Subhashree Dhal

 Subhashree Dhal AWS DevOps Security Engineer Profile Experienced DevSecOps Engineer specializing in cloud infrastructure, Cloud Security, Platform Engineering, and seamless software integration and Development . Proficient in cloud technologies with expertise in AWS, modern API development practices, and workflow optimization to accelerate delivery, enhance system reliability, and drive innovation in dynamic environments. Employment History AWS Security Engineer at Cloudignyte, London, UK Oct 2023 — Present British Petroleum (BP) I&E DS-Security Engineering team Designed and implemented OIDC-based federated authentication for AWS using identity providers (IdPs) such as Microsoft Entra ID (Azure AD), integrating it with AWS IAM Identity Center (SSO) for secure, role-based access Implemented containerization and orchestration solutions using Docker and Kubernetes, deploying and managing high-availability applications on AWS EKS. This involved optimizing container images and setting up comprehensive monitoring and logging with Prometheus, Grafana, and CloudWatch to ensure application reliability. Designed and maintained enterprise-scale Infrastructure as Code (IaC) solutions using Terraform and CloudFormation(Integrated SAM tool), focusing on building and managing infrastructure across complex multi-account environments. By establishing a modular and reusable template structure, ensuring consistent resource provisioning and streamlined workflows, enabling cross-functional teams to adopt and extend these solutions efficiently Designed and implemented serverless solutions using AWS Lambda and Step Functions, leveraging both Map State and Distributed Map State to orchestrate complex workflows, process large-scale datasets, and efficiently manage input-output associations across multiple states, enabling seamless execution of Python-based functions in distributed systems Built an architecture centered around AWS VPC to ensure network isolation, incorporating custom configurations with public and private subnets spanning multiple availability zones. Enhanced security through a multi-layered approach, utilizing security groups for instance-level control and NACLs for subnet-level filtering. Integrated AWS Network Firewall to provide advanced threat detection and prevention capabilities Designed and implemented an automated system for detecting and mitigating DDoS attacks and malicious IP addresses by analyzing centrally stored AWS WAF logs. Leveraged the third-party tool VirusTotal to identify malicious IPs based on security vendor scores and enhanced the security of public-facing applications by centrally blocking those IPs using AWS WAF IP sets Configured and integrated CNAPP tools like Wiz and Prisma Cloud to continuously monitor cloud security posture, detect misconfigurations, and enforce security best practices. Automated deployment of endpoint security agents (CrowdStrike Falcon, Microsoft Defender, and Azure Arc) across thousands of EC2 instances using AWS SSM and Integrated security log forwarding to Microsoft Sentinel for real-time threat detection and incident response. Designed and Implemented an end-to-end automated solution for deploying AWS Firewall Manager WAF policies, network security policies, and Shield Advanced policies. The automation ensured consistent security enforcement across all client accounts, securing public-facing assets such as API Gateway, CloudFront, and Load Balancers. This streamlined policy management, improved threat mitigation, and provided centralized visibility and governance over the entire cloud estate Hands-on experience in software development.with a strong focus on building scalable and efficient solutions using Python and TypeScript. which includes architecting and implementing serverless solutions for event-driven workloads and applications, leveraging cloud-native services to optimize performance and scalability Migrated thousands of AWS accounts from AWS landing zone to Control Tower, enhancing governance and automating security and operations. Implemented security controls aligned with ISO 27001 and GDPR compliance, ensuring data protection, access management, and security monitoring across cloud environments. Automated enforcement of security policies, audit logging, and compliance reporting to meet regulatory requirements Analyzed SCA and SAST vulnerabilities to identify security gaps and successfully reduced infrastructure and code vulnerabilities by 30% using tools such as SonarQube, Checkmarx, Snyk ensuring compliance with OWASP and CIS benchmarks. Designed a credential brokering mechanism for EC2 instances using IMDS Proxy, enabling workloads to obtain identity tokens and assume AWS IAM roles dynamically via STS for secure cross-account access Developed and implemented a fully automated onboarding service to streamline the integration of new AWS accounts into the organization's security framework. The solution ensured that every newly onboarded account was automatically configured with essential security tools and controls, including AWS Config Rules IAM guardrails, logging mechanisms, security agents , GuardDuty, Security Hub, and centralized logging solutions. This automation significantly reduced manual effort, improved compliance adherence, and enhanced security posture across the cloud estate. Associate DevOps Engineer at SAP Labs India, Bengaluru April 2020 — April 2023 COE Team Member: Building AWS Cloud Infrastructure and CI/CD Pipelines Designed and implemented high-scale CI/CD pipelines using Azure DevOps and GitHub Actions, integrating secure, automated AWS authentication workflows with tools such as AWS IAM, AWS STS, and AWS SSO to enable dynamic, environment-specific access control. This process reduced deployment time by 60%, ensured enhanced security through least-privilege access, and delivered consistent operational efficiency across multiple environments Designed an in-house integrated notification system for AWS resource events and failures. Utilized Infrastructure as Code (IaC) best practices with Terraform for deployments, improving efficiency and reproducibility. Built and managed docker containerised applications, including optimizing image size, reducing variabilities with security scanning, and deploying them to Kubernetes clusters on AWS (EKS) ensuring high availability and scalability. Collaborated with cross-functional teams to troubleshoot and resolve production issues, ensuring minimal application downtime and optimal user experience. Software Engineer at Capgemini, Bengaluru August 2017 — March 2020 Aviation projects with Airbus Contributed to deployment of multi-tier Aviation application in AWS implementing security best practices including IAM roles, security groups, network firewalls, WAF and encryption mechanisms to provide security at all layers Managed 50+ AMIs, snapshots, and volumes, as well as performed seamless upgrades and downgrades of AWS resources, including CPU, memory, and Elastic Block Store (EBS) Implemented AWS Cost Scheduler Lambda functions using Python and Event Bridge to optimize AWS infrastructure costs and efficiently manage the availability of lower AWS environments (DEV/TEST), contributing to cost-saving initiatives and resource allocation efficiency Implemented End-to-end monitoring, alerting, and logging for applications hosted in AWS using CloudWatch and SQS. Education B.Sc, Ravenshaw University, Cuttack, India Information Science and Telecommunications (First Class) June 2014 — June 2017 Certification AWS Cloud Practitioner - 2XJBGRRJQNFE13G3 AWS Solution Architect Associate - b6a4fc3c753e40c3817a0b47bc22d658 Details London, United Kingdom --Links LinkedIn GitHub Skills Amazon Web Services (AWS) - Lambda, Step Function, DynamoDB, S3, Glue, Athena, ShieldAdvance, CloudWatch, VPC, IAM, SNS, SQS, EventBridge, AWS WAF,EC2,SSM,AWS Organisation, AWS Config, Cloudtrail, AWS Guard Duty Infrastructure as Code (IaC) - Terraform, AWS CloudFormation Orchestration Tools - Docker, Kubernetes Monitoring and Logging - CloudWatch, Prometheus, Grafana CI/CD Systems - Jenkins, GitHub/GitLab Action, Azure DevOps Programming and Scripting Languages - Python, Bash, PowerShell, MySQL OS - Linux, windows Internet protocols - TCP/IP, HTTP/HTTPS, DNS