Profileimage by kazim rizvi Lead Cloud Architect and Product Owner - Consultant from

kazim rizvi


Last update: 01.09.2021

Lead Cloud Architect and Product Owner - Consultant

Graduation: MSc Computer Science
Hourly-/Daily rates: show
Negotiable based on project and its tenure
Languages: English (Full Professional)


cloud based security aws Cloud AzureDevOps (TFS) Kubernetes / Docker / AWS Linux Python Terraform Expert Ansible


Kazim-Managing-Consultant-UK (1).docx


Cloud, AWS, JIRA, Servicenow, SIEM, webhooks, Data Stream, Jupyter, DynamoDb, CloudWatch, S3, AWS Macie, AWS GuardDuty, AWS Security Hub, CIS Framework, AWS Control, Kubernetes, ABAC, API gateway, SaaS, Azure, Stateful, OKTA, Apigee, database, network traffic, Docker Compose, Terraform, Azure Cloud, Prometheus, Release Management, ETL, Machine Learning, DevOps, coding, Python, Load balancer, Selenium Testing Script, Kubernetes Jobs for Functional Testing, Load Testing, technical debt, Google, GitLab, TeamCity, Goolge GKE Cluster, Azure DevOPS Linux, data migration, ELK stack, AWS Lambda, Azure API Secret Manager, IPs, encryption, Talend Server ETL, artificial intelligence, S3 bucket, Datadog, NewRelic, Docker, EC2, Autoscaling, AWS Load Balancer, Access Token PAT, AWS Secret Manager, Python Script, Confluence, GitHub, Azure DevOPS pipeline, Scrum, Big Data, Ansible, VPC, AWS Direct Connect, Elastic Load Balancer, ELB, Metadata, Tomcat Server, Abinitio servers, Firewall, AWS VPC, AWS EC2, AWS IAM, Jenkins, Control M, DMS, LAMP, VPN, EMR, Clustering, AWS EMR Clusters, IP based single VPN point, Versioning, Caching solution, AWS Redis, MySql, AWS RDS, CloudFront, Continuous integration, user management, Splunk, AWS CLI, Troposhere libraries, AWS BOTB libraries, Ansible integration, Amazon Web, Ensono server, Linux, bash, command line, Google Analytics, Akamai, APIs, Endeca, SSL certificate, Code Build, AWS Caching, Table, AWS Internet Gateway, AWS DynamoDB, AWS SES, Microsoft Azure platform, GIT, Ansible Tower, Nexus, PowerShell, code coverage, NUnit, SonarQube, VSTS, Visual Studio, open source, Nuget, Linux Scripting, Microsoft Azure SQL, SQL VM Template, private network, HPE ALM Integration, Selenium, Content Delivery Network, CDN, BitBucket, AngularJS, Microsoft Azure, ProGet, Octopus Integration, NCover, open-source, AWS platform, Automation Scripts, VM provisioning, continuous delivery, Lambda, Cloud Build, AWS Cloud platform, AMIs, IAM, Elastic, Beanstalk, SQL, RDS, SQL Server, TFS, JIRA Integration, HPE ALM, Application Lifecycle, User Interface, Android, Javascripts, CSS, HTML, Java, C# .Net, Entity Framework, MongoDB, backend, DB, Web API, App Store, Continuous Deployment, Cloud Automation, scripting, Mobile Apps, Team Foundation Server TFS, development, HPE Codar, GIT Tools, Unit Test, BDD, TDD. JIRA, Agile, Functional Testing, software design, configuration management, Team Foundation Server, Net, JAVA development, Autofac, Puppet, Rundeck, FXcop, C# .Net 3.5, MVC, Nhibernate, Linq, jQuery, Ajax, Spring, ASP, data access, GUI, server side, Data Quality

Project history

02/2020 - Present
Product Owner/Cloud Architect/Head for Cloud Compliance Security and Audit
Direct Line Insurance (1000-5000 employees)
  • Working as Product Owner with Head of Security Compliance and Audit for AWS Security posture for multi million security projects and liaising with multiple project teams to remediate Non Compliance on AWS Account and incident investigation. 

