Chintha Praveen Kumar

Cloud Security & Compliance Automation

• Monitored and remediated risks using Wiz (CSPM) aligned to CIS Benchmarks and GEHC security standards, driving continuous compliance across AWS accounts.
• Built AWS CloudFormation stacks to auto‑remediate misconfigurations (e.g., public Security Groups), cutting manual effort by ~80%.
• Developed an AWS Lambda (Python + Boto3) triggered daily via EventBridge to scan AWS Config findings and auto‑modify inbound rules to VPC CIDR, ensuring hands‑free remediation and lower risk.

Tagging & Governance

• Implemented auto‑tagging for untagged resources with Lambda + EventBridge, improving FinOps visibility and cost allocation accuracy.

IaC Modernization & Delivery

• Migrated legacy Terraform templates to AWS CDK, improving modularity, reusability, and environment parity.
• Automated CDK deployments via GitLab CI/CD with environment variables, approvals, linting, and unit tests for repeatable releases.

Endpoint & Platform Security

• Deployed required security/ops agents using AWS Systems Manager (SSM) for patching and fleet management.
• Proactively removed unused resources (EBS/AMIs/EC2/SGs/EIPs/Snapshots) to reduce cloud spend and improve resource hygiene.

CI/CD & Automation

• Built multi‑stage pipelines in Jenkins (declarative Jenkinsfiles) for Maven builds, unit tests, SonarQube checks, Docker image builds, and Kubernetes deployments (EKS/GKE).
• Enabled event‑driven CI using GitHub Webhooks; added Slack notifications and manual approvals to enhance visibility and control.
• Managed artifact repositories (Nexus/Artifactory) and private registries with immutability and retention policies.

Infrastructure as Code (IaC)

• Provisioned AWS (EC2, EKS, IAM, VPC, S3) and GCP (GKE, IAM, Cloud Armor) with Terraform (modules, remote state) and configuration via Ansible.
• Automated compliance remediation using Python (Boto3) scripts against CIS and PCI‑DSS controls.

Containerization & Kubernetes

• Authored optimized Dockerfiles (Java, Node.js, Python) and standardized base images for smaller, faster builds.
• Deployed via Helm with rolling and blue‑green strategies; tuned readiness/liveness probes, HPA, cluster autoscaler, PDBs for high availability and stability.
• Performed cluster operations (capacity planning, upgrades, right‑sizing, workload placement)

Security & Compliance (DevSecOps)

• Integrated SAST (SonarQube quality gates) to reduce vulnerabilities ~30%.
• Deployed Wazuh SIEM on GKE; integrated AWS GuardDuty, Trend Micro, and ClamAV for real‑time threat detection.
• Enforced Zero‑Trust with RBAC, NetworkPolicies, least‑privilege IAM, MFA, encrypted S3, and audit trails.
• Implemented WAF rules (incl. rate‑limiting) and DDoS protections; TLS hardening (remove weak ciphers).
• Drove CSPM‑based CIS/SOC2 posture with automated reporting and fixes.

Monitoring & Incident Management

• Built observability with Prometheus, Grafana, CloudWatch, Coralogix; set SLO‑aligned alerts.
• Troubleshot pod restarts, OOM kills, CPU throttling; performed log analysis (auth.log, syslog) and created runbooks, lowering MTTR.
• Configured Slack/email alerting for pipelines, infra events, and application incidents.

Collaboration & Delivery

• Worked in Agile (Jira/Confluence), owning feature branches, PR reviews, release notes, and cross‑team coordination.
• Scaled platform patterns: shared Helm charts, Jenkins libraries, Terraform modules for reuse and standardization.