Close this

Kamran Shaukat

Development
VA, United States

Skills

DevOps

About

Kamran Shaukat's skills align with Consultants and Specialists (Information and Communication Technology). Kamran also has skills associated with System Developers and Analysts (Information and Communication Technology). Kamran Shaukat has 12 years of work experience.
View more

Work Experience

AWS Cloud Developer

Capital One Financial Corporation
September 2020 - October 2023
  • * Responsible for operations and compliance for the enterprise footprint of applications deployed in AWS. * Incident triage and resolution in AWS using various inhouse and industry standard tools, like ServiceNow, Jira, Confluence, AION, OpsInsight. * Cloud Bastion Host building and deployment automation infrastructure which includes (ec2 instance, s3, auto-scaling groups, classic load balancers, security groups, ACLs. * Vulnerability scanning identification via Qualys scans. Enrichment of scan data via Secure guardians platform, and finally remediation of vulnerabilities using vendor released patches. * AWS maintenance and service end-of-life remediation * Developing products and services for our applications to use that will simplify fleet management in AWS * Cloud acquisition integration and compliance. * Worked to develop automation for monitoring, self-healing and rehydration of the bastion environments. * Provide support and guidance on issues involving access to bastion hosts for access to cloud infrastructure. * Administered a large-scale fleet of 1200+ bastion servers across multiple AWS regions, environments (QA, Dev, Production), and availability zones. * Managed AWS service limits and resources for specific business lines, ensuring optimal performance and compliance with organizational standards. * Spearheaded the development and implementation of S3 bucket policies for various application teams, enhancing data security and access management. * Played a key role in troubleshooting complex AWS networking issues involving VPCs, endpoints, gateways, Route 53, Network ACLs, AMIs, IAM roles, EC2 instances, launch configurations, and templates. * Designed and executed scripts for decommissioning outdated AWS resources, contributing to system efficiency and cost-effectiveness. * Automated application processes using AWS CloudWatch, enabling smoother and more efficient operations for user applications. * Assisted users in interpreting VPC flow logs for advanced troubleshooting and problem resolution. * Identified and analyzed specific events impacting applications using AWS CloudTrail, providing critical insights for issue resolution. * Utilized AWS CloudFormation templates for efficient and error-free stack deployments. * Established and maintained bastion access for users, ensuring secure and seamless connectivity. * Conducted in-depth troubleshooting for access and permission issues, enhancing user experience and system security. * Implemented auto scaling of infrastructure for the bastion fleet, ensuring high availability and scalability. * Deployed new bastion architecture in new accounts using Terraform templates, showcasing expertise in infrastructure as code (IaC). * Developed and maintained automation for patch management, including rehydrating bastion servers using AWS Lambda functions. * Developed bash-scripts for userdata to be run at startup for ec2 instances.

Network Architect DNS OPS Tier

Capital One Financial Corporation
September 2017 - September 2020
  • * Maintenance, research, design and implementation of Capital One's enterprise DNS and DHCP systems. Including servers, automation tools, scripting, reviewing and updating documentation. * Deploying domains using Infoblox and F5 servers. * Proactive management on premise and cloud-based DNS and DHCP environments to ensure they are operating at optimal levels through proactive monitoring/tuning. * Drive incident and problem resolution as a Tier 3 escalation resource - leveraging strengths of team associates as needed to identify actions which will lead to resolution of operational issues and problems. * Consulted with other technology support groups as part of problem resolution efforts. * Implemented new platforms/designs, code versions, and features to meet lifecycle management and business requirements. * Contribute to enterprise strategy development/design standard development efforts. * Participate in technology integration efforts with other engineering and support teams. * Ensured compliance with departmental and enterprise security configuration standards (includes security vulnerability assessment, mitigation planning and implementation) * Served as mentor and technical resource to more junior associates; train other associates through one-on-one or group technical discussions. * Built and managed DNS Cache server in AWS environment to serve the enterprise DNS requests. Ran vulnerability scans on AWS DNS cache servers(ec2) and rehydrated with hardened AMI(linux1804). Maintained Compliance of AWS resources according to evolving CapitalOne standards. * Configured DNS Cache servers in AWS with Bash scripts to deploy DNSmasq and resolver server configurations.

Network Engineer Specialist II

Ericsson INC
March 2011 - April 2017
  • * Apex contractor for Ericsson (1st 6 months), working and supporting Sprint circuit activations team. * Turning up circuits. (MPLS, DIA, SPA Ethernet) on Cisco routers and Ciena switches. * Upgrading/Downgrading existing circuits; circuit cutover Cisco IOS to Cisco IOS-XR(hotcuts). * Building new DNS domains. Maintaining and troubleshooting DNS issues with customers via automation tools as well as CLI over SL-DCC.. * Daily functions involve configuring and troubling shooting layers 1-3 on Cisco routers. * Configuring and troubleshooting BGP, EIGRP sessions with its associated implementations (creating and manipulating various traffic filtering tools [distribute lists, access-lists, prefix-lists, route-maps], load-sharing, BGP path attributes, and establishing/disconnecting neighbor ships) - Cisco routers and Ciena switches. * Configuring news circuits according to Design Document via Cisco CLI and Automation tools. * Static routings configurations. * ISP level data network configurations on Cisco routers.(Fractional T1s, T1s, T3s, FastE, GigE, SONET, etc); * Configuring Class of Service as well as QoS on Cisco routers * Configuring and enabling multicast on Cisco Edge routers for Sprint. * Assigning and configuring router ports with IPV6. Configuring BGP neighbors using IPV6 for dual stack customers. * Investigating and assigning IP blocks to customers. * Building and managing new Network Customer accounts. * Configuration and deployment of MPLS configurations via the ISC tool as per instructions in the design document. * Updated Design Document for MPLS customers. * Worked with Configurations groups on special projects involving migration of multiple circuits to new locations. * Worked on scheduled /time sensitive events for circuit turn-ups on Cisco routers using IOS and IOS-XR * Turn up and troubleshooting of Metro Ethernet circuits being supplied by Sprint through TPP.

Education

Colorado Technical University

Bachelor of Science in Information Technology