9
years of professional experience
4
4
Certifications
4
4
Languages

Work History

Cloud Security Engineer

Tata Consultancy Services
06.2025 - Current
  • Implemented Insight CloudSec, CNAPP-based cloud security posture management (CSPM) to continuously assess Azure subscriptions against CIS and Microsoft security benchmarks.
  • Identified and remediated misconfigurations across AKS, storage accounts, networking, and identity, reducing cloud risk exposure.
  • Conducted security architecture reviews of Azure Storage Accounts, identifying misconfiguration risks related to public access, identity, encryption, and network exposure, and defining risk-based mitigations.
  • Assessed security risks for a new Azure-based application using STRIDE methodology, prioritizing high-impact threats such as credential compromise and data exposure, and implemented architectural mitigations before go-live.
  • Designed and deployed Azure policy initiatives to reduce exposure related to public endpoints, insecure protocols, and unencrypted resources
  • Leveraged CNAPP for Kubernetes visibility to assess cluster security posture, including API server exposure, RBAC misconfigurations, and pod-level risks.
  • Used CNAPP compliance reporting to demonstrate alignment with NIST 800-53 and CIS controls for Azure workloads.
  • Integrated CNAPP IaC scanning for Terraform-based Azure infrastructure, preventing insecure configurations.
  • Provided leadership with risk-based dashboards highlighting critical cloud security issues.
  • Designed and managed Cloudflare WAF policies to protect public-facing web applications from OWASP Top 10 threats.
  • Implemented managed WAF rulesets and custom firewall rules to mitigate SQL injection, XSS, command injection, and L7 DDoS attacks.
  • Monitored/Investigated WAF security alerts using Cloudflare Security Analytics to fine-tune rules and improve security posture.

Security Operations Engineer

Tata Consultancy Services
10.2019 - 05.2025
  • Designed and developed Ansible playbooks to implement and manage Linux system hardening in accordance with security best practices and compliance standards.
  • Remediated identified vulnerabilities across Linux environments by applying secure configuration baselines and patching measures.
  • Provisioned and managed Azure cloud infrastructure using Infrastructure as Code (IaC) through Ansible and Azure ARM templates.
  • Integrated server hardening and vulnerability scanning for newly provisioned servers into CI/CD pipelines using Azure DevOps and Ansible.
  • Implemented automated critical vulnerability validation using Ansible playbooks as part of Azure DevOps deployment pipelines.
  • Collaborated closely with the Deputy CISO on multiple security proof-of-concepts (POCs), including workload protection via microsegmentation and migration of FTP/S services to secure SFTP solutions.
  • Developed and enforced network segmentation and microsegmentation policies for application servers and end-user laptops using Guardicore.
  • Created Ansible playbooks for Windows system hardening aligned with CIS benchmarks.
  • Automated secure credential retrieval by integrating Ansible with BeyondTrust Password Safe and Azure Key Vault using APIs for privileged access management.
  • Performed Incident Response activities by analyzing and responding to alerts generated from IDS, ENS, and EDR security tools.

Security Administrator (IAM)

Tata Consultancy Services
01.2017 - 09.2019
  • Managed Active Directory user lifecycle operations, including user provisioning, modification, de-provisioning, and access reviews.
  • Administered Privileged Access Management (PAM) using BeyondTrust Password Safe, ensuring secure credential storage, rotation, and controlled access.
  • Designed and secured data transfer mechanisms for internal and external communications using Linux native security tools such as OpenSSH and GPG.
  • Conducted Proof of Concept (POC) for Managed File Transfer (MFT) solutions to enhance secure and compliant data exchange.
  • Developed and implemented Splunk alerts to detect anomalous login and account lockout activities, improving security monitoring and incident detection.Active Directory Users Lifecycle Management.

Education

M.Tech (integrated) - Power Systems

SASTRA University
Thanjavur
06-2016

Skills

Ansible

BeyondTrust PasswordSafe

InsightVM (Rapid7)

Guardicore

Azure Security

Git

CloudFlare WAF

Insight Cloudsec

Azure Devops

Splunk

CrowdStrike

Terraform

Certification

Certified Information Systems Security Professional - CISSP

Timeline

Cloud Security Engineer

Tata Consultancy Services
06.2025 - Current

Certified Information Systems Security Professional - CISSP

05-2024

Azure Security Engineer - AZ 500

05-2022

Comptia CySA+

03-2021

Security Operations Engineer

Tata Consultancy Services
10.2019 - 05.2025

Comptia Security+

04-2019

Security Administrator (IAM)

Tata Consultancy Services
01.2017 - 09.2019

M.Tech (integrated) - Power Systems

SASTRA University

Similar Profiles

CREATE PROFILE
Ashok KumarCloud Security Engineer