Principal Cloud Architect

Expertise in defining and executing enterprise cloud strategies aligned to business value and measurable outcomes
Strong experience designing highly available, fault-tolerant, and resilient architectures using Cloud Adoption Framework principles
Security-first approach with implementation of Landing Zones and Zero-Trust architecture
Hands-on with RBAC, Azure AD PIM, and Key Vault integration for least-privilege and secrets management
Multi-cloud expertise across Azure and AWS to ensure provider resiliency and workload portability
Automation-focused using Infrastructure as Code: Terraform, Bicep, ARM templates, and CloudFormation
Proven ability to standardize environments, enforce governance, and accelerate cloud adoption at scale

Contact Download Resume PDF

Projects

IAM Transformation

Azure Entra AWS IAM OVD / OUD AD DS RBAC Zero Trust

Consolidate Identitys and build dashboard

Project Information

  • Migrate and integrate identities in OUD / OVD to use AD DS as source of truth for authentication.
  • Integrate provisioning from BirthRight, Workday to SailPoint to AD DS, OVD / OUD.
  • Integrate AD DS to sync to Azure Entra, AWS IAM and Okta Identity.
  • Use Okta for Single Sign-on for on-premise, Azure and AWS authentication.
  • Automate housekeeping jobs and Compliance checks against AD DS, Azure Entra, AWS IAM, OVD / OUD identities.
  • Build Dashboard so we can High priviledge access.
    • For each App/Server show all identities having access on that.
    • For each identity show all the access he has.

Deliverable

  • Dashboard with below roles
    • User: Check own identity compliance.
    • Reporting: Validate compliance reports and intervene if needed.
    • Audit: Validate access on applications and servers.
    • Managerial: Validate consolidated reports for given time frame.
  • Consolidation of Identity to AD DS.
  • Implementation of SSO via Okta for AWS IAM, Entra, AD DS.

Migration of Apps to Azure

Azure Landing Zones Azure Policies Networking Terraform Bicep • ARM

Planned and executed migrations with governance, networking, and security controls.

What I did

  • Create Landing Zone for Department.
  • Implemented policy/guardrails and environment promotion patterns/tags.
  • Migrating Apps: Lift and Shift to Azure.
  • Implement Back and DR Strategy
  • Create Terraform for management / restoration.
  • Document the process and train run team for managing application.

Outcome

  • Same app should be migrated to cloud with same functionality.
  • Cloud ready environment at speed and scale due to COVID issue.

IaC Standardization

Terraform Bicep Modules CI/CD

Reusable Terraform code with modules, and pipelines for consistent delivery.

What I did

  • Build up Central Modules repository if not available.
  • Create Terraform code for deployment of registered image and updagrade app to new images.
  • Integrated with CI/CD for environment deployment canary or blue-green. Implement validation gates and approvals.
  • Parameterized code for team to chose from image to deploy or roleback, environment, deployment type.

Outcome

  • Reusable Code
  • Consistant deployment
  • Proper Checks and approvals

Automation Factory

PowerShell Python Terraform Azure

Automated deployment with define configuration and state of App and Servers.

What I did

  • Terraform Code with integrated PowerShell / Python code for state configuration (with Reboots if needed).
  • Standard RunBooks to provide stable Apps and reduced unwanted or missing config.
  • Hightened security to meet PCI DSS and ISO 27001 standards.

Outcome

  • Complete automated deployment via Terraform code without any drift.

Monitoring & Security Alignment

Defender Grafana Prometheus PIM Key Vault

Improved visibility and controled posture for cloud workloads.

What I did

  • Defined baseline monitoring, alerts, and dashboards.
  • Aligned controls to security/compliance needs.
  • No permanent priviledge assigned (temporary access via PIM with approval and time limit).
  • Key Vault for vaulting all service accounts and Shared Identities with password recycling

Outcome

  • Faster detection + response and clearer operational accountability.
  • Zero-Trust ready environment.
  • Hightened Security with all code free from credentials (fetching creds from vault).

Experience

Career journey since 2004 . . .

AVP, Directory Services Developer — Synchrony

Hyderabad • Oct 2018 – Feb 2025
  • Role: Gather requirement, design HLD and LLD, work with Deployment team for Terraform Code Module creation and management and help in deployment via CI/CD pipelines.
  • Technologies: Azure Landing Zones, Management Groups, Policies, ARM Template, Entra, Azure DevOps, Defender, Monitor, AKS, VM, SDN, IaC – Terraform, Language – HCL, PowerShell, Python.
  • Security Standards: PCI DSS, ISO:27001, SOC2.
  • Projects: IAM transformation, Cloud Migrations (during COVID).

Cloud Solution Expert — DXC Technology

Bangalore • Sep 2016 – Oct 2018
  • Role: Gather Work with Account Team to analyze environment. Propose Solution and create SoW/Requirements, HLD, LLD, BoM, Testing Plan, Risk Management and Issue Log.
  • Technologies: Azure Cloud, AWS Cloud, ADF, SDN, Entra, Active Directory, IaC - Bicep.
  • Framework: ITIL, SDLC – Agile, DevOps, TOGAF.
  • Projects: Cloud Migrations and Transformations.