  • Managing DevSecOPS and SecOPS teams integrating with Security Incident and Security Operations and Security Engineering teams. 

  • Reports generation for FCA and Group Audit for compliance and security.

  • Responsible for Agile coaching, Sprint Planning and Backlog Refinements and OKRs for each quarter.

  • Working with the Data team to deploy PCI DSS controls on the Payment AWS accounts for monitoring and remediation of non-compliance.  

  • Worked with the data team to deploy Amazon Macie to discover and protect sensitive data using pattern matching and machine learning. 

  • Managing a team for Security Operation to remediate the non compliance and communicating with multiple teams with consolidated issue viewing using  JIRA and Servicenow. 

  • Compliance ticket generation in Service Now/SIEM Logrhythm using webhook.

  • Deployment of seventy Security Controls on 250 AWS Accounts using AWS Code Pipeline the controls include CIS Framewok, Managed Rules and Custom Rules for seamless deployment. Deployment of Compliance Daily Reporting via email and MS Teams webhooks.

  • Data capture from Security Controls via AWS Event Rule to Master Compliance account using AWS Event Bridge using AWS Kinesis Data Stream. Working with the IAM team to use SCP and boundary permissions to give limited admin access to users and prevention of Non Compliance resource creation. Working on Jupyter-lab to diagnose  the problems on AWS Cloud Formation stacks and AWS Cloud formation stack sets and Configuration of SSM parameters. Deployment of Responders for multiple environments under multiple AWS organizations to remediate the bulk AWS Global level non compliance.

  • Working with AWS Amazon Managed Services team to deploy controls where automation pipeline is not allowed. Use of AWS DynamoDb Tables for the Security Control Table, Reporting Data Trend, AWS Account Lists,  Resource Exception for a particular AWS resource where compliance report percentage should be ignored. 

  • Extensive use of AWS services: Lambda, Kinesis Data Firehose, CloudWatch Logs, Cloud Watch events, Events Bridge, S3, SSM parameters, Parameter Store,  KMS keys and Secret Manager, IAM Roles and Policies. AWS Macie, AWS GuardDuty. AWS Security Hub for CIS Framework and AWS Control Tower.

07/2019 - 01/2020
Lead DevSecOps Consultant/Team Lead
Dentsu Aegis Network (DAN)
* Engaged with third party companies to integrate their services on Kubernetes.
* Strategized IAM Architect strategy for ABAC to be used by the business.
* Architect the Kubernetes based API gateway with APIGee Edge MicroGateway and Kong solution and
comparison with SaaS API gateway Solution.
* Worked on both Azure AKS and AWS EKS solutions in parallel for Kubernetes cluster using Pods,
Services, Ingress, deployments, ConfigMaps and Persistent volumes having Jobs, Replica Sets,
Daemon Sets, Stateful Sets.
* Attribute based Access Control ABAC with OKTA and Apigee/Kong and third party tools to secure
access six hundred applications world wide for online customers.Apigee Micro Edge Gateway
Kubernetes deployment and integration with other applications on Kubernetes cluster.Kong/Konga
implementation on Kubernetes cluster with Helm Charts and Brigade pipeline.Secured the
Kubernetes cluster for database and network traffic.
* Extensive use of Docker Compose and Helm Charts to implement solutions with Brigade
pipeline.Terraform Module for AWS and Azure Cloud and ApiGee and Kong Configuration.Attribute
based Access Control via OKTA user based profile to access application via Symphonic Policy
Decision point and Policy creation using Policy Application Point. ELK, Prometheus, Kashti for
CI/CD monitoring Brigade Pipelines, Release Management Tool to view Pod level logs. Architect
the design for ETL Data for five hundred clients having data in multiregional and multi cloud
environment and Attribute Based Access Control. Design and Implement multi Tier Security
Architecture over multi cloud data and app.

12/2018 - 07/2019
Lead DevOPS Consultant/ Team Lead - Apps, Data and Machine Learning and Repository and Pipeline Migration
Reed Recruitment
* Lead Team of five and practising the DevOps solution while hands on coding with
Terraform,Python and Ansible.
* AWS Landing Zone and OKTA based integration to integrate multiple accounts. AWS - Azure
Transformation/Integration - Azure DevOps CI/CD Pipeline integration with AWS infrastructure
using Terraform infrastructure as Code - IaC. Use of Ingress/Load balancer on Kubernetes.
Selenium Testing Script using Kubernetes Jobs for Functional Testing, Load Testing and Nightly
Build Test using EKS cluster. AWS S3 Cross account policies integration with IAM roles and IAM
Users to secure granular level access for data. Implementing GITOPS strategy to decrease
technical debt in Terraform Code with over two hundred branches with multiple state files.
Kubernetes Platform integration on Google cloud with Azure DevOps Data CI/CD Pipeline and AWS
Sagemaker in a secure manner. GitLab to Azure DevOps Repository migration through automation
and TeamCity migration to Azure CI/CD Pipelines. Implementing AWS IAM security policy
violation tester using lambda. AWS Machine Learning tech stack implementation with Sagemaker
blue green deployment and Load Testing from Goolge GKE Cluster. Azure DevOPS Linux based build
agents over AWS platform to build test and deploy packages in a secure manner. Azure DevOPS
Usage data migration to S3 and ELK stack using AWS Lambda, Azure API Secret Manager. IAM Role
and Lambda Trigger added via Terraform to get alerts for managed services outside of
whitelisted IPs. Data migration from in house to S3 and KMS based custom encryption using
Terraform. Utilising Azure DevOps CLI to parse repositories and scripting in Python for repo
migration.Data Migration using Talend Server ETL to be used by an artificial intelligence
platform and making the migration secure and stable using KMS encryption.

* Azure DevOps security auditing by extracting the security logs in S3 bucket and pushing to ELK
Stack using lambda. Datadog Integration with AWS account using AWS Security Manager.Use of
DataDog, ELK, NewRelic for monitoring and analysing data.
Docker and Kubernetes
* EC2, Autoscaling Groups, AWS Load Balancer, S3, KMS, Azure build Agents using Docker over EKS,
ECR, ECS, AWS Sagemaker, Route53 and Azure CI Build and Release CD Pipelines with AWS
infrastructure encapsulating security with Azure Personnel Access Token PAT and AWS Secret
Manager and GITLAB PAT. Python Script for automation of Azure pipelines and AWS Lambdas.
Agile Tools
* JIRA, Confluence, Bit Bucket , GitLab, GitHub, Azure DevOPS pipeline. Azure DevOPS Scrum

04/2018 - 12/2018
Lead Cloud DevOps Specialist in Big Data
Sainsbury's UK Data Center via PA Consulting
Enterprise Software Abinitio Deployment on AWS
* Deployed AWS infrastructure using Terraform, Ansible, VPC, Route Tables, Public and Private
subnets and securing it using NACL and security groups.
* VPC connection between AWS Direct Connect using VGW.
* AWS Disaster Recovery Strategy to load balance and deployment using EBS volumes and EFS.
* Ab Initio Web Applications deployment in AWS Elastic Load Balancer ELB - Metadata Hub, Express
IT, Application Gateway, Control Center on Tomcat Server.
* Deployed dependencies on Ab Initio Cluster using Ansible.
* ETL using Abinitio servers in load balanced cluster environment so that data from five hundred
lakes can be pushed to Secure encrypted buckets for Snowflake.
* Firewall and Security group creation between Sainsbury's internal network and AWS network.
* EC2 instances shutdown/start mechanism and EBS Volume shrinking and expanding via lambdas.
* AWS S3 multiple cross accounts access and appropriate IAM profile and role creation to secure
the bucket for specific role and user.
* AWS VPC endpoint between Snowflake Data and Sainsbury's VPCs for secure communication for data
migration and differential data migration.
* Terraform implementation of AWS Route53, AWS ELB, AWS Certificate Management, AWS EC2, AWS IAM
roles. AWS Lambda, Cloud Watch log jobs, AWS SES, AWS ELB, AWS EFS.
* CI/CD pipeline in Jenkins with Abinitio Dev Repository.
* DataDog agent and Control M agent installation via ansible.
* Multiple account creation on multiple servers via Ansible.
* Docker Abinitio COOP system.
* Kubernetes with AWS managed EKS.
* ETL proof of concept to prove AWS GLUE and AWS DMS capability by creating secure
infrastructure around Data migration and Daily data migration to be used by Sainsbury's user