Senior Engineer (Build Team) — DXC Technology

Bangalore • Dec 2014 – Sep 2016
  • Role: Work with Design team to provide inputs on solution and help in building or migrating environment to Azure Cloud.
  • Technologies: Azure Cloud, AWS Cloud, PowerShell, AWS CLI.
  • Framework: ITIL, SDLC – Agile, DevOps.
  • Overview: Phase-wise building and deployment of solutions on cloud, and manage and fix issue encountered during deployment on Azure.

L3 Engineer (Shared Delivery) — DXC Technology

Bangalore • Nov 2008 – Dec 2014
  • Role: Manage Active Directory, work on incidents, Patch and upgrade servers, Migrate Servers to Cloud Azure, sync Active Directory to Azure AD.
  • Technologies: Active Directory, Windows Server (2000/2003/2008/2012), GPO, DNS, DHCP, Certificate Services, ADRMS, ADFS, Azure AD Connect, Azure AD, MFA, Microsoft Azure, PowerShell.
  • Framework: ITIL-v3.
  • Projects: Manage Active Directory (1800+ Domain Controllers) for 11 Client Account. Later merged with Windows team, so started managing VMware Virtualization.

Support Engineer — Vault Information Technologies India Pvt. Ltd.

Bangalore • Jun 2008 – Oct 2008
  • Role: Identifying issues with trend analysis and following Problem management procedure to fix reoccurring issues.
  • Technologies: Active Directory, DNS, DHCP, GPO, VBscript, bat Script.
  • Framework: ITIL-v3.
  • Projects: Managing incidents as per SLA, attending DCAB and TCAB, Incident, Problem, Change Management.

Technical Support Engineer — e4e Business Solutions India Pvt. Ltd.

Bangalore • Apr 2007 – May 2008
  • Role: Managing Incidents and User request tickets.
  • Technologies: Active Directory, DNS, DHCP, GPO.
  • Framework: ITIL-v3.
  • Projects: Working on Incidents, and User tickets. Performing day to day task, like Health check, backup and reporting.

System Administrator — Professional Computers

Lucknow • Jan 2004 – Mar 2007
  • Role: New Installations and Management of Windows Servers.
  • Technologies: Active Directory, Windows Server (2000/2003), GPO, DNS, DHCP, VBscripts, BAT script.
  • Framework: ITIL-v3.
  • Projects: Installing and configuring Windows server 2000/2003. Promoting Domain controller and managing Active Directory. Troubleshooting server and AD issues.

Skills

Azure Platform

Entra, Entra connect, Entra Apps Registration, AKS, Azure DevOps, AVD, VM, Vnet, NSG, DNS, Azure Landing Zones, Management Groups, Policies and Blueprints, ARM Templates, Defender, Monitor and Agent Deployment

AWS Platform

EKS, WorkSpaces, Control Tower, Landing Zone, SCPs, RCPs, Account Factory, OU Management, EC2, Lamda, Storage, RDS, VPC, Security Grous, ACLs, Route 53, Load Balancer, Application Gateway, KMS, Identity Center, Vault, CloudWatch, CloudTrail

Terraform

Multi-Cloud, Multi-Region, Multi-Environment, Modular and parameterized Solutions, with support from Cloud backend, Secret vault and CI/CD Integration

Cloud Formation

Enterprise-scale, multi-subscription, multi-environment, modular and parameterized IaC Code, with support from Cloud backend, AWS DevOps/GitHub integration and Vault

Bicep

Enterprise-scale IaC, multi-subscription support, multi-environment support, modular architecture, fully parameterized design, remote state via cloud backend, Azure DevOps integration, GitHub integration, Azure Key Vault–based secrets management

Azure Resource Manager

Azure DevOps CI/CD integration, GitHub workflow integration, Azure Key Vault–based centralized secrets, cloud-hosted remote state, reusable parameterized modules, modular components, multi-environment ready, multi-subscription ready, enterprise-scale IaC framework

Active Directory

ADDS, ADFS, ADCS, GPO, ADRMS, DNS, DHCP, DFC. AD To Entra ID Sync, AD to AWS IAM Identity Center Sync, Entra ID to AWS IAM Identity Center Sync

Security & Compliance

PCI DSS, ISO 27001, SOC2 alignment; policy-as-code mindset; audit-ready architecture

Database

SQL Server, PLSQL, Database management, Migration, transformation, queries building, Triggers, Views, Reports

Automation

PowerShell, Python Boto3; ARM, Terraform, Bicep, JSON, YAML, GoLang, Bash

Technology

Windows Server (2025/2022/2019/2016/2012/2008/2003/2000), Excange Server (2019/ Exchange Online), Citrix, NetScalar, Okta, Linux

Miscellaneous

PHP, JavaScript; React JS, Node JS, HTML, CSS, Angular, WordPress, SpringBoot

Certifications

MCSE: Architecting Azure Cloud Solutions

2017

VCP: Data-Center Virtualization

2012

CCNA

2007

Education

Diploma: DOEACC 'A' Level

UPtec (Lucknow)

Graduation: B.Com.

CSJM University (Kanpur)

Class 12: CBSC – PCM

Kendriya Vidhyalaya (Fatehgarh)

Class 10: CBSC

Kendriya Vidhyalaya (Jabalpur)

Contact

Fastest response via email.

LinkedIn
Profile