05/2017 - 03/2018
Lead DevOps Consultant
Travelodge Hotels UK
Travelodge Hotels UK
Worked on CI/CD AWS server less and Legacy LAMP stack for live websites generating five hundred
million turns over a year across five hundred hotel's premises.

AWS Serverless Project for Travelodge French, Italian and German Website
* AWS VPC Peering between VPN Management VPC and Big Data VPC and and AWS EMR Clustering
* S3 Endpoint with Single point of contact from Big Data VPC with separate read write policies.
* Setting up AWS EMR Clusters.
* Elastic IP based single VPN point of connection.
* Cloud Formation Templates to generate infrastructure on the fly.
* Developing and Deploying application using AWS Lambda, S3 Versioning, Code Pipeline, Code
Deploy, Caching solution on AWS Redis, VPC and AWS RDS MySql and AWS RDS DynamoDB, AWS
CloudFront, AWS ACM management AWS ELB, solutions for Continuous integration, continuous
delivery and deployment cycle.
* AWS IAM roles, policies and user management.
* AWS - Google single sign on integration.
* Creation and maintenance of End to end serverless AWS chain CI/CD pipelines.
* Monitoring via AWS Cloud Watch logs.
* AWS Cloud watch NewRelic and Splunk integration for monitoring of logs.
* Infrastructure as Code using Python, AWS CLI, Troposhere libraries, AWS BOTB libraries.
* Jenkins, Ansible integration with Amazon Web services AWS.

LAMP Stack Deployment
* Automated deployment of legacy applications on LAMP stack via Ansible Playbooks and Ansible
configurations over fifty Ensono server via Jenkins.
* Linux bash scripting, Linux command line utilities to debug the any ongoing issue.
* Google Analytics, NewRelic Mobile, Browser and Synthetics experience.

Monitoring Solutions
* Atlassain Tool chain with Bit Bucket Repository Management integrated with JIRA and
* NewRelic and Splunk log migration and NewRelic Script creation for user journey.
* Maintenance of Akamai configuration through Ensono website distribution.
* Engaged with third parties regarding external services used for email, postcode and payment
APIs like FIS and RealEx payment service, RedEye and AWS SES for email , Endeca for postcode
search and Symentics for SSL certificate renewal.
* Domain administration, migration and acquisition via CSC-Netname platform.
Skills Applied: AWS Lambda, AWS S3 , AWS Code Pipeline, AWS Code Deploy, AWS Code Build, AWS Caching
solution on AWS Redis, AWS VPC, AWS Route Table, AWS Internet Gateway, AWS RDS MySql, AWS DynamoDB,
AWS Route53, AWS Certificate Management, and AWS SES, JIRA, Confluence, Jenkins, Linux bash
scripting and Linux command line, Ansible, Jenkins, Splunk, NewRelic.

01/2017 - 05/2017
Senior Cloud DevOps Consultant
Worked on Azure Transformation of CI/CD pipeline for internal and external websites.
The project is about creating external and internal websites CI/CD pipelines such that after
successful builds packages are available for deployment for multiple location across the
availability zones globally with local configurations.
* Using Microsoft Azure platform creating VMs for GIT LAB, Ansible Tower, Docker, Nexus,
Jenkins, TeamCity. Deployment of GIT LAB, Ansible Tower, Docker, Nexus, Jenkins, TeamCity
using Docker on Linux and TeamCity Agents deployment on Windows.
* Integration with Octopus and TeamCity-Octopus integration tools.
* Invoking PowerShell commands to create VMs automatically from TeamCity.
* Integrating tools for code quality FXCop, and for code coverage NCOVER, Dot Cover, NUnit,
Specs Flow and SonarQube integration with VSTS and Visual Studio.
* Black Duck integration for open source vulnerabilities and VersionEye for Nuget package open
source risk to code and checkmarx integration for security and Atlassian-Crucible integration.
* Creating public and private subnets for GIT LAB, Ansible Tower, Docker, Nexus, Jenkins,
TeamCity virtual Machines and integrating them to create an end to end CI/CD pipeline.
* Deployment of applications over public and private networks when packages are available via
Nexus Repository. Other repositories like ProGet have been evaluated.
* Automation using PowerShell and Linux Scripting.
* Team City and ProGet Application deployment using Microsoft Azure SQL and SQL VM Template in
private network.
* Improved processes for test team to introduce HPE ALM Integration with Jenkins and Selenium
* Exposure to Azure Content Delivery Network CDN.
* Extensive use of Enterprise Jenkins.
* Exposure to Confluence, JIRA, JIRA Service Desk, BitBucket
* Hands on Development Lead for AngularJS and .Net
Skills Applied: Microsoft Azure, GIT LAB, Ansible Tower, Docker, Nexus, Enterprise Jenkins,
TeamCity, ProGet, Octopus Integration. FXcop, NUnit, NCover, SonarQube, Blackduck, Specs Flow

12/2015 - 12/2016
Senior Cloud DevOps Consultant
Hewlett Packard Enterprise (HPE)
Worked on integration of HPE products with open-source products in enterprise environments and
involved in preparation of statement of work and sales engagement with external companies and with
internal project managers.
Implementing the design for software delivery for the clients and take ownership of delivery
engagements as lead.

12/2013 - 12/2015
Lead Software Engineer
Sky Broadcast
Worked on multi-million dollars Video related projects and responsible for tools generation for Non
Functional Testing of CISCO products that includes software design and development for other
departments; and automation and configuration management of software deployed on CISCO servers and
SKY servers.

Skills Applied: DevOps, AWS, Continuous Integration, Continuous Deployment and Delivery, Cloud
Automation, PowerShell, Team City, Team Foundation Server TFS, AWS, Azure, .Net and JAVA
development. JIRA, AngularJs, Widows Service using Topshelf. Hybrid Infrastructure, SQL and MongoDB.
Entity Framework, Autofac. ELK, Puppet, Rundeck, JavaScripts, CSS, HTML, SQL server, FXcop, NUnit,
NCover, SonarQube, Specs Flow

01/2011 - 12/2013
Senior Software Developer - Consultant
Sun Guard, Financial Transactions and Data Center Industries
Product Consultant/Software developer for developing and curating two Financial Transaction Products
for Sun Gard. Managed deployment of these financial products in various financial institutions that
included ING, Barclays, Wachovia among others.

12/2009 - 01/2011
Senior Software Engineer
Developer Lead for eight developers responsible of the first release of the Doctor Assistance Lab
dashboard for National Health Services (NHS)
* As Database Engineering Lead, co-developed of programs for combining NHS records using C# .Net
3.5, MVC, Nhibernate, Linq, jQuery, javascripts, Ajax, html, Spring, ASP based dashboard.
Developed Dynamic data access for JqGrid and JqTree for a very large database around 3millions
rows of dataset.

11/2006 - 12/2009
Senior Software Engineer
Intelligent Media Ltd.
Design, develop, test and integrate in Intelligent Media's TV monitoring and radio system saving
millions of dollars of expense for the company, the role involved front end GUI developer and back
end server side components developer
* Lead a team of three programmers/testers and created cases for Data Quality Tests.
* Business Analysis: Leadership role in designing Business Process Analysis (BPM) paradigm for
production processes (activities, costs, schedules, & dependencies).

Time and spatial flexibility

Berkshire,Hampshire, London and around areas - Remote

Contact form

Contact